.png)
4 months ago
33 BOOK THIS SPACE FOR AD
ARTICLE AD
Welcome to the first part of my report on Setting Up Kali Linux and Essential Tools for Bug Bounty Hunting. This document will walk you through the initial steps of configuring Kali Linux and introduce essential tools used in bug bounty programs.In this part, i start by setting up Kali Linux and installing fundamental tools such as Sublist3r, ffuf, and Dirb. These tools are indispensable for reconnaissance and discovering vulnerabilities in web applications.
Setting Up Kali Linux and Essential Tools
Open Kali LinuxTerminal Launch Kali Linux and open the terminal to begin installing essential tools
2. Install Text Editor (gedit)
sudo apt install gedit3. Install Sublist3r
sudo apt install sublist3r4. Usage of Sublist3r
Use Sublist3r to enumerate subdomains for a domain like Google:
sublist3r –d google.com5. Install and Use ffuf
sudo apt install ffufffuf -help
Basic Usage with ffuf
Perform directory brute-forcing using a wordlist against a target URL (Google in this example):
ffuf -w /usr/share/wordlists/dirb/small.txt -u https://www.google.com/FUZZAdvanced Options
Match the number of lines in the response:
ffuf -w /usr/share/wordlists/dirb/small.txt -u https://www.google.com/FUZZ -mlFilter responses based on status code (e.g., only show responses with status code 200)
ffuf -w /usr/share/wordlists/dirb/small.txt -u https://www.google.com/FUZZ -fc 16. Using Dirb
Alternatively, use Dirb for directory brute-forcing:
dirb https://www.google.comConfigure Firefox for Burp Suite:
Open Firefox, go to settings, and set HTTP as the default protocol. Navigate to Network Settings and manually set IP to 127.0.0.1 and port to 8080
Exporting Burp Suite CA Certificate:
Open Burp Suite, navigate to Proxy > Options > Import / Export CA Certificate.
Export the certificate in DER format and save it locally in Kali Linux (cert.ca).
Now search for burpsuit
Select import certificate in DER Format
Download and store cert.ca like this in your kali linux machine
Certificate has been exported successfully
Importing Burp Suite CA Certificate in Firefox:
In Firefox, go to Settings > Privacy & Security > View Certificates.
Import the cert.ca file as a Certificate Authority.
Privacy and security:
Import certificate now
As i was doing it 2nd time that’s why it showing certificate has been installed as a certificate authority
Hands-on Practice and URL Testing Practical Exercises:
Performed URL testing by inspecting page source, manipulating URLs, and practicing on platforms like Hacker101 CTF and OverTheWire.
OverTheWire
Natas(Level 0–1)
View Page Source/Inspect Page
Found the Password for next level
Natas (Level 1–2)
Press ctrl +U for view source page
Natas(Level 2–3)
Their is an image link
Try inspecting page
By the link we can clear see that there is file in which pixel.png is stored so i will try access that file in order to get password for next level
view-source:http://natas2.natas.labs.overthewire.org/files/pixel.pngOpen the files one by one and found out password for next level in users.txt
I found checking the robots.txt file during bug bounty hunting as it often reveals hidden or sensitive directories.
In this guide, i have explored the essential steps to set up Kali Linux and utilize key security tools for effective bug bounty hunting and cybersecurity assessments. From installing Sublist3r and ffuf to configuring Burp Suite for intercepting HTTPS traffic, these tools are fundamental for identifying vulnerabilities and securing web applications
Bengali (Bangladesh) · 
English (United States) ·