Share this page!

Nithin R Profile picture
Twitter logo
Apr 20 11 tweets 3 min read
Here's a list of tools that I use on a daily basis for Bug Bounty Hunting :
1. Proxy

I use Burpsuite for this purpose.
One could also use ZAP Proxy
2. Subdomain Enumeration

I'm a big fan of amass.

One article that I would definitely recommend anybody who's using amass is this gem by @hakluke

hakluke.medium.com/haklukes-guide…
Alternatives :

SubFinder
AssetFinder
Dig
3. Crawling

Burpsuite can do this. But I use gau and waybackurls for this purpose.
Alternatives :

LinkFinder
Hakrawler
4. Content Discovery / Fuzzing

What's better than ffuf in this category ? Super fast and does the purpose.
Alternatives :

gobuster
dirbuster
5. Other miscellaneous tools in my bag :

httpx - filtering enumerated subdomains
nuclei - vulnerability scanning
Know some really good tool that I should definitely checkout and add to my list ?

Comment below.
Hey 👋, I'm Nithin and I tweet on

🖥️ Security / Tech
📑 Productivity
💸 Money

Follow @thebinarybot if either of the above topic interests you.

#bugbountytips #bugbounty #infosec #cybersecurity

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nithin R

Nithin R Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thebinarybot

Nithin R Profile picture
Apr 23
I recently wrote a thread on my top used Bug Bounty Tools. You can find it here :



After publishing the above thread, I got lots of requests to write on my most used / favourite Burp Suite extensions.

So here's a thread on my most used Burp extensions.
1. Autorize

Autorize is straight up one of my most used and liked extensions. I personally use Autorize to automate testing for IDORs and it's very simple to use.



In the above video I've combined with our favourite @theXSSrat on using Autorize.
2. Param Miner

Anybody who's into Bug Bounty for quite sometime knows how important it is to identify parameters. Param Miner helps you do this at ease.

I personally use Param Miner to check for web cache poisoning vulnerabilities.
Read 7 tweets
Nithin R Profile picture
Apr 21
Science says that the most successful people on earth follow some of the below mentioned things if not for all.

You could implement some of the things below to make you successful as well.

🧵👇
// Building a routine

Having no routine or structure is so much more draining mentally, physically, and emotionally than any routine could ever be.
Once you build a routine :

- You impose a certain structure which builds progressive habits and creates momentum that will carry you on the days even when you don't have the strength to.

- Your resilience on motivation and willpower will be reduced.
Read 13 tweets
Nithin R Profile picture
Apr 21
Do you feel that despite the huge amount of work that you put, you still are losing a lot of time and don't feel productive ?

Here's a morning route that which if followed can guarantee to save atleast 15 hours per week.

Thread below.🧵👇
// Meaningful productivity

Your best thinking  will actually happen while you’re away from your work, “recovering.” By taking your mind off work and actually recovering, you’ll get creative breakthroughs related to your work.
// The first 3 hours of your day

The first 3 hours of your day are the most precious ones where you'll have the potential to be highly productive.

Your brain is most attuned to the first thing in morning alongside high energy levels.
Read 9 tweets
Nithin R Profile picture
Jan 2
The science behind successful people and what they do. A Thread.

🧵👇
Establishment of a routine

Routine work makes your life more structured, productive and most importantly healthier. Every successful person has a strategic routine they follow.
Starting the day

Starting the day early and with a positive state of mind leaving technology off for sometime works magic. You could try waking up and taking a quick walk to collect and plan for the day.
Read 8 tweets
Nithin R Profile picture
Nov 26, 2021
Here's a couple of things worth a try to get an IDOR

Comment below if you've other useful tips & techniques.

🧵👇

#bugbounty #bugbountytips #infosec
1. Change file type

If you've an endpoint such as /users/passoword you might want to try /users/password.json or other extensions like .xml etc.
2. Convert ID to json body or array

If you've {"id":111} that gives you 401, you might want to try {"id":[111]} and {"id":{"id":111}}
Read 10 tweets
Nithin R Profile picture
Oct 12, 2021
Here's a list of some of the Youtubers I'm following as a beginner bug bounty hunter. ( They're in no particular order of ranking )

🧵👇
1. @zseano <3<3<3

Channel : youtube.com/c/zseano

Personal favourite :

It's the mindset that matters, always.
2. @theXSSrat My man <3

Channel : youtube.com/c/TheXSSrat

Personal favourite :

(Bet you saw this coming ? :P)
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(