*TLDR* You only really need a handful of free tools to get going with bug bounties. Asset Discovery: amass subfinder Fuzzing/Dir Brute Forcing: ffuf dirsearch Proxy Tool: Burp Suite ZAP
a full in-depth video about content discovery using ffuf or feroxbuster like multiple technology sites need which kind of wordlists and how to find those sites to be precise like which targets to choose to perform content discovery. could be really helpful. Thanks a lot for your videos.
Thanks for everything you do, Nahom, It would helpful if you do a video exclusively on burpsuite or any of the tools you use. I really like the advice not to focus on too many tools.
I saw some bug bounty programs asking bug hunters not to use automation hacking tools like burpsuite and metasploit!! Is it fair to ask people to reinvente the wheel in order to find bugs for some companies that will accept it or refuse it at the end if all the big efforts he made?
Thanks NahamSec! Video was short and sweet. I appreciate when you project the names of the tools on the screen bc sometimes the caption doesn't translate what you're saying correctly (my hearing sucks lol). Just a thought but could AI be used for those trivial tasks that are usually automated? Sorry if this was addressed in another video.
I would love to see a more indepth video on the devtools honestly.. its free and messy but it seems you found some success with it in your video talking about making 10k in a week.
I love all your videos, i have also bought your Udemy course. Please make a video all these tools you mentioned. Specially burp suite professional! Thanks in advance!
Ok so I’m new. I’m curious, like how do you know when you’ve found a bug. Is it just like when you find a vulnerability? If u find u can do command injection. That’s the bug?
Great video!! Could you please do a video about how to use Amass? I know that it’s a super powerful tool but the syntax is a bit confusing. Thank you in advance :)
Agree here. Been trying to use that to its full potential and curious on his take on it. I read some stuff that Hakluke recommended in regards to using it, which included adding a lot of API keys, but then read that ReconFTW was even better but that one seems to be even more complicated as it combines a ton of recon tools together including amass! Anyway, any info on either would be good. (Particularly to maximize recon results)
Thanks Nahamsec, I would like to also do this bug hunting. But before starting we need to learn something like how networking works. Can you give me some advice on this. Thanks
My big frustration is that when bug teachers show how bugs work its always on a contrived app like DVWA and doesnt feel realistic, but of course only recon is legal for live yt
You said you pay for burp but you don’t use any of burp paid functionality! All of that intruder stuff you can do for free! Solid stuff tho. Keep it up
Probably get this question a lot, but do I really need to get a degree to become a SOC Analyst ? Should I be able to find a job if if get my Comptia Security+ and Network+ ? I understand showing some other skills is important too, but I feel like a 4 year degree will just be a waste of money for me. I can't afford it.
I promise someday in future, I will become a great hacker and a great bug bounty hunter and i will make it into top 100 best hackers
You got this!
Tyson go fight old man 🤣
@handsinthepocketsguy2036 HEHE
@@axelvirtus2514 Mike Tyson xD Haha. Just that age reversal is around the corner in mainstream science, so let's see his age reverse. Hehe
How are you doing right now ?
I am also on the same path as you :)
*TLDR*
You only really need a handful of free tools to get going with bug bounties.
Asset Discovery:
amass
subfinder
Fuzzing/Dir Brute Forcing:
ffuf
dirsearch
Proxy Tool:
Burp Suite
ZAP
I just started learning hacking. Thanks so much for making these videos man! They're really helpful for me!
Thanks for watching!
We need live or video about all recon before start hunt (ports, subdomaine .....) New tools + ai ...
Dude, he has done so many videos on that....
Yes its a good idea
@@CM-xr9oq can you share with me links ❤️
Check out my video that’ll get released later this week!
Would be awesome to see a video of you doing recon and, looking for bugs with just these 3 tools!
This is a great reminder to quit your obcession and getting overwhelmed by automation tools. Focus on improving your skill more and more.
a full in-depth video about content discovery using ffuf or feroxbuster like multiple technology sites need which kind of wordlists and how to find those sites to be precise like which targets to choose to perform content discovery. could be really helpful. Thanks a lot for your videos.
