*TLDR* You only really need a handful of free tools to get going with bug bounties. Asset Discovery: amass subfinder Fuzzing/Dir Brute Forcing: ffuf dirsearch Proxy Tool: Burp Suite ZAP
a full in-depth video about content discovery using ffuf or feroxbuster like multiple technology sites need which kind of wordlists and how to find those sites to be precise like which targets to choose to perform content discovery. could be really helpful. Thanks a lot for your videos.
I saw some bug bounty programs asking bug hunters not to use automation hacking tools like burpsuite and metasploit!! Is it fair to ask people to reinvente the wheel in order to find bugs for some companies that will accept it or refuse it at the end if all the big efforts he made?
Thanks for everything you do, Nahom, It would helpful if you do a video exclusively on burpsuite or any of the tools you use. I really like the advice not to focus on too many tools.
I would love to see a more indepth video on the devtools honestly.. its free and messy but it seems you found some success with it in your video talking about making 10k in a week.
Jo bro i enjoy your education im realy trying not to get in trouble for hacking or attempted hacking from what i see your using kali linux and its goodies witch is real ...can i or will i get trouble from testing any site if its basicly hackable like sql script testing real rookie stuff🤔
Thanks Nahamsec, I would like to also do this bug hunting. But before starting we need to learn something like how networking works. Can you give me some advice on this. Thanks
Ok so I’m new. I’m curious, like how do you know when you’ve found a bug. Is it just like when you find a vulnerability? If u find u can do command injection. That’s the bug?
Thanks NahamSec! Video was short and sweet. I appreciate when you project the names of the tools on the screen bc sometimes the caption doesn't translate what you're saying correctly (my hearing sucks lol). Just a thought but could AI be used for those trivial tasks that are usually automated? Sorry if this was addressed in another video.
Great video!! Could you please do a video about how to use Amass? I know that it’s a super powerful tool but the syntax is a bit confusing. Thank you in advance :)
Agree here. Been trying to use that to its full potential and curious on his take on it. I read some stuff that Hakluke recommended in regards to using it, which included adding a lot of API keys, but then read that ReconFTW was even better but that one seems to be even more complicated as it combines a ton of recon tools together including amass! Anyway, any info on either would be good. (Particularly to maximize recon results)
My big frustration is that when bug teachers show how bugs work its always on a contrived app like DVWA and doesnt feel realistic, but of course only recon is legal for live yt
I love all your videos, i have also bought your Udemy course. Please make a video all these tools you mentioned. Specially burp suite professional! Thanks in advance!
Probably get this question a lot, but do I really need to get a degree to become a SOC Analyst ? Should I be able to find a job if if get my Comptia Security+ and Network+ ? I understand showing some other skills is important too, but I feel like a 4 year degree will just be a waste of money for me. I can't afford it.
You said you pay for burp but you don’t use any of burp paid functionality! All of that intruder stuff you can do for free! Solid stuff tho. Keep it up
I promise someday in future, I will become a great hacker and a great bug bounty hunter and i will make it into top 100 best hackers
You got this!
Tyson go fight old man 🤣
@handsinthepocketsguy2036 HEHE
@@axelvirtus2514 Mike Tyson xD Haha. Just that age reversal is around the corner in mainstream science, so let's see his age reverse. Hehe
How are you doing right now ?
I am also on the same path as you :)
Asset Discovery: amass + subfinder
Content Discovery(Fuzzing/Directory Bruteforcing): ffuf + dirsearch
Proxy Tool: Burp Suite + ZAP
I just started learning hacking. Thanks so much for making these videos man! They're really helpful for me!
Thanks for watching!
This is a great reminder to quit your obcession and getting overwhelmed by automation tools. Focus on improving your skill more and more.
*TLDR*
You only really need a handful of free tools to get going with bug bounties.
Asset Discovery:
amass
subfinder
Fuzzing/Dir Brute Forcing:
ffuf
dirsearch
Proxy Tool:
Burp Suite
ZAP
a full in-depth video about content discovery using ffuf or feroxbuster like multiple technology sites need which kind of wordlists and how to find those sites to be precise like which targets to choose to perform content discovery. could be really helpful. Thanks a lot for your videos.
we need the bug bounty basic tools set and how to use them properly . that be awwesome! thanks for this vid ben!
Would be awesome to see a video of you doing recon and, looking for bugs with just these 3 tools!
We need live or video about all recon before start hunt (ports, subdomaine .....) New tools + ai ...
