ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2025-02-21 14:16:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added recon checklist

Browse Source
This commit is contained in:
MD15 2021-02-03 21:16:07 +07:00
parent 8d34dc26d4
commit 62b0ae8a61
1 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
Misc/Recon.MD Normal file
View File

@ -0,0 +1,66 @@
# Bug-Bounty-Recon
## Small Scope
### Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs. like: app.harshbothra.tech
- [x] Directory Enumeration
- [x] Technology Fingerprinting
- [x] Port Scanning
- [x] Parameter Fuzzing
- [x] Wayback History
- [x] Known Vulnerabilities
- [x] Hardcoded Information in JavaScript
- [x] Domain Specific GitHub & Google Dorking
- [x] Broken Link Hijacking
- [x] Data Breach Analysis
- [x] Misconfigured Cloud Storage
## Medium Scope
### Usually the scope is wild card scope where all the subdomains are part of scope. like: Scope: *.harshbothra.tech
- [x] Subdomain Enumeration
- [x] Subdomain Takeover
- [x] Probing & Technology Fingerprinting
- [x] Port Scanning
- [x] Known Vulnerabilities
- [x] Template Based Scanning (Nuclei/Jeales)
- [x] Misconfigured Cloud Storage
- [x] Broken Link Hijacking
- [x] Directory Enumeration
- [x] Hardcoded Information in JavaScript
- [x] GitHub Reconnaissance
- [x] Google Dorking
- [x] Data Breach Analysis
- [x] Parameter Fuzzing
- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
- [x] IP Range Enumeration (If in Scope)
- [x] Wayback History
- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
- [x] Heartbleed Scanning
- [x] General Security Misconfiguration Scanning
## Large Scope
### Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.)
- [x] Subsidiary & Acquisition Enumeration (Depth Max)
- [x] Reverse Lookup
- [x] ASN & IP Space Enumeration and Service Identification
- [x] Subdomain Enumeration
- [x] Subdomain Takeover
- [x] Probing & Technology Fingerprinting
- [x] Port Scanning
- [x] Known Vulnerabilities
- [x] Template Based Scanning (Nuclei/Jeales)
- [x] Misconfigured Cloud Storage
- [x] Broken Link Hijacking
- [x] Directory Enumeration
- [x] Hardcoded Information in JavaScript
- [x] GitHub Reconnaissance
- [x] Google Dorking
- [x] Data Breach Analysis
- [x] Parameter Fuzzing
- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
- [x] IP Range Enumeration (If in Scope)
- [x] Wayback History
- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
- [x] Heartbleed Scanning
- [x] General Security Misconfiguration Scanning
- [x] And any possible Recon Vector (Network/Web) can be applied.
Source: [Link](https://www.xmind.net/m/hKKexj/)