Bug Bounty - Web Recon
Web recon playbook for single asset
Before you start
Program
Read all bug bounty program conditions, especially FAQ section, excluded domains and max probe rate.
Burp - Project
Create project and set max rate for resource pool (automated tasks).
Add the domain to the scope
Edit Craws and Audit tasks and set Suited scope
Nmap - TCP Scan
Discover server ports and platform
Perform the detailed scan with adjusted probe speed (T1-T3) or (--max-rate 1)
Browser
robots.txt
This can app/domain /robots.txt
Web Server
Fingerprint the webserver / web cache
Nonsense method, proto version
Path traversal
Host header injection - different domain, IP, multiple host headers
Directory & URI - Discovery
App
review HTML, title & comments
Last updated