{إِنَّ اللَّهَ وَمَلائِكَتَهُ يُصَلُّونَ عَلَى النَّبِيِّ يَا أَيُّهَا الَّذِينَ آمَنُوا صَلُّوا…

Salam alikom guys. today I will share my methodology… 💞( i will be honest guys i have small experience on bug bounty hunter )and this methodology I build it of a lot writeups i read it ,so i hope will be helpful for you…👌😊

If you have any suggestions or ideas, please send me a message on X. I’d be grateful! 💌

“Without a solid methodology, we’re just shooting in the dark.”

The best way to make sure you get some bugs is to deep dive into core program ( take your time make sure when you quit core you seen all the options and open all the pages…)

why core specifically: the programm will be you good bounties when you get bug in core ( because the core is the core🤦‍🤷‍♂️ just take few minutes you will understand me) be Patience this take like 16 days :

16 days but why 😨: look don't make my mistake when i lisented somone she say : you have to focus on the core app, i just say :oky i will open all the option on core app quickly and than i will go to use tools ( i love tools so much 😐) and than i just read this wrtiputs and change my bad mindset (He who does not change perishes) take look is good (wrtiputs)

Logical bugs: this is linked with tip one because you have to understand how the application handles authorization and authentication of request (login page , change passowrd , invite someone , different typs of users admin or editer, viewer...etc) this bugs you can make it be creative just think out side the box and read a lot of writups to get new tips and ideas :

recommend wirtups for logical bugs : https://medium.com/@zack0x01_/how-ive-found-idor-xss-all-users-account-takeover-a49d59cf5108

thank you Omar Ahmed 💞 zack0x01 💞 H4cker-Nafeed Shaikh Minhaz Ch4ndan das 💞

now i will share my tools i used for recon🖤 :

google dorking :

https://dorks.faisalahmed.me/# example :(-www captinsharky.com¯\_(ツ)_/¯)https://github.com/six2dez/degoogle_hunter?tab=readme-ov-file : github toolshttps://taksec.github.io/google-dorks-bug-bounty/ :i love this one : https://github.com/Viralmaniar/BigBountyReconhttps://pentest-tools.com/information-gathering/google-hacking

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

shodan dorking :

i get this information about shodan dorking by this guy Ch4ndan das you can read his wirtup:

shodan:

Ssl.cert.subject.CN:”domian.com” http.title:”IIS”asn= AS12345 http.title:”domain”ip= 127.0.0.1 http.title:”domain”Ssl.cert.subject.CN:”domain.com” http.title:”index of/”Ssl.cert.subject.CN:”domain.com” http.title:”gitlab”Ssl.cert.subject.CN:”domain.com” “230 login successful” port:”21"Ssl.cert.subject.CN:”*.domain.com”+200 http.title:”Admin”

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

extension tools (google,firefox ) :

grabber : An easy to use extractor or grabber for hyperlinks on an HTML page. extract links from an HTML page and display them in another tab.

Shodan: The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open

Wappalyzer: is a browser extension that uncovers the technologies used on websites. It detects content management systems, web shops, web servers, JavaScript frameworks, analytics tools and many more.

CookieEditor :Simple yet powerful Cookie Editor that allow you to quickly create, edit and delete cookies without leaving your tab.

Wayback Machine : The Wayback Machine is a digital archive of the World Wide Web

WaybackURL by Hossein Shourabi

Max HacKBar : this is the best tool you can used on extension i khnow it this tool form this guy :https://www.youtube.com/@lostsecc

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

helpful website :

“In this generation, either you harness AI, or you’ll be harnessed by it…💔":

if you want to make sure to using AI and extract all the benefit from it

read this : https://medium.com/@shaikhminhaz1975/how-to-find- vulnerabilities-and-bugs-with-the-help-of-chatgpt-and-get-bounty-f1ee5b6b0dd0

https://pentestgpt.ai/: the best AI for hacking she have tools recon. inside he can help you for Example (Report Writing,Tool Recommendations,Technical Guidance,fixing problems…etc)🥵

subdmaion Fninder : if you dont like to use tools you can get all subdomains by webs…

Web Check : (Server Info, SSL Certificate, Server Location ,DNS Records , Linked Pages and mores infos…🙂😳)

sploitify :goal of this project is to help in the search for exploits that might be useful in different aspects of your offensive security life…(●'◡'●)

xsshunter: this site for blind xss he take screenshot and send to you into web is very good one

securitytrails : (DNS Records ,Subdomains, historical data)

netlas.io : With Netlas, it takes just a few minutes to build a scope and investigate it

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

so guys this part one i hope will be helpful i put all my khwnlogy ( i will be so happy when you get news informations or new tools and used on your work )thank you Omar Ahmed 💞 zack0x01 💞 H4cker-Nafeed Shaikh Minhaz Ch4ndan das 💞

in part 2 inshallah i will shard methodology of finds vulnerability ( Xss , Sqli , lfi , Rce and more helpful tools…) wait for me is coming so soon

recommendation for the next writeups :
1.How to improving you time management
2.how to learn english
3.the best resourse and persons you can get new information about bug bounty…
share your commend in coment🥰