How To Do Your Reconnaissance Properly Before Chasing A Bug Bounty

Today I am writing about the love story between bug bounties & reconnaissance, but before I do I should say that i’m not much of an expert and this article reflects me sharing my personal opinion.

This blog post will be focusing on recon & where to look for bugs In a Bug Bounty Program, this is not a guide on how to find bugs in a tech sense, but rather a case of tactics you can use to find bugs.

I am assuming you already know about penetration testing, therefore I will not be explaining how to test for vulnerabilities, but rather where to test for them & the tools you can use. This is mainly just a general overview of how someone would map out a target site and efficiently perform reconnaissance to gain as much info on the site as possible before beginning their audit.

Recon is an essential element of any penetration testing.

Competition?

Bug Bounty programs are not very simple, the thing you need to remember about bug bounty programs is that there is a lot of competition. When you’re taking part in a bug bounty program, you’re competing against both the security of the site, and also against the thousands of other people who are taking part in the program. For this reason, it’s important to think critically.

This is why passive and active reconnaissance is especially important for bounty programs, as you need to look a lot deeper than you would in a regular penetration test.

Importance of Reconnaissance in Pentesting?

Extracting relevant information can play a game changing role in many situations. Extracting this information is pretty simple and somewhat easy. Sometimes recon can go beyond collecting basic information to understand the system and can also identify information which might straight away lead to exploitation, sometimes without actually touching the entity being tested.

Even after having such significance this phase is not given enough importance and most of the tests focus straight away on…