Recon — my way.

1. Introduction

see 404 error in above screenshot == Quick win.

2. A Tool I Modified.

Malvinsh Tools Original output.

Usage: ruby subdomain.rb domain.com

Subdomain.rb demo run.

sort wordlist | uniq

Usage: ruby recon.rb wordlist

Recon.rb demo run.

4. More Assets — More findings — More win.

whois domain.com

Result for hackeone inc query
IP range for hackerone.com
Facebook Crt transparency monitoring subscriptions.
Typical notification from Facebook when new asset on the same crt is available.

5. Data Storage Buckets.

6. Github For Recon.

7. Read every JS.

8. Archive

9. Continuous Recon.

Swiftness- My personal websec checklist.

10. Extra points for recon.

--

--

Security @ Facebook | Bug Bounty Hunter | https://hackerone.com/ehsahil

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store