Upgrade to Pro — share decks privately, control downloads, hide ads and more …

COOL RECON TECHNIQUES EVERY HACKER MISSES

BreachForce
September 28, 2024

COOL RECON TECHNIQUES EVERY HACKER MISSES

Title: COOL RECON TECHNIQUES EVERY HACKER MISSES
Presenter: Vaibhav Lakhani
Event: BreachForce CyberSecurity Cohort
Talk Date: 16-June-2024

Key Takeaways: Discover innovative reconnaissance techniques often overlooked by hackers, providing a fresh perspective on information gathering and vulnerability discovery.

BreachForce

September 28, 2024
Tweet

More Decks by BreachForce

Other Decks in Technology

Transcript

  1. INTRODUCTION $whoami • 3+ years of experience • Government of

    India - Top 15 Hackers in Jan 2020 • Bounties and HoF from various organizations such as the United Nations, Deutsche Telekom, Sarova, etc. • Instructor at Udemy for Android and iOS Pentesting course • CEH and eJPT certified
  2. RECON TECHNIQUE #1 VAIBHAV LAKHANI Favicon Hashes FOFA & Shodan

    • Get Favicon Hashes: cat urls.txt | python3 favfreak.py or https://en.fofa.info/ • Use Shodan dork: http.favicon.hash:<hash>
  3. RECON TECHNIQUE #2 VAIBHAV LAKHANI Reverse Whois Lookup Find more

    assets! • Perform whoislookup • Visit drs.whoisxmlapi.com to find more assets
  4. RECON TECHNIQUE #3 VAIBHAV LAKHANI MEG Find Hidden Paths •

    Meg is a powerful tool that allows you to find hidden paths/directories very quickly without flooding traffic. • Command: meg paths.txt hosts.txt output
  5. RECON TECHNIQUE #4 VAIBHAV LAKHANI Waymore Not just Wayback Link:

    https://github.com/xnl-h4ck3r/waymore Includes: • Wayback Machine (web.archive.org) • Common Crawl (index.commoncrawl.org) • Alien Vault OTX (otx.alienvault.com) • URLScan (urlscan.io)
  6. RECON TECHNIQUE #1 VAIBHAV LAKHANI 3rd Party Endpoints Effectively •

    Urlscan.io/search Ex. bsidesahmedabad.com keywords bsidesahmedabad.* bsidesahmedabad-* Remove duplicate results Ex. [bsides.* -bsidesahmedabad.in] Ex. [bsidesahmedabad.* -bsidesahmedabad.in] Ex. [bsidesahmedabad.in -www.bsidesahmedabad.in -help.bsidesahmedabad.in]
  7. RECON TECHNIQUE #1 VAIBHAV LAKHANI Dorking Effectively • Pentest Tools

    called as Google-Hacking • Pagodo • Not just Google but also Bing!
  8. RECON TECHNIQUE #1 VAIBHAV LAKHANI Hunt CVE’s nrich & dnsx

    • Nrich, can be used to analyze IPs in a file for CVEs and open ports and vulnerabilities. • Command: cat subdomains.txt | dnsx -a - resp-only | nrich -