Methodology Bug Bounty

Hello Everyone,

In this blog I am going to share how I perform recon on a Bug Bounty Target. I will keep this Blog short and simple.

Note that I am not any Big Bug bounty hunter, I write these posts to share what I’ve learned in a way that would have helped me when I was starting out. My goal is to make cybersecurity easier to understand for others who are also beginning their journey.

So Let’s Begin,

The first and most important thing to do after choosing a target is to go through the scope of the target, because that is going to be the most important thing for our recon process.

So for example we have a large scope *.target.com

The First thing I do is

Subdomain Enumeration

So what I do is I use 4,5 tools to collect the subdomains and then merge them and sort out the duplicate ones.

1. Assetfinder

2. CrtSh

3. Findomain

4. Subfinder

5. Github-Subdomains

Now I use the tool Anew By tomnomnom to sort out the unique ones

🔗 tomnomnom/Anew- github

You can also use other tools or make a script to combine these all but I like to do it this way, The Next Thing I do is

Check The Alive Subdomains

That will be covered In part2. and im gonna explain about Nmap and Nikto used for network Recon and webserver scaning.

----------------------------------------------------------------------