HELPP!!
any pentesting methodology any one knows?
i want to start bug bounty and all stuff any can help?
4 Replies
do you have any pentesting resources ?
anything can help!
#❓︱faq
Htb/thm
PTES
OWASP
NIST
oSSTMM
nmap and sublist3r for recon
burp suite / ffuf / gobuster for web testing
impacket / Metasploit / Wireshark Network
LinPEAS, WinPEAS and GTFOBins for PrivEsc
pwntools for scripting
I personally started with thm as it's more beginner friendly, and then went on to HTB
The for bug bounty hunting programs I use HackerOne, Bugcrowd, Synack and YesWeHack
if you're going for bug bounty id say focus on something you're interested in
like if you use discord a lot, try looking into how discord works and see if you can try to find something interesting, and see if you can find a way to target it
though i wouldn't recommend doing discord, most of the easy stuff has been caught and patched by now, it's often recommended that you try looking at much smaller services