Everyone tells you to create custom nuclei template. On the other hand people on twitter and the nuclei template team is continuously creating templates as soon as new cves are coming out. A detailed video on nuclei automation would be really helpful clearing the confusions.
Thank you for making this, as this is the question I'm kind of stuck on right now. I've gotten pretty good at recon and even started automated my process, but have yet to figure out how to use the pile of data I collect each time to land my first reportable bug.
No that is 100% true Ben, I tried automation and found out I do better using some of my own tools I write to hunt but still use the automation only for loose recon. I now go hands on with the apps and all that as before I just used automation to clip low hanging fruit.
Thanks Nahamsec. I start with automatic recon (subdomains, tech, parameters, js links, ...) ... after, manual recon, js file analyze. I avoid CMS. Thanks for the tips ... I will now use httpx to prioritize and I will avoid switching targets too quickly (30x on sso ...)
Thanks Ben! I spent the whole day today in the console while finding absolutely nothing. I think I am more comfortable in an application instead of the console so I will give it a shot :) I would love to see a video of you staring at an httpx output and telling us which assets you would go for and why. Cheers ✌️
I like to google everything I've found via recon. It usually helps a lot and sometimes leads to some 4chan post with a complete instruction on how to exploit the cve related to the server's hardware/software. Sometimes it's literally like in Mr.Robot CTF(Wordpress website). So, sometimes recon replaces actual hacking, lol.
Hi! love you videos. Starting in Bug Bounty. Long time computer technician with lot a knowledge about network and computers and starting to learn linux and python. Did you finally make a video about nuclei? Couldn't find it! I learn a lot here, keep the good job!
Hi bro I am learning bug bounty I am doing manual and automated pentesting but at the moment I didn't find any bug thank you for the video I will focus in httpx to get the codes
my style of (bug bounty) hacking is to think in my head, going to start small, and then 8 hours later following one lead that is most definitely a vulnerability that is beyond my capabilities to deal with and i scrap the whole project.
I have tons and tons of questions. But , if you do a live bug hunting video , like from choosing a target to finding a bug, it would solve all of the questions I have. Please make this video, this will help me a lot. @NahamSec
I'm not a hacker yet. But I WILL be (it's a fate). What would be the options included in this context? The same ones I learned when I was studying for Sec+ like: Script Kiddie (which I don't consider actually a hacker) Hacktivist Insider threat Nation State (the Elite Hackers like APT). Or would that be something more like White, Black and Grey hat?
Recon is useless for us(beginners),we need to get good on manual testing,if you look at the some of the guys who good at sql or xss,they really good at testing these variations,so thats why little bit of information or 1 more subdomain important for them,get good on testing and understand everything otherwise you will look at the screen with a lot of useless information in your hand.
![Day-1 What is Bug Bounty & How To Get Started - Bug Bounty Free Course [ Hindi ]](http://i.ytimg.com/vi/4gR-W-cx9tE/mqdefault.jpg)
A nuclei video would be absolutely sick! I've been wanting to research more about it lately, just haven't found the time for it yet.
Noted! Give me a few weeks to poke around :)
@@NahamSec thanks so much
That's awesome
Everyone tells you to create custom nuclei template. On the other hand people on twitter and the nuclei template team is continuously creating templates as soon as new cves are coming out.
A detailed video on nuclei automation would be really helpful clearing the confusions.
I don't have a style of hacking as a beginner, And i will like you to be my mentor. I will be so happy to get that offer,
Wow man. Cool. I like you. I will definitely enroll in your course soon.
on another note I started learning from you and st0k and tom hudson I will always be grateful for your content.
Thank you for making this, as this is the question I'm kind of stuck on right now. I've gotten pretty good at recon and even started automated my process, but have yet to figure out how to use the pile of data I collect each time to land my first reportable bug.
Dude I feel u, just where I am right now and it is frustrating
No that is 100% true Ben, I tried automation and found out I do better using some of my own tools I write to hunt but still use the automation only for loose recon. I now go hands on with the apps and all that as before I just used automation to clip low hanging fruit.
we need a stream brother about what to do after a recon, maybe doing a hard ctf or a medium one. This is the video I've been waiting for long.
