Recon for Bug Bounty : Using Google Cloud Shell

( By @mrroot — Twitter)

Hello Fam, I hope you are doing great.My name MOHAMMAD SAQLAIN (@mrroot — Twitter).

I am writing this article to support those in the community who lack sufficient requirements for bug bounty recon.I’ve always had difficulty doing recon. It’s a total pain in the neck for me due to my low-spec laptop and limited bandwidth.

Then I came across this post, “VPS Setup for Bug Bounty Automation” ,which explained how to use Google Cloud Platform for bug bounty recon. The problem is that Google Cloud Platform only accepts a limited number of credit and debit cards. However, not everyone has access to credit or debit cards.

Recon plays most vital role in the bug bounty hunting like Subdomain enumeration and probing, resolving, brute forcing subdomains, fuzzing, and other aspects of bug bounty hunting depend heavily on recon. These tasks can’t be completed with low bandwidth.

But,we can use the google cloud shell as a VPS for our recon.

Google Cloud Shell is an interactive shell environment for Google Cloud that makes it easy for you to learn and experiment with Google Cloud and manage your projects and resources from your web browser. Cloud Shell has weekly usage limits ( Weekly 50 Hours ).

If you reach these limits you will need to wait before you can use Cloud Shell again. Cloud Shell provisions 5 GB of persistent disk storage mounted as your $HOME directory on the Cloud Shell instance.All files you store in your home directory, including scripts and user configuration files persist between sessions. As a result, we’ll use this for our bug bounty recon.

Remember :

The Cloud Shell environment is volatile. After the session is destroyed, all installations on the cloud shell will be removed.If you do not access Cloud Shell regularly, the $HOME directory persistent storage may be recycled. You will receive an email notification before this occurs. Starting a Cloud Shell session will prevent its removal.

==== Sorry guys for keeping you waited . Let’s get this started.====

Bug Hunters AssembleGo to Google Cloud ShellLogin with your Google Account CredentialsThat’s it. Your Cloud shell machine is Spawned.It has the cloud editor which makes easy to modify the files.The biggest advantage is that it can be used in a browser. Nothing needs to be installed.

This cloud shell is where I do my recon part in Bug Hunting. I wrote a custom script to install the required tools, so I don’t have to bother about it every time I need to recon. I’ll grab all the info for manual hunting after the recon.

What are you waiting forrrrrrrrrrrrrrrrrrrr…Recon like you dooo…Re Re Recon like you dooo.

Suggestions :

Use Go-Lang based tools.To get around the limit, you can use multiple Google Accounts.