In Scope / Out of Scope / In Between?

Decoy · July 19, 2019, 4:22pm

Hi Everyone! I have a question. If a particular program has designated domains/subdomains (no wildcards), and explicitly puts a number of domains/subdomains out of scope - should I ignore other subdomains I find? Even if vulnerable? They aren’t explicitly out of scope, but also aren’t listed in scope.

I’ve heard people say a lot of different things on this topic. I’ve heard some people say report it anyway, others to only stay strictly within scope. Are we even allowed to enumerate targets that aren’t in scope? Any input would be greatly appreciated!

FormerSlice · July 24, 2019, 12:37am

With testing, I would keep it black and white. If it says this is whats in scope, then keep your testing to that. The minute you go out of scope is where you can get into all heaps of trouble. Happy hunting!

Topic		Replies	Views
Security misconfiguration, but is it enough for a report? Starter Zone	5	1592	June 22, 2020
Issues with amass subdomain enumeration? Recon Techniques	6	3306	June 5, 2020
I am ready to go, Is this all I need to do to start Starter Zone	6	2297	October 23, 2019
Beginner problems Starter Zone	4	1784	June 18, 2020
When automated scanning is not allowed in a program Starter Zone	0	1484	October 25, 2019

In Scope / Out of Scope / In Between?

Related Topics