Summary
- In the previous blog post, the author discussed how to select a target and understand the application before commencing a bug bounty.
- The current post is about foundational recon steps and includes a summary of why they matter and how to execute on them.
- The first point is subdomain enumeration which uncovers hidden assets and helps to identify the most vulnerable targets.
- The author suggests using the Assetfinder tool with the -subs-only flag to save the output to a file for further analysis.
- The author recommends keeping the enumeration phase as brief as possible to avoid detection.
- The next steps could include directory brute forcing and the use of specialized tools depending on the outcome of the initial reconnaissance.
- It is emphasized that recon is critical because it helps you understand the target better, reveals hidden assets, and saves time.
Not a Medium member? Access the original article here.