GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → abhinavprasad47 → Bugbounty Starter Notes

abhinavprasad47 / Bugbounty Starter Notes

bug bounty hunters starter notes

Labels

hacktoberfestxssreconenumerationshodan

Projects that are alternatives of or similar to Bugbounty Starter Notes

vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+245.88%)
Mutual labels:  xss, recon
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+335.29%)
Mutual labels:  recon, enumeration
WhoEnum
Mass querying whois records
Stars: ✭ 24 (-71.76%)
Mutual labels:  enumeration, recon
Phpenums
🔩 Provides enumerations for PHP & frameworks integrations
Stars: ✭ 194 (+128.24%)
Mutual labels:  hacktoberfest, enumeration
Amass
In-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 6,284 (+7292.94%)
Mutual labels:  recon, enumeration
Dirstalk
Modern alternative to dirbuster/dirb
Stars: ✭ 210 (+147.06%)
Mutual labels:  hacktoberfest, enumeration
fransRecon
Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.
Stars: ✭ 31 (-63.53%)
Mutual labels:  enumeration, recon
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (+196.47%)
Mutual labels:  recon, enumeration
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+38616.47%)
Mutual labels:  hacktoberfest, enumeration
Reconpi
ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
Stars: ✭ 490 (+476.47%)
Mutual labels:  hacktoberfest, recon
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (+123.53%)
Mutual labels:  hacktoberfest, recon
Reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (+630.59%)
Mutual labels:  recon, shodan
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+2168.24%)
Mutual labels:  hacktoberfest, enumeration
Wordlist404
Small but effective wordlist for brute-forcing and discovering hidden things.
Stars: ✭ 101 (+18.82%)
Mutual labels:  xss, recon
Feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
Stars: ✭ 1,314 (+1445.88%)
Mutual labels:  hacktoberfest, enumeration
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+96.47%)
Mutual labels:  enumeration, recon
Amass
In-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 1,693 (+1891.76%)
Mutual labels:  recon, enumeration
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (+108.24%)
Mutual labels:  recon, enumeration
Nullinux
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (+430.59%)
Mutual labels:  recon, enumeration
Awesome Oneliner Bugbounty
A collection of awesome one-liner scripts especially for bug bounty tips.
Stars: ✭ 594 (+598.82%)
Mutual labels:  hacktoberfest, recon
View All Similar Projects ➔

Books

  1. The web application hacker's handbook
  2. owasp testing guide
  3. web hacking 101
  4. breaking into infromation security
  5. mastering mordern web peneteration testing

Recon

  • ASN's(autonomous system numbers) - (ip ranges , keyword searches)

  • ARIN & RIPE - arin ripe whoislookups all

  • Rev whois - rev

  • shodan - shodan

  • we cannot miss out on burp

  • domlink domlink

  • builtwith - they also has a browser plugin it tells about stack that site is bult on and analytics

    Subdomain scraping enumeration

    subdomain bruteforcing

    • massdns

      ex: .subbrute.py /root/work/bin/all.txt $TARGET.com | ./bin/massdns -r resolvers.txt -t A -a -o -w massdns_output.txt -

    • gobuster

      ex gobuster -m dns -u $TARGET.com -t 100 -w all.txt

    • best dictonary file : all.txt

    • scans.io

    • commonspeak

    Enumeration

    • masscan

      ex: masscan -p1-65535 -iL $TARGET_LIST --max-rate 10000 -oG $TARGET_OUTPUT

    • nmap

    • brutespray

      masscan output => map services scan -oG => brutespray credential bruteforcing.

      ex: python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

    • Eyewitness

    • waybackursls enumeration using wayback

Keeping track of all this

  Xmind organization

xmind.png

Identification and cve searching

Parsing Heavy javascript sites

  • zap Ajax spider - owasp zap
  • [Linkfinder]
  • [jsparser]

Content Discovery

  • Gobuster
  • Burp content discovery
  • Robots disallowed
  • wpscan
  • Seclists / RAFT / Digger wordlists
  • cmsmap
  • custom wordlist

XSS

SSRF

Subdomain Takeover

info

Above notes are from Jason haddix's How to shot web talk link

notes on newer version of Jason Haddix's talks TBHMv4

Learn How to Hunt

Tutorials and Things to Do while Hunting Vulnerability. Howtohunt repo

Gold mine of Resources from Nahamsec

Resources-for-Beginner-Bug-Bounty-Hunters🔥

Android Pentesting Mindmap Link from @ofjaaah

Link good blog on recon

Read writeups from pentesterland , H1 Hacktivity , Infosec twitter and medium articles

Great blog on github recon

Work in progress..

Contributors

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].