Recon For Bug Bounty Penetration Testers Ethical Hackers

Maximize your bug bounty hunting with expert-led recon course. Info gathering, tools & techniques covered.
Recon For Bug Bounty Penetration Testers Ethical Hackers
File Size :
923.53 MB
Total length :
9h 7m



Vivek Pandit


Last update




Recon For Bug Bounty Penetration Testers Ethical Hackers

What you’ll learn

Web Reconnaissance: Unlocking the Mysteries of Websites for Competitive Advantage
Beyond the Main Domain: Expert Tips for Discovering Subdomains
URL Mining: Advanced Techniques for Gathering Valuable Data and Insights
Parameter Discovery: Advanced Techniques for Uncovering Valuable Data
Information Mining: How to Unleash the Power of Data Through Smart Gathering
Unlocking the Power of Information: Safely Gathering Sensitive Data from Websites
Uncover the Hidden Truth: Mastering Deep Recon on Websites

Recon For Bug Bounty Penetration Testers Ethical Hackers


Basic knowledge of linux is required
Basic knowledge of vulnerabilities


This course is fully made for website reconnaissance  for bug bounty hunters, penetration testers & ethical hackers. This is a intermediate level course all the topics are discussed here regarding recon on websites.Some of the topics are what is reconnaissance, what is recon , recon for bug bounty hunters and penetration testers, Subdomain enumeration, URL enumeration, parameter bruteforcing, Creating your own recon tools and many more…This course is fully focused on website recon and vulnerability assessment.There will be full methodology of website reconnaissance, bug bounty hunting, penetration testing. The videos are divided into small sections for the students to learn. All the resources are provided in the resource section including links, pdf, payloads that are used in course.Course Curriculum : IntroductionIntroduction to reconSubdomain enumeration from toolsSubdomain enumeration #1Subdomain enumeration #2Subdomain enumeration #3Subdomain enumeration #4Subdomain bruteforcingFiltering unique domainsSubdomain generatorSubdomain enumeration from websitesSubdomain enumeration from website #1Subdomain enumeration from website #2Subdomain enumeration from website #3Subdomain enumeration from website #4Filtering live domainsFiltering live domainsURL extraction from the internetURL extraction from the internet #1URL extraction from the internet #2Finding parametersFinding parametersParameter bruteforcerFinding URL from pastURL from pastSorting urlsSorting url for vulnerabilitiesAutomation for replacing parameters with PayloadsAutomation for replacing parameters with PayloadsFootprinting websites ( Website recon )Whatweb reconNetcraftSecurity headersDnsdumpmasterWhois reconMxtoolboxOSINTMaltegoBrowser addons for reconwappalyzerretire.jsshodan KnoxxHack-tools addonWAF idetificationWAF identificationSubdomain takeoverHostileSubBruteForcerSub404SubjackFuzzing (Content-Discovery)dirbffufPort scanningIntroduction to nmapPort specification in nmapService and version detection from nmapFirewall bypass techniqueFast port scanningnabbumasscanVisual reconGowitnessGoogle dorkingIntroduction to google dorkingUnderstnding the URL structureSyntax of google dorkingGoogle dorking operatorsGoogle search operators ( Part – 1 )Google search operators ( Part – 2 )Google dorking practicalIntroduction to practical google dorkingHow to find directory listing vulnerabilities ?How to dork for wordpress plugins and thems ?How to dork for web servers versions ?How to dork for application generated system reports ?Dorking for SQLiReading materials for google dorkingTips for advance google dorkingTip #1Tip #2Tip #3Shodan dorkingIntro to shodan dorkingShodan web interfaceShodan search filtersShodan dorking practicalFinding serverFinding fIles and directoriesFinding operating systemsFinding compromised devices and websitesShodan command lineIntroduction to shodan command linePractical shodan in command lineGithub dorkingIntroduction to github dorkingGithub dorking practicalVulnerability scanningNuclei Wp-ScanScanning with burpsuiteMetasploit for reconDNS recon using metasploitSub-domain enumeration using metasploitE-mail address findingPort scanning using metasploitTCP SYN port scan using metasploitSSH version detectionFTP version enumerationMySQL version detectionHTTP enumerationPayloads for bug bounty huntersPayloads for bug hunters and enetration testersHow to create tools for recon ?SSRF finder toolXSS finding tooURL extractor from javascript filesFull website recon toolBonusBonus video Thank you :)Vivek Pandit


Section 1: Introduction

Lecture 1 Introduction

Section 2: Subdomain enumeration from tools

Lecture 2 Subdomain recon enumeration #1

Lecture 3 Subdomain recon enumeration #2

Lecture 4 Subdomain recon enumeration #3

Lecture 5 Subdomain recon enumeration #4

Lecture 6 Subdomain bruteforcing tools

Lecture 7 Subdomain generator

Section 3: Subdomain enumeration from websites

Lecture 8 Subdomain enumeration from website #1

Lecture 9 Subdomain enumeration from website #2

Lecture 10 Subdomain enumeration from website #3

Lecture 11 Subdomain enumeration from website #4

Section 4: Filtering live domains

Lecture 12 Filtering live domains

Section 5: URL extraction from the internet

Lecture 13 URL extraction from the internet #1

Lecture 14 URL extraction from the internet #2

Section 6: Finding parameters

Lecture 15 Finding parameters

Lecture 16 Parameter bruteforcer

Section 7: Finding URL from past

Lecture 17 URL recon from past

Section 8: Sorting urls

Lecture 18 Sorting url for vulnerabilities

Section 9: Automation for replacing parameters with Payloads

Lecture 19 Automation for replacing parameters with Payloads

Section 10: Footprinting websites (website recon)

Lecture 20 Wahtweb scanner

Lecture 21 Netcraft

Lecture 22 Security headers

Lecture 23 Dnsdumpmaster

Lecture 24 Whois recon

Lecture 25 Mxtoolbox

Lecture 26 OSINT recon

Lecture 27 Maltego

Section 11: Browser addons for recon

Lecture 28 Wappalyzer addon

Lecture 29 retire.js addon

Lecture 30 Shodan addon

Lecture 31 Knoxx addon

Lecture 32 Hack-tools addon

Section 12: WAF idetification

Lecture 33 WAF Identificaton

Section 13: Subdomain takeover

Lecture 34 HostileSubBruteForcer

Lecture 35 Sub404

Lecture 36 Subjack

Section 14: Fuzzing (Content-Discovery)

Lecture 37 dirb

Lecture 38 ffuf

Section 15: Recon with port scanning

Lecture 39 Introduction to nmap

Lecture 40 Port specification in nmap

Lecture 41 Service and version detection from nmap

Lecture 42 Firewall bypass technique

Section 16: Fast port scanning recon

Lecture 43 Naabu

Lecture 44 Masscan

Section 17: Visual recon

Lecture 45 Gowitness

Section 18: Google dorking

Lecture 46 Introduction to google dorking

Lecture 47 Understanding the structure of url

Lecture 48 Syntax of google dorking

Lecture 49 Golden rules of google dorking

Lecture 50 Google dorking operators

Lecture 51 Google search operators ( Part – 1 )

Lecture 52 Google search operators ( Part – 2 )

Section 19: Google dorking practical

Lecture 53 Introduction to practical google dorking

Lecture 54 How to find directory listing vulnerabilities ?

Lecture 55 How to dork for wordpress plugins and thems ?

Lecture 56 How to dork for web servers versions ?

Lecture 57 How to dork for application generated system reports ?

Lecture 58 Dorking for SQLi

Lecture 59 Reading materials for google dorking

Section 20: Tips for advance google dorking

Lecture 60 Tip #1

Lecture 61 Tip #2

Lecture 62 Tip #3

Section 21: Shodan dorking

Lecture 63 Introduction to shodan dorking

Lecture 64 Shodan web interface

Lecture 65 Shodan search filters

Section 22: Shodan dorking practical

Lecture 66 Finding servers

Lecture 67 Finding fIles and directories

Lecture 68 Finding operating systems

Lecture 69 Finding compromised devices and websites

Section 23: Shodan command line

Lecture 70 Introduction to shodan command line

Lecture 71 Practical shodan in command line

Section 24: Github dorking

Lecture 72 Introduction to github dorking

Lecture 73 Github dorking practical

Section 25: Vulnerability scanning

Lecture 74 Nuclei tool

Lecture 75 WP-Scan

Lecture 76 Scanning with burpsuite

Section 26: Metasploit for recon

Lecture 77 DNS recon using metasploit

Lecture 78 Sub-domain enumeration using metasploit

Lecture 79 E-mail address finder

Section 27: Port scanning using metasploit

Lecture 80 TCP SYN port scan using metasploit

Lecture 81 SSH version detection

Lecture 82 FTP version enumeration

Lecture 83 MySQL version detection

Lecture 84 HTTP enumeration

Section 28: Payloads

Lecture 85 Payloads for bug hunters and penetration testers

Section 29: How to create tools for recon ?

Lecture 86 XSS finding tool

Lecture 87 URL extractor from javascript files

Lecture 88 SSRF finder tool

Lecture 89 Full website recon tool

Section 30: Bonus

Lecture 90 Bonus video

Bug bounty hunters, penetration testers, ethical hackers and etc.

Course Information:

Udemy | English | 9h 7m | 923.53 MB
Created by: Vivek Pandit

You Can See More Courses in the IT & Software >> Greetings from

New Courses

Scroll to Top