ReconOne

Jason Haddix literally shows how to master Recon in a comprehensive way 👇🔗🎥 #recon #recontips #bugbounty

🔥 New oneliners Clawdbot 🔥 #Clawdbot #recon #bugbounty

Manual recon doesn’t scale, especially for hidden URLs. This one-liner surfaces endpoints you didn’t know existed. 👇

🚨 2 new vulnerability scripts created for the n8n vulnerabilities disclosed today: CVE-2026-1470: github.com/rxerium/rxeriu… CVE-2026-0863: github.com/rxerium/rxeriu… Happy hunting.

Maximize your endpoint discovery by digging into JavaScript files. Using the -jc flag allows you to parse and crawl JS files to find hidden paths and APIs that standard crawls might miss Use this command👇 katana -jc -u https://target(.)com

How to start RECON in your #BugBounty Hunting 1. Subdomain Enumeration 2. Getting live hosts 3. Web Server Detection 4. Scan for file&dirs 5. Grab urls 6. What's in the JS file? 7. Github recon 8. Virtual Hosts Open your terminal and start now 💪 #cybersecurity #recontips

How to do a simple Recon Automation that gives you: ✅ Subdomains ✅ Web Server ✅ Screenshot of Web Applications So... let's hack! 💪 #recon #recontips #bugbounty #automation #cybersecurity

Use NextJS? Recon ✨ A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript​:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); Cred = linkedin.com/in/0xsojalsec?… #infosec #cybersec #bugbountytips

Scan smarter, not harder. Here are 5 Naabu tweaks for faster, cleaner port discovery 👇 1️⃣ Tune -rate & -retries for speed vs false-positives 2️⃣ -exclude-cdn → only scan 80/443 for CDN IPs 3️⃣ Run -wn host discovery first 4️⃣ Bind -interface when routing matters 5️⃣ Use -resume for longer jobs Install: github.com/projectdiscove… #Naabu #ProjectDiscovery #Infosec #BugBounty #PortScanning

🛠️ Stop running Subfinder, Nuclei, HTTPX “out of the box.” In this walkthrough with @NahamSec, we: • Build a VPS recon box • Install & manage all PD tools w/ Go installer • Chain Subfinder → AlterX → DNSX → Naboo → HTTPX → Katana • Move from automation → methodology Watch 👉 youtube.com/watch?v=evyxNU… #BugBounty #AppSec #Recon

💰 Want to earn your first bug bounty faster? @amrelsagaei has put together a clear roadmap that shows what to learn, in what order, plus the best tools and practice resources - including @yeswehack #Dojo. 🔖 Bookmark it for later! #BugBountyTips youtube.com/watch?v=V5T3e5…

Cross-site request forgery (CSRF) has survived the protections introduced to defeat it, so remains essential #BugBounty knowledge 📖 Our second ‘vulnerability vectors’ instalment details CSRF types and how to exploit them 👇 #BugBountyTips yeswehack.com/learn-bug-boun…

Now that Katana has "custom fields" I can search for endpoints in JS files without using any other tools 👇 #recon #AttackSurface #bugbountytips #bugbounty #katana

🧵 Here we are! Katana, a new web Crawler by @pdiscoveryio Let's see how it works. A thread 👇🧵 #recontips #recon #projectdiscovery #hackwithautomation #bugbounty

My New tool s3 ✅ github.com/KingOfBugbount… #bugbounty #bugbountytips #tools #ofjaaah

Correct link for the talk is here: youtu.be/y_aQQmDMaY4 Sorry for the mistake!

We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠 In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎 🧵 👇

Ok, the SecLists wordlists are really nice, but have you ever tried the ones from AssetNote? Many of them are updated to 2025! Link 👇🔗 #recon #recontips #wordlist #enumeration #bugbounty #assetnote

Link: wordlists.assetnote.io

Link to the page: 0xdf.gitlab.io/cheatsheets/404

Did you know? This website allows you to identify the technologies behind web applications based on 404 errors 👇🔗 #BugBounty #enumeration #recon #recontips #pentest