Hey Guys, What's up * BUDDIES *! Today's Blog is literally going to be something extraordinary and different from others. I would like to tell you that recently I started engaging myself in the Bounties Program about which I was thinking of from a long time. Now let me clear it out, these Blogs I am writing up are just for learning purposes, since as I always do. I am gaining knowledge from different parts of the world as well from different books.
So why not share it with you and let's hunt it up all together.
So let's start this Blog up in which I will be telling you up two things.
But, before we get into it, let me warn you that the knowledge you get must never be used to inflict harm to an individual or an organization, and if that happens, we (thedecentshub) will not be held liable.
Lab Environment Configuration
Gathering up the subdomains for our Target(Domain):-
site:domainname -subdomains_to_exclude(for eg . www, login etc)
Note:- Now guys, here I have a recommendation for you all. Although I would have done it for you, but I want that you guys do it yourself and post the GitHub repo links either to me via social media platforms or in the comments section below.
Now the thing is, that since I am asking you to perform a Google Search their out so you all can write a piece of code(preferred in your own language) and to filter out all the results in a file catching it up from all the pages available and also to remove up all the duplicate ones as well.
This would make your work a lot more easier for you, and will help you in the next step.
Next step involves checking up all the domains, which are alive and which we can perform successful testing. For that purpose we also have a tool named HTTPROBE available, but here also I have a recommendation for you all.
As HTTPROBE provides you with results having status codes set for redirections as well as for certain circumstances for which you have issues. So my suggestion would be to have your own code through which after cleansing up your file using HTTPROBE tool, you can use to perform further filtering as well.
Although in the case maximum filtering would have been performed.
Note:- The best case scenario for that would be to consider Status codes for which you do not want subdomains to be encountered, rather than from having one you do like.
Consider blocking up Status Codes:- 4xx and 5xx.
These all the codes I would have provided to you, but I want that you enrich your skills after reading up this Blog, rather than considering yourself as a Script Kiddie. Because Bug Bounty requires real skills and which costs time, attention, dedication and much more.
Checking Status of the Subdomains gathered:-
Now for using up the HTTPROBE tool, first of all you need to get it using Git.
The repository link -> GitHub repo for HTTPROBE
For that make sure you have gcc, go code compiler installed which is a pre-requisite for this tool.
Now, use command:-
go get -u github.com/tomnomnom/httprobe
Linux -
Use command:-
cat domains.txt | httprobe (use --help to find the parameters you can use) > file.txt
file.txt is a file which will save your output. Now as I told you, can further furnish it using your own code for a better approach. If I had helped you a bit or at least motivated you to develop something of your own, do share this tip with your friends and also can tag me on Instagram - ag_the_coder.
If you like the content you can follow me up, can also subscribe to my [[YouTube channel]]. If you Guys want that I keep bringing this sort of Blogs and videos for you, you can show your support to me.
