• Hive Five
  • Posts
  • The best bug bounty recon methodology (May 2024)

The best bug bounty recon methodology (May 2024)

22 videos that show you how to best approach recon.

My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still updated every year. There are numerous iterations and I encourage you to watch them all.

Scope is negotiable

Jason Haddix

source: HackerOne

In fact, it was so popular, that Jason launched The Bug Hunter's Methodology Live Course in 2023. A two-day paid live masterclass designed for aspiring and seasoned offensive security professionals, including web application security testers, red teamers, and bug bounty hunters.

After binging the BBHM, came Sunday Recon with NahamSec, which quickly turned into my main resource for all things recon. Although I’m biased, as a long time moderator, but you just can’t beat seeing someone do recon live and being able to ask them questions.

source: NahamSec YouTube Channel

Over the years, I’ve collected the best recon videos I’ve come across to help you form a foundation and take inspiration from. I’ll continue to update this post with the best resources.

At the end of the day, the best bug bounty recon methodology is one that’s uniquely your own. This will not only ensure that you get the best results, it’ll also give you longevity and a deeper understanding of manual testing, automation, and bug bounty as a whole.

Table of Contents

GitHub Recon and Sensitive Data Exposure

Th3G3nt3lman shows you how to locate and identify a company's sensitive data on GitHub. An absolute game changer and the foundation of many bug findings.

How To Do Recon - Introduction to Recon

The first of Katie's How to Do Recon series. Talking about all things recon, why you might want to do recon, what tools you need, and how to actually find bugs with all this data.

Recon and Corporate OSINT with DNSGrep and Rapid7 Open Data

Michael discusses the fundamentals of doing recon and OSINT on a corporation using the Rapid7 Open Data project, and DNSGrep.

The Bug Hunter's Methodology v4.0 - Recon Edition

An ongoing yearly installment by Jason Haddix on the newest tools and techniques for bug hunters and red teamers. Also featured in my must-watch InfoSec talks of 2020.

Passive-ish Recon Techniques

Tom gives a run-down of (mostly) passive reconnaissance techniques; some well-known, some not-so-well-known.

Recon and Bug Bounties What A Great Love Story

Abhijeth demonstrates effective techniques to do better information gathering, while also sharing the stories behind the bugs found.

It’s the Little Things

NahamSec shows you how to create an automated process that will actively look for vulnerabilities using OSINT and other well known recon tools. Join the Nahomies.

Pose a Threat - How Perceptual Analysis Helps Bug Hunters

Optimize the hunt for security vulnerabilities, through unlimited storage, scalable serverless infrastructure, and machine learning powered by collaborative filtering.

Esoteric sub-domain enumeration techniques

Bharath delves deep into how enumeration techniques work, why they are effective, the tooling around them, and also the mitigation techniques.

Amassive Leap in Host Discovery

This talk by Patrik covers methods to easily implement data sources of all sorts into the amass engine, to make it the all-in-one recon tool that fits everyone's needs.

NahamSec’s Recon Sunday with hussein98d

One of the more creative and unorthodox recon methodologies I've seen. It introduced me to new tools and websites.

Recon Sunday with Mayonaise

Definitely a game changer for me. His way of thinking, and his methodology makes this a must-watch. I had to watch this one a couple of times to catch all the intricacies.

Recon Sunday with Todayisnew

A rare appearance and boy was it worth the wait. It's jam packed with information. His friendly demeanor, and automation are highly sought after. Check out my NahamSec interview notes.

Recon Sunday with CDL

Corben goes into detail of how he does recon and which tools he uses, including his own tool GAU and explaining the reasoning behind it.

VIM tutorial - linux terminal tools for bug bounty pentest and redteams

Tom chats with STÖK, sharing his command line recon methodology and how he uses his own tools. One of the main reasons why I started using Vim. I used it as a guide and played it on repeat for a while.

Recon Sunday with Naffy

Naffy hitting you with that real talk, emphasizing the importance of time spent, a good foundation, and not to rely on tools.

The Bug Hunter's Methodology Full 2-hour Resource

Jason walks through his entire recon methodology on a live target, sharing how there's a class of hidden bounties.

Sunday Live Recon with ITSecurityGuard

Patrik walks us through his recon process, sharing his love for amass. He also covers how he uses SecurityTrails, and more. Representing the HackerOne community.

OWASP Amass Red Team Village Resource

Want to know the ins and outs of amass? Amass creator Jeff shows you all there is to know. Did you know there was an Amass community?

Introduction to Axiom - The Dynamic Infrastructure Framework for Everybody

In this talk, Ben give a crash-course on axiom and how to use it. He also perform a live demo of axiom using 170 instances. Founder of 0x00sec community.

ffuf scripts and tricks

Presentation by rez0 for NahamCon 2021 on the topic of the web fuzzer ffuf.

Building Faster Than Light Reconnaissance

Ever want to build your very own high performance recon tooling? d0nut shows you some of the techniques to use and mistakes to avoid when writing your own recon tools.