Recon on Hackinghub
- Look into google dorking hackinghub didnât cover this very well. Maybe the other modules cover it but I am going to add it to the Recon dir.
- Certificate transparency - crt.sh
curl -s https://crt.sh/\?cn\=%.$1\&output=json | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -uThis script should be saved as a bash command that would work like crtsh paypal.com and get a list of domains tied to cert. once piped to a .txt we can use the following to grab all the domains
cat file.txt | rev | cut -d *.* -f 1,2 | rev | sort -u > newfile.txt- Subfinder is a tool you can use to find Subdomains
- https://github.com/projectdiscovery/subfinder
- Remember to add your keys
Spent to much of my learning time getting these notes set up. Will have to re watch the videoâs tomorrow to go over the information.