Reconnaissance
info
The "Web Hacking" section are notes that I have compiled while learning using the PortSwigger Web Security Academy and from the book Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities by Vickie Li. A majority of the notes/codes are from them, however I will modify these according to my needs.
- Manually walk through the target
- See what you are able to do at different privilege levels
- See what you can/can't access
- Google Dorking - advanced Google searches
- site - searches for pages on only one site
print site:python.org
- inurl - searches for pages with the text you choose in the URL
inurl: "admin.php" site:example.com
- intitle - searches for specific strings in a page's title
intitle: "index of" site: example.com
- link - searches for websites that reference the link
link:"example.com"
- filetype - searches for pages with specific file extensions
filetype:log site:example.com
- wildcard - to replace the wildcard with anything
how to hack a *
- quotes - will make the search more specific
"how to hack"
- or - can be used to search for one term or another
"how to hack" site:(reddit.com | stackoverflow.com)
- minus - exclude an item from the search
"how to hack" -php
- https://www.exploit-db.com/google-hacking-database
- site - searches for pages on only one site
- Scope Discovery
- whois search
whois google.com
- reverse whois search
- nslookup
- certificate parsing
- subdomain enumeration
- service enumeration
- nmap
- shodan
- directory brute-forcing
- spidering the site
- third-party hosting
site:s3.amazonaws.com``
Company_name
- amazonaws bucket company_name
- amazonaws company_name
- s3 company_name
- https://buckets.grayhatwarfare.com/
- github recon
- search for the users profile
- go through commits
- https://github.com/streaak/keyhacks
- https://github.com/michenriksen/gitrob
- https://github.com/trufflesecurity/truffleHog
- https://github.com/kevthehermit/PasteHunter
- recon platforms
- whois search