Recon For Bug Bounty, Penetration Testers & Ethical Hackers
Offered By: Udemy
Course Description
Overview
What you'll learn:
- Web Reconnaissance: Unlocking the Mysteries of Websites for Competitive Advantage
- Beyond the Main Domain: Expert Tips for Discovering Subdomains
- URL Mining: Advanced Techniques for Gathering Valuable Data and Insights
- Parameter Discovery: Advanced Techniques for Uncovering Valuable Data
- Information Mining: How to Unleash the Power of Data Through Smart Gathering
- Unlocking the Power of Information: Safely Gathering Sensitive Data from Websites
- Uncover the Hidden Truth: Mastering Deep Recon on Websites
Welcome to our comprehensive course tailored specifically for website reconnaissance, designed to empower bug bounty hunters, penetration testers, and ethical hackers. Geared towards intermediate-level learners, this course delves deep into all facets of recon on websites.
Explore fundamental concepts such as the essence of reconnaissance and its significance in bug bounty hunting and penetration testing. From subdomain enumeration to URL enumeration, parameter bruteforcing, and even crafting custom recon tools, we cover a broad spectrum of topics crucial for effective website reconnaissance and vulnerability assessment.
Our course meticulously outlines the complete methodology for website reconnaissance, bug bounty hunting, and penetration testing, ensuring a thorough understanding of each step. With videos segmented into easily digestible sections, students can grasp concepts at their own pace.
Access to a wealth of resources awaits in our dedicated resource section, comprising links, PDFs, and payloads utilized throughout the course. Elevate your skills in website reconnaissance and vulnerability assessment with our comprehensive learning experience.
Course Curriculum :
- Introduction - Introduction to recon 
 
- Subdomain enumeration from tools - Subdomain enumeration #1 
- Subdomain enumeration #2 
- Subdomain enumeration #3 
- Subdomain enumeration #4 
- Subdomain bruteforcing 
- Filtering unique domains 
- Subdomain generator 
 
- Subdomain enumeration from websites - Subdomain enumeration from website #1 
- Subdomain enumeration from website #2 
- Subdomain enumeration from website #3 
- Subdomain enumeration from website #4 
 
- Filtering live domains - Filtering live domains 
 
- URL extraction from the internet - URL extraction from the internet #1 
- URL extraction from the internet #2 
 
- Finding parameters - Finding parameters 
- Parameter bruteforcer 
 
- Finding URL from past - URL from past 
 
- Sorting urls - Sorting url for vulnerabilities 
 
- Automation for replacing parameters with Payloads - Automation for replacing parameters with Payloads 
 
- Footprinting websites ( Website recon ) - Whatweb recon 
- Netcraft 
- Security headers 
- Dnsdumpmaster 
- Whois recon 
- Mxtoolbox 
- OSINT 
- Maltego 
 
- Browser addons for recon - wappalyzer 
- retire.js 
- shodan 
- Knoxx 
- Hack-tools addon 
 
- WAF idetification - WAF identification 
 
- Subdomain takeover - HostileSubBruteForcer 
- Sub404 
- Subjack 
 
- Fuzzing (Content-Discovery) - dirb 
- ffuf 
 
- Port scanning - Introduction to nmap 
- Port specification in nmap 
- Service and version detection from nmap 
- Firewall bypass technique 
 
- Fast port scanning - nabbu 
- masscan 
 
- Visual recon - Gowitness 
 
- Google dorking - Introduction to google dorking 
- Understnding the URLstructure 
- Syntax of google dorking 
- Google dorking operators 
- Google search operators ( Part - 1 ) 
- Google search operators ( Part - 2 ) 
 
- Google dorking practical - Introduction to practical google dorking 
- How to find directory listing vulnerabilities ? 
- How to dork for wordpress plugins and thems ? 
- How to dork for web servers versions ? 
- How to dork for application generated system reports ? 
- Dorking for SQLi 
- Reading materials for google dorking 
 
- Tips for advance google dorking - Tip #1 
- Tip #2 
- Tip #3 
 
- Shodan dorking - Intro to shodan dorking 
- Shodan web interface 
- Shodan search filters 
 
- Shodan dorking practical - Finding server 
- Finding fIles and directories 
- Finding operating systems 
- Finding compromised devices and websites 
 
- Shodan command line - Introduction to shodan command line 
- Practical shodan in command line 
 
- Github dorking - Introduction to github dorking 
- Github dorking practical 
 
- Vulnerability scanning - Nuclei 
- Wp-Scan 
- Scanning with burpsuite 
 
- Metasploit for recon - DNS recon using metasploit 
- Sub-domain enumeration using metasploit 
- E-mail address finding 
 
- Port scanning using metasploit - TCP SYN port scan using metasploit 
- SSH version detection 
- FTP version enumeration 
- MySQL version detection 
- HTTP enumeration 
 
- Payloads for bug bounty hunters - Payloads for bug hunters and enetration testers 
 
- How to create tools for recon ? - SSRF finder tool 
- XSS finding too 
- URL extractor from javascript files 
- Full website recon tool 
 
- Bonus - Bonus video 
 
Thank you :)
Vivek Pandit
Taught by
Vivek Pandit
Related Courses
Evaluación de peligros y riesgos por fenómenos naturalesUniversidad Nacional Autónoma de México via Coursera Internet Security
openHPI Planning a Security Incident Response
Microsoft via edX Cyber Security
CEC via Swayam Ethical Hacking
Indian Institute of Technology, Kharagpur via Swayam
