- Checking Whois Info
- View DNS Info Using ViewDNS
- Tech Stack Fingerprinting
- Using WhatRun
- Using Wappalyzer
- Using WhatWeb
- Google & GitHub Dorks
- Githound
- Gitdorks_go
- Shodan Search and Look for Past Vulnerability Research
- Pastebin and .Git Secrets
- Finding Subdomains
- Using Amass
- Using Assetfinder
- Bruteforce Subdomains
- Using FFUF
- Using Your Secret Wordlist ;)
- Checking Cert Validity and More Subdomains
- Using crt.sh
- Check for Subdomain Takeovers
- Using Httpx
- Using Subzy
- Using a Nuclei Template
- Enumerating Live Subdomains Using Httpx
- Check for Cloud Assets Using Cloudenum
- Identify Web Server, Technologies, and Database
- Using Httpx
- Try to Locate:
/robots.txt
/crossdomain.xml
/clientaccesspolicy.xml
/sitemap.xml
/.well-known/
- Review Comments on Source Code
- Using Burp Engagement Tools
- Filter Interesting Subdomains
- If a Lot of Live Subdomains
- Using gf
- Directory Bruteforcing All of Them
- Take Screenshot
- Using Aquatone
- Using Eyewitness
- Identify WAF (Web Application Firewall)
- Using Wafw00f
- Crawl
- Using Arjun
- Using Waybackurls
- Using Hakcrawler
- Get All JS Files
- Using Subjs
- Using XnLinkFinder
- Broken Link Hijacking (BLC)
- Run Automated Scanner
- Using Nuclei
- Test CORS (Cross-Origin Resource Sharing)
- Using CORScanner
- Using Corsy
- Start Hunting 😄
This formatting should make the text more organized and easier to read.