Hello everyone I hope you are doing good. Today in this post I will cover how to recon a website like a pro.
Recon:
It is an essential element of any penetration testing .
Finding security issues in website is not simple when you are participating in a bug bounty program. You are not alone so you have to think critically to, how to approach target. This is why passive and active reconnaissance is specially important for scope.
So let's start
Pro tip: Sub-domains are mostly vulnerable
Subdomain Finding :
https://pentest-tools.com/
https://virustotal.com/
https://www.shodan.io/
https://crt.sh/?q=%25taregt.com
https://dnsdumpster.com/
https://censys.io
Open Source tools for Subdomain Finding :-
https://bitbucket.org/LaNMaSteR53/recon-ng
https://github.com/michenriksen/aquatone
https://github.com/aboul3la/Sublist3r
Try to extract VHOST:
https://pentest-tools.com/information-gathering/find-virtual-hosts
https://github.com/jobertabma/virtual-host-discovery
https://github.com/ChrisTruncer/EyeWitness
Dont't forget Google is your best friend , Try google dorks
site:target.com -www
site:target.com intitle:”test” -support
site:target.com ext:php | ext:html
site:subdomain.target.com
site:target.com inurl:auth
site:target.com inurl:dev
Information Gathering Part:
1. Whois Information
2. Subdomains
3. Dir info
4. S3 Buckets
5. social accounts
6. API Endpoints
7. emails
8. Vhosts
9. Backend IP address
10. Open Ports / Services running
There is good posibility that a good recon leads to imformation disclosure
To look for older content that can give u ideas of site structure or maybe vulnerable endpoints For that use
https://web.archive.org/
https://gist.github.com/mhmdiaa/2742c5e147d49a804b408bfed3d32d07
Tutorials
https://www.exploit-db.com/
https://www.hackingarticles.in/
http://securityidiots.com/
http://breakthesecurity.cysecurity.org/
http://lastc0de.blogspot.com/2013/07/tutorial-sql-injection-manual.html
Here are some write-ups for bug bounty.
https://github.com/djadmin/awesome-bug-bounty
Recon:
It is an essential element of any penetration testing .
Finding security issues in website is not simple when you are participating in a bug bounty program. You are not alone so you have to think critically to, how to approach target. This is why passive and active reconnaissance is specially important for scope.
So let's start
Pro tip: Sub-domains are mostly vulnerable
Subdomain Finding :
https://pentest-tools.com/
https://virustotal.com/
https://www.shodan.io/
https://crt.sh/?q=%25taregt.com
https://dnsdumpster.com/
https://censys.io
Open Source tools for Subdomain Finding :-
https://bitbucket.org/LaNMaSteR53/recon-ng
https://github.com/michenriksen/aquatone
https://github.com/aboul3la/Sublist3r
Try to extract VHOST:
https://pentest-tools.com/information-gathering/find-virtual-hosts
https://github.com/jobertabma/virtual-host-discovery
https://github.com/ChrisTruncer/EyeWitness
Dont't forget Google is your best friend , Try google dorks
site:target.com -www
site:target.com intitle:”test” -support
site:target.com ext:php | ext:html
site:subdomain.target.com
site:target.com inurl:auth
site:target.com inurl:dev
Information Gathering Part:
1. Whois Information
2. Subdomains
3. Dir info
4. S3 Buckets
5. social accounts
6. API Endpoints
7. emails
8. Vhosts
9. Backend IP address
10. Open Ports / Services running
There is good posibility that a good recon leads to imformation disclosure
To look for older content that can give u ideas of site structure or maybe vulnerable endpoints For that use
https://web.archive.org/
https://gist.github.com/mhmdiaa/2742c5e147d49a804b408bfed3d32d07
Tutorials
https://www.exploit-db.com/
https://www.hackingarticles.in/
http://securityidiots.com/
http://breakthesecurity.cysecurity.org/
http://lastc0de.blogspot.com/2013/07/tutorial-sql-injection-manual.html
Here are some write-ups for bug bounty.
https://github.com/djadmin/awesome-bug-bounty
This post is so helpfull and informative.keep updating with more information...
ReplyDeleteSelenium Training In Mumbai
Selenium Training in Ahmedabad
Selenium Course in Kochi
Selenium Training in Trivandrum
Selenium Training in Kolkata
ReplyDeleteThis post is so interactive and informative.keep update more information...
Cybersecurity Job Requirements
Cybersecurity Job Positions
This post is so usefull and informative.Keep updating with more information...
ReplyDeletePython Classes In Mumbai
Python Training In Ahmedabad
Python Training In Kochi
Python Training In Trivandrum
Python Training In Kolkata
Pornhub MOD APK modyolo
ReplyDeletefoxi mod apk
momix mod APK DOWNLOAD
sony liv Premium Mod Apk Technical ATG
Mix root mods