.png)
8 months ago
66 BOOK THIS SPACE FOR AD
ARTICLE ADLet’s begin with a brief introduction: I am Bala Prasanna Gopal Volisetty. Connect with me on LinkedIn for amazing tips and tricks!
Sharing Knowledge:
I’m here to share knowledge about taking the first step towards bug bounty hunting. As many of you know, nearly every website includes a few JavaScript (JS) files and is primarily designed and developed using three types of languages: HTML, CSS, and JS. You can view the source code of any website using “CTRL + U”. Sometimes, websites may forget to encrypt the JS file before deployment.
Ok! Let's Start Our First Step Towards Bug Hunting.
Let’s Start Our First Step Towards Bug Hunting:
Step 1: Perform basic commands before moving to the real steps.
sudo apt-get updatesudo apt-get upgrade
Step 2: First, pick a website.
Step 3: After selecting the website, list down all related sub-domains. For listing all these related sub-domains, we have a couple of tools like Sublist3r, dnsenum, and DNSRecon. We are going to use the dnsenum tool.
Installation of dnsenum tool:
sudo apt-get install dnsenumExecution of dnsenum tool:
dnsenum example.comAfter running the above command, we will list all related and active sub-domains of our website! Save all these in a text file.
Step 4: Before proceeding to the next step, verify that you have a few tools installed.
sudo snap install coresudo apt install snapd
sudo systemet1 enable snapd
sudo apt-get golang-go
sudo apt-get gccgo-go
Step 5: Now, we are moving to the real step to find misconfigured JS files. For this, we are going to use two GitHub repo tools: “KATANA” and “SUBJS”.
Step 6: For the installation of KATANA, follow the steps given below.
sudo apt updatesudo snap refresh
sudo apt install zip curl wget git
sudo snap install golang --classic
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
sudo apt update
sudo apt install google-chrome-stable
go install github.com/projectdiscovery/katana/cmd/katana@latest
Step 7: After installing the katana tool, to fetch all the JS crawling data, use this command.
katana -list {domains.txt} -d 5 -jc | grep ".js$" | uniq | sortStep 8: After running the katana tool, we will get all JS pages. Copy all these and save them in a text file.
Step 9: Now, we need to install SecretFinder, which is a GitHub Repo tool.
$ git clone https://github.com/m4ll0k/SecretFinder.git secretfinder$ cd secretfinder
$ python -m pip install -r requirements.txt or pip install -r requirements.txt
$ python3 SecretFinder.py
Step 10: For execution of this tool, use the command given below.
cat {domainJS.txt} | while read url; do python3 SecretFinder/SecretFinder.py -i $url -o cli; doneReport if you find any sensitive data and claim your first Bug-Bounty Prize!
Bengali (Bangladesh) · 
English (United States) ·