COOL RECON TECHNIQUES EVERY HACKER MISSES PRESENTATION 

INTRODUCTION $whoami • 3+ years of experience • Government of India - Top 15 Hackers in Jan 2020 • Bounties and HoF from various organizations such as the United Nations, Deutsche Telekom, Sarova, etc. • Instructor at Udemy for Android and iOS Pentesting course • CEH and eJPT certified 

RECON TECHNIQUE #1 VAIBHAV LAKHANI Favicon Hashes FOFA & Shodan • Get Favicon Hashes: cat urls.txt | python3 favfreak.py or https://en.fofa.info/ • Use Shodan dork: http.favicon.hash: 

RECON TECHNIQUE #2 VAIBHAV LAKHANI Reverse Whois Lookup Find more assets! • Perform whoislookup • Visit drs.whoisxmlapi.com to find more assets 

RECON TECHNIQUE #3 VAIBHAV LAKHANI MEG Find Hidden Paths • Meg is a powerful tool that allows you to find hidden paths/directories very quickly without flooding traffic. • Command: meg paths.txt hosts.txt output 

RECON TECHNIQUE #4 VAIBHAV LAKHANI Waymore Not just Wayback Link: https://github.com/xnl-h4ck3r/waymore Includes: • Wayback Machine (web.archive.org) • Common Crawl (index.commoncrawl.org) • Alien Vault OTX (otx.alienvault.com) • URLScan (urlscan.io) 

RECON TECHNIQUE #1 VAIBHAV LAKHANI 3rd Party Endpoints Effectively • Urlscan.io/search Ex. bsidesahmedabad.com keywords bsidesahmedabad.* bsidesahmedabad-* Remove duplicate results Ex. [bsides.* -bsidesahmedabad.in] Ex. [bsidesahmedabad.* -bsidesahmedabad.in] Ex. [bsidesahmedabad.in -www.bsidesahmedabad.in -help.bsidesahmedabad.in] 

RECON TECHNIQUE #1 VAIBHAV LAKHANI Dorking Effectively • Pentest Tools called as Google-Hacking • Pagodo • Not just Google but also Bing! 

RECON TECHNIQUE #1 VAIBHAV LAKHANI Hunt CVE’s nrich & dnsx • Nrich, can be used to analyze IPs in a file for CVEs and open ports and vulnerabilities. • Command: cat subdomains.txt | dnsx -a - resp-only | nrich - 

STUDIO SHODWE VAIBHAV LAKHANI THANK YOU