Hey guys, This is my second post in this new blog, hope you like it. Feel free to comment.
A bug bounty is not my fulltime job, I regulerly spend a little amount of time after my work to recon and find vulnerabilities in software, web applications and websites. Here are a couple of tools I use to recon during #BugBounty. I’m not a seasoned bounty hunter, however, I believe that I know what I’m doing and I like it :).
“Tools” that I use and recomond to recon during Bug Bounty
*Not in the order
Hardware: Lenovo T560 laptop
I use Lenovo T560 laptop, with Windows 10 Pro OS preinstalled, an i5-6300U CPU @2.50GHz, 16GB RAM+ 500GB SSD.
As you know it is hard to find T-Series in the regular market, I bought from my company vendor with a good discounted price – since I work full time as IT and IS Manager, I have good contact with hardware vendors. So is this good laptop.
I have a little suggestion here: Never use your work laptop or desktop for the purpose of BugBounty, you might invite trouble for yourself and your company.
OS: Kali Linux
Well, it is not mandatory to have Linux if you are not used to it, the good Windows 10 laptop is sufficient enough to start-off. Nowadays, most recon-tools that available for Linux/ Kali are also available for Windows platform.
I’m using Oracle Virtual Box and Kali Linux is installed as a vitual machine. I have asigned 8GB of RAM.
I prefer Kali Linux over the other flavours of Linux, is because of the pre-packaged with tools and programs specially developed for Ethical Hackers and Cyber Security professionals. The pe-configured settings were carefully chosen according to fit the needs of the typical user – I’d rather say, first time users and
I love the way the tools are categorized, and the ease of use. I’m pretty sure that a large number of Kali users are first time Linux users, but they become master in Kali after a few weeks of usage.
If you are not typical Kali Linux User, there are a plenty of distros that may suit your needs. Here is the link for you: https://itsfoss.com/linux-hacking-penetration-testing/
As you may already know, HackBar is a Mozilla add-on developed by SecuryTeam that helps Bug bounty hunters to perform security auditing/penetration test. This add-on tool for Mozilla Firefox used to test website security, XSS vulnerabilities and perform SQL injections.
Sublist3r – Subdomains Enumerating Tool
Who doesnt know about Sublist3r? I love this tool – it will helps you to find subdomains buiried under the main domain. I certainly advise you to start installing and learning this tool, if your scope is *.domain.com.
Owasp – A Collection of multi-tools
The Open Web Application Security Project or OWASP is a bunch of free-to-use tools developed by their non-profit organization. They have multiple tools to test and recon targets including various web apps and protocols. Flagship tools of the project include
I regulary use
- Zed Attack Proxy (ZAP – an integrated penetration testing tool)
- OWASP Dependency-Check (Project dependency scanner and checks against known vulnerabilities)
- OWASP Web Testing Environment Project (A collection of security tools and documentation for applications and vulnerabilities)
WireShark – A Network Analysis Tool
Wireshark, as you know a network analysis tool. This is one of the tools that every pen-tester, bug bounty hunter or Ethical hackers must-have tools. I use Wireshark to capture packets when I recon a target.
w3af is a web application attack and audit framework. w3af comes with 3 plugins, (1) discovery, (2) audit and (3) attack. The 3 plugins work together to scan, audit and attack on a specified target. A discovery plugin scans for target URL and find the vulnerability and forward it to the audit plugin which attacks the target based on the vulnerability found in previous steps.
Shodan.io : search engine for Internet-connected devices
I use Google a lot for references, articles and tutorials. But when it comes to gathering information about an IP of a target server/ web application without revealing my identity, I use shodhan.io. They call it as Serch engine for Servers, the search engine for industrial control systems, search engine for IoTs etc. Shodhan has information about almost all internet-facing devices and listed in the right way to analyze.
I have bout the personal
I have bout the personal license which I pay a monthly fee. I have my personalized API which I integrate with
Other simple tools I use (some of them are paid, but
availabe as demo/limited features):
Netsparker: I use this tool for scanning vulnerabilities in the target. This is on eof the best tools to exploit SQL injection and LFI vulnerability.
Nessus: It concentrates in compliance checks, sensitive data searches, IPs scan, website scanning, etc.
Burpsuite: There is no limitation on the usage of this application. I prefer to use Burpsuit in Kali, however, I sometimes use JAR application in my Windows 10. This tool helps me to intercept proxy, web application scanning, crawling a page, testing APIs etc.