Bug Bounty — Installing Recon Tools in the Cloud!

hak2sk00l
Bug Bounty Hunter
Published in
10 min readAug 24, 2023

--

For educational purposes only and this story includes an affiliate link. I know it’s tempting to launch your ethical hacker arsenal from your home base, but you may want to contemplate the potential ramifications of such campaigns when it comes to bug bounty recon (reconnaissance), especially with tools that engage your target directly. It is quite possible during the course of your hacktions [sic] that your home IP address could be banned.

Today you will learn how to:

  • create your own virtual private server (VPS)
  • easily connect to your VPS with a browser-based console
  • satisfy a security tool dependency by installing Golang from source
  • install 4 of the best bug bounty passive recon security tools

Imagine this scenario, it’s a rainy late Saturday afternoon and you decide to start bug hunting on Netflix (a legit target as Bugcrowd powers their bug bounty program). You have had an exciting day, having gathered lots of valuable information about your new target (subdomains, IP addresses and open ports, etc.), feeling particularly good about your sanctioned hacking endeavours, you sit down with your significant other to watch your (well let’s face it, her) favourite series on the aforementioned Netflix. Popcorn at the ready, you fire up the application and get the dreaded:

OK, I used a little creative license there, as I myself have not been banned (yet) by Netflix, I am not even…

--

--