Share this page!

Nithin R Profile picture
Twitter logo
Aug 27 11 tweets 3 min read
I got around 10+ messages last week asking me for the tools I use in Bug Bounty.

So I thought why not make a thread on it.

Here's a list of my most used tools.

🧵👇

PS: This is my only my personal preference and I always experiment.
#bugbounty #infosec #recon #cybersecurity
1. Proxy

-> BurpSuite Community Edition

You really don't need BurpSuite Pro as a beginner. The community edition does almost everything you'd want to do. The only thing I've felt bad is not being able to save a project.
2. Fetch all subdomains

-> Amass

Quick Tip: Search with config file. Do more than just amass enum -d target.com

Link to config file: github.com/OWASP/Amass/bl…
3. Filter live subdomains

-> Httpx

Pipe your output after fetching URLs to httpx and probe the live domains
4. Port Scanner

-> Naabu

Nmap is great, but Naabu is better.
5. DNS Resolver

-> Dnsx

For wordlist, I'll try to create one of my own after inserting common words from the webpages. In unbearable circumstances, I use the best dns wordlist from assetnote.
6. Content Discovery/Fuzzing

-> Ffuf

Again, I'll curate my own wordlist and mix it with directory-list-2.3-medium.txt from gobuster.
7. Fingerprinting

-> Wappalyzer

Definitely comes handy sometimes. Would recommend it.
8. Spidering & Fetch Parameters

-> xnLinkFinder

You have to give it to this tool. The results have been pretty wonderful recently and the probing time is insanely fast.
I mostly use only these tools on a regular basis but under certain circumstances I'll intend to use other tools in the market for that specific purpose.

What major tool do you think I'm missing out?

// PS: I don't do vulnerability scanning, so please don't suggest Nuclei xD
That's a wrap!

If you enjoyed this thread:

1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nithin R

Nithin R Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thebinarybot

Nithin R Profile picture
Aug 27
⁉️

Have you stopped yourself from buying books because of the 4-5 unread books lying in your desk or couch?

#books #writer #writerscommunity #writersoftwitter
⁉️

Are you a reader with a lot of books in your room?
How many times have you been asked “Wow, you’ve got so many books. How many of them have you actually read?”
🚀

If either of the above describes you, you should definitely checkout my article on the importance of unread books.

Link to my recent article: thebotsite.me/the-importance…
Read 4 tweets
Nithin R Profile picture
Aug 26
Understanding the Internet - Part III

Topic: DNS Records

🧵👇

#bugbounty #infosec #cybersecurity
In the last thread, we looked at what DNS is, the types of DNS servers and more. This series has a lot of context to the previous thread so if you missed the earlier part, kindly check below:
🔴 DNS Records. What are they?

A DNS Record in simple terms is just a database record that is used to map a URL to an IP address.
Read 14 tweets
Nithin R Profile picture
Aug 25
We mostly use amass enum and forget the rest.

But did you know you can do something more?
Did you know that you can track scan requests?

Read more 👇

#bugbountytip #bugbounty #amass #recon #infosec #cybersecurity
Where do the scans you normally do on amass get stored?

Well, every single scan you do with amass get's stored in the computer you run the scan on.

Therefore, if you run the same scan again it's possible for amass to keep track of the changes that's occurred.
But how do you do this?

For example let's say that you've run amass enum -d tesla.com last month and you wish to see the changes in scan request on the same domain.

You can simply do amass track -d https://t.co/1oT7xWHZR8 and it'd show you fresh targets.
Read 5 tweets
Nithin R Profile picture
Aug 17
75% of my Twitter DMs in the recent times have been people asking me "How to get started in Ethical Hacking?"

Although I love to answer everybody personally, I decided to write a thread of resources that would help any newbie level up.

🧵👇

#infosec #bugbounty #cybersecurity
[FREE]

1. First, I would recommend knowing the basics of networking. For this, you can checkout @ProfessorMesser 's free Net+ course.

Link to Net+ course : professormesser.com/network-plus/n…
@ProfessorMesser [FREE]

2. I would also recommend walking through Professor Messer's Sec+ and A+ course. Quality Content.

Link to Professor Messer's Website : professormesser.com
Read 13 tweets
Nithin R Profile picture
Aug 16
Chrome Extensions and Firefox addons are gems for us bug bounty hunters if used properly.

Here's a thread of some plugins that I found useful and use on a daily basis.

🧵👇

#bugbounty #infosec #cybersecurity
1. FoxyProxy Standard

99% of the bug bounty hunters should be using BurpSuite. You can use PoxyProxy to setup your BurpSuite proxy and can toggle the switch within a single click.
2. Wappalyzer

Wappalyzer helps you identify the different web technologies used in a web application. This is very handy and can be used for recon purposes.
Read 8 tweets
Nithin R Profile picture
Aug 15
It is especially hard for beginners to choose the right program to hunt on.

Over the years, I have learnt enough from my personal experience what program to choose and what not to, especially if you're just starting out.

Here's a thread on choosing the right bug bounty program.
1. Developing the hunter mindset is hard at the very start and personally I feel it's better to go for the the low-hanging fruits. To catch low-hanging fruits, you should pick a target that experts would go past.
2. Firstly, go for VDPs. VDPs / unpaid programs are ignored by experienced hunters and you can use these to get some experience and fame. You might also get private invites after building some fame.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(