Scribd Logo
Upload

Welcome to Scribd!

  • Bug Bounty

    Uploaded by

    Alan Vikram
    31 views1 page

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views1 page

    Bug Bounty

    Uploaded by

    Alan Vikram

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    SCOPE Domain Seeds / Root domains = *.example.

    com

    whoxy.com
    Tools
    DOMLink (Vincent Yiu)
    Reverse Whois
    shows the ownership of the organisation (past
    and present)

    crunchbase.com
    Acquisations
    after obtaining the acquisation orgs digginf for
    them is acceptable

    Subdomain Enumeration

    bgp.he.net

    Tools metabigor (j3ssiejjj)

    asnlookup.py (Yassine Aboukir)

    campuses all of the known IP to the


    ASN Enumeration
    organisation

    with the asn numbers, `amass` can be used to


    obtain more domains which can be again go command: `amass intel -asn {}` {number
    through the recon processes followed by asnxxxxx}

    masscan -p1-65535 -iL IPFILE --max-rate 1800 -


    masscan oG output file
    RECON
    Port Analysis
    dnsmasscan domainList.txt outputFile.txt -p
    dnmasscan ports -oG masscan.log

    Privacy Policy

    "copy rights" site: target.com Copyrights

    Terms of Services
    Google
    Through dorks, multiple domains and
    subdomains can be identified

    SHODAN

    Github Dorking

    EyeWitness

    ScreenShotting Aquatone

    httpscreenshot
    Tesla.com on budcrowd Working
    can i takeover xyz
    Verizon Media on hackerone Huge Scope Domains
    Subdomain Takeover SubOver

    nuclei
    builtwith.com

    Bug Hunting
    Ad/Analytics Relationships Framework interlace
    Tech Profiles and Relationship profiles Application Analysis
    Methodology v4 Turn Off PassiveScanning

    Keep Track of Everything (Mindmap, notes Set Forms to auto submit


    etc..,)
    Burp Scope to Advanced control and enter regex (!
    Recon = Discover as many as assests as
    possible
    Recon NO FULLY QUALIFIED DOMAIN NAME)

    Visit -> Sipder -> Sipder the output of the


    Linked Discovery Spider Recursively spider

    Gospider (j3ssiejjj)

    Linked and JavaScript Discovery hakrawler (hakluke)

    Subdomainizer (Neeraj Edwards)

    subscraper (Cillian-Collins)

    Google site:exampl.org -www.example.org

    amass amass enum -d example.com

    subfinder subfinder -d example.com

    Subdomain Scraping python3 github-subdomains.py -t "target.


    github-subdomains.py com" -d ? | tee out.txt

    shosubgo (inc0gbyt3) shosubgo -d 'example.com' -s "shodan-key"

    SUB-DOMAIN Enumeration curl 'https://tls.bufferover.run/dns?q=.website.


    cloud ranges com' 2>/dev/null | jq .Results

    massdns

    amass amass enum -brute -d example.com -srv

    Subdomain BruteForce shuffledns -d example.com -w words.txt -r


    shuffleDNS resolver-list.txt

    all.txt
    wordlists for bruteforce lists
    github.com/assetnote/commonspeak2

    altdns
    Misc Alteration Scanning
    amass

    You might also like