Bug Bounty — What Operating System Should You Use?
For Educational Purposes Only. I often see questions online such as “which operating system is the best for bug bounty?” or “which type of Linux should I use?” and proclamations stating that “Kali Linux is the best!” or that “Parrot OS rulz!” and then of course that old faithful answer comes back “whichever one is best for you!” - what does that even mean?
¯\_(ツ)_/¯
Let’s see if I can help answer those questions…
Which operating system is best for bug bounty?
In my very unpresuming opinion, Linux is the best option for bug bounty hunting (particularly in our quest to fully automate reconnaissance).
Now I know this is going to upset some people, but please keep reading so that I can clarify my statement. It is more than OK to useMicrosoft Windows ormacOSas your, as they say “daily driver”, a lot of successful bug hunters use such proprietary operating systems as clearly evident by their conference talks and posted YouTube videos. However, many of these same people also use cloud based Linux virtual private servers (VPS) for recon and to proxy web requests.
To demonstrate how a VPS can be used, through a series of soon to be published Medium articles, I will explain my personal methodology for bug bounty recon, how to use both active and passive open-source security tools to your best advantage, and fully automate the whole process with some bash scripting and Axiom(a distributed dynamic cloud infrastructure framework). In the end, I believe the reasons as to why you should learn and use Linux (if you are not doing so already) will become self-evident (you can be the judge of that and let me know when the time comes).
Some will say that Linux is too hard! Today’s Linux is not the same as that of yesteryear, where I happily took public transit for two hours to get to a not-so-local university campus bookstore to grab a copy ofRedhat 5.1on three CD’s and then spent the better part of the weekend trying to install and tweak the OS so that I could “use” it. There are now plenty of Linux options to choose from, and with a little effort, one could easily become your go-to for bug bounty. They are readily available to download and the install process is very user friendly. Knowing Linux will serve you well, and having multiple versions including pentesting variants on your resume certainly doesn’t hurt.
Which type of Linux should I use?
Different versions of Linux are called distributions (distro’s for short). You should use a Linux distro of your choice and only install the tools you require from source.
If you are new to Linux, and don’t already have a preference, I would recommend that you start with something a little more mainstream such asUbuntu, Fedora,orDebian (agreed, the term mainstream is subjective and relevant to the circles you run in). For context, not that it should influence your decision one way or another, I myself runLinux Mint Xfce (an Ubuntuvariant).
Many a flame war have started over Linux distributions. Folks are quite passionate about their distro of choice. Offerings such as Kali Linuxand Parrot OShave oodles of tools, and are accomplished pentest distributions. In fact in my pentest days I used and enjoyed both, along with others such asBackbox, BlackArch, andPentoo Linuxto name a few. I certainly don’t want to fan the flames, but in most cases you simply won’t need anywhere near the amount of tools found in these distributions, particularly if your main area of focus is bug bounty.
By running a Linux distro such as Ubuntuand only installing the tools that you require from source (and not installing via a package manger such as apt-get) you will ensure that you are running a lean operating system with the latest and greatest tools and will not be hindered by a backdated version. In doing so, you may also have a potential leg-up on your fellow bug bounty’ers that are inadvertently installing older tools, possibly a release or two back with less features and or functionality. Further, as such is the case with nmap, you can select certain options at build time, which when compiled will give you more flexibility when using the tool.
Also, asGolang (go)has become a popular programming language choice for cyber security professionals and developers alike, it has never been easier to install security tools. Often an install can be done with a single command, for example, here is a one-liner to build (or in other words install) your own binary of subfinderfrom the latest release of the source code on Linux by typing:
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
If you are not using Linux today, give it a shot, or have tried it in the past without success, give it another whirl.
With the adoption ofGolang and the ongoing improvement in both the quality and consistency of the user experience, Linux just may surprise you. If you don’t want to take the “daily driver” plunge, consider running a Linux distro inside a VM, (among other options, there is Oracle VM VirtualBoxwhich works on bothMicrosoft WindowsandmacOS) or perhaps dual boot Windows and Linux.
For those of you wondering if you should use a VPS, how to get one and how to install security tools from source, check out my step-by-step guide entitled “Bug Bounty — Installing Recon Tools in the Cloud (Virtual Private Server)”: https://medium.com/@hak2sk00l/bug-bounty-installing-recon-tools-on-a-vps-8e135eee6497
You will learn why you should always use a VPS, how to properly set up an Ubuntuvirtual private server on the DigitalOcean cloud, install golang and four of the best passive recon tools in the bug bounty space today!
Thanks for your time, there is plenty more to come so until next time!!
If you would like my articles delivered directly to your inbox, please click here to subscribe.
By the way, writing on Medium has been an absolute blast for me!! If you’d like to join and see more great content, the membership fee is only $5 a month. Please sign up using my referral link , this will help me continue to provide you with a competitive edge in the world of Bug Bounty!
