Account discovery
Account discovery is a self-made name to categorize techniques to find users that have an account of the website.
- π Try digging in the API (if any)
- π Try testing emails in the password forgot page
- π Try testing emails in the register page
- π Try to find exposed configuration files
- ...
We often test weak or mostly default credentials. You can do it manually, or use Fuzzing with these wordlists.
Additional notes π₯
- Brute forcing accounts is usually done if there is nothing else we can try, while fuzzing for default credentials is acceptable.
Refer to use Fuzzing or network authentification tools such as hydra, which may also be used to brute force forms.
- Try using
xxx+anything@xxxto register multiple accounts with the 'same' address emailxxx@xxx. It may be handy to 'farm' accounts.