#BugBounty – Tools that I use and my companions in recon

Hey guys, This is my second post in this new blog, hope you like it. Feel free to comment.

A bug bounty is not my fulltime job, I regulerly spend a little amount of time after my work to recon and find vulnerabilities in software, web applications and websites. Here are a couple of tools I use to recon during #BugBounty. I’m not a seasoned bounty hunter, however, I believe that I know what I’m doing and I like it :).

“Tools” that I use and recomond to recon during Bug Bounty

*Not in the order

Hardware: Lenovo T560 laptop

I use Lenovo T560 laptop, with Windows 10 Pro OS preinstalled, an i5-6300U CPU @2.50GHz, 16GB RAM+ 500GB SSD.

As you know it is hard to find T-Series in the regular market, I bought from my company vendor with a good discounted price – since I work full time as IT and IS Manager, I have good contact with hardware vendors. So is this good laptop.

I have a little suggestion here: Never use your work laptop or desktop for the purpose of BugBounty, you might invite trouble for yourself and your company.

OS: Kali Linux

Well, it is not mandatory to have Linux if you are not used to it, the good Windows 10 laptop is sufficient enough to start-off. Nowadays, most recon-tools that available for Linux/ Kali are also available for Windows platform.

I’m using Oracle Virtual Box and Kali Linux is installed as a vitual machine. I have asigned 8GB of RAM.

I prefer Kali Linux over the other flavours of Linux, is because of the pre-packaged with tools and programs specially developed for Ethical Hackers and Cyber Security professionals. The pe-configured settings were carefully chosen according to fit the needs of the typical user – I’d rather say, first time users and prefessionals.

I love the way the tools are categorized, and the ease of use. I’m pretty sure that a large number of Kali users are first time Linux users, but they become master in Kali after a few weeks of usage.

If you are not typical Kali Linux User, there are a plenty of distros that may suit your needs. Here is the link for you: https://itsfoss.com/linux-hacking-penetration-testing/


As you may already know, HackBar is a Mozilla add-on developed by SecuryTeam that helps Bug bounty hunters to perform security auditing/penetration test. This add-on tool for Mozilla Firefox used to test website security, XSS vulnerabilities and perform SQL injections.

Sublist3r – Subdomains Enumerating Tool

Who doesnt know about Sublist3r? I love this tool – it will helps you to find subdomains buiried under the main domain. I certainly advise you to start installing and learning this tool, if your scope is *.domain.com.

Owasp – A Collection of multi-tools

The Open Web Application Security Project or OWASP is a bunch of free-to-use tools developed by their non-profit organization. They have multiple tools to test and recon targets including various web apps and protocols. Flagship tools of the project include

I regulary use

  1. Zed Attack Proxy (ZAP – an integrated penetration testing tool)
  2. OWASP Dependency-Check (Project dependency scanner and checks against known vulnerabilities)
  3. OWASP Web Testing Environment Project (A collection of security tools and documentation for applications and vulnerabilities)

WireShark – A Network Analysis Tool

Wireshark, as you know a network analysis tool. This is one of the tools that every pen-tester, bug bounty hunter or Ethical hackers must-have tools. I use Wireshark to capture packets when I recon a target.

W3AF (w3af)

w3af is a web application attack and audit framework. w3af comes with 3 plugins, (1) discovery, (2) audit and (3) attack. The 3 plugins work together to scan, audit and attack on a specified target. A discovery plugin scans for target URL and find the vulnerability and forward it to the audit plugin which attacks the target based on the vulnerability found in previous steps.

Shodan.io : search engine for Internet-connected devices

I use Google a lot for references, articles and tutorials. But when it comes to gathering information about an IP of a target server/ web application without revealing my identity, I use shodhan.io. They call it as Serch engine for Servers, the search engine for industrial control systems, search engine for IoTs etc. Shodhan has information about almost all internet-facing devices and listed in the right way to analyze.

I have bout the personal licese which I pay monthly fee. I hav emy personalized API which I integrate with nmap, burp for better and indepth scanning.

I have bout the personal license which I pay a monthly fee. I have my personalized API which I integrate with nmap, burp for better and in-depth scanning.

Other simple tools I use (some of them are paid, but availabe as demo/limited features):

Netsparker: I use this tool for scanning vulnerabilities in the target. This is on eof the best tools to exploit SQL injection and LFI vulnerability.

Nessus: It concentrates in compliance checks, sensitive data searches, IPs scan, website scanning, etc.

Burpsuite: There is no limitation on the usage of this application. I prefer to use Burpsuit in Kali, however, I sometimes use JAR application in my Windows 10. This tool helps me to intercept proxy, web application scanning, crawling a page, testing APIs etc.

Click to rate this post!
[Total: 1 Average: 5]


Hey there, I'm Navin, a passionate Info-Sec enthusiast from Bahrain. I started this blog to share my knowledge. I usually write on HackTheBox machines and challenges, cybersecurity-related articles and bug-bounty. If you are an HTB user and like my articles, please respect here: https://www.hackthebox.eu/home/users/profile/68523

View all posts by Navin →
Notify of
Inline Feedbacks
View all comments
Sorry, that action is blocked.
Would love your thoughts, please comment.x
%d bloggers like this: