Learning Path for Hacker | Bug Hunting Methodology

Bug Hunting Methodology

Task 1: Introduction

Welcome to the Bug Hunting Methodology guide. This section will take you through a comprehensive process for identifying and reporting bugs, leveraging various tools and techniques. Whether you're a beginner or an experienced bug hunter, this guide will help you hone your skills and improve your success rate in finding vulnerabilities.

Tools You Will Need

  • Subfinder
  • Httpx-toolkit
  • Katana
  • Nuclei
  • Dirsearch
  • Subzy
  • Python3 (for custom scripts)
Task 2: Recon: Subdomain Enumeration

Use subfinder to enumerate subdomains for the target domain.

subfinder -d example.com -all -recursive > subdomain.txt
Task 3: Recon: Check for Alive Subdomains

Check which subdomains are alive using httpx-toolkit.

cat subdomain.txt | httpx-toolkit -ports 80,443,8080,8000,8888 -threads 200 > subdomains_alive.txt
Task 4: Recon: URL Discovery

Use katana to find URLs.

katana -u subdomains_alive.txt -d 5 -ps -pss waybackarchive,commoncrawl,alienvault -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
Task 5: Recon: Search for Sensitive Files

Search for sensitive files using grep.

cat allurls.txt | grep -E "\.txt|\.log|\.cache|\.secret|\.db|\.backup|\.yml|\.json|\.gz|\.rar|\.zip|\.config"
Task 6: Recon: Identify JavaScript Files

Identify JavaScript files for further analysis.

cat allurls.txt | grep -E "\.js$" >> alljs.txt
Task 7: Recon: Run Nuclei for Exposures

Run nuclei against JavaScript files to find exposures.

cat alljs.txt | nuclei -t /home/indcrypt/nuclei-templates/http/exposures/
Task 8: Recon: Run Nuclei for Main Domain

Run nuclei on the main domain to find exposures.

echo www.example.com | katana -ps | grep -E "\.js$" | nuclei -t /home/indcrypt/nuclei-templates/http/exposures/ -c 30
Task 9: Recon: Directory Search

Use dirsearch for finding hidden directories and files.

dirsearch -u https://www.example.com -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bak,bkp,cache,cgi,conf,csv,html,inc,jar,js,json,jsp,jsp~,lock,log,rar,old,sql,sql.gz,sql.zip,sql.tar.gz,sql~,swp,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js.,.json
Task 10: Recon: Automated Vulnerability Scanning

Run automated scanning using a combination of tools and scripts.

subfinder -d example.com | httpx-toolkit -silent | katana -ps -f qurl | gf xss | bxss -appendMode -payload '">' -parameters
subzy run --targets subdomains.txt --concurrency 100 --hide_fails --verify_ssl
python3 corsy.py -i /home/indcrypt/vaitor/subdomains_alive.txt -t 10 --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked"
nuclei -list subdomains_alive.txt -t /home/indcrypt/Priv8-Nuclei/cors
nuclei -list ~/vaitor/subdomains_alive.txt -tags cve,osint,tech
cat allurls.txt | gf lfi | nuclei -tags lfi
cat allurls.txt | gf redirect | openredirex -p /home/indcrypt/openRedirect
SafeSecureAudit

Cybersecurity is crucial in today's digital age, where many individuals and organizations store a significant amount of sensitive data on computers...

Contact Us

Quick Links

Resourses

Copyright @ 2024 Safe Secure Audit, All Rights Reserved