• Post category:StudyBullet-13
  • Reading time:14 mins read


Recon for bug bounty, penetration testers & ethical hackers. Full methodology of website reconnaissance, bug bounty.

What you will learn

Recon on websites

FInding subdomains

Finding urls

Recon for bug bounty, penetration testing and ethical hacking

Description

This course is fully made for website reconnaissance  for bug bounty, penetration testers & ethical hackers. This is a intermediate level course all the topics are discussed here regarding recon on websites.

Some of the topics are what is reconnaissance, what is recon , recon for bug bounty hunters and penetration testers, Subdomain enumeration, URL enumeration, parameter bruteforcing, Creating your own recon tools and many more…

This course is fully focused on website recon and vulnerability assessment.

There will be full methodology of website reconnaissance, bug bounty hunting, penetration testing. The videos are divided into small sections for the students to learn.


Get Instant Notification of New Courses on our Telegram channel.


All the resources are provided in the resource section including links, pdf, payloads that are used in course.

Course Curriculum :

  1. Introduction
    1. Introduction to recon
  2. Subdomain enumeration from tools
    1. Subdomain enumeration #1
    2. Subdomain enumeration #2
    3. Subdomain enumeration #3
    4. Subdomain enumeration #4
    5. Subdomain bruteforcing
    6. Filtering unique domains
    7. Subdomain generator
  3. Subdomain enumeration from websites
    1. Subdomain enumeration from website #1
    2. Subdomain enumeration from website #2
    3. Subdomain enumeration from website #3
    4. Subdomain enumeration from website #4
  4. Filtering live domains
    1. Filtering live domains
  5. URL extraction from the internet
    1. URL extraction from the internet #1
    2. URL extraction from the internet #2
  6. Finding parameters
    1. Finding parameters
    2. Parameter bruteforcer
  7. Finding URL from past
    1. URL from past
  8. Sorting urls
    1. Sorting url for vulnerabilities
  9. Automation for replacing parameters with Payloads
    1. Automation for replacing parameters with Payloads
  10. Footprinting websites ( Website recon )
    1. Whatweb recon
    2. Netcraft
    3. Security headers
    4. Dnsdumpmaster
    5. Whois recon
    6. Mxtoolbox
    7. OSINT
    8. Maltego
  11. Browser addons for recon
    1. wappalyzer
    2. retire.js
    3. shodan
    4. Knoxx
    5. Hack-tools addon
  12. WAF idetification
    1. WAF identification
  13. Subdomain takeover
    1. HostileSubBruteForcer
    2. Sub404
    3. Subjack
  14. Fuzzing (Content-Discovery)
    1. dirb
    2. ffuf
  15. Port scanning
    1. Introduction to nmap
    2. Port specification in nmap
    3. Service and version detection from nmap
    4. Firewall bypass technique
  16. Fast port scanning
    1. nabbu
    2. masscan
  17. Visual recon
    1. Gowitness
  18. Google dorking
    1. Introduction to google dorking
    2. Understnding the URL structure
    3. Syntax of google dorking
    4. Google dorking operators
    5. Google search operators ( Part – 1 )
    6. Google search operators ( Part – 2 )
  19. Google dorking practical
    1. Introduction to practical google dorking
    2. How to find directory listing vulnerabilities ?
    3. How to dork for wordpress plugins and thems ?
    4. How to dork for web servers versions ?
    5. How to dork for application generated system reports ?
    6. Dorking for SQLi
    7. Reading materials for google dorking
  20. Tips for advance google dorking
    1. Tip #1
    2. Tip #2
    3. Tip #3
  21. Shodan dorking
    1. Intro to shodan dorking
    2. Shodan web interface
    3. Shodan search filters
  22. Shodan dorking practical
    1. Finding server
    2. Finding fIles and directories
    3. Finding operating systems
    4. Finding compromised devices and websites
  23. Shodan command line
    1. Introduction to shodan command line
    2. Practical shodan in command line
  24. Github dorking
    1. Introduction to github dorking
    2. Github dorking practical
  25. Vulnerability scanning
    1. Nuclei
    2. Wp-Scan
    3. Scanning with burpsuite
  26. Metasploit for recon
    1. DNS recon using metasploit
    2. Sub-domain enumeration using metasploit
    3. E-mail address finding
  27. Port scanning using metasploit
    1. TCP SYN port scan using metasploit
    2. SSH version detection
    3. FTP version enumeration
    4. MySQL version detection
    5. HTTP enumeration
  28. Payloads for bug bounty hunters
    1. Payloads for bug hunters and enetration testers
  29. How to create tools for recon ?
    1. SSRF finder tool
    2. XSS finding too
    3. URL extractor from javascript files
    4. Full website recon tool
  30. Bonus
    1. Bonus video

