My Love Story with web App Recon Process.

Straight Forward i will get started with my intro my name. My nameis  hackers creed & i am from Kashmir. So Being a Bug hunter Recon is the most important phase of our lives :-).

So Today i am gonna Talk about Some Recon techniques that i use during my Recon Process. That Worked for me many times and may work for you as well.

so lets get started

1-ReverseIpLookup

so basically a reverse IP domain check which takes the domain name or IP address of a web server and searches for other sites known to be hosted on that same web server. We can perform ReverseIpLookup By using some of the tools available online.

DNSDumpster.com

is an Great site to find subdomains related to any Comapany in Simple Words i can say that DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.

censys.io

This tool can be used to Find and analyze every reachable server and device on the Internet. its an another great tool which can be used to find the subdomains from the main domain. 

yougetsignal.com

Is an another tool for Bug hunter which contains alot of other tools also like reverseIp,PortScanner,Visual-TraceRoute,Whois. But the most inportant tool that i used ofter is ReveseipLookip [ https://www.yougetsignal.com/tools/web-sites-on-web-server/ ] which give me alot of information about target company and their domains.

virustotal.com

EyeWitness

is an Another command line great tool which has a super power of capturing the screenshots of all the input subdomains at once. Hence gives you the brief overview of company network.

Google

so i how you are gonna use google for enumrating subdomains is by using google dorks you can click here to understand the basic concepts of google dorks. But the main thing that i want to explain is google has an  Advance tool bars which can be used to find the old urls associated to the company which can have some juicy information about the target

How to do it
-Visit http://www.google.com
-search site:coinbase.com
-Click on Tools
-Click on Any Time
-Choose Date from the starting of Orgination like [2000-2005]
-Check the Urls One by One.

Also The same techniques can be used to find the bug hunting programms by searching the google like inurl:bug bounty and set the date to the Current month and see the latest companies that have started the bug hunting programms this month. which incfeases your chances of finding bug in those companies.

That all for now ! still There are a lot of peoples out there who have alot of other Recon Techniques to. I hope you enjoyed the Post !

Thanks !
Imran Parray