mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-24 13:25:26 +00:00
64 lines
2.5 KiB
Markdown
64 lines
2.5 KiB
Markdown
|
* ### __Small Scope__
|
|||
|
Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
|
|||
|
- [x] Directory Enumeration
|
|||
|
- [x] Technology Fingerprinting
|
|||
|
- [x] Port Scanning
|
|||
|
- [x] Parameter Fuzzing
|
|||
|
- [x] Wayback History
|
|||
|
- [x] Known Vulnerabilities
|
|||
|
- [x] Hardcoded Information in JavaScript
|
|||
|
- [x] Domain Specific GitHub & Google Dorking
|
|||
|
- [x] Broken Link Hijacking
|
|||
|
- [x] Data Breach Analysis
|
|||
|
- [x] Misconfigured Cloud Storage
|
|||
|
* ### __Medium Scope__
|
|||
|
Usually the scope is wild card scope where all the subdomains are part of scope
|
|||
|
- [x] Subdomain Enumeration
|
|||
|
- [x] Subdomain Takeover
|
|||
|
- [x] Probing & Technology Fingerprinting
|
|||
|
- [x] Port Scanning
|
|||
|
- [x] Known Vulnerabilities
|
|||
|
- [x] Template Based Scanning (Nuclei/Jeales)
|
|||
|
- [x] Misconfigured Cloud Storage
|
|||
|
- [x] Broken Link Hijacking
|
|||
|
- [x] Directory Enumeration
|
|||
|
- [x] Hardcoded Information in JavaScript
|
|||
|
- [x] GitHub Reconnaissance
|
|||
|
- [x] Google Dorking
|
|||
|
- [x] Data Breach Analysis
|
|||
|
- [x] Parameter Fuzzing
|
|||
|
- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
|
|||
|
- [x] IP Range Enumeration (If in Scope)
|
|||
|
- [x] Wayback History
|
|||
|
- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
|
|||
|
- [x] Heartbleed Scanning
|
|||
|
- [x] General Security Misconfiguration Scanning
|
|||
|
* ### __Large Scope__
|
|||
|
Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
|
|||
|
- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.)
|
|||
|
- [x] Subsidiary & Acquisition Enumeration (Depth – Max)
|
|||
|
- [x] Reverse Lookup
|
|||
|
- [x] ASN & IP Space Enumeration and Service Identification
|
|||
|
- [x] Subdomain Enumeration
|
|||
|
- [x] Subdomain Takeover
|
|||
|
- [x] Probing & Technology Fingerprinting
|
|||
|
- [x] Port Scanning
|
|||
|
- [x] Known Vulnerabilities
|
|||
|
- [x] Template Based Scanning (Nuclei/Jeales)
|
|||
|
- [x] Misconfigured Cloud Storage
|
|||
|
- [x] Broken Link Hijacking
|
|||
|
- [x] Directory Enumeration
|
|||
|
- [x] Hardcoded Information in JavaScript
|
|||
|
- [x] GitHub Reconnaissance
|
|||
|
- [x] Google Dorking
|
|||
|
- [x] Data Breach Analysis
|
|||
|
- [x] Parameter Fuzzing
|
|||
|
- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
|
|||
|
- [x] IP Range Enumeration (If in Scope)
|
|||
|
- [x] Wayback History
|
|||
|
- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
|
|||
|
- [x] Heartbleed Scanning
|
|||
|
- [x] General Security Misconfiguration Scanning
|
|||
|
- [x] And any possible Recon Vector (Network/Web) can be applied.
|
|||
|
|
|||
|
Source: [Link](https://www.xmind.net/m/hKKexj/)
|