ProjectDiscovery Recon Series 🔥

Your daily Sunday reading is brought to you by @pdiscoveryio with its Recon 101 Series.🧵👇

#Recon #AttackSurface #bugbounty #recontips #projectdiscovery 1 - Active and Passive Recon

Master both techniques to uncover target info stealthily.

blog.projectdiscovery.io/reconnaissance…

Want to improve your network scanning skills with Nmap? 🕵️‍♀️💻

Check out these 5 quick tips to define targets, speed up scans, and scan with specific script categories! 🧵👇

#recon #recontips #AttackSurface #bugbounty #recontools #cybersecurity 1/5 Let's start with how to define targets.

Define targets for nmap scan by specifying IP addresses, IP ranges, domain names, or using a target list file.

$ nmap <IP1> <IP2> …
$ nmap 192.168.0.1/24
$ nmap <domain name>
$ nmap -iL <target list file>

Hey ReconOne fam! I've personally used Sqlmap on several occasions and it has proven to be a valuable tool in my security arsenal.

Let's dive into some of its features
👇🧵

#sqlmap #sqli #bugbountyhelp #bugbounty #AttackSurface 1/7 Sqlmap against potential vulnerable Page

$ sqlmap -u https://example. com/page?id=1 -v 3

$ sqlmap -u https://example. com/list --data id=1

$ sqlmap -u https://example. com/internal --cookie=PHPSESSIDabcdef

🧵 Here we are! Katana, a new web Crawler by @pdiscoveryio

Let's see how it works. A thread 👇🧵

#recontips #recon #projectdiscovery #hackwithautomation #bugbounty 1/7 - Quick Start - Crawling Mode

You can crawl websites in Standard mode or Headless mode (-hl). Add -jc for JS Crawling

$ katana -u http://testphp.vulnweb. com

$ katana -u http://testphp.vulnweb. com -hl

$ katana -list url_list.txt -jc

6 easy steps to master httpx. A thread 👇🧵

httpx (from @pdiscoveryio) is a fast and multi-purpose HTTP toolkit. Let's find out how it works

👇

#recon #httpx #bugbountytips #bugbounty #AttackSurfaceManagement #recontips 1/6 Standard use

httpx can be used with a target list or piped with other tools:

$ httpx -list subdomains.txt

$ subfinder -d ups. com | httpx -silent

$ httpx -l subs.txt -ports 8080 -threads 100

Subdomain Enumeration is a critical phase in the BugBounty game

Subfinder (from @pdiscoveryio) is one of the best tool for subdomain enumeration

Here are 6 steps to master this great tool 👇🧵

#recontips #bugbountytips #bugbounty #pentesting #AttackSurfaceManagement 1/6 Subdomain Enumeration

$ subfinder -d ups. com

$ subfinder -d ups .com -all -config config.yaml

$ subfinder -dL listOfDomains.txt -all

ffuf is used by hundreds of people

But only a few use the tool effectively.

Here are 9 tips you want to know right away 👇 🧵

#bugbountytips #bugbounty #recon #ffuf 1/9 Standard mode

c: color
ac: auto calibration
r: follow redirects

$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -r

$ ffuf -c -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -ac

Uncover is a great Recon tool by @pdiscoveryio to quickly discover exposed hosts on the internet.

Here are 6 step that will teach you more about Uncover 👇🧵 1/6 Get started

Launch uncover for the first time in this way:

$ echo 127.0.0.1 | uncover

now you can edit the provider-config file, created in that moment

Nuclei (by @pdiscoveryio) is a vulnerability detection tool used by thousands of people every day.

But only a few master it at 100%

Here is how you can improve the use of the tool 🧵 👇

#nuclei #bugbounty #bugbountytips #hackwithautomation 1/6 Default mode

By default nuclei use almost all templates, so if your objective is a complete scan, you can try:

$ nuclei -u http://site. com

$ nuclei -l url_list.txt

$ cat urls.txt | nuclei

(WARNING: this could overload servers)