Every tool you need for: Reconing (Revised 2024)
Hey Cyberpunks, I hope you all are doing good and if not then I am here to eliminate all the confusion that you have of which tool to choose for gathering information about your target. I see a-lot of aspiring hackers forget or, I should probably say ignore the power of Reconing. What they usually do in their hacking phase, whether its bug bounty or testing for an organization, they jump directly onto the target.
BOOK YOU MUST HAVE : TO BECOME PRO IN PENTRATION TESTING << BEGINNER’S FRIENDLY
But I think, we all remember that very famous quote of Abraham Lincoln
If I had 8 hours to chop down a tree. I would spend 6 hours sharpening my axe.
So, is the importance of gathering information before attacking your target. In today’s article we are going to list down tools that you can use for specific purpose, to make your exploitation a-lot easier. But, we also know that we can never ignore the power of manual Reconing. As of now we’ll be focusing fully on automation to save our time and effort. Now, without wasting anytime let’s just get straight into it.
Note: This is going to be straight forward as I’ll be listing the tools that you need with easy description. Rest, you can click on the tool name to know more. You can add this article as the bookmark. It’ll be your go to notes whenever you’ll test the target. It’ll make sure that you don’t miss any endpoint.
BOOK YOU MUST HAVE : TO BECOME PRO IN PENTRATION TESTING << BEGINNER’S FRIENDLY
1. For Finding Subdomains of your target
- Amass- This is the best you can ask for enumerating the subdomains of your target. It uses different techniques to gather information for you. For more info, Click here.
- Knock- This is another beast written in python language that you can use for OSINT. For more info, Click here.
- Sublist3r- Another fast scanner written in python. For more info, Click here.
These three tools are enough for you to cross verify, if any of them shows false positive results to you.
2. For Finding any Sensitive information/Info leakage/API Keys to Passwords
The one word answer to this is Github itself. Use your creativity and search techniques to get most out of it. If you want to check out the search techniques then click here. But as promised, I’ll tell you the best tool, & the tool is GitDorker.
3. To Check Public IP Exposing on a port
- Shodan- This is probably the best for the purpose of enumerating public IP’s. Also, you can add this as your extension. To check out more about this tool. Click here.
4. Google Dorking
- Google Hacking Database : Companies are releasing their dorks since a long time now. Don’t forget to use this as a powerful tool for finding out any sensitive information.
5. For Port Scanning
Advantage:- It can scan both IP’s and subdomains.
Drawback:- It is slow.
Advantage:- Much faster than Nmap.
Drawback:- Can scan IP’s only.
The choice is now all yours which one to choose. I personally prefer both of them.😁
6. For Directory Bruteforcing
These are more than enough for you to Bruteforcing directories. Yes you can also use dirb (Inbuilt tool in Kali)for this purpose. But, I personally prefer all these.
All these tools for different purposes are going to help you a-lot in your hacking journey and make your target more comprehensible.
Before Concluding, I would love to share the list of extensions that I use in my Firefox particularly for Reconing to save my time and attempts.
Must have Addons in Firefox for Info gathering
- Retire.js- To check out outdated components in your target application.
- Wappalyzer / BuiltWith- To check out technologies used in website.
- Shodan- To check any exposed public IP.
- Cookie Manager / EditThisCookie2- To find out session related vulnerabilities.
BOOK YOU MUST HAVE : TO BECOME PRO IN PENTRATION TESTING << BEGINNER’S FRIENDLY
Reference- https://thehackerish.com/bug-bounty-tools-from-enumeration-to-reporting
So, this is it for this Article I hope you enjoyed it. I will come back to you with another article. Till then, take care and Keep Hunting for good. Keep Digging and learning new stuffs.😍
If you like the content then, you can support me over here :- @buymeacoffee.com/ethicalkaps✌
See you in the next Article. Until then Cherish your life. Peace!🙌
You can Follow me on Twitter, on Spotify to listen my writeups and on Instagram.
BOOK YOU MUST HAVE : TO BECOME PRO IN PENTRATION TESTING << BEGINNER’S FRIENDLY