Thanks Nahamsec. I start with automatic recon (subdomains, tech, parameters, js links, ...) ... after, manual recon, js file analyze. I avoid CMS. Thanks for the tips ... I will now use httpx to prioritize and I will avoid switching targets too quickly (30x on sso ...)
I'm watching all your videos and i've been learning a lot
Thanks Ben! I spent the whole day today in the console while finding absolutely nothing. I think I am more comfortable in an application instead of the console so I will give it a shot :)
I would love to see a video of you staring at an httpx output and telling us which assets you would go for and why. Cheers ✌️
I love manual approach, anyway thanks for this awsome video❤
I like to google everything I've found via recon. It usually helps a lot and sometimes leads to some 4chan post with a complete instruction on how to exploit the cve related to the server's hardware/software. Sometimes it's literally like in Mr.Robot CTF(Wordpress website). So, sometimes recon replaces actual hacking, lol.
Hi! love you videos. Starting in Bug Bounty. Long time computer technician with lot a knowledge about network and computers and starting to learn linux and python.
Did you finally make a video about nuclei? Couldn't find it! I learn a lot here, keep the good job!
Hi bro I am learning bug bounty I am doing manual and automated pentesting but at the moment I didn't find any bug thank you for the video I will focus in httpx to get the codes
amazing video we need more like this with practical example
the community is asking for nuclei video , or some course that shows hot to use and build our templates 🙂
need video on how your approach for utilising nuclei while hunting
Hey i can't find any video of you about how to approach to bug bounty first time, what is the process and the steps
my style of (bug bounty) hacking is to think in my head, going to start small, and then 8 hours later following one lead that is most definitely a vulnerability that is beyond my capabilities to deal with and i scrap the whole project.
Awesome video🔥
I'm still a noob, but I start by throwing the first few things that I found at the wall and see if anything sticks.
Amass is all I need for recon and waybackurls as well server bugs is all I care about.
Please can you use nuclei to solve hack the box so that it can be very practical
A nuclei video would be amazing!
you like to use make instead of nuclei can you post a link of make ?
u da man bro, thank you for your videos :-)
I have tons and tons of questions. But , if you do a live bug hunting video , like from choosing a target to finding a bug, it would solve all of the questions I have. Please make this video, this will help me a lot. @NahamSec
Fantastic video 🤩
Thanks 🤗
To manually brute some some admin pass like u mentioned at 10 min mark, yea..., i was that smoked only twice, and i regret that waste of time XD
Great video sir..
My style of hacking is none :D I've yet to get my first bounty, but I'm getting close to it.
KEYWORD: All of these comes with YEARS of experience, The more you do these the more you learn.
Awesome!!! 🔥🔥🔥
The 1st approach i hate it but i actually do both
NahamSec, i am new in tech industry.
So.. what kind of hacker are you?
Skid🤐🙃
I'm not a hacker yet. But I WILL be (it's a fate). What would be the options included in this context? The same ones I learned when I was studying for Sec+ like:
Script Kiddie (which I don't consider actually a hacker)
Hacktivist
Insider threat
Nation State (the Elite Hackers like APT).
Or would that be something more like White, Black and Grey hat?
Oh I see what you're saying... I'm still watching the video. 😅
I'm following your path ❤
make a live for what should you do after recon on real website
Recon, Code Analysis, Payloads Repeat !
After recon i Start manually hunt.
What does that include?
nuclei from basic installation to advance usage.
I made this sick tool when i wad like 26 but it would take hours to scan
How old are you now?
@@Nejtak853 30
you are great
Thank you for sharing
Thanks for watching!
Fuzzing :)
💙
❤️
Recon is useless for us(beginners),we need to get good on manual testing,if you look at the some of the guys who good at sql or xss,they really good at testing these variations,so thats why little bit of information or 1 more subdomain important for them,get good on testing and understand everything otherwise you will look at the screen with a lot of useless information in your hand.
Ye most beginners use automation tools,so as 99999999 mil other beginners.
nice
plz make nuclei :)
Need a nuclei video
❣
I live in burp
full nuclei video
browser site
Terminal Hacking 🎉
Nap?
How to contact you sir
Thanks nathamsec .I love terminal and im old style Linux lover
thanks
Please make nuclei video