Bug Bounty Hunting

Bug bounty hunting is the act of finding security vulnerabilities or bugs in a website  in an ethical way. Many  companies  encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty. So If you are interested in web application security then you have a great place of improve your skills, with the potential of earning some bounty and credibility at the same time.So let Us see which Tools Used For Bug Bounty Hunting

The Following Are Tools and There Descriptions For Bug Bounty Hunting  

• Burpsuite - ->> Intercepting proxy
• Firefox or chrome - ->> Foxyproxy, cookie manager and builtwith
• OWASP Zap - ->> alternative to burp
• Wfuzz- fuzzer and discovery tool - ->> allows the discovery of web content by using wordlists
• Dirb/dirbuster - ->> brute force directories and files names on web/application servers.
• Knockpy - ->> subdomain enum using wordlists
• Sublist3r - ->> Subdomain enumeration with the use of search engines or OSINT
• Seclists - ->> great lists for assessments, usernames, passwords, URLs, fuzzing strings,common directories/files/sub domains
• Scrapy - ->> Web crawling framework that allows you to create your own web crawlers
• Cyberchef - ->> encoding & decoding
• Google dorks
• What CMS - ->> discover cms being used
• Striker - ->> Striker is an offensive information and vulnerability scanner. Mainly DNS
•CMS - ->> Wpscan joomscan etc
•For exploits we use exploit-db
• sqlmap

We hope you Enjoy. Follow us On Social Medias @Upnextskills

Upnextskills Slogan Is "WE WANT YOU TO KNOW"

No comments

Powered by Blogger.