My Domain Enumeration Logic
My Domain Recon Flow Why? When approaching a new target you will want to find a place to start. Generally, it's always simpler to tackle the low-hanging fruit as you can possibly chain an attack on a subdomain impacting all components of the target. My Approach When looking into bug bounties, my first thought was "where do I begin"? My understanding was the top producers were doing everything mostly in an automated fashion. I understand programming and scripting, so why not work on something like this for fun? I initially started off with a logic flow similar to the below image, but using files dropped to the system and importing them. As I wanted to add more to it, I realized I better move to something where I have methods to query and filter easier so I decided to leverage MongoDB and Python3. This was my first go at this and although this generic outline doesn't depict the full structure of the code with multi-processing and threads, it does outline the criteria a...