📃
Anggi's Notes
  • Tentang Penulis
  • Preambule
  • Tutorial Red Team Area (General)
    • Tutorial Setup VirtualBox
    • Tutorial Setup Kali Linux pada VirtualBox
    • Network Adapter Type pada Virtual Box
    • Tutorial Port Forwarding Pada Virtual Box
    • Mempercepat update/upgrade/install Kali Linux
    • Networking in a Nutshell
    • Linux in A Nutshell
    • Linux Command Intro
    • VA-PT Cheatsheet
    • Penetration Testing Guide & Checklist
    • Pentesting Web checklist
    • NMAP Cheatsheet
    • Bind vs Reverse Shell Concept
    • Reverse Shell Cheatsheet
    • Linux TTY Shell Cheat Sheet
    • Menaikkan Common Shell ke Meterpreter
    • Metasploit Cheatsheet
      • msfvenom
      • searchploit
    • Metasploitable-2
    • Metasploitable-3
    • Linux Privilege Escalation
      • Linux Privilege Escalation with Misconfigured /etc/passwd
      • Linux Privilege Escalation with SUID
      • Linux Privilege Escalation with Misconfigured Sudo
      • Linux Privilege Escalation with MSF
    • DVWA
      • Brute Force
        • Low
        • Medium
        • High
      • Command Injection
        • Low
        • Medium
        • High
      • Local File Inclusion
        • Low
        • Medium
        • High
      • File Upload Vulnerability
        • Low
        • Medium
        • High
      • Cross Site Scripting (XSS)
        • Reflected
          • Low
          • Medium
          • High
        • Stored
          • Low
          • Medium
          • High
        • DOM
          • Low
          • Medium
          • High
      • SQL Injection
        • Non Blind
          • Low
          • Medium
          • High
        • Blind
          • Low
          • Medium
          • High
      • CSRF
        • Low
        • Medium
        • High
    • Pentesting Report Sample
    • Tutorial Penggunaan ZAP
    • Windows VA/Audit
      • DetExploit
      • HardeningKitty
      • Tutorial Installasi OWASP ZAP pada Windows OS
    • Linux VA/Audit dengan Lynis
    • Mobile Security Framework (MobSF) Windows Docker
  • Tutorial Red Team Area (Teknik Windows Attack )
    • Reconnaissance Techniques
    • Windows Red Team Exploitation Techniques
    • Windows Red Team Defense Evasion Techniques
  • Tutorial Blue Team Area
    • Merancang SOC
    • IR Playbook
    • Blue Team Opensource Online Tools
    • Wireshark Query Cheatsheet
  • Temuan Celah Keamanan
    • LFI (Directory Traversal) di redacted.co.id
    • Kredensial Database dan Azure Leaks pada redacted.com
    • HTML Injection di Tokopedia
    • 🤪4300$ Bounty from Opensource automate recon tools, why not?
    • I hacked Mastercard 4 times? But How?
    • LFI dan RCE di aset redacted.com
    • FTPd DOS di aset redacted.co.id
    • Gitlab SSRF di redacted.com
    • Firebase Android database Takeover
    • RCE di 11 Subdomain Dell
    • SSRF di redacted.com
    • Reflected XSS di CelticPipes
    • Git Disclosure di redacted.co.id
    • Open Redirection+XSS pada Private Program Bugcrowd
    • Rails Debug Mode Enabled pada redacted.com
Powered by GitBook
On this page

Was this helpful?

  1. Temuan Celah Keamanan

4300$ Bounty from Opensource automate recon tools, why not?

A critical thread of my thoughts about people who underestimate others because of opensource tools and skill set.

PreviousHTML Injection di TokopediaNextI hacked Mastercard 4 times? But How?

Last updated 2 years ago

Was this helpful?

Yes, and I don't need to be proud of my skills. I also don't need to prove to anyone about my skills.

Is it really necessary for people looking for bugs and bounties to be certified and recognized as experts?

It is enough that the report satisfies the vulnerability taxonomy, can prove it with the POC in report, then is accepted by Triager and Company. That's enough.

They don't care about the tools used as long as your tools and how you use it meet the terms and agreements listed. They will not test you outside the context of the vulnerability you are reporting.

Without further ado, I got around 4000 USD with the following tools

Effective on VPS but of course it can run also on your PC.

Tools are just tools. We still have to utilize with our understanding. Even if you're still in the script kiddies stage, there's no problem getting started.

Don't be afraid of people's unreasonable and far-fetched standards.

If you want to start this video will be very helpful.

Thank you Six2dez and all opensource recon tools developer. 🙏

Follow , and . Than ./reconftw.sh Just it.

By the way my name Anggi Pradana and I’m part time bug hunter on . I'm a noob and that's why I keep learning.

🤪
Installation Guide
Post Installation Guide
Usage guide
https://bugcrowd.com/anggipradana
GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilitiesGitHub
ReconFTW by six2dez
9x Pro Tips by Stök
Logo
4300 USD from same CVE number using automate recon tools