I have bought @KN0X55 pro during the BF discount to try it out while hunting on #bugbounty programs.
🧵Here is how i used it and my results:
🧵Here is how i used it and my results:
1. First of all i would go to bbradar.io and find new public BB programs, increasing my chances of non-dupes and pick a program i liked. I like wildcard programs as they give me more freedom and better chances to find a bug.
2. I would perform sub discovery , crawling , and parameter fuzzing/discovery to compile a huge list of possibly vulnerable XSS endpoints.
3. I would just pass this huge list into knoxnl by @xnl_h4ck3r utilizing @KN0X55 pro api and wait.
4. I was only hunting using GET requests and i didn't bother with POST since that would require more work and i am kinda lazy😄.
5. This is a super simple process but within the timeframe of 1.5 months it has earned me over 2.5K in bounties across platforms (passively).
6. It is worth noting that this process doesn't invlove any manual work. The whole flow was done in an automated matter, finding bugs while i do other stuff basically.
7. It is also worth noting that some of the XSS found i was able to escalate earning me more bounty but that was not always the case.
8. Overall i think @KN0X55 is a very powerful tool and definately worth the money. I am not affiliated with @BRuteLogic or KNOXSS in any way nor do i have a financial benefit from posting this thread.
9. Finally i have identified some improvements that would make the tool even better and communicated those to the @KN0X55 team. They were already in the process of implementing most of them.
10. I know alot of people will say do not use automation , learn to hunt manually etc. To an extend i agree , you need to understand what is happening and why if you want to be a great hunter.
11. However having a good tool that takes care of repetitive and time consuming processes, while maintaining great accuracy, is a good thing.
Good luck hunting.
2c
Good luck hunting.
2c
12. P.S. bbradar.io is a tool i created to take away the time consuming and frustrating process of jumping between platforms to pick a program, which i personally found annoying.
Check it out and save your energy for actually finding some bugs 😄
Check it out and save your energy for actually finding some bugs 😄
جاري تحميل الاقتراحات...