Bug Bounty Recon: Content Discovery (Efficiency pays $)
Content Discovery — The process of finding endpoints; URLs, Parameters and Resources.
Considering becoming a member on medium? Use this link at no extra cost to yourself, and support me :) (https://medium.com/@nynan/membership)
Example: We start with domain.com but how do we find domain.com/potentially/vulnerable/page, domain.com/?vulnerableParameter= or domain.com/secretPasswords.bak?
NOTE: This is the fourth step in bug bounty hunting, which follows from the third, Fingerprinting:
The Last step of reconnaissance is Content Discovery. We know which assets exist now, and what they are… but what do they do? How can we find site functionality and contents which can be exploited?
Right now, we’re going to cover four areas of Content Discovery and show you how to take Content Discovery to a higher level, in ways other hunters don’t:
- Active Discovery — Brute Force (the right way) and Self Crawling.
- Passive Discovery — Common Crawl…
