I’ve been learning web hacking for the past few months and have covered a bunch of vulnerabilities like SSRF, CSRF, IDOR, SQLi, XSS, authentication issues, and other injection types such as path traversal and command injection. I come from a non-tech background (biology), so I had zero knowledge about networking at first, but I picked up the essentials while studying these vulnerabilities.

Recently, I started looking into bug bounty hunting and came across the concept of recon. When I first researched it, I felt overwhelmed because there are so many tools — Subfinder, Amass, GAU, Katana, Gobuster, Nmap, httpx, etc. I began learning them one by one, and while I think I’m making progress, I realized what I really lack is a methodology — a clear set of steps and a structured workflow to follow.

Over the past few days, I’ve also learned about CDNs, TLS/SSL, certificate transparency logs, and some Linux commands. I’m genuinely enjoying the process, but without a proper recon methodology, I feel a bit lost. Could anyone share advice on what tools to use, and in what sequence, to get better results?