A naukri.com initiative
Hackingblogs
2w
296
Image Credit: Hackingblogs
Bug Bounty 10-Day Complete Free Training: Day5 – Starting Reconnaissance
- On Day 5 of the 10-Day Bug Bounty Bootcamp, reconnaissance is highlighted as the essential initial step for bug hunting.
- The focus is on topics like lookups, WHOIS lookups, DNS records, and the use of tools like Amass for automating the reconnaissance process.
- Horizontal and vertical correlation in reconnaissance involve finding all assets related to a business and identifying subdomains under a domain respectively.
- CIDR (Classless Inter-Domain Routing) is discussed as a method to express IP addresses and network masks efficiently.
- An example using CIDR notation (192.168.1.0/24) is provided to clarify the concept further.
- The article explains subnet masks, broadcast addresses, and the range of valid IP addresses for a given network.
- Tools like Nmap and Fping are suggested for CIDR enumeration to detect live hosts within a given CIDR range.
- Autonomous System Numbers (ASNs) are explained as unique identifiers for autonomous systems, with Private ASNs and Public ASNs serving different purposes.
- Reverse Lookup techniques like Reverse WHOIS Lookup, Reverse DNS Lookup, and Reverse Name server/Mail Server queries are discussed.
- The automation of reconnaissance using tools like Amass for both passive and active subdomain enumeration is emphasized.
Read Full Article
17 Likes
For uninterrupted reading, download the app