Attacking Organizations with big scopes
https://www.youtube.com/watch?v=vFk0XtHfuSg
Subdomain Enumeration
Use BBOT it is the best https://github.com/blacklanternsecurity/bbot
Reverse Whois
Virtual Hosts Identification
Using Burp Intruder
Using FFUF
Gobuster
ASN Mapping
Brute force IPs & Subdomains
Web Fuzzing
Create Custom Wordlist of the target
Grap All URLs using (gau,katana)
LinkFinder on all urls
Sorting
DORKING The asterisks (*) are wildcards that match any character(s). In this case, the dork will match any domain or subdomain that contains the word "example".
Bing Dorking
Remember the IP list we got from ASN?
Use bing to find valid hosts on the server
Last updated