CIP Training & Certifications
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
New to the bug bounty and confused about where to start? Worry not! This reconnaissance for bug bounty hunters guides you to take the first step in bug bounty hunting.
Reconnaissance is the initial step in every penetration test, bug bounty, or ethical hacking. This step aims to gather the target’s information publicly available on the internet.
Publicly available data offers technical details about the network structure and systems. However, it also contains information about personnel and the firm that might be valuable later in the attack.
Two types of cyber reconnaissance are:
Let’s utilize some suitable tools and gather the victim’s information passively first. The tools I will use to collect victim’s data will be:
The above-mentioned tools are not the only tools; there are many tools available for data gathering which you can utilize.
Passive recon is gathering the victim’s information without directly interfering with him, and the target has no means of realizing we are collecting data on them. It relies on public sources (Open-Source Intelligence OSINT) that include data about the victim.
OSINT helps to gather:
Fewer people are aware that Google offers a set of unique keywords and operators that can help us retrieve highly particular data from their massive database.
As an attacker, the Google database might provide crucial insight into possible victims.
Here, I am using the “cache” keyword to display the cached version of the victim’s website.
I am using the below command with different keywords if I need an Excel spreadsheet with email accounts.
filetype:xls inurl:email.xlsv
With the Netcraft tool, I am able to gather the organization’s IP range, its name server, domain name, and hosting history, etc.
WHOIS tool helped me to gather the organization’s IP location, ASN number, total images/links used within the organization’s website, etc.
It is one of the social media where I am able to find the deputy director’s information of the targeted organization. You can use other social media platforms as well to gather the data of the organization’s staff.
Active recon is directly interfering with the victim’s system. It can detect data like,
The major disadvantage of active reconnaissance over passive reconnaissance is that direct interference with the victim may activate the machine’s IDS/IPS, notifying others of the intruder’s presence.
Nmap tool pulled out the system info like ports state (open or close), services running on target’s system, port numbers, filtered ports, etc.
With the help of the Dig command, I got to know the type of DNS record (i.e., Address record) running on our target’s server.
The last tool Gobuster tried to find the directories and sub-directories of the target’s website.
After gathering all the necessary details related to the target, we are ready to attack. Always create a mind-map while gathering the information, as it helps at the end in attacking.
Harvest the information, evaluate it, attack!
Industrial Cybersecurity
September 28, 2023
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings