What To Do After Choosing a Target? Part 01 | Bug Bounty

This is the problem faced by most bug hunters in the beginning including me,

So in this series, I am going to explain my methodology in detail and also provide resources from the start to the end from my experience.

For those who are new to this-

What is Bug Bounty?

Bug bounty is a reward program where people find and report security issues in websites and software to make them safer. They get paid for helping companies fix these problems before bad hackers can exploit them. It’s a win-win for everyone.

Recon

So let’s begin this by recon,

I also have a video demonstration of recon on a real target on youtube if you want to check it out.

The first and most important thing to do after choosing a target is to go through the scope of the target, because that is going to be the most important thing for our recon process.

So let’s start with the recon for large scoped target,

for example *.test.com, the * here means that all the subdomains of this domain are in scope and you can hunt in them.

So the first thing we are going to do is:

1. Subdomain Enumeration

This is one of the most important part of the recon process because this is where you get your targets from,

You must know the popular tools like subfinder, amass etc, you run one of them and think you’re done

But NO, because everyone is doing the same thing, You need to find every one of the subdomain that exists which other people are not finding, I have made a custom script for doing that including many tools combined together like