Skip to content

La3B0z/bugbounty-starter-notes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 

Repository files navigation

Books

  1. The web application hacker's handbook
  2. owasp testing guide
  3. web hacking 101
  4. breaking into infromation security
  5. mastering mordern web peneteration testing

Recon

  • ASN's(autonomous system numbers) - (ip ranges , keyword searches)

  • ARIN & RIPE - arin ripe whoislookups all

  • Rev whois - rev

  • shodan - shodan

  • we cannot miss out on burp

  • domlink domlink

  • builtwith - they also has a browser plugin it tells about stack that site is bult on and analytics

    Subdomain scraping enumeration

    subdomain bruteforcing

    • massdns

      ex: .subbrute.py /root/work/bin/all.txt $TARGET.com | ./bin/massdns -r resolvers.txt -t A -a -o -w massdns_output.txt -

    • gobuster

      ex gobuster -m dns -u $TARGET.com -t 100 -w all.txt

    • best dictonary file : all.txt

    • scans.io

    • commonspeak

    Enumeration

    • masscan

      ex: masscan -p1-65535 -iL $TARGET_LIST --max-rate 10000 -oG $TARGET_OUTPUT

    • nmap

    • brutespray

      masscan output => map services scan -oG => brutespray credential bruteforcing.

      ex: python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

    • Eyewitness

    • waybackursls enumeration using wayback

Keeping track of all this

  Xmind organization

xmind.png

Identification and cve searching

Parsing Heavy javascript sites

  • zap Ajax spider - owasp zap
  • [Linkfinder]
  • [jsparser]

Content Discovery

  • Gobuster
  • Burp content discovery
  • Robots disallowed
  • wpscan
  • Seclists / RAFT / Digger wordlists
  • cmsmap
  • custom wordlist

XSS

SSRF

Subdomain Takeover info

Work in progress..

About

bug bounty hunters starter notes

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published