Recon For Bug Bounty, Penetration Testers & Ethical Hackers

Welcome to our Comprehensive Website Reconnaissance Course, meticulously crafted for bug bounty hunters, penetration testers, and ethical hackers. This course is designed for intermediate learners, offering an in-depth exploration of website reconnaissance techniques crucial for vulnerability assessment.

You will start by understanding the fundamentals of reconnaissance, emphasizing its significance in bug bounty hunting and penetration testing. From subdomain enumeration and URL extraction to parameter brute forcing and building custom reconnaissance tools, this course covers all essential aspects needed to enhance your skillset.

Our structured curriculum ensures a thorough understanding of website reconnaissance, guiding you step-by-step through proven methodologies used by professionals. The video content is organized into manageable segments to allow for self-paced learning, ensuring clarity at each stage.

In addition, you will have access to a rich resource section that includes links, PDFs, and payloads discussed throughout the course, offering you a comprehensive toolkit for mastering website reconnaissance.

Key Features:

• Step-by-step methodologies for website recon, bug bounty hunting, and penetration testing.
• Advanced techniques such as subdomain enumeration, URL discovery, parameter brute-forcing, and custom tool creation.
• Hands-on learning with practical exercises, real-world examples, and automation tools.
• Extensive resources including guides, payloads, and scripts for enhancing your recon efforts.

Course Curriculum Highlights:

• Subdomain Enumeration & Bruteforcing
• URL Extraction & Parameter Discovery
• Google Dorking & Shodan Dorking
• Visual Reconnaissance Techniques
• Vulnerability Scanning with Nuclei, Burpsuite, and Metasploit
• OSINT, DNS, and Port Scanning Tools
• Custom Recon Tool Creation for SSRF, XSS, and more

Whether you’re looking to level up your bug bounty skills or become more proficient in website penetration testing, this course will provide the knowledge and tools you need to succeed.

Course Curriculum :

1. Introduction
   1. Introduction to recon
2. Subdomain enumeration from tools
   1. Subdomain enumeration #1
   2. Subdomain enumeration #2
   3. Subdomain enumeration #3
   4. Subdomain enumeration #4
   5. Subdomain bruteforcing
   6. Filtering unique domains
   7. Subdomain generator
3. Subdomain enumeration from websites
   1. Subdomain enumeration from website #1
   2. Subdomain enumeration from website #2
   3. Subdomain enumeration from website #3
   4. Subdomain enumeration from website #4
4. Filtering live domains
   1. Filtering live domains
5. URL extraction from the internet
   1. URL extraction from the internet #1
   2. URL extraction from the internet #2
6. Finding parameters
   1. Finding parameters
   2. Parameter bruteforcer
7. Finding URL from past
   1. URL from past
8. Sorting urls
   1. Sorting url for vulnerabilities
9. Automation for replacing parameters with Payloads
   1. Automation for replacing parameters with Payloads
10. Footprinting websites ( Website recon )
    1. Whatweb recon
    2. Netcraft
    3. Security headers
    4. Dnsdumpmaster
    5. Whois recon
    6. Mxtoolbox
    7. OSINT
    8. Maltego
11. Browser addons for recon
    1. wappalyzer
    2. retire.js
    3. shodan
    4. Knoxx
    5. Hack-tools addon
12. WAF idetification
    1. WAF identification
13. Subdomain takeover
    1. HostileSubBruteForcer
    2. Sub404
    3. Subjack
14. Fuzzing (Content-Discovery)
    1. dirb
    2. ffuf
15. Port scanning
    1. Introduction to nmap
    2. Port specification in nmap
    3. Service and version detection from nmap
    4. Firewall bypass technique
16. Fast port scanning
    1. nabbu
    2. masscan
17. Visual recon
    1. Gowitness
18. Google dorking
    1. Introduction to google dorking
    2. Understnding the URL structure
    3. Syntax of google dorking
    4. Google dorking operators
    5. Google search operators ( Part – 1 )
    6. Google search operators ( Part – 2 )
19. Google dorking practical
    1. Introduction to practical google dorking
    2. How to find directory listing vulnerabilities ?
    3. How to dork for wordpress plugins and thems ?
    4. How to dork for web servers versions ?
    5. How to dork for application generated system reports ?
    6. Dorking for SQLi
    7. Reading materials for google dorking
20. Tips for advance google dorking
    1. Tip #1
    2. Tip #2
    3. Tip #3
21. Shodan dorking
    1. Intro to shodan dorking
    2. Shodan web interface
    3. Shodan search filters
22. Shodan dorking practical
    1. Finding server
    2. Finding fIles and directories
    3. Finding operating systems
    4. Finding compromised devices and websites
23. Shodan command line
    1. Introduction to shodan command line
    2. Practical shodan in command line
24. Github dorking
    1. Introduction to github dorking
    2. Github dorking practical
25. Vulnerability scanning
    1. Nuclei
    2. Wp-Scan
    3. Scanning with burpsuite
26. Metasploit for recon
    1. DNS recon using metasploit
    2. Sub-domain enumeration using metasploit
    3. E-mail address finding
27. Port scanning using metasploit
    1. TCP SYN port scan using metasploit
    2. SSH version detection
    3. FTP version enumeration
    4. MySQL version detection
    5. HTTP enumeration
28. Payloads for bug bounty hunters
    1. Payloads for bug hunters and enetration testers
29. How to create tools for recon ?
    1. SSRF finder tool
    2. XSS finding too
    3. URL extractor from javascript files
    4. Full website recon tool
30. Bonus
    1. Bonus video

Thank you 🙂

Vivek Pandit