Recon for bug bounty, penetration testers & ethical hackers

This course is entirely made for



website reconnaissance for bug bounty hunters, penetration testers & ethical hackers.



This is an intermediate-level course. All the topics are discussed here regarding



recon on websites.

Some of the topics are what is a survey, what is recon, recon for bug bounty hunters and penetration testers,



Subdomain enumeration, URL enumeration, parameter brute-forcing, Creating your recon tools, and many more…

This course is entirely focused on



website recon



and



vulnerability assessment.

There will be the whole methodology of



website reconnaissance, bug bounty hunting, and penetration testing.



The videos are



divided into small sections



for the students to learn.

All the resources are provided in the resource section, including



links, pdf, and payloads used in the course.

Course Curriculum :

1. 
   
   Introduction
   
   
   1. Introduction to recon
2. 
   
   Subdomain enumeration from tools
   
   
   1. Subdomain enumeration #1
   2. Subdomain enumeration #2
   3. Subdomain enumeration #3
   4. Subdomain enumeration #4
   5. Subdomain bruteforcing
   6. Filtering unique domains
   7. Subdomain generator
3. 
   
   Subdomain enumeration from websites
   
   
   1. Subdomain enumeration from website #1
   2. Subdomain enumeration from website #2
   3. Subdomain enumeration from website #3
   4. Subdomain enumeration from website #4
4. 
   
   Filtering live domains
   
   
   1. Filtering live domains
5. 
   
   URL extraction from the internet
   
   
   1. URL extraction from the internet #1
   2. URL extraction from the internet #2
6. 
   
   Finding parameters
   
   
   1. Finding parameters
   2. Parameter bruteforcer
7. 
   
   Finding URLs from past
   
   
   1. URL from past
8. 
   
   Sorting urls
   
   
   1. Sorting URLs for vulnerabilities
9. 
   
   Automation for replacing parameters with Payloads
   
   
   1. Automation for replacing parameters with Payloads
10. 
    
    Footprinting websites ( Website recon )
    
    
    1. What web recon
    2. Netcraft
    3. Security headers
    4. Dnsdumpmaster
    5. Whois recon
    6. Mxtoolbox
    7. OSINT
    8. Maltego
11. 
    
    Browser add-ons for recon
    
    
    1. analyzer
    2. retire.js
    3. shodan
    4. Knoxx
    5. Hack-tools addon
12. 
    
    WAF identification
    
    
    1. WAF identification
13. 
    
    Subdomain takeover
    
    
    1. HostileSubBruteForcer
    2. Sub404
    3. Subject
14. 
    
    Fuzzing (Content-Discovery)
    
    
    1. dir
    2. ffuf
15. 
    
    Port scanning
    
    
    1. Introduction to Nmap
    2. Port specification in nmap
    3. Service and version detection from nmap
    4. Firewall bypass technique
16. 
    
    Fast port scanning
    
    
    1. Nabu
    2. mass can
17. 
    
    Visual recon
    
    
    1. Gowitness
18. 
    
    Google Dorking
    
    
    1. Introduction to google Dorking
    2. Understanding the URL structure
    3. Syntax of google Dorking
    4. Google Dorking operators
    5. Google search operators ( Part – 1 )
    6. Google search operators ( Part – 2 )
19. 
    
    Google Dorking practical
    
    
    1. Introduction to practical google Dorking
    2. How to find directory listing vulnerabilities?
    3. How to dork for WordPress plugins and themes?
    4. How to work for web server versions?
    5. How to dork for application-generated system reports?
    6. Dorking for SQLi
    7. Reading materials for google Dorking
20. 
    
    Tips for advanced google Dorking
    
    
    1. Tip #1
    2. Tip #2
    3. Tip #3
21. 
    
    Shodan Dorking
    
    
    1. Intro to shodan Dorking
    2. Shodan web interface
    3. Shodan search filters
22. 
    
    Shodan Dorking practical
    
    
    1. Finding server
    2. Finding files and directories
    3. Finding operating systems
    4. Finding compromised devices and websites
23. 
    
    Shodan command line
    
    
    1. Introduction to the shodan command line
    2. Practical shodan in command line
24. 
    
    Github Dorking
    
    
    1. Introduction to GitHub Dorking
    2. Github Dorking practical
25. 
    
    Vulnerability scanning
    
    
    1. Nuclei
    2. Wp-Scan
    3. Scanning with burp suite
26. 
    
    Metasploit for recon
    
    
    1. DNS recon using Metasploit
    2. Sub-domain enumeration using Metasploit
    3. E-mail address finding
27. 
    
    Port scanning using Metasploit
    
    
    1. TCP SYN port scan using Metasploit
    2. SSH version detection
    3. FTP version enumeration
    4. MySQL version detection
    5. HTTP enumeration
28. 
    
    Payloads for bug bounty hunters
    
    
    1. Payloads for bug hunters and penetration testers
29. 
    
    How to create tools for recon?
    
    
    1. SSRF finder tool
    2. XSS finding too
    3. URL extractor from javascript files
    4. Full website recon tool
30. 
    
    Bonus
    
    
    1. Bonus video

Thank you ????

Vivek Pandit