# Title: Methodology of Finding Bug
# Author : Soleyman
# Github: www.github.com/IMSoley
# Facebook : www.facebook.com/IMSoley

  1. Information Gathering
    • Check program scope (subdomain, app etc)
    • Check vulnerability exclusion
    • Read about program API
    • Check program all sources
    • Google Information Gathering
      • Google Hacking - This tool will use your browser to make requests to Google.(premium)
      • GooHak - Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.
      • GoogD0rker - GoogD0rker is a tool for firing off google dorks against a target domain.
    • Github Information Gathering
      • GitRob - Reconnaissance tool for GitHub organizations
      • TruffleHog - Searches through git repositories for high entropy strings, digging deep into commit history
    • Hackerone - Recon and Content Discovery
  2. Networking Mapping
    • MassDNS - MassDNS is a simple high-performance DNS stub resolver
    • Recon-ng - full-featured Web Reconnaissance framework written in Python
    • Subdomain Enumeration
      • AQUATONE - AQUATONE is a set of tools for performing reconnaissance on domain names
      • brutesubs - An automation framework for running multiple open sourced subdomain bruteforcing tools using your own wordlists via Docker Compose
      • Sublist3r - Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT
      • dnscan - dnscan is a python wordlist-based DNS subdomain scanner
      • Cleveridge Subdomain Scanner - Subdomain Scanner finds subdomains of a given domain
      • Knockpy - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist
      • HostileSubBruteforcer - This app will bruteforce for exisiting subdomains
    • Subdomain Takeover
      • AutoSubTakeover - A tool used to check if a CNAME resolves to the scope adress
      • Tko-Subs - A tool that can help detect and takeover subdomains with dead DNS records
    • Extracting vhosts
      • Find Virtual Hosts - This tool attempts to discover virtual hosts that are configured on a given IP address. (premium)
      • virtual host discovery - This is a basic HTTP scanner that'll enumerate virtual hosts on a given IP address.
      • EyeWitness - EyeWitness is designed to take screenshots of websites
      • httpscreenshot - HTTPScreenshot is a tool for grabbing screenshots and HTML of large numbers of websites
    • S3 buckets
      • Bucket Finder - Simple tool to find target domain buckets
      • Sandcastle - a script for S3 bucket enumeration
      • S3Cruze - This tool is based off of the Sandcastle projet from @yasinS
    • Cloudflare Enumeration - Cloudflare DNS Enumeration Tool for Pentesters
    • Content Discovery
      • Gobuster - Directory/file & DNS busting tool written in G
      • RobotsDisallowed - The RobotsDisallowed project is a harvest of the Disallowed directories from the robots.txt
      • Parameth - This tool can be used to brute discover GET and POST parameters
  3. Vulnerability Identification
    • Nmap - Port/Vulnerability scan
    • MASSCAN - This is the fastest Internet port scanner
  4. Additional Vulnerability Check List
    • XSS
      • Sleepy Puppy - Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.
      • XSS Hunter - The XSS Hunter service - a portable version of XSSHunter.com
    • LFI/RFI
      • PsychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator, payload export.
    • RCE
      • Commix - Automated All-in-One OS command injection and exploitation tool
  5. Additional Steps
    • Soon...
  6. Penetration Testing
    • Exploit founded bug in step 3
  7. Privilege Escalation
    • Soon...
  8. Maintaining Access
    • Soon...
  9. Daily Sources
    • ACTARUS - Actarus is a tool designed to help bounty hunters in their task of performing information gathering about their clients.
    • Hacking Tools Repository - A list of security/hacking tools that have been collected from the internet.
    • bounty_tools - Various tools for managing bug bounty recon and exploration.
    • Bug Bounty Tools - Bug Bounty Tools from Bug Bounty Forum
    • Awesome Security Gists - A collection of various GitHub gists for hackers, pentesters and security researchers
    • Wordlist for Brute Force Attack - CrackStation’s 15GB 1.5 billion entry password cracking dictionary.
    • Awesome Penetration Testing - A collection of awesome penetration testing resources, tools and other shiny things
    • Recon write up - My Guide to Basic Recon? | Bug Bounties + Recon | Amazing Love story.
    • filterbypass - Browser's XSS Filter Bypass Cheat Sheet
    • Awesome Hacking Tools - A curated list of awesome Hacking Tools.
    • XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
    • Filterbypass list - XSS Filter Bypass List
    • Payload - XSS payloads
    • Payloads(old) - Collection of XSS Payloads from various sources
    • payloads - Git All the Payloads! A collection of web attack payloads.
    • Payloads 2016 - XSS Payloads
    • Nmap cheat-sheet - Almost complete commands
    • Burp Suite - Yet another Burp Suite tutorial for beginners
    • domained - Domain Name Enumeration Tool
    • IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
    • Sn1per - Automated Pentest Recon Scanner
    • XSS 101 - XSS mastering tutorial
    • Bug Bounty Toolkit - Bug bounty resources
    • XSS Trick - Different tricks to get ‘XSS’
    • XSS cheat-sheet - Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing
    • CSRF Bypass - 10 Methods to Bypass Cross Site Request Forgery (CSRF)
    • Payloads 1 - Burp Suite payloads 1
    • Payloads 2 - Burp Suite payloads 2
    • Bug Bounty Toos - Bug Bounty Tools download from Google Drive
    • Payloads - XSS payloads
    • Burp Suite Pro - Google Drive Download link
    • SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
    • PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF