Skip to content

Latest commit

 

History

History
66 lines (63 loc) · 2.54 KB

Scope.md

File metadata and controls

66 lines (63 loc) · 2.54 KB
  • Small Scope

Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.

  • Directory Enumeration
  • Technology Fingerprinting
  • Port Scanning
  • Parameter Fuzzing
  • Wayback History
  • Known Vulnerabilities
  • Hardcoded Information in JavaScript
  • Domain Specific GitHub & Google Dorking
  • Broken Link Hijacking
  • Data Breach Analysis
  • Misconfigured Cloud Storage
  • Medium Scope

Usually the scope is wild card scope where all the subdomains are part of scope

  • Subdomain Enumeration
  • Subdomain Takeover
  • Probing & Technology Fingerprinting
  • Port Scanning
  • Known Vulnerabilities
  • Template Based Scanning (Nuclei/Jeales)
  • Misconfigured Cloud Storage
  • Broken Link Hijacking
  • Directory Enumeration
  • Hardcoded Information in JavaScript
  • GitHub Reconnaissance
  • Google Dorking
  • Data Breach Analysis
  • Parameter Fuzzing
  • Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
  • IP Range Enumeration (If in Scope)
  • Wayback History
  • Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
  • Heartbleed Scanning
  • General Security Misconfiguration Scanning
  • Large Scope

Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.

  • Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
  • Subsidiary & Acquisition Enumeration (Depth – Max)​
  • Reverse Lookup
  • ASN & IP Space Enumeration and Service Identification​
  • Subdomain Enumeration
  • Subdomain Takeover
  • Probing & Technology Fingerprinting
  • Port Scanning
  • Known Vulnerabilities
  • Template Based Scanning (Nuclei/Jeales)
  • Misconfigured Cloud Storage
  • Broken Link Hijacking
  • Directory Enumeration
  • Hardcoded Information in JavaScript
  • GitHub Reconnaissance
  • Google Dorking
  • Data Breach Analysis
  • Parameter Fuzzing
  • Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
  • IP Range Enumeration (If in Scope)
  • Wayback History
  • Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
  • Heartbleed Scanning
  • General Security Misconfiguration Scanning
  • And any possible Recon Vector (Network/Web) can be applied.​

Source: Link