Skip to content

YKdevx/Recon-Playbook

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🧠 Recon Playbook — Attack Surface Intelligence Framework

A structured, signal-driven reconnaissance methodology for modern bug bounty and security research.


🎯 Scope

This repository focuses exclusively on reconnaissance and attack surface discovery.

It does NOT include exploitation or reporting.


🧭 What This Project Does

This framework transforms raw internet data into structured attack surface intelligence.

It focuses on:

  • Asset discovery
  • Subdomain enumeration
  • Endpoint mapping
  • JavaScript intelligence extraction
  • Parameter discovery
  • Threat modeling
  • Active validation (non-exploitative)

⚙️ Methodology Overview

Phase 1 — Passive Recon

Wide asset discovery and OSINT gathering

Phase 2 — Narrow Recon

Prioritization and filtering of assets

Phase 3 — On Target Recon

Deep analysis of live systems (JS, APIs, parameters)

Phase 4 — Threat Modeling

Building vulnerability hypotheses from attack surface

Phase 5 — Active Recon

Validation of endpoints, parameters, and behavior


🧠 Core Philosophy

“Recon is not data collection — it is system understanding.”

This framework is built on:

  • Signal-based recon (not tool-based)
  • Noise reduction before expansion
  • Hypothesis-driven validation
  • Depth over breadth

📁 Structure

phases/ → Recon methodology phases docs/ → Methodology + scope wordlists/ → Custom recon wordlists scripts/ → Automation scripts


🚫 Out of Scope

  • Exploitation
  • Payload development
  • Vulnerability chaining
  • Reporting workflows

⚡ Goal

To build a repeatable intelligence system for understanding any web application attack surface.


🧠 Author Note

This project is based on real-world bug bounty experience and optimized for efficiency, signal quality, and depth of analysis.

About

A practical attack surface discovery framework built from real bug bounty experience, designed to systematize reconnaissance from passive data gathering to active threat modeling.

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors