Private Notes for Bug Hunters, CTF Players, Pentesters of Zishan Ahamed Thandar
You can also read for Active Directory Notes and Bug Bounty Methodology from My Pentester Guide Repo https://github.com/ZishanAdThandar/pentest.
- Identify live hosts
- Scan for open ports
- Identify services and versions
- Tools: Nmap, Masscan
- Passive Reconnaissance
- WHOIS Lookup
- Shodan
- OSINT Tools: Recon-ng, Maltego
- Active Reconnaissance
- Subdomain Enumeration
- Directory Enumeration: Dirbuster, Gobuster
- Tools: Nikto, Wappalyzer
- Identify vulnerabilities
- CVE Search
- Vulnerability Scanners: Nessus, OpenVAS
- Use exploit frameworks
- Metasploit
- Exploit-DB
- Custom Exploits
- Write or modify exploits for specific vulnerabilities.