Welcome to Recon for Bug Bounty, Pentesting & Ethical Hacking.
This course starts with the Basics of Recon & Bug Bounty Hunting Fundamentals to Advance Exploitation.
This course starts with basics with Web and Web Server Works and how it can be used in our day to day life. We will also learn about DNS, URL vs URN vs URI and Recon for Bug Bounties to make our base stronger and then further move on to Target Expansion, Content Discovery, Fuzzing CMS Identification, Certificate Transparency, Visual Recon , Github Recon , Custom Wordlists , Mind maps, Bug Bounty Automation, Bug Bounty Platforms with practicals.
This course covers All the Tools & Techniques for Penetration Testing & Bug Bounties for a better understanding of what’s happening behind the hood.
The course also includes in depth approach towards any target and increases the scope for mass hunting and success.
With this course, we will learn Target Selection Techniques for Host, Subnet Scans & Host Discovery, Content Discovery, Subdomain Enumeration Horizontal & Vertical, CMS Identification, Fuzzing the target for finding web vulnerabilities like XSS, Open Redirect, SSRF, Sql Injection etc. How to increase the scope and take screenshots for large number for hosts for better visualisation. We will also learn how to use Shodan for Bug Bounties to find critical vulnerabilities in targets. We will also use Github recon to find sensitive information for targets like API keys from GitHub Repositories. Next we will see how to perform Automation for daily day to day tasks and easier ways to run tools. We will also see how to write Bug Bounty & Pentesting Reports. We will also cover mind maps by other hackers for a better approach towards any target and also we will see mindmap created by us. We will also see Bug Bounty Platforms and how to kick start our journey on them.
Here's a more detailed breakdown of the course content:
In all the sections we will start the fundamental principle of How the scan works and How can we perform Exploitation.
- In Introduction, We will cover What is Web, What are Web Servers, DNS and We will also learn about DNS and How DNS works and also How DNS is important in our day to day life.We will also see the difference between URL, URN and URI, We will also see the complete breakdown of URL to understand better. We will also learn about Bug-Bounty Hunting and Understand the Importance of Recon in Bug-Bounty Hunting and Pentesting.
- Before starting the journey, We will see Top-10 rules for Bug-Bounty Hunting and we will understand the psychology of the Hackers.
- In Shodan for Bug-Bounties we will start with the installation of Shodan and we will learn about Shodan Queries such as Info, Count downloads and many more and will run them from our command line. We will also learn Host Enumeration, Parse dataset, Search Queries, Scan commands using Shodan. The Section cannot be completed without learning about Shodan GUI which is very simple and easily understandable. We will also see Shodan Images, Exploits , Report generation and alot more.In the end, we will see the summary and revision of the section to remember the important queries and key points.
- We will see live hunting with Shodan and understand about latest CVE’s and perform exploits. We will see Jenkins Exploitation Logs, Jenkins Exploitation Credentials, ADB under Shodan LIVE Hunting.
- In Certificate Transparency for Subdomain Enumeration we will learn about crt[dot]sh, wildcards of crt[dot]sh and We will learn automation for crt[dot]shto enumerate subdomains for a target. We will also learn about Shodan, Censys for Subdomain Enumeration, We will learn about Google and Facebook Certificate Transparency. We will also learn to find out Subdomains using DNS Dumpster and enumerate all the DNS records as well as save the hosts in a xlsx format. We will also see the workflow for dnsdumpster to know about the whole target server from its DNS records like A, CNAME, MX, TXT etc.
- In Scope Expansion we will learn about ASN Lookup, Pentest tools, VirusTotal. We will also learn about some awesome tools like Sublister, Subfinder, knockpy, Asset Finder, Amass, Findomain, Sublert, Project Discovery Nmmapper and a lot more.
We will also understand how to use them effectively for expanding the scope to walk on less travelled road and achieve success in bug bounties
- In DNS Enumeration for Bug-Bounties we will learn and understand about DNS Dumpster, DNS Goodies, Altdns, Massdns, Vertical & Horizontal Correlation (Viewdns.info) and enumerate the subdomains from the recursive DNS.
- We will start with Introduction to Fuzzing, Its importance and Step by Step process, We will see fuzzing practically on LAB and LIVE websites to understand better.
We will Learn, Understand and Use tools like Wfuzz and FFUF and also see how we can perform recursive fuzzing on the target. We will also perform HTTP Basic Auth Fuzz to crack the login of the dashboards and also do Login Authentication Cracking with the help of useful wordlists.
- We will utilise some of the wordlists like Seclists, FuzzDB, Jhaddix All.txt and will also see how to make our own custom wordlists for the targets.
- Content Discovery covers tools like Dirsearch, Gobuster which will be helpful for finding out sensitive endpoints of the targets like db.conf or env files which may contain the DB username and passwords. Also sensitive information like periodic backups or source code and can also be identified which can lead to compromise of the whole server.
- In CMS Identification we will learn and understand about Wappalyzer, Builtwith, Netcraft, Whatweb, Retire.jsAs Banner Grabbing and identifying information about the target is the foremost step, we will identify the underlying technologies which will enable us to narrow down the approach which will lead to success.
- In WAF Identification we will see WAF Detection with Nmap, WAF Fingerprinting with Nmap, WafW00f vs Nmap.We will know, If there are any firewalls running on the target and accordingly send our payloads to the targets and throttle our requests so we can evade them successfully.
- The Mindmaps for Recon and Bug-Bounty section will cover the approach and methodology towards the target for pentesting and bug bounty. A strong and clear visual building block visual representation will help in performing the attack process with more clarity and will help in knowing the next steps.
- The Bug-Bounty Platforms section contains a Roadmap of How to start your Bug-Bounty Journey on different Platforms like Hackerone, Bugcrowd, Integrity, Synack, It also covers how to Report Private RVDP Programs.
Notes:
- This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed.
- Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility.
