tool kit when going pentest, bugbounty

Enumerate a web application by performing the following checks: whois, dns tld and domain information, traceroute, ssl/tls version and supported ciphers, certificate information. Analyze http responses, detect comments and resources in the page. Reveal exposed resources by performing url bruteforce and exploiting google dorks