Day 38 – Recon Tools Introduction | Complete Beginner Guide

 

🛰 Day 38: Recon Tools Introduction

Bug hunting ka golden rule hai:

“The more information you collect, the higher your chances of finding a vulnerability.”

Recon (Reconnaissance) ka matlab hota hai target ke baare me maximum information gather karna – without directly attacking.

Aaj hum samjhenge:

✔ Recon tools kya hote hain
✔ Ye kaise help karte hain
✔ Beginner ko kaun se tools samajhne chahiye

🧠 Recon Tools Kya Hote Hain?

Recon tools aise tools hote hain jo:

  • Subdomains find karte hain

  • Open ports detect karte hain

  • Technologies identify karte hain

  • Hidden endpoints discover karte hain

  • Public information collect karte hain

Ye bug hunting ka foundation hote hain 🔥

🎯 Recon Ke Main Types

1️⃣ Passive Recon

Target ko directly interact nahi karte.

Example:

  • Public records check karna

  • DNS info collect karna

  • Search engine data use karna

Safe aur stealthy method.

2️⃣ Active Recon

Target server se directly interact karte hain.

Example:

  • Port scanning

  • Directory scanning

  • Service detection

Ye powerful hota hai, but permission zaruri hai.

🛠 Important Recon Tools (Introduction Level)

🔎 1. Nmap

Nmap

Use hota hai:

✔ Open ports find karne ke liye
✔ Running services identify karne ke liye
✔ OS detection ke liye

Bug hunting me ye sabse popular network scanning tool hai.

🌐 2. Sublist3r

Sublist3r

Use hota hai:

✔ Subdomains discover karne ke liye

Example:
dev.example.com
admin.example.com

Hidden subdomains = hidden attack surface.

📂 3. Dirsearch

Dirsearch

Use hota hai:

✔ Hidden directories find karne ke liye
✔ Backup files detect karne ke liye

Directory bruteforce me helpful.

🔬 4. WhatWeb

WhatWeb

Use hota hai:

✔ Website ka technology stack detect karna
✔ CMS, frameworks identify karna

Agar pata chal gaya ki site WordPress use karti hai → to WordPress related bugs test kar sakte ho.

🕵 5. theHarvester

theHarvester

Use hota hai:

✔ Emails collect karne ke liye
✔ Subdomains find karne ke liye
✔ Public data gather karne ke liye

OSINT based recon ke liye useful.

🧩 Recon Tools Ka Real Workflow

Professional bug hunter:

  1. Subdomain enumeration karega

  2. Live hosts identify karega

  3. Port scan karega

  4. Technologies detect karega

  5. Hidden paths find karega

  6. Fir vulnerability testing start karega

Recon strong hoga → bugs milne ke chances high honge.

⚠ Important Reminder

Recon tools powerful hote hain.

Use only:

✔ Authorized bug bounty program
✔ Apni lab environment
✔ Written permission ke sath

Unauthorized scanning illegal ho sakta hai.

🚨 Beginner Mistakes

❌ Direct attack start kar dena
❌ Documentation maintain na karna
❌ Sirf ek tool par depend rehna
❌ Response analysis na karna

📋 Revision Points

  • Recon = Information gathering

  • Passive & Active recon dono important

  • Nmap → Ports

  • Sublist3r → Subdomains

  • Dirsearch → Directories

  • WhatWeb → Technologies

  • theHarvester → OSINT

🔥 Pro Tip

Bug hunting me:

70% success recon par depend karta hai.

Agar recon strong hai → vulnerabilities automatically milti hain.

⬅ Previous Day                       

                               Next Day ➡