Asset Discovery: amass + subfinder
Content Discovery(Fuzzing/Directory Bruteforcing): ffuf + dirsearch
Proxy Tool: Burp Suite + ZAP
Clear and juicy... Thank you 😊
Thanks for everything you do, Nahom, It would helpful if you do a video exclusively on burpsuite or any of the tools you use. I really like the advice not to focus on too many tools.
Great suggestion! Will try and make something soon!
Great as always♥️could you please make a video about api security🙂
Soon
I saw some bug bounty programs asking bug hunters not to use automation hacking tools like burpsuite and metasploit!! Is it fair to ask people to reinvente the wheel in order to find bugs for some companies that will accept it or refuse it at the end if all the big efforts he made?
Thanks bro, we will be thankful if you do the video's of all all these tools
You are a good man. ThankYou😊
we want this tools used one by one plzz make video on this
Thanks NahamSec! Video was short and sweet. I appreciate when you project the names of the tools on the screen bc sometimes the caption doesn't translate what you're saying correctly (my hearing sucks lol). Just a thought but could AI be used for those trivial tasks that are usually automated? Sorry if this was addressed in another video.
hey man, thanks for the video. would you be down to share some POC videos on disclosed vulns, like how you actually found the bug and showed impact?
Maybe - Hard to do it without the program's permission.
I would love to see a more indepth video on the devtools honestly.. its free and messy but it seems you found some success with it in your video talking about making 10k in a week.
You're my Idol. please make playlist on these 3 category in details video for beginners🥺💖💖
Yes sir I really want to learn Bug Bounty hunting. Please show us the basics of all tools.
You sir are a legend and have a guaranteed spot in heaven
please create video of each tools
Yee! 🔥🤗
Amass
Subfinder
FFUF
BurpSuite
I love all your videos, i have also bought your Udemy course. Please make a video all these tools you mentioned. Specially burp suite professional! Thanks in advance!
Ok so I’m new. I’m curious, like how do you know when you’ve found a bug. Is it just like when you find a vulnerability? If u find u can do command injection. That’s the bug?
Great video!! Could you please do a video about how to use Amass? I know that it’s a super powerful tool but the syntax is a bit confusing. Thank you in advance :)
Agree here. Been trying to use that to its full potential and curious on his take on it. I read some stuff that Hakluke recommended in regards to using it, which included adding a lot of API keys, but then read that ReconFTW was even better but that one seems to be even more complicated as it combines a ton of recon tools together including amass! Anyway, any info on either would be good. (Particularly to maximize recon results)
Good stuff. This got me thinking, could you use burp suite to verify if a link on a suspicious email is phishing?
Thanks Nahamsec,
I would like to also do this bug hunting. But before starting we need to learn something like how networking works.
Can you give me some advice on this.
Thanks
My big frustration is that when bug teachers show how bugs work its always on a contrived app like DVWA and doesnt feel realistic, but of course only recon is legal for live yt
Thank you for this informative video.
I have always been you fan . I have been away from bug bounty for quite a some time now , How to restart
Awesome. Very very informative...
thanks pro , can you share how do ecternal recon for wild scope
You said you pay for burp but you don’t use any of burp paid functionality! All of that intruder stuff you can do for free!
Solid stuff tho. Keep it up
We need live about
What after recon
Like a Boss ...
please make a video on how to use these tools
We need video how to test mannualy 🙂I believe you do.
@NahamSec please make a video on the tools..your explanation is simply awesome
Sir did you just release a full bug Bounty course and for that we have to be a member??
No. It's from my stream on Sunday, it's available to Members fro now.
Bug bounty basic on tools please
Great
Can't able to JOIN, it says => "can't open the link"
What do you mean?
no hay para mac
please make a video subdomain takeover
You mean like this one? th-cam.com/video/MB4OssSHXDs/w-d-xo.html
✨Hi
🌟
Hello Sir.
Hello! 👋🏽
wow 😍😚☺
Probably get this question a lot, but do I really need to get a degree to become a SOC Analyst ? Should I be able to find a job if if get my Comptia Security+ and Network+ ? I understand showing some other skills is important too, but I feel like a 4 year degree will just be a waste of money for me. I can't afford it.
4 tools if you include myself
You are useless
@@axelvirtus2514 Thanks for the support bro