How I Found P1 in Bugcrowd with only Recon

Tool

• amass

GitHub - OWASP/Amass: In-depth Attack Surface Mapping and Asset Discovery

Explain

Honesty. At first I didn’t even know it was P1 hahahaha

I think I found it with my recon process So I wanted to tell you how I recon it. so first I use

• amass
• command : amass enum -d {domain} -passive -norecursive -noalts -silent

and then and then continue with

• findomain and assetfinder

and then put them together in a file together and check live domain with

• httprobe

then I look at each domain manually and I Found it. It seemed to be a config, something that was supposed to be important so I reported it.

but I’m unlucky because duplicate