Featured
- Get link
- Other Apps
Bug Bounty Methodology
Methodology
Recon
Passive
whois <domain>
Get owner info
nslookup <domain>
Get IP addresses
whois -r <IP> && whois -h whois.cymru.com <IP>
Get more owner information
subfinder -d <domain> && assetfinder -subs-only
Get sub-domains
Eyewitnes.py -f <url’s>
Screen-shot all pages
Active
httpx -ip -sc -tech -l <subs>
Check status code and get IP of every site
gobuser dir -u <url’s> -w <path/to/wordlist> && gobuster dns -d <domain> -w <path/to/wordlist>
Get more subdomains and and directories
nmap -sC -sV <IP’s>
Get all open ports
nuclei -l <url’s>
Get vulnerability information
sqlmap
wpscan
If running wordpress
Manual
Walk the site with burp
Take note of interesting pages and fill up the burp history for future reference.
Check all the 401/403 with way back machine
The site may have been scanned at a time when these pages were exposed, this means you may be able to see the forbidden content.
Make 2 accounts and see how one can affect the other
Try to find unique user information E.g: id in the URL. Use the first account to try and effect or access the other user.
Check Wappalizer on pages
Building a list of all the used tech is a good idea.
AWS Buckets
Check the buckets if there using AWS
Try to find company’s github/gitlab page
Getting access to any code is a win.
See if you can find any employees on linkedin, and find there gituhub/lab pages
If you can find the developers git pages it can give you a lot of information about the code they write.
Attack
Reflected Cross Site ScriptingStored Cross Site Scripting
DOM based Cross Site Scripting
Cross Site Flashing
HTML Injection
SQL Injection
LDAP Injection
ORM Injection
XML Injection
XXE Injection
SSI Injection
XPath Injection
XQuery Injection
IMAP/SMTP Injection
Code Injection
Expression Language Injection
Command Injection
Overflow (Stack, Heap and Integer)
Format String
incubated vulnerabilities
HTTP Splitting/Smuggling
HTTP Verb Tampering
Open Redirection
Local File Inclusion
Remote File Inclusion Compare client-side and server-side validation rules
NoSQL injection
HTTP parameter pollution
auto-binding
Mass Assignment
NULL/Invalid Session Cookie
- Get link
- Other Apps
Comments
Post a Comment