Scribd
Upload
1K views1 page

Bug Hunter Methodology V4 (@jhaddix) : Finding Seeds

This document provides a methodology for bug hunting that involves finding seeds, doing ASN enumeration, amass intel gathering, reverse whois lookups, checking SSL cert names, linked and JS discovery, subdomain scraping, bruteforcing, alteration scanning, port scanning, service scanning, GitHub dorking, screenshotting, subdomain takeover testing, and automation.

Uploaded by

hsen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views1 page

Bug Hunter Methodology V4 (@jhaddix) : Finding Seeds

This document provides a methodology for bug hunting that involves finding seeds, doing ASN enumeration, amass intel gathering, reverse whois lookups, checking SSL cert names, linked and JS discovery, subdomain scraping, bruteforcing, alteration scanning, port scanning, service scanning, GitHub dorking, screenshotting, subdomain takeover testing, and automation.

Uploaded by

hsen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Tools

Bug Hunter
Methodology V4 Syntax

(@jhaddix)

Finding Seeds

Crunchbase

Add Acquisition Domains to Seeds

ASN Enumeration

bgp.he.net metabigor asnlookup

Amass Intel

ASN from bgp.he.net

amass intel -asn 46489

Reverse Whois

whoxy.com Domlink

Shodan

Check SSL Cert Names

Linked & JS Discovery

Content Discovery in Burp GoSpider Hakrawler Subdomainizer (JS)

Subdomain Scraping

Amass Subfinder git-subdomains.py Shosubgo Scan Cloud Ranges

curl 'https://tls.bufferover.run/dns?q=.twitch.
tv' 2>/dev/null | jq .Results

Subdomain Bruteforcing

Amass Shuffledns

all.txt

Alteration Scanning

Naming Patterns

dev1.twitch.tv
dev2.twitch.tv
devx.twitch.tv
etc

Port Scanning

dnsmasscan

dnmasscan example.txt dns.log -p80,443 -


oG masscan.log

masscan

masscan -p1-65535 -iL $ipFile --max-rate


1800 -oG $outPutFile.log

Service Scanning

Brutespray

Github Dorking

https://gist.github.com/jhaddix/ github-search th3g3ntlemans full module on github and


1fb7ab2409ab579178d2a79959909b33 sensitive data exposure

Screenshotting

Eyewitness Gowitness

Subdomain Takeover

can-i-take-over-xyz nuclei

Automation

Interlace (Hakkluke Article) ultimate_recon.sh

You might also like