Skip to content
bug bounty hunters starter notes
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


  1. The web application hacker's handbook
  2. owasp testing guide
  3. web hacking 101
  4. breaking into infromation security
  5. mastering mordern web peneteration testing


  • ASN's(autonomous system numbers) - (ip ranges , keyword searches)

  • ARIN & RIPE - arin ripe whoislookups all

  • Rev whois - rev

  • shodan - shodan

  • we cannot miss out on burp

  • domlink domlink

  • builtwith - they also has a browser plugin it tells about stack that site is bult on and analytics

    Subdomain scraping enumeration

    subdomain bruteforcing

    • massdns

      ex: /root/work/bin/all.txt $ | ./bin/massdns -r resolvers.txt -t A -a -o -w massdns_output.txt -

    • gobuster

      ex gobuster -m dns -u $ -t 100 -w all.txt

    • best dictonary file : all.txt


    • commonspeak


    • masscan

      ex: masscan -p1-65535 -iL $TARGET_LIST --max-rate 10000 -oG $TARGET_OUTPUT

    • nmap

    • brutespray

      masscan output => map services scan -oG => brutespray credential bruteforcing.

      ex: python --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

    • Eyewitness

    • waybackursls enumeration using wayback

Keeping track of all this

  Xmind organization


Identification and cve searching

Parsing Heavy javascript sites

  • zap Ajax spider - owasp zap
  • [Linkfinder]
  • [jsparser]

Content Discovery

  • Gobuster
  • Burp content discovery
  • Robots disallowed
  • wpscan
  • Seclists / RAFT / Digger wordlists
  • cmsmap
  • custom wordlist



Subdomain Takeover info

Work in progress..

You can’t perform that action at this time.