.png)
2 days ago
17 BOOK THIS SPACE FOR AD
ARTICLE AD🔍 What is Recon?
Reconnaissance (Recon) is the first phase of pentesting, where we gather information about the target system, network, or organization to identify vulnerabilities.
🎯 What is Scope?
Scope defines what we can and cannot test in a pentest. It acts as a boundary within which testing is allowed.
✅ In Scope — Areas where we can perform security testing.
❌ Out of Scope — Areas where testing is restricted.
🔥 Types of Scope-Based Recon:
1️⃣ Small Scope Recon — Focuses on 1–2 domains.
2️⃣ Medium Scope Recon — Covers multiple domains & subdomains.
3️⃣ Large Scope Recon — Includes entire infrastructures.
🛠️ What is Small Scope Recon?
As the name suggests, our range of reconnaissance is small — typically limited to one or two domains where we identify vulnerabilities.
⚡ My Small Scope Recon Approach:
🔹 Directory Bruteforcing & Fuzzing (GoBuster, FFUF) — Finding hidden directories & files.
🔹 Tech Footprinting (Wappalyzer, WhatWeb) — Identifying the tech stack, JS frameworks, CDN, security measures, etc.
🔹 Port Scanning — Checking open services for vulnerabilities.
🔹 JS Analysis (LinkFinder, SecretFinder) — Extracting hidden API keys, tokens, and admin panels.
🔹 Parameter Discovery (Arjun, Paraminer) — Testing parameters like ?user=1 or ?token=XYZ to check for security flaws.
🔹 Dorking — Using Google, Shodan, and GitHub dorks to find sensitive info.
🔹 Wayback Machine & Web Archive — Understanding the history of a company’s website by viewing snapshots from the day it was published till now. This helps uncover old, forgotten endpoints or sensitive information.
🔹 Data Breach Analysis (IntelX, Dark Web) — Checking for leaked credentials & exposed databases.
🔹 Broken Link Hijacking — This attack happens when a company changes its name or merges with another, but forgets to update all its links — like social media handles or websites. If an old social media username is still linked on their website but is no longer in use, an attacker can claim that username. Now, when someone clicks the link, they’ll be taken to the attacker’s account instead of the company’s real page.
A big thanks to VIEH Group for their amazing resources and insights that helped me refine my approach.
💡 Would love to hear your thoughts! Feel free to share your insights in the comments. 🚀
hashtag#CyberSecurity hashtag#EthicalHacking hashtag#BugBounty hashtag#Pentesting hashtag#Infosec hashtag#Recon hashtag#BugHunting hashtag#WebSecurity hashtag#SecurityResearch hashtag#RedTeam hashtag#OSINT hashtag#WaybackMachine hashtag#HackingTips hashtag#CyberThreats hashtag#AppSec
Bengali (Bangladesh) · 
English (United States) ·