notes are from Jason haddix’s How to shot web talk link

Books

1. The web application hacker’s handbook
2. owasp testing guide
3. web hacking 101
4. breaking into infromation security
5. mastering mordern web peneteration testing

Recon

• ASN’s(autonomous system numbers) - (ip ranges , keyword searches)
• ARIN & RIPE - arin ripe whoislookups all
• Rev whois - rev
• shodan - shodan
• we cannot miss out on burp
• domlink domlink

• builtwith - they also has a browser plugin it tells about stack that site is bult on and analytics

  #### Subdomain scraping enumeration

  • google dorks
  • robtex
  • waybackmachine
  • sublist3r
  • Amass
  • subfinder

  • Cloudflare Enumeration Tool #### subdomain bruteforcing

  • massdns

    ex: .subbrute.py /root/work/bin/all.txt $TARGET.com | ./bin/massdns -r resolvers.txt -t A -a -o -w massdns_output.txt -

  • gobuster

    ex gobuster -m dns -u $TARGET.com -t 100 -w all.txt

  • best dictonary file : all.txt
  • scans.io
  • commonspeak

  Enumeration

  • masscan

    ex: masscan -p1-65535 -iL $TARGET_LIST --max-rate 10000 -oG $TARGET_OUTPUT

  • nmap

  • brutespray

    masscan output => map services scan -oG => brutespray credential bruteforcing.

    ex: python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

  • Eyewitness
  • waybackursls enumeration using wayback

# Keeping track of all this Xmind organization

# Identification and cve searching

• buldwith
• retire.js
• burp-vulners-scanner
• wappanalyzer # Parsing Heavy javascript sites
• zap Ajax spider - owasp zap
• [Linkfinder]
• [jsparser]

# Content Discovery

• Gobuster
• Burp content discovery
• Robots disallowed
• wpscan
• Seclists / RAFT / Digger wordlists
• cmsmap
• custom wordlist

XSS

• blind xss frameworks
  • bXSS
  • ezXSS
  • XSS hunter
  • KnoXSS
  • Sleepy Puppy
• XSS polyglot *
• XSS Mindmap

SSRF

• for testing in cloud https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b
• SSRFmap
• Gopherus

Subdomain Takeover

info

notes on newer version of Jason Haddix’s talks TBHMv4

Learn How to Hunt

Tutorials and Things to Do while Hunting Vulnerability. Howtohunt repo

Gold mine of Resources from Nahamsec

Resources-for-Beginner-Bug-Bounty-Hunters🔥

Android Pentesting Mindmap Link from @ofjaaah

Link good blog on recon

Read writeups from pentesterland , H1 Hacktivity , Infosec twitter and medium articles

Great blog on github recon

Work in progress..

Contributors