❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Here we share now How to do Bug hunting step wise checked pinned messages regularly


Bug hunting Step one Choose your Target which have huge list of subdomains and subdomains is eligible in Scope

Like you have seen a two targets

1. www.example.com

Another one is shown like this

2.*. example.com

Then you choose the second one

Here is two website where you can find subdomains easily


https://chaos.projectdiscovery.io/#/


https://subdomainfinder.c99.nl/


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Recon is most important part for bug hunting

Here we share now How to do Bug hunting step wise checked pinned messages regularly

How to get Subdomains list vai some tools

First you find Subdomains vai subfinder or sublist3r its your choice

Command - python3 sublist3r.py -d example.com -b -t 150 -p 80,443,20,21

Tool Link - https://github.com/aboul3la/Sublist3r

Command - subfinder -d example.com -t 150 -v -o /root/Desktop/subdomainlist1.txt (put a path where you can save output)

Tool Link - https://github.com/projectdiscovery/subfinder

After finding subdomains you can do subdomain bruteforce vai amass

Must set api key of Virustotal and censys

Config file Link - https://gist.github.com/PatrikFehrenbach/33ec3724884a3557a3015718dd796fbf

Command - amass enum -src -ip -brute -d example.com -o /root/Desktop/subdomainlist2.txt (put a path where you can save output)

Make a crt.sh file for finding more subdomains

Tool link - https://github.com/appsecco/the-art-of-subdomain-enumeration/blob/master/crtsh_enum_psql.sh

Code -

#!/bin/sh

# Script by Hanno Bock - https://github.com/hannob/tlshelpers/blob/master/getsubdomain

query="SELECT ci.NAME_VALUE NAME_VALUE FROM certificate_identity ci WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%.$1'));"

echo $query | \
psql -t -h crt.sh -p 5432 -U guest certwatch | \
sed -e 's:^ *::g' -e 's:^*\.::g' -e '/^$/d' | \
sort -u | sed -e 's:*.::g'

Save that file as a name crt.sh

Command - ./crt.sh example.com > /root/Desktop/subdomainlist3.txt (put a path where you can save output)

After that sort a subdomains for all files like this

Command - sort subdomainlist1.txt subdomainlist2.txt subdomainlist2.txt | uniq -u > /root/Desktop/finalsubdomains.txt (put a path where you can save output)


❤️❤️ Enjoy and Share ❤️❤️

Share and support us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Before you read this post first you read our other two posts.

First we will tell you here there are so many alternative tools which we mentioned here.

Post-1 https://t.me/freelearningtech/304

Post-2 https://t.me/freelearningtech/311

Here we will tell you How to find working Subdomains

Command - Cat finalsubdomains.txt | httpx -threads 200 | tee -a /root/Desktop/workingsubdomain.txt (put a path where you can save output)

Tool Link - https://github.com/projectdiscovery/httpx

After finding Wroking subdomains list then you find waybackurls.

we will given here example like your one domain is www.example.com and when you see the page source then you see other subdomains/URLS
then it is hard when we find internal urls manually waybackurls tool is helping you find internal urls

Command - cat workingsubdomain.txt | waybackurls | tee -a /root/Desktop/wayback.txt (put a path where you can save output)

Tool Link - https://github.com/tomnomnom/waybackurls

After then you can do directory search.

Comamnd - ./dirsearch.py -l /root/Desktop/workingsubdomain.txt -t 100 --plain-text-report /root/Desktop/directory.txt (put a path where you can save output)

Tool Link - https://github.com/maurosoria/dirsearch

After that you can use nmap for another working urls because httpx is finding that domains which is working on http/https but nmap is finding subdomains which is working on another port numbers its optional but you can try for getting more information Gathering

Command - nmap -iL /root/Desktop/finalsubdomains.txt -p- --open -sV -oG /root/Desktop/nmapresult.txt (put a path where you can save output)

There are so many methods and alternative tools for doing this here we will mentioned some tools with commands.

Waiting for our next post Thanks.....


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

If you want to learn Comptia S +

We will share here Comptia S + Playlist in Hindi language

https://youtube.com/playlist?list=PL1bsbr2vd595LPVkyaqQAEwkQkbpMWJDe

May be its helpful for you We will try to support this channel because this channel Content is Good

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Here we write a article about Social engineering in cyber security in depth

Article link - https://freelearningtech.in/social-engineering-in-cyber-security-2021/

May be its helpful for you Share and support us ❤️❤️❤️


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

https://twitter.com/cybritexsec

FOLLOW ––>
CYBRITEX SECURITY
AT TWITTER TO GET MORE CONTENTS RELATED TECH & CYBER-SECURITY 😃

Before you read this post first you read our other three posts because our all posts are linked with each other.

Post 1 - https://t.me/freelearningtech/304

Post 2 - https://t.me/freelearningtech/311

Post 3 - https://t.me/freelearningtech/319

Here we will tell you How to find vulnerabilities in a Website. We will clear one thing gf tool will help you for finding that urls where you can try for finding different type of vulnerabilities.

Like this you can check what type of vulnerability finding vai gf tool

Command - gf -list

It's your choice you can also use workingsubdomain.txt file if you want here we have used wayback.txt file for example.

How to Find that url Where you can try XSS vulnerability.

Command - cat wayback.txt | gf xss | tee -a /root/Desktop/gfxss.txt (put a path where you can save output)

How to Find that url Where you can try SQL Injection vulnerability.

Command - cat wayback.txt | gf sqli | tee -a /root/Desktop/gfsqli.txt (put a path where you can save output)

How to Find that url Where you can try IDOR vulnerability.

Command - cat wayback.txt | gf idor | tee -a /root/Desktop/gfidor.txt (put a path where you can save output)

How to Find that url Where you can try SSRf vulnerability.

Command - cat wayback.txt | gf ssrf | tee -a /root/Desktop/gfssrf.txt (put a path where you can save output)

Tool Link - https://github.com/1ndianl33t/Gf-Patterns

Click on tool link here you get full guidance for using gf tool

How to grep js files for your subdomains list.

Command - cat wayback.txt | grep js | tee -a /root/Desktop/jsfiles.txt (put a path where you can save output)

Waiting for our Next post❤️❤️❤️❤️


May be its helpful for you Share and support us ❤️❤️❤️


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/