BigBountyRecon uses 58 different techniques using various open source tools and Google dorks to speed up the process of spying on targets. Reconnaissance is the most important step in any penetration test or bug hunting process. It gives the attacker some preliminary information about the target. Furthermore, it would be helpful to have a clear understanding of what protections are in place as well as some rough estimates of how secure the target is.
| Join the channel Telegram belong to AnonyViet ???? Link ???? |
This tool can be used for bug hunting. The idea of this tool is to quickly check and gather information about your goals without investing time and remembering these tasks. In addition, it can help you identify several approaches to quickly target mining.
The technique that BigBountyRecon uses
BigBountyRecon has 58 different techniques, but to save time, I only introduce 10 techniques that I find most impressive and used below:
1. Directory listing: Finding directories open with Google Dork on the target helps you understand the directory structure on the web server. It may expose sensitive information or may lead to information disclosure.
2. Configuration files: Typically, configuration files contain sensitive information such as hard-coded passwords, sensitive drive locations, or API keys that can help you gain privileged access to internal resources .
3. Database file: A database file is a data file used to store the contents of a database in the format of separate tables and fields. Depending on the nature of the web application, these files may provide access to sensitive information.
4. WordPress: WordPress is an open source CMS written in PHP. WordPress has thousands of plugins to build, customize, and enhance websites. But there are also a lot of holes in these plugins.
5. Log files: Log files sometimes provide detailed information about user activity in a particular application. These files are typically used to view session cookies or other types of tokens.
6. Backup files and legacy files: Backup files are original copies of important systems. They provide access to PII or access to sensitive records.
7. Login Pages: It is extremely important to define your target’s login pages to perform bruteforce or try default logins to gain more access to the organization’s resources.
8. SQL Error: SQL Error leaking sensitive information about backend system. This can help you enumerate the database types and see if the application is vulnerable to input validation related errors like SQL Injection or not.
9. Apache configuration file: The Apache HTTP server is configured by placing directives in a plain text configuration file. The main configuration file is usually httpd.conf. Depending on the entries in these configuration files, it may reveal database connection strings, usernames and passwords, inner workings, used and referenced libraries as well as application logic.
10. Robots.txt file: The Robots.txt file instructs web robots how to crawl their web pages. Depending on the contents of the file, an attacker can discover hidden folders and files.
In addition, there are 48 more techniques that you can learn here.
How to use BigBountyRecon
Step 1: First you download the BigBountyRecon tool here.
Step 2: Next you need to open the downloaded EXE file.
Step 3: Enter the domain name of the target.
Step 4: Click the various buttons in the tool to find information.
Step 5: In case of encountering Google Captcha, you just need to authenticate and continue.
