MShahine/recon-tip.txt

## recon-tip.txt
# Subdomain Enumeration

subfinder -d domain.com --silent | httprobe | tee -a subdomains.txt
amass enum --passive -d domain.com | httprobe | tee -a subdomains.txt
assetfinder -subs-only domain.com | httprobe | tee -a subdomains.txt

# Find Endpoints

cat subdomians.txt | waybackurls >> wayback.txt
cat subdomains.txt | hakrawler -depth 3 -plain >> spider.txt

# Find All params

python3 paramspider.py --domain domain.com --exclude svg,jpg,css,js --output domainParam.txt
cat subdomains.txt | waybackurls | grep "=" | tee -a domainParam.txt
	# Subdomain Enumeration

	subfinder -d domain.com --silent \| httprobe \| tee -a subdomains.txt
	amass enum --passive -d domain.com \| httprobe \| tee -a subdomains.txt
	assetfinder -subs-only domain.com \| httprobe \| tee -a subdomains.txt

	# Find Endpoints

	cat subdomians.txt \| waybackurls >> wayback.txt
	cat subdomains.txt \| hakrawler -depth 3 -plain >> spider.txt

	# Find All params

	python3 paramspider.py --domain domain.com --exclude svg,jpg,css,js --output domainParam.txt
	cat subdomains.txt \| waybackurls \| grep "=" \| tee -a domainParam.txt