Top 5 tools used in bug bounty.
Top tools used in bug bounty:
1.Nmap
2. the Harvester
3.Malteago
4.Metaspoilt
5.Waaplyzer
1.Nmap:
Nmap (“Network Mapper”) is a free and open source utility for network exploration and security auditing.Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks,but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
Nmap uses raw IP packets to determine −
• what hosts are available on the network,
• what services those hosts are offering,
what operating systems they are running on,
• what type of firewalls are in use, and other such characteristics?
Usage of Nmap is:
nmap [Scan Type(s)] [Options] {target specification}
Scan types include:
Target specification:
1.Everything on the Nmap command-line that isn’t an option (or option argument) is treated as a target host specification. The simplest case is to specify a target IP address or hostname for scanning.
2.When a hostname is given as a target, it is resolved via the Domain Name System (DNS) to determine the IP address to scan. If the name resolves to more than one IP address, only the first one will be scanned. To make Nmap scan all the resolved addresses instead of only the first one, use the — resolve-all option.
# Target specifications be like: nmap –sS(WHICH ARE OPTIONS) {target specifications be like) ipaddress or website name
Example: nmap scanme.nmap.org 192.168.0.0/8 10.0.0,1,3–7 This command will scan the ipadress and give the open ports and much more info about target..
2.the Harvester:
The Harvester is a tool that was developed in python. The word itself says the how the harvester harvest the crop from large plant to small seed like wise harvester will harvest all the possible subdomains,pgps,banners of the websites from various search engines This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
Usage of theHarvester: theHarvester
[-h][-d DOMAIN] [-l LIMIT] [-S START] [-g] [-p] [-s] [-screenshot SCREENSHOT] [-v] [-e DNS_SERVER] [-t DNS_TLD] [-r][-c] [-f FILENAME] [-b SOURCE]
Scanning using theHarvester:
TheHarvester –d google.com -b google
To get the following result
Command explanation:
-d- used for specify the target you want to scan for subdomains
-b-used for the source you want search the target
3.BURPSUITE
Burp suite is best proxy-based tool for web application penetration testing and much more bug bounty. All bug bounty hunters using this tool to find bugs by automation process. Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite is a leading range of cybersecurity tools, developed to you by PortSwigger.
Burp suite is most useful tool in bug bounty as many bug bounty hunters use this tool for fuzzing,scanning,spidering and for more process in bug bounty hunting.
In addition to the proxy/spider tools just described another range of tools that are often useful during application mapping are the various browser extensions that can perform HTTP and HTML analysis from within the browser interface. For example, the IEWatch tool which runs within Microsoft Internet Explorer, monitors all details of requests and responses, including headers, request parameters, and cookies. It analyzes every application page to display links, scripts, forms, and thick-client components. Of course, all this information can be viewed in your intercepting proxy but having second record of useful mapping data can only help you better understand the application and enumerate all its functionality. for more information about tools of this kind.
4.Metaspoilt
Metasploit is one of the most powerful exploit tools. It’s a product of Rapid7 and most of its resources can be found at: www.metasploit.com. It comes in two versions − commercial and free edition. Matasploit can be used with command prompt or with Web UI. In 2003, Metasploit has been a special tool among security professionals finding “exploit” vulnerabilities they find it. Originally written in Perl, Metasploit was rewritten in 2007 in Ruby and is now the go-to platform for vulnerability exploitation and development. Originally a free tool, Metasploit Framework
With Metasploit, you can perform the following operations
•Conduct basic penetration tests on small networks
• Run spot checks on the exploitability of vulnerabilities
• Discover the network or import scan data
- Browse exploit modules and run individual exploits on host HARDWARE
REQUIREMENTS: 1.2GB RAM
2.Graphics card(for faster process)
3.More clock speed for faster results.
Commands to use metaspoilt:
msfconsole-In Linux it will starts Metasploit by this command
In msfconsole use search keyword to search exploits for your target.
Speciality of Metasploit:
It contains upto:
metasploit v6.0.16-dev
2074 exploits — 1124 auxiliary — 352 post
592 payloads — 45 encoders — 10 nops
7 evasion
5.Waaplyzer:
It is a web browser based extension which gives more needed data about the target website. It is mostly useful for information gathering about a website. It will all the services which is used in websites in their backend server most commonly it will release all the trackers present in that web site
Here I am kali.org as a example website for our testing purposes:
Waaplyzer provides the critical infos like wordpress version and their backend in mysql and javascript libraries and much more information what we need this infos will help you find this bug through exploiting the websites using metaspoilt exploits.
Thank you hope you like it!!!