Discover and read the best of Twitter Threads about #recontips
Most recents (5)
ProjectDiscovery Recon Series π₯
Your daily Sunday reading is brought to you by @pdiscoveryio with its Recon 101 Series.π§΅π
#Recon #AttackSurface #bugbounty #recontips #projectdiscovery
Your daily Sunday reading is brought to you by @pdiscoveryio with its Recon 101 Series.π§΅π
#Recon #AttackSurface #bugbounty #recontips #projectdiscovery
1 - Active and Passive Recon
Master both techniques to uncover target info stealthily.
blog.projectdiscovery.io/reconnaissanceβ¦
Master both techniques to uncover target info stealthily.
blog.projectdiscovery.io/reconnaissanceβ¦
Want to improve your network scanning skills with Nmap? π΅οΈββοΈπ»
Check out these 5 quick tips to define targets, speed up scans, and scan with specific script categories! π§΅π
#recon #recontips #AttackSurface #bugbounty #recontools #cybersecurity
Check out these 5 quick tips to define targets, speed up scans, and scan with specific script categories! π§΅π
#recon #recontips #AttackSurface #bugbounty #recontools #cybersecurity
1/5 Let's start with how to define targets.
Define targets for nmap scan by specifying IP addresses, IP ranges, domain names, or using a target list file.
$ nmap <IP1> <IP2> β¦
$ nmap 192.168.0.1/24
$ nmap <domain name>
$ nmap -iL <target list file>
Define targets for nmap scan by specifying IP addresses, IP ranges, domain names, or using a target list file.
$ nmap <IP1> <IP2> β¦
$ nmap 192.168.0.1/24
$ nmap <domain name>
$ nmap -iL <target list file>
2/5 The Ippsec scan for basic coverage.
Perform a comprehensive network scan using nmap's Ippsec initial scan.
$ nmap 127.0.0.1 -sC -sV -oA initial_nmap_scan
Perform a comprehensive network scan using nmap's Ippsec initial scan.
$ nmap 127.0.0.1 -sC -sV -oA initial_nmap_scan
𧡠Here we are! Katana, a new web Crawler by @pdiscoveryio
Let's see how it works. A thread ππ§΅
#recontips #recon #projectdiscovery #hackwithautomation #bugbounty
Let's see how it works. A thread ππ§΅
#recontips #recon #projectdiscovery #hackwithautomation #bugbounty
1/7 - Quick Start - Crawling Mode
You can crawl websites in Standard mode or Headless mode (-hl). Add -jc for JS Crawling
$ katana -u http://testphp.vulnweb. com
$ katana -u http://testphp.vulnweb. com -hl
$ katana -list url_list.txt -jc
You can crawl websites in Standard mode or Headless mode (-hl). Add -jc for JS Crawling
$ katana -u http://testphp.vulnweb. com
$ katana -u http://testphp.vulnweb. com -hl
$ katana -list url_list.txt -jc
2/7 - Filters - 1
You can filter results to show only urls,path,file, and much more
$ katana -u http://testphp.vulnweb. com -fields path
$ katana -u http://testphp.vulnweb. com -fields file
$ katana -u http://testphp.vulnweb. com -fields dir
You can filter results to show only urls,path,file, and much more
$ katana -u http://testphp.vulnweb. com -fields path
$ katana -u http://testphp.vulnweb. com -fields file
$ katana -u http://testphp.vulnweb. com -fields dir
6 easy steps to master httpx. A thread ππ§΅
httpx (from @pdiscoveryio) is a fast and multi-purpose HTTP toolkit. Let's find out how it works
π
#recon #httpx #bugbountytips #bugbounty #AttackSurfaceManagement #recontips
httpx (from @pdiscoveryio) is a fast and multi-purpose HTTP toolkit. Let's find out how it works
π
#recon #httpx #bugbountytips #bugbounty #AttackSurfaceManagement #recontips
1/6 Standard use
httpx can be used with a target list or piped with other tools:
$ httpx -list subdomains.txt
$ subfinder -d ups. com | httpx -silent
$ httpx -l subs.txt -ports 8080 -threads 100
httpx can be used with a target list or piped with other tools:
$ httpx -list subdomains.txt
$ subfinder -d ups. com | httpx -silent
$ httpx -l subs.txt -ports 8080 -threads 100
2/6 Specific Path or file:
It's possible to request a specific file or path useful for searching misconfiguration on multiple targets:
$ httpx -l subs.txt -silent -path β/.git/β -fr -mc 200
It's possible to request a specific file or path useful for searching misconfiguration on multiple targets:
$ httpx -l subs.txt -silent -path β/.git/β -fr -mc 200
Subdomain Enumeration is a critical phase in the BugBounty game
Subfinder (from @pdiscoveryio) is one of the best tool for subdomain enumeration
Here are 6 steps to master this great tool ππ§΅
#recontips #bugbountytips #bugbounty #pentesting #AttackSurfaceManagement
Subfinder (from @pdiscoveryio) is one of the best tool for subdomain enumeration
Here are 6 steps to master this great tool ππ§΅
#recontips #bugbountytips #bugbounty #pentesting #AttackSurfaceManagement
1/6 Subdomain Enumeration
$ subfinder -d ups. com
$ subfinder -d ups .com -all -config config.yaml
$ subfinder -dL listOfDomains.txt -all
$ subfinder -d ups. com
$ subfinder -d ups .com -all -config config.yaml
$ subfinder -dL listOfDomains.txt -all
2/6 Sources
You can display, exclude or selecting the sources
$ subfinder -d ups. com -collect-sources
$ subfinder -d ups. com -exclude-sources crtsh,alienvault
$ subfinder -d ups. com -sources crtsh
$ subfinder -ls
You can display, exclude or selecting the sources
$ subfinder -d ups. com -collect-sources
$ subfinder -d ups. com -exclude-sources crtsh,alienvault
$ subfinder -d ups. com -sources crtsh
$ subfinder -ls
