Hacking steps

 

 1.Find Subdomains
2.Check CNAmE records of these subdomains
check for Subdomain takeover
use waybackurls for urls
3.use mass scan for port scanning
4.do github recon
5.on webapp
6.Check for CORS misconfiguration
7.check for email header injection on reset password function
8.check for smtp and host header injection
9.check for ifrme(for clickjacking)
10.Check for improper access control and parameter tampering
11.check for burp history for finding endpoints
12.check for csrf
13.use arjun for finding endpoints
14.check for ssrf parameters
15.check for xss and ssti
16.check for cryptography in reset password token
17.check for unicode injection in email parameter
18.check for bypassing rate limit
headers:
x-originating-ip:ip
x-forwarded-for:ip
x-remote-ip:ip
x-remote-addr:ip
x-client-ip:ip
x-forwarded-host:ip
19.directory brute force
20.check for http request smuggling
21.check for open redirect through wayback url
22.check for social-signOn Bypass
24.check for state parameter in social sign in and check whether "its possible to cause dos using cookies injection"
25.file upload csrf,xss,ssrf,rce,lfi,xxe
16.buffer over flow