Bug Bounty Hunting – Tools I Use
welcome to the all new bug bounty series. In this particular video I ‘m going to be showing you all the
tools that I will use and the vulnerabilities I ‘ve been able to find and of course help you in your journey.
I ‘m simply going to be focusing on the extensions or the add-ons that you can use so first of all let me
just open up the browser and I ‘ll show you what what I recommend you use. The first add-on is foxy
proxy which allows you to essentially enable the various proxies that you have set up and that is
particularly for the use of burp suite. Cookie editor or cookie editor is cookie editor plus whatever you
feel is essential for you. The next tool you need to have installed is built with or wapalizer whatever you
choose to use whether you’re using chrome or firefox I personally use built with. Deb and their buster
are essentially used for brute force to essentially brute force directories and the file names on web
application servers. Sublister essentially allows you to perform sub domain enumeration with word lists
or with the help of wordlist. The usage is pretty pretty similar with deb’s buster you have the graphical
user interface.
Set lists are essentially a great collection of lists for assessments that contain usernames passwords urls
fuzzing strings and common directories of files and subdomains all right so it can be used to enumerate
a lot of information that ‘s typically why I prefer using set lists any penetration tester or bug bounty
hunter will tell you that that set list is a must-have all right now the next tool we ‘re going to be utilizing
and utilizing quite a bit is scrappy. Cms allows you to detect what cms is currently being being being
used so for example if I type in hsplite. Com it ‘ll essentially detect the cms that I ‘m using it will
essentially enumerate what particular cms it’s using. The great feature is that it detects up to 467
potential content management systems. We’ll also be using wordpress scan zoom scan and google docs
for for file enumeration subdomain enumeration. Striker is very very good at enumerating dns
information so for example and you can take a look at the installation process here it will tell you to
enter the target so I can enter uh hsploit. Com right over here it ‘ll give me the ip address and of course
it ‘will tell me whether we are using cloudflare which I am so it tells me it ‘s detected the cms’ The next
video is going to be focusing on methodology and the documentation of all the tools.
Bug Bounty Hunting – Wfuzz – Web Content Discovery & Form Manipulation
The wfuzz tool is essentially used to discover web content and directories however it gives us much
more functionality than that so its main features are content discovery or web content discovery rather
and form manipulation or brute forcing as it ‘s also known as which is sort of like an indirect translation.
You can do this with burp suite and you can also do it with the community edition of web suite however
the issue is it does throttle the amount of requests you can send to the web server which is both a good
thing and a bad thing because on one hand you it can actually cause a dos attack depending on the type
of server. With this tool that being doubly fussed we can essentially perform this brute force and
customize how we want it done all right so I’ll explain this in a second. This can work on any login page
regardless of whether it is a cms like wordpress or joomla it could be any other admin pages as long as
you understand how the parameters are being saved and you know in in in what form they are being
sent in the request so let ‘s get into this right now.
welcome to the all new bug bounty series. In this particular video I ‘m going to be showing you all the
tools that I will use and the vulnerabilities I ‘ve been able to find and of course help you in your journey.
I ‘m simply going to be focusing on the extensions or the add-ons that you can use so first of all let me
just open up the browser and I ‘ll show you what what I recommend you use. The first add-on is foxy
proxy which allows you to essentially enable the various proxies that you have set up and that is
particularly for the use of burp suite. Cookie editor or cookie editor is cookie editor plus whatever you
feel is essential for you. The next tool you need to have installed is built with or wapalizer whatever you
choose to use whether you’re using chrome or firefox I personally use built with. Deb and their buster
are essentially used for brute force to essentially brute force directories and the file names on web
application servers. Sublister essentially allows you to perform sub domain enumeration with word lists
or with the help of wordlist. The usage is pretty pretty similar with deb’s buster you have the graphical
user interface.
Set lists are essentially a great collection of lists for assessments that contain usernames passwords urls
fuzzing strings and common directories of files and subdomains all right so it can be used to enumerate
a lot of information that ‘s typically why I prefer using set lists any penetration tester or bug bounty
hunter will tell you that that set list is a must-have all right now the next tool we ‘re going to be utilizing
and utilizing quite a bit is scrappy. Cms allows you to detect what cms is currently being being being
used so for example if I type in hsplite. Com it ‘ll essentially detect the cms that I ‘m using it will
essentially enumerate what particular cms it’s using. The great feature is that it detects up to 467
potential content management systems. We’ll also be using wordpress scan zoom scan and google docs
for for file enumeration subdomain enumeration. Striker is very very good at enumerating dns
information so for example and you can take a look at the installation process here it will tell you to
enter the target so I can enter uh hsploit. Com right over here it ‘ll give me the ip address and of course
it ‘will tell me whether we are using cloudflare which I am so it tells me it ‘s detected the cms’ The next
video is going to be focusing on methodology and the documentation of all the tools.
Bug Bounty Hunting – Wfuzz – Web Content Discovery & Form Manipulation
The wfuzz tool is essentially used to discover web content and directories however it gives us much
more functionality than that so its main features are content discovery or web content discovery rather
and form manipulation or brute forcing as it ‘s also known as which is sort of like an indirect translation.
You can do this with burp suite and you can also do it with the community edition of web suite however
the issue is it does throttle the amount of requests you can send to the web server which is both a good
thing and a bad thing because on one hand you it can actually cause a dos attack depending on the type
of server. With this tool that being doubly fussed we can essentially perform this brute force and
customize how we want it done all right so I’ll explain this in a second. This can work on any login page
regardless of whether it is a cms like wordpress or joomla it could be any other admin pages as long as
you understand how the parameters are being saved and you know in in in what form they are being
sent in the request so let ‘s get into this right now.
