Hi, this is a list of resources on recon.
You might find not too long or not comprehensive, and some of the tools/techniques listed may be obsolete by the time you read this.
But the purpose of this list is just to inspire and help you improve your own recon workflow, as I explained in The Bug Hunter Podcast 5: Recon workflow & Out of the box thinking in day-to-day life.
Also, I didn’t have as much time as I’d like to work on this. Many interesting tweets are missing. So I prefer to share what I have for now and update this page every time I find anything new worth sharing.
Table of contents
- Articles
- Slides
- Interviews
- Videos & Podcasts
- Conference Talks
- Tools
- Resources
- Tweets
- Related blog posts/podcasts on this site
Articles
- Doing RECON the correct way by Enciphers
- A Pentester’s Guide – Part 1 (OSINT – Passive Recon and Discovery of Assets)
- A Pentester’s Guide Part 2 (OSINT – LinkedIn is Not Just for Jobs)
- Reconnaissance: a eulogy in three acts
- “A lightweight reconnaissance setup for bug bounty hunters”
- How To Do Your Reconnaissance Properly Before Chasing A Bug Bounty
- What tools I use for my recon during #BugBounty
- A More Advanced Recon Automation #1 (Subdomains)
- Expanding your scope (Recon automation #2)
- Asset Discovery: Doing Reconnaissance the Hard Way
- Recon — my way.
- [Tools] Visual Recon – A beginners guide
- Recon Methodology
- Practical recon techniques for bug hunters & pen testers
- “Automating your reconnaissance workflow with ‘meg’”
- My methods of recon & testing
- Hacking with ZSeano: Recon Part two by zseano
- How to: Recon and Content Discovery
- Recon Android apps to widen scope
- A More Advanced Recon Automation #1 (Subdomains)
- Expanding your scope (Recon automation #2)
- Get Started; Footprinting and Reconnaissance
- Finding domains belonging to a specific target
- How to Conduct DNS Reconnaissance for $.02 Using Rapid7 Open Data and AWS
- Hacking 101 Episode 2 – Web Recon
- The Lazy Hacker
- Open-Source Intelligence (OSINT) Reconnaissance & BbSpider
- Advanced Recon Automation (Subdomains) case 1
- Bugbounty scope expanding
Slides
Interviews
Videos & Podcasts
- Paul’s Security Weekly #564 with Jason Haddix
- Keith Hoodlet: Bug Bounty Hunting - Paul’s Security Weekly #564
- Web Hacking Pro Tips Deep Dive #3: Advanced Recon with @NahamSec
- Hacking Process - Recon
- SANS Webcast: OSINT for Pentesters Finding Targets and Enumerating Systems
Conference Talks
- It’s the little things (Disobey 2018) & Doing recon like a boss (LevelUp 2017)
- Automation for Bug Hunters (Bug Bounty Talks)
- The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018)
- Practical recon techniques for bug hunters & pen testers (LevelUp 0x02 / 2018)
- Emergent Recon fresh methodology and tools for hackers in 2018
- Passive-ish Recon Techniques by Tom Hudson
- Recon and Bug Bounties - What a great love story! & Slides
- Bug Bounty Hunting on Steroids
- Supercharge Your Web Recon With Commonspeak
- Domain Discovery:Expanding Your Scope Like A Boss
- Exploiting Vulnerabilities Through Proper Reconnaissance
Tools
I don’t recommend using all these tools because some of them do redundant tests and some seem to be deprecated.
But I like rummaging through the source code of recon tools for inspiration. So here is a list to start with if you want to do the same. Most of them are wrappers around other task-specific tools.
- List of recon tools by Bug Bounty Forum
- Lazyrecon by @capt-meelo
- LazyRecon [email protected]
- LazyRecon by @plenumlab
- 003Recon
- Recon-my-way
- Chomp-scan
- Recon.sh by @JobertAbma
- ReconDog by @s0md3v
- Meg
- AutoRecon by JoshuaMart
- autoRecon by @agrawalsmart7
- quick-recon.py [email protected]
- Domain Analyzer
- gOSINT: OSINT Swiss Army Knife
- Gathering domains/subdomains with IPRanges of organization
- setup_bbty.sh by @AseemShrey
- SubDomainizer
- Domained-master
- Domained
- Recon Pi
- Legion
- Datasploit
Resources
Tweets
Related blog posts/podcasts on this site
- Compilation of recon workflows
- Subdomains Enumeration Cheat Sheet
- The Bug Hunter Podcast Ep. 2: Wayback Machine & Reading ebooks on the move
- The Bug Hunter Podcast 5: Recon workflow & Out of the box thinking in day-to-day life
Let me know if you have any comments, requests, questions… Feedback is always welcome.
See you next time!
Comments