How I Found P1 in Bugcrowd with only Recon
Published in
Oct 27, 2022
Tool
- amass
Explain
Honesty. At first I didn’t even know it was P1 hahahaha
I think I found it with my recon process So I wanted to tell you how I recon it. so first I use
- amass
- command : amass enum -d {domain} -passive -norecursive -noalts -silent
and then and then continue with
- findomain and assetfinder
and then put them together in a file together and check live domain with
- httprobe
then I look at each domain manually and I Found it. It seemed to be a config, something that was supposed to be important so I reported it.
but I’m unlucky because duplicate