**`*Vulnerability`***

SubDomainTakeover

**`METHADOLGY`**

<aside>

Information Gathering

Collecting sub-domains used by target scope :

Sublist3r subExtreme Sublert → for domain monitoring gitgraber → to search for sens info in Github shodan.io crt.sh internet Archive

Browser plugnis :

wappalyzer flagfox

LazyRecon

Scanning

NMAP with -A

Sub-domain Takeover

takeover subjak

Burp scanner pugins:

J2EEScan, NGINX Alias Traversal, Telewreck, paramMiner and Upload Scanner

Dirsearch → backup, hiiden Files and admin interface

XSS Hunter with Burp Proxy

Exploitation

Reporting

</aside>