Bug Bounty Basics: Mastering Information Gathering 01
Lets Get into the Real field.
So, let’s first understand what a BUG is.
A bug is essentially a misconfiguration in a website or app, also known as a vulnerability — something that an attacker can exploit to harm the website or app. This vulnerability can exist within the application itself, in the integration of any third-party products used, or in how the app communicates with the server. We’ll go into all of these in detail later.
Before getting started, it’s essential to understand some basic terminology:
1. Injection Point
→ The location where a vulnerability exists or could exist.
2. Vulnerability
→ A flaw or weakness in the website/app.
3. Payload
→ A script or code used to trigger the vulnerability.
4. Exploitation
→ Taking advantage of the vulnerability to gain access to the system.
Now First of all we have to do is Information Gathering.
Lets get started, What informations we need about the Target?.. Lets Find out.
INFORMATION GATHERING
- Find the Website
==> example.com - Subdomains
For Finding Subdomains my best preference is SUBDOMAIN FINDER (Click to go)
Lets see by an example (Just for Information and knowledge)
3. Based on my experience, you should rank subdomains by their lack of popularity. (There’s a higher chance of finding vulnerabilities on less-traveled paths.)
4. Find the IP address of the domain.
Simply open your terminal (Windows or Linux) and type:
ping domain.xyz
For further information-gathering methods, having Linux is essential. I recommend installing Ubuntu — you can find plenty of tutorials on YouTube by simply searching “how to install Ubuntu.”
In the next blog, we’ll dive into more information-gathering techniques. Currently, you won’t be able to practice these on Windows. However, here are two tools you can start exploring on your own:
- Whatweb
- Nmap
(Explore on your own!)
Further, we’ll dive into the ultimate tool for hunting bugs: BURP SUITE.
I’m telling the names of tools so that you explore by yourself because at the end you have to make your own unique methods and technique to find bugs so start building the habit from now.
We’ll use community edition, However Cracks are available you can Explore and get the Pro version (just for information)
Done for Today…!!!
Thanks for reading — stay tuned!
