BOOK THIS SPACE FOR ADARTICLE AD
Just after placement, I started applying my hands in bug hunting. First, I hunted bugs in smaller programs and government websites, but later, I was motivated by my friend Sumon(bugxploit).
I used several subdomain enumeration tools( subfinder, amass, crtfinder, and sublist3r) and collected their results in a single file, and deleted the duplicate ones using Pluma text editor. Next I used HTTPX to seperate live domains from the dormant ones(cat sub.txt | httpx -o live.txt).
I ran “nuclei” with its default takeover template(/root/nuclei-templates/takeovers/) to see if I could have low hanging fruits. There were many false positives, but then…BOOM!
I found a domain pointing to an unclaimed azurewebsite which could be registered. With a quick move, I claimed it and reported it.
This is my first ever bug hunting writeup. Hope you find it insightful!