blmqt / bug-bounty

My basic testing environment includes:

• Docker container (see Dockerfile)
• Standard config (see my config repo)
• BurpSuite
• Firefox
• Terminal

• Choose a Program
• Recon

• SQLi
• XSS

• XSS

• Environment
• Learning
• Jason Haddix 15 Minute Assessment

Below is a summary of my reconnaissance workflow. More details about the workflow and example commands can be found on the recon page.

• Create a separate Chrome profile / Google account for Bug Bounty. Create dedicated BB accounts for YouTube etc. so you can get only relevant recommended content.
• However you do it, set up an environment that has all the tools you use, all the time.
• Use aliases and bash scripts to simplify commands you use all the time.

• Self-Hosted Burp Collaborator - ROT

• Awesome Bug Bounty

• How to Shot Web: Web and mobile hacking in 2015 - Jason Haddix
• The Art of Subdomain Enumeration - Appsecco

• Bug Bounty Toolkit