Dude, he has done so many videos on that....
Yes its a good idea
@@CM-xr9oq can you share with me links ❤️
Check out my video that’ll get released later this week!
Clear and juicy... Thank you 😊
I saw some bug bounty programs asking bug hunters not to use automation hacking tools like burpsuite and metasploit!! Is it fair to ask people to reinvente the wheel in order to find bugs for some companies that will accept it or refuse it at the end if all the big efforts he made?
Thanks for everything you do, Nahom, It would helpful if you do a video exclusively on burpsuite or any of the tools you use. I really like the advice not to focus on too many tools.
Great suggestion! Will try and make something soon!
hey man, thanks for the video. would you be down to share some POC videos on disclosed vulns, like how you actually found the bug and showed impact?
Maybe - Hard to do it without the program's permission.
You're my Idol. please make playlist on these 3 category in details video for beginners🥺💖💖
You sir are a legend and have a guaranteed spot in heaven
I would love to see a more indepth video on the devtools honestly.. its free and messy but it seems you found some success with it in your video talking about making 10k in a week.
You are a good man. ThankYou😊
Jo bro i enjoy your education im realy trying not to get in trouble for hacking or attempted hacking from what i see your using kali linux and its goodies witch is real ...can i or will i get trouble from testing any site if its basicly hackable like sql script testing real rookie stuff🤔
Thanks Nahamsec,
I would like to also do this bug hunting. But before starting we need to learn something like how networking works.
Can you give me some advice on this.
Thanks
Ok so I’m new. I’m curious, like how do you know when you’ve found a bug. Is it just like when you find a vulnerability? If u find u can do command injection. That’s the bug?
Yes sir I really want to learn Bug Bounty hunting. Please show us the basics of all tools.
Thanks NahamSec! Video was short and sweet. I appreciate when you project the names of the tools on the screen bc sometimes the caption doesn't translate what you're saying correctly (my hearing sucks lol). Just a thought but could AI be used for those trivial tasks that are usually automated? Sorry if this was addressed in another video.
Great as always♥️could you please make a video about api security🙂
Soon
Great video!! Could you please do a video about how to use Amass? I know that it’s a super powerful tool but the syntax is a bit confusing. Thank you in advance :)
Agree here. Been trying to use that to its full potential and curious on his take on it. I read some stuff that Hakluke recommended in regards to using it, which included adding a lot of API keys, but then read that ReconFTW was even better but that one seems to be even more complicated as it combines a ton of recon tools together including amass! Anyway, any info on either would be good. (Particularly to maximize recon results)
Good stuff. This got me thinking, could you use burp suite to verify if a link on a suspicious email is phishing?
My big frustration is that when bug teachers show how bugs work its always on a contrived app like DVWA and doesnt feel realistic, but of course only recon is legal for live yt
I have always been you fan . I have been away from bug bounty for quite a some time now , How to restart
we want this tools used one by one plzz make video on this
please create video of each tools
Yee! 🔥🤗
Awesome. Very very informative...
thanks pro , can you share how do ecternal recon for wild scope
I love all your videos, i have also bought your Udemy course. Please make a video all these tools you mentioned. Specially burp suite professional! Thanks in advance!
Thank you for this informative video.
Amass
Subfinder
FFUF
BurpSuite
Can't able to JOIN, it says => "can't open the link"
What do you mean?
Sir did you just release a full bug Bounty course and for that we have to be a member??
No. It's from my stream on Sunday, it's available to Members fro now.
please make a video on how to use these tools
Like a Boss ...
no hay para mac
Probably get this question a lot, but do I really need to get a degree to become a SOC Analyst ? Should I be able to find a job if if get my Comptia Security+ and Network+ ? I understand showing some other skills is important too, but I feel like a 4 year degree will just be a waste of money for me. I can't afford it.
We need video how to test mannualy 🙂I believe you do.
@NahamSec please make a video on the tools..your explanation is simply awesome
We need live about
What after recon
You said you pay for burp but you don’t use any of burp paid functionality! All of that intruder stuff you can do for free!
Solid stuff tho. Keep it up
Bug bounty basic on tools please
Great
wow 😍😚☺
please make a video subdomain takeover
You mean like this one? th-cam.com/video/MB4OssSHXDs/w-d-xo.html
✨Hi
🌟
Hello Sir.
Hello! 👋🏽
4 tools if you include myself
You are useless
@@axelvirtus2514 Thanks for the support bro