Bug Bounty Tips（2022-04-18）

思路1：- [ ]  Identify web server, technologies and database- [ ]  Subsidiary and Acquisition Enumeration- [ ]  Reverse Lookup- [ ]  Reverse Whois- [ ]  ASN & IP Space Enumeration

思路2：- [ ]  ReconFTW- [ ]  Github Recon - [ ]  Waf Detection- [ ]  CRAWLING    - [ ]  gospider    - [ ]  gau    - [ ]  gauplus    - [ ]  hakrawler  Service Enumeration- [ ]  Google DorkGathering Parameters- [ ]  Wordlist creation- [ ]  Metadata


思路3：- [ ]  Screenshot → gowitness- [ ]  Searchsploits- [ ]  Directory Enumeration     -- [ ]  ffuf- [ ]  wfuzz- [ ]  dirbuster- [ ]  gobuster- [ ]  dirsearchJS File Analysishttp://JSFinder.shsubjs | getjsJS hardcoded APIs and secrets (secretfinder)LinkFinder

思路4：api endpointsBroken link hijacking (blc)Locate admin and login panelNuclei template based reconSubdomains from subdomains (altdns, flydns, goaltdns)- [ ]  Parameter Fuzzing- [ ]  Content Discovery- [ ]  Endpoints- [ ]  .git/HEAD → git exposed- [ ]  Login forms

思路5：- [ ]  Login endpoints- [ ]  PORTSCANNING    - [ ]  nmap    - [ ]  masscan    - [ ]  naabu- [ ]  dnsrecon → zonetransfer? → dnsrecon <target> -t axfrfavicon → shodanMisconfigured Cloud StorageWAYBACKURLS dataUse censys fofa, shodanCVE SCAN

<script type="importmap">{"imports": {"xss": "data:text/javascript,export default alert(1)"}}</script><script type=module>import "xss"</script>