Bug hunter build-out?


#1

Hello all! I am new to bug hunting and have been reading a lot of the free resources on the site and love everything so far!! I am curious if there is a common “build-out” that many hunters tend to use? I assume as I have seen before that a lot of hunters probably start with Kali and then add custom scripts/tools as they hone their craft. But are there any big hitters that are very useful and must haves in addition to the tools available in Kali? And I am sure that depending on how many tools that are used at any given time their might be a recommended minimum “system” spec requirement?? Anything that many of you find to be a consistently sufficient laptop used solely for the purpose of bug hunting? Thanks in advance ladies/gents!


#2

I’m just getting started out with bug bounties, but I have been a pentester for 6.5 years. What I recommend and use myself is MacOS or Windows as the host OS and run VMWare or VitrualBox with a Kali Linux VM. Kali can break sometimes on upgrades or updates, so it’s easy to spin up another Kali VM. This prevents you from having to reinstall your main or host OS. You can make snapshots and backups of your VMs as you add more tools. That way if your VM gets corrupts and quits booting you have a backup. I run Burp Suite on my host OS, which in my case is MacOS. Also with MacOS or Windows as the host OS you can use MS Office for report writing and other software that is hard to find for Linux.


#3

Hi @DeLorean,

the first two years I just used Burp free edition and a used MacBook Pro I bought to make iOS applications.
Right now I use a MacBook Pro and the Burp Pro edition. Sometimes I use other tools like aquatone (that read from someone I don’t remember) which is useful to find subdomains and IPs. I have Windows 10 installed in a VirtualBox too, which is useful to test things on Edge and Internet Explorer. And finally, a virtual server hosted, which is useful when you need to make a proof of concept, and it has been useful in my latest attempts to run discovery tools (useless until now, for me).
Never tried Kali.
Anyway, it really depends in what you want to do and maybe the bugs you want to find.

Best.