Compilation of recon workflows

Hi, this is a compilation of recon workflows found online. Use it as inspiration for creating your own Web pentest / bug bounty recon workflow.

These are all the ones that I could find. So if yours is missing and you want to see it featured above too, please send it to [email protected].

I will update this every time I have a new flowchart or mindmap. So keep an eye on this page!

compilation-of-recon-workflows.png

Table of contents

Lazyrecon’s workflow by @CaptMeelo

Source

lazyrecon-workflow.png

Recon workflow found on Reddit

Source

recon-workflow.jpg

Recon workflow by @rvismit

Source

recon-workflow-2.jfif

Recon workflow by @rub003

Source

recon-workflow-3.jfif

Recon workflow by @Aishee_Nguyen

Source

recon-workflow-4.png

Assessment mindmap by @dsopas

Source

assessment-mindset.png

Autorecon’s workflow by JoshuaMart

Source

autorecon-workflow.png

Recon steps by 0xpatrik

Source

recon_steps.png

Visual guide to recon by @NahamSec

Source

visual-guide-to-recon.jfif

imran parray

Source

server-side-issues-mindmap.jpg

Domain footprinting by dnsdumpster.com

Source

footprint-domains.png

Recon map by @_sehno_

Source

recon-map.jpg

Recon summary by @Jhaddix

Source

recon-summary.png

OSINT domain name by @@TheGelios

Source

osint-domain-name.jpg

Source

domlink-workflow.png

WAHH Methodology desktop background by @Jhaddix

Source

bug-bounty-methodology-jhaddix.jpg

AWS S3 recon flow

Source

aws-s3-flow.jfif

Multiple worflows for recon automation by @mhmdiaa

Source

workflow-0.png

Input can be a domain, registrant name or registrant email:

workflow-1.jpg

workflow-2.jpg

workflow-3.jpg

workflow-4.jpg

workflow-5.jpg

workflow-6.jpg

workflow-7.jpg


Let me know if you have any comments, requests, questions… Feedback is always welcome.

See you next time!


Comments