Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OSINT For Bugbounty And Easy $$$

15d05906370266398f014184d86d17c5?s=47 Pj borah
September 08, 2021

OSINT For Bugbounty And Easy $$$

How i Got All employee details

15d05906370266398f014184d86d17c5?s=128

Pj borah

September 08, 2021
Tweet

Transcript

  1. A Story About OSINT and Bugbounty By PJBorah

  2. A Story About OSINT and Bugbounty By PJBorah

  3. Why OSINT Open-source intelligence is a multi-factor methodology for collecting,

    analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context. I Love Because discovering unknown assets I Love most censys.io
  4. I do Part time Bugbounty Hunting And mostly i do

    recon using search engine Eg: shodan, censys which Gives lot's of info And My $$$$$ Lets Start Bugbounty and censys And $$$$ censys
  5. Navigate to censys.io As we see we have option lookup

    Host info or Certificates info by IP, Domain Name , CIDR etc. This discover, monitor, and analyze Our target info But How it work? How this help us to find your Critical Bug
  6. How to Lookup Host Info Lookup Host details using domain

    name Lookup Certificate Details Belongs to target eg: facebook.com
  7. Look for Specific Services/port Finding for `8880' PORT Use Keyword:

    (target.com) and services.port=`8880`
  8. Look for ftp Finding for 'ftp' Use Keyword: (target.com) and

    services.service_name=`FTP
  9. How I found Some cool bug Using

  10. Navigate to censys.io I was Testing on Private Program And

    where i found All 500+ employee data From Misconfigure This discover, monitor, and analyze Our target info But How it work? How this help us to find your Critical Bug
  11. Always Look for unique port in my case i found

    5001 come to know through One IP Which is AWS and deploying TableAir.AdminFlow And What They replied to me And Issue is resolved within 2 days .
  12. Thanks Youtube: https://www.youtube.com/channel/UCN5YK R8q7TObhymuftzvvkw Twitter : https://twitter.com/pjborah2?lang=en