How to get information about your target?

How to get information about your target?

So aj ka humara topic ha information gethring k bary ma.

Lakin ma apna topic shuru krny sy phely ak qustion clear krna chahta hun jo k aj kl har begnnar k demag ma aata ha .

Q) kia hum hacking ya bug bounty mobile sy kr sakty han ya is k

Liya laptop ya pc ka hona zaruri ha?

Ans) hacking k liya laptop ya pc ka hona zaruri ni ha ap hacking

& Bug bounty k liya mobile b use kr sakty han bs mobile pr

Mehnat zayad lagti ha or han agr laptop ya pc ho to ye

Zeyada acha ha is sy ap ka time bachy ga or ap bohat sy

Kam asani sy script run kr k kr sakty han agro koi afford na

Kr sakta ho to wo ye kam mobile sy b kr sakta ha.

Ab hum aaty han apny topic pr .

How to get information:

Target k bary ma information gather krny k kafi treky hain .

1 1) Github ko use kr k information gethar krna.

Aksir dovelpers apna code github pr dal dety han or kbi kbi wo us ma kafi zaruri & a information b bhol jaty han to jo black hat hackers hoty han wo un ko glat b use kr sakty han to bug bounty hunters wo information website k owner ko male kr k ya HackerOne pr report kr dety han .

Is process ko github dorking kehty han ye kam ab har koi kr sakta ha jo bug bounty krna chahta ho or ye kam to mobile pr b kia ja sakta ha.

Is kam k liya aap ko sirf ak mobile ya laptop or ak GitHub account chyia.

To start :→ Go to www.github.com

Ab hum dekhin gy AWS-KEY= github source engine ma jo nechay picture ma dekhaya gya ha.

ab ouper image ma hum ny search bar ko use kia apna taret ky baray ma information gethar krny k liya .

ap ka target: Search:- → “www.target.com” AWS-KEY=

is ouper wali image ma sy hum lay sakty han AWS-KEY= jo sorce ma available ho or sensitive ho or as a bug bounty hunter hum us ko report kr sakty han.

Ise trah hum difrant keyword search kr sakty han:

Jenkins

OTP

oauth

authoriztion

password

pwd

ftp

dotfiles

JDBC

key-keys

send_key-keys

send,key-keys

token

user

passkey-passkeys

pass

secret

SecretAccessKey

credentials

config

security_credentials

connectionstring

ssh2_auth_password

DB_PASSWORD

telnet

ssh

mysql

oracle

ab ap ye sub keywords search kr sakty han or kabi kabar ap ko critical information b mil jati ha git hub Dorking k Doran .

2) Google dorking ko use kr k information gethar krna.

Google Dorking ko information gathering ka liya bohat use kia jata ha q k hum google Dorking ko use kr k bohat sensitive information nekal sakty han .

For exampel: agr ap ko kuch search krna ha google dork k zaryia to ;

→ inurl:target.com intitle:"index of"

is ouper wali picture ma ap dekh sakty han k kisy hum ny google dork ka use krty huay hum ny ak dir find ki ha ap is ko check kr layin ap ko zarur is dir ma sensitive information milayin ge.

ise trah ap or b google dork use kr sakty han GHDB ka ues kr k: https://www.exploit-db.com/google-hacking-database

is website ko ap use kr k ap google dork use kr sakty han or kise b website k bary ma sencetive informatin nekal sakty han.

3) shodan ka use kr k information gather krna.

shodan ak aisa search engine ha jis sy ap online jo b devices net ky sath connect han ap un k baray ma pta laga sakty ho.

ise wajha sy is ko ak bohat he powerfull and dangrous searcha engine mana jata ha q ka is ka hoty huay hum apnay ap ko is sy hide ni rakh sakty han or hum apny target k baray ma b is pr kafi information lay sakty han jisa k agr us website ka ssl certifacte ha to ap check kr sakty han k us ssl certifacte pr or kitne IP address or domains chal rahay han jo k publick ni han lakin shodan humain un k baray ma b information day deta ha .

Search This Blog

DED HACKER

How to get information about your target?

Popular posts from this blog

Bug bounty krny k liya sub sy phely kia kryin?