Are you a reader with a lot of books in your room?
How many times have you been asked “Wow, you’ve got so many books. How many of them have you actually read?”
🚀
If either of the above describes you, you should definitely checkout my article on the importance of unread books.
You really don't need BurpSuite Pro as a beginner. The community edition does almost everything you'd want to do. The only thing I've felt bad is not being able to save a project.
2. Fetch all subdomains
-> Amass
Quick Tip: Search with config file. Do more than just amass enum -d target.com
In the last thread, we looked at what DNS is, the types of DNS servers and more. This series has a lot of context to the previous thread so if you missed the earlier part, kindly check below:
99% of the bug bounty hunters should be using BurpSuite. You can use PoxyProxy to setup your BurpSuite proxy and can toggle the switch within a single click.
2. Wappalyzer
Wappalyzer helps you identify the different web technologies used in a web application. This is very handy and can be used for recon purposes.
It is especially hard for beginners to choose the right program to hunt on.
Over the years, I have learnt enough from my personal experience what program to choose and what not to, especially if you're just starting out.
Here's a thread on choosing the right bug bounty program.
1. Developing the hunter mindset is hard at the very start and personally I feel it's better to go for the the low-hanging fruits. To catch low-hanging fruits, you should pick a target that experts would go past.
2. Firstly, go for VDPs. VDPs / unpaid programs are ignored by experienced hunters and you can use these to get some experience and fame. You might also get private invites after building some fame.