Read for Freee..ee.e

🐺Hunters,

I hope my write-ups are simple and helpful for you. So you can gain some knowledge using my bug findings and apply yourself in your bug hunting journey.

Introduction

In August 2024, after first valid Bug and a Bounty I started hunting on a new program. I was new and I don’t have any idea what to do, most of the time I was looking for subdomains using subfinder and this was the first time I started hunting for subdomains using ffuf tool.

Subdomains

I started with basic subdomain enumeration using subfinder tool:

subfinder -d target.com --all --recursive | anew subs.txt

In couple of minutes, I got a lot of subdomains and they are overwhelming to me because I don’t know what to do with them ?

So, I left all subdomains and started with fuzzing.

If you ask me, What I want to achieve? I don’t know either because at that time I was just finding Subdomains.

More Subdomains

I started again for hunting subdoamins with ffuf tool:

ffuf -u…