.png)
3 weeks ago
24 BOOK THIS SPACE FOR AD
ARTICLE ADHello guys, I am learning bug bounty And I want to tell you why recon is so so so important
and how I got a bug from recon only.
1. I gathered a lot of subdomains using various tools like **subfinder**, sublist3r and amass
subfinder -d example.com -all --==recursive== >> subs.txt2. then I removed the duplicate subdomains using anew
cat subdomains.txt | anew >> unique_subdomains.txt3. Then I filtered only the working websites using httpx
cat unique_subdomains.txt | httpx -o httpx4. check Request smuggling vulnerability with smuggler.py but I did not find any vulnerabilites, it’s ok ill continue
5. I gather all urls with three ways “waybackurls” , “gospider “, “katana”
gospider -S httpx -o gospider_outputkatana -list httpx -o katana.txt
cat httpx | waybackurls >> allurls.txt
6. I now have alot of urls containing javascript and php files so I get all the files on seperate txt file
# cat allurls.txt | grep -E "\.js" >> js.txt# cat allurls.txt | grep -E "\.php" >> php.txt
7. I then used mantra which is a tool to find leaked API keys in javascript files
cat js.txt | mantraI kept finding non working api keys until I found a bugsnag API key and It has no real use except for attacker spamming fake error reports making the company lose alot of money
anyway I submitted it but got a duplicate :(
it’s okay I will get them the next time
I hope you learned anything new
and if you want to support me you can but me a coffee here
Bengali (Bangladesh) · 
English (United States) ·