00 — Overview

Recon — Asset Discovery

Find every subdomain, IP, and live host a target owns. The starting point of every bug bounty engagement.

Beginner·35 min·5 tasks

// By the end of this module

→Enumerate subdomains with DNS brute force and certificate transparency

→Find IP ranges and ASN ownership from WHOIS and ARIN

→Discover shadow IT and forgotten assets outside the main domain

→Map the full external attack surface of an organisation

// Prerequisites

Recon & OSINT · Beginner

35 min