Learn & Automate rs0n's Bug Bounty Hunting Methodology
Coming DEFCON 2025 (hopefully...probably.....feelin' pretty good about it right now... 🙏)
Amass - Advanced attack surface mapping and asset discovery tool for security research
Subfinder - Fast and reliable subdomain enumeration tool with multiple data sources
Sublist3r - Fast subdomain enumeration tool using various search engines and data sources
Assetfinder - Find assets related to a domain using various data sources and APIs
Httpx - Fast and multi-purpose HTTP toolkit for web reconnaissance and scanning
GoSpider - Fast web spider written in Go for crawling and extracting URLs
Subdomainizer - Advanced subdomain enumeration tool with multiple discovery methods
CeWL - Custom word list generator that spiders websites to create targeted wordlists
ShuffleDNS - Mass DNS resolver with wildcard filtering and validation capabilities
Nuclei - Fast and customizable vulnerability scanner with extensive template library
Katana - Fast and powerful web crawler for discovering hidden endpoints and content
FFuf - Fast web fuzzer with support for multiple protocols and advanced filtering
GAU - Get All URLs tool that fetches known URLs from various historical data sources
CTL - Certificate Transparency Log tool for discovering subdomains from SSL certificates
And much more!
My full bug bounty hunting methodology built into a single framework! Automate the most common bug bounty hunting workflows and Earn While You Learn!
The goal of this tool is to eliminate the barrier of entry for bug bounty hunting. My hope is that someone can pick up this tool and start hunting on day one of their AppSec journey 🚀
Each step of the methodology includes a "Help Me Learn!" dropdown section that includes answers to the most common questions. Most answers can be expanded by clicking the "Learn More" link at the end of the statement. Clicking this link opens a modal with detailed bug bounty hunting guidance and step-by-step instructions to complete that stage of the methodology.
The result of the Wildcard workflow is an ROI Report that includes detailed information about each possible target, as well as a Return On Investment (ROI) score that estimates the value a specific web application gives a bug bounty hunter. This feature is the REAL value of my framework. The functionality is very simple today, but over time I will be building in years of bug bounty hunting experience to help provide guidance to reserachers who are just beginning their journey. This score helps level the playing field for new bug bounty hunters and can provide guidance at one of the most challenging stages of the methodology.
In addition to the ROI report, detailed information about each target is collected and can be used in a variety of ways by experienced bug bounty hunters and beginners alike!
~ by rs0n w/ ❤️
This project is licensed under the GNU General Public License v3.0 (GPL-3.0). This means:
- You can freely use, modify, and distribute this software
- If you distribute modified versions, you must:
- Make your source code available
- Include the original copyright notice
- Use the same license (GPL-3.0)
- Document your changes
For more details, see the LICENSE file in the repository.
Copyright (C) 2025 Arson Security, LLC