What Should You Do After Recon?!

A nuclei video would be absolutely sick! I've been wanting to research more about it lately, just haven't found the time for it yet.

captain_crunchv

Everyone tells you to create custom nuclei template. On the other hand people on twitter and the nuclei template team is continuously creating templates as soon as new cves are coming out.
A detailed video on nuclei automation would be really helpful clearing the confusions.

crusader_

I don't have a style of hacking as a beginner, And i will like you to be my mentor. I will be so happy to get that offer,

emekaukwuani

Thank you for making this, as this is the question I'm kind of stuck on right now. I've gotten pretty good at recon and even started automated my process, but have yet to figure out how to use the pile of data I collect each time to land my first reportable bug.

KevinBeee

Thanks Nahamsec. I start with automatic recon (subdomains, tech, parameters, js links, ...) ... after, manual recon, js file analyze. I avoid CMS. Thanks for the tips ... I will now use httpx to prioritize and I will avoid switching targets too quickly (30x on sso ...)

oliviergaudel

on another note I started learning from you and st0k and tom hudson I will always be grateful for your content.

moujvqu

No that is 100% true Ben, I tried automation and found out I do better using some of my own tools I write to hunt but still use the automation only for loose recon. I now go hands on with the apps and all that as before I just used automation to clip low hanging fruit.

moujvqu

we need a stream brother about what to do after a recon, maybe doing a hard ctf or a medium one. This is the video I've been waiting for long.

bughunter

Hi bro I am learning bug bounty I am doing manual and automated pentesting but at the moment I didn't find any bug thank you for the video I will focus in httpx to get the codes

insertcoindesign

I have tons and tons of questions. But, if you do a live bug hunting video, like from choosing a target to finding a bug, it would solve all of the questions I have. Please make this video, this will help me a lot. @NahamSec

exploitjunkie

I'm watching all your videos and i've been learning a lot

worm_

Thanks Ben! I spent the whole day today in the console while finding absolutely nothing. I think I am more comfortable in an application instead of the console so I will give it a shot :)
I would love to see a video of you staring at an httpx output and telling us which assets you would go for and why. Cheers ✌️

sveneFX

I like to google everything I've found via recon. It usually helps a lot and sometimes leads to some 4chan post with a complete instruction on how to exploit the cve related to the server's hardware/software. Sometimes it's literally like in Mr.Robot CTF(Wordpress website). So, sometimes recon replaces actual hacking, lol.

tonybloodloss

I love manual approach, anyway thanks for this awsome video❤

rahmat_qurishi

the community is asking for nuclei video, or some course that shows hot to use and build our templates 🙂

alexbenjamin-nlgd

Hi! love you videos. Starting in Bug Bounty. Long time computer technician with lot a knowledge about network and computers and starting to learn linux and python.

Did you finally make a video about nuclei? Couldn't find it! I learn a lot here, keep the good job!

legeekdad

amazing video we need more like this with practical example

binjaminsmoker

Amass is all I need for recon and waybackurls as well server bugs is all I care about.

AnthonyMcqueen

need video on how your approach for utilising nuclei while hunting

vinayakpatil

To manually brute some some admin pass like u mentioned at 10 min mark, yea..., i was that smoked only twice, and i regret that waste of time XD

mjsblo