Thank you 🙂

Vivek Pandit

English
language

Content

Introduction

Introduction of recon

Subdomain enumeration from tools

Subdomain enumeration #1
Subdomain enumeration #2
Subdomain enumeration #3
Subdomain enumeration #4
Subdomain bruteforcing tools
Filtering unique domains
Subdomain generator

Subdomain enumeration from websites

Subdomain enumeration from website #1
Subdomain enumeration from website #2
Subdomain enumeration from website #3
Subdomain enumeration from website #4

Filtering live domains

Filtering live domains

URL extraction from the internet

URL extraction from the internet #1
URL extraction from the internet #2

Finding parameters

Finding parameters
Parameter bruteforcer

Finding URL from past

URL from past

Sorting urls

Sorting url for vulnerabilities

Automation for replacing parameters with Payloads

Automation for replacing parameters with Payloads

Footprinting websites

Wahtweb scanner
Netcraft
Security headers
Dnsdumpmaster
Whois recon
Mxtoolbox
OSINT
Maltego

Browser addons for recon

Wappalyzer addon
retire.js addon
Shodan addon
Knoxx addon
Hack-tools addon

WAF idetification

WAF Identificaton

Subdomain takeover

HostileSubBruteForcer
Sub404
Subjack

Fuzzing (Content-Discovery)

Automation for replacing parameters with Payloads
dirb
ffuf

Port scanning

Introduction to nmap
Port specification in nmap
Service and version detection from nmap
Firewall bypass technique

Fast port scanning

naabu
Masscan

Visual recon

Gowitness

Google dorking

Introduction to google dorking
Understanding the structure of url
Syntax of google dorking
Golden rules of google dorking
Google dorking operators
Google search operators ( Part – 1 )
Google search operators ( Part – 2 )

Google dorking practical

Introduction to practical google dorking
How to find directory listing vulnerabilities ?
How to dork for wordpress plugins and thems ?
How to dork for web servers versions ?
How to dork for application generated system reports ?
Dorking for SQLi
Reading materials for google dorking

Tips for advance google dorking

Tip #1
Tip #2
Tip #3

Shodan dorking

Introduction to shodan dorking
Shodan web interface
Shodan search filters
Resource

Shodan dorking practical

Finding servers
Finding fIles and directories
Finding operating systems
Finding compromised devices and websites

Shodan command line

Introduction to shodan command line
Practical shodan in command line

Github dorking

Introduction to github dorking
Github dorking practical

Vulnerability scanning

Nuclei tool
WP-Scan
List of shodan search filters
Scanning with burpsuite

Metasploit for recon

DNS recon using metasploit
Sub-domain enumeration using metasploit
E-mail address finder

Port scanning using metasploit

TCP SYN port scan using metasploit
SSH version detection
FTP version enumeration
MySQL version detection
HTTP enumeration

Payloads

Payloads for bug hunters and penetration testers

How to create tools for recon ?

XSS finding tool
URL extractor from javascript files
SSRF finder tool
Full website recon tool

Bonus

Bonus video