Everyone tells you to create custom nuclei template. On the other hand people on twitter and the nuclei template team is continuously creating templates as soon as new cves are coming out. A detailed video on nuclei automation would be really helpful clearing the confusions.
No that is 100% true Ben, I tried automation and found out I do better using some of my own tools I write to hunt but still use the automation only for loose recon. I now go hands on with the apps and all that as before I just used automation to clip low hanging fruit.
Thanks Nahamsec. I start with automatic recon (subdomains, tech, parameters, js links, ...) ... after, manual recon, js file analyze. I avoid CMS. Thanks for the tips ... I will now use httpx to prioritize and I will avoid switching targets too quickly (30x on sso ...)
Thank you for making this, as this is the question I'm kind of stuck on right now. I've gotten pretty good at recon and even started automated my process, but have yet to figure out how to use the pile of data I collect each time to land my first reportable bug.
Thanks Ben! I spent the whole day today in the console while finding absolutely nothing. I think I am more comfortable in an application instead of the console so I will give it a shot :) I would love to see a video of you staring at an httpx output and telling us which assets you would go for and why. Cheers ✌️
I like to google everything I've found via recon. It usually helps a lot and sometimes leads to some 4chan post with a complete instruction on how to exploit the cve related to the server's hardware/software. Sometimes it's literally like in Mr.Robot CTF(Wordpress website). So, sometimes recon replaces actual hacking, lol.
I have tons and tons of questions. But , if you do a live bug hunting video , like from choosing a target to finding a bug, it would solve all of the questions I have. Please make this video, this will help me a lot. @NahamSec
Hi bro I am learning bug bounty I am doing manual and automated pentesting but at the moment I didn't find any bug thank you for the video I will focus in httpx to get the codes
Hi! love you videos. Starting in Bug Bounty. Long time computer technician with lot a knowledge about network and computers and starting to learn linux and python. Did you finally make a video about nuclei? Couldn't find it! I learn a lot here, keep the good job!
I'm not a hacker yet. But I WILL be (it's a fate). What would be the options included in this context? The same ones I learned when I was studying for Sec+ like: Script Kiddie (which I don't consider actually a hacker) Hacktivist Insider threat Nation State (the Elite Hackers like APT). Or would that be something more like White, Black and Grey hat?
Recon is useless for us(beginners),we need to get good on manual testing,if you look at the some of the guys who good at sql or xss,they really good at testing these variations,so thats why little bit of information or 1 more subdomain important for them,get good on testing and understand everything otherwise you will look at the screen with a lot of useless information in your hand.
Everyone tells you to create custom nuclei template. On the other hand people on twitter and the nuclei template team is continuously creating templates as soon as new cves are coming out.
A detailed video on nuclei automation would be really helpful clearing the confusions.
A nuclei video would be absolutely sick! I've been wanting to research more about it lately, just haven't found the time for it yet.
Noted! Give me a few weeks to poke around :)
@@NahamSec thanks so much
That's awesome
I don't have a style of hacking as a beginner, And i will like you to be my mentor. I will be so happy to get that offer,
on another note I started learning from you and st0k and tom hudson I will always be grateful for your content.
No that is 100% true Ben, I tried automation and found out I do better using some of my own tools I write to hunt but still use the automation only for loose recon. I now go hands on with the apps and all that as before I just used automation to clip low hanging fruit.
Thanks Nahamsec. I start with automatic recon (subdomains, tech, parameters, js links, ...) ... after, manual recon, js file analyze. I avoid CMS. Thanks for the tips ... I will now use httpx to prioritize and I will avoid switching targets too quickly (30x on sso ...)
we need a stream brother about what to do after a recon, maybe doing a hard ctf or a medium one. This is the video I've been waiting for long.
Thank you for making this, as this is the question I'm kind of stuck on right now. I've gotten pretty good at recon and even started automated my process, but have yet to figure out how to use the pile of data I collect each time to land my first reportable bug.
Dude I feel u, just where I am right now and it is frustrating
Thanks Ben! I spent the whole day today in the console while finding absolutely nothing. I think I am more comfortable in an application instead of the console so I will give it a shot :)
I would love to see a video of you staring at an httpx output and telling us which assets you would go for and why. Cheers ✌️
I'm watching all your videos and i've been learning a lot
I like to google everything I've found via recon. It usually helps a lot and sometimes leads to some 4chan post with a complete instruction on how to exploit the cve related to the server's hardware/software. Sometimes it's literally like in Mr.Robot CTF(Wordpress website). So, sometimes recon replaces actual hacking, lol.
the community is asking for nuclei video , or some course that shows hot to use and build our templates 🙂
I love manual approach, anyway thanks for this awsome video❤
I have tons and tons of questions. But , if you do a live bug hunting video , like from choosing a target to finding a bug, it would solve all of the questions I have. Please make this video, this will help me a lot. @NahamSec
Hi bro I am learning bug bounty I am doing manual and automated pentesting but at the moment I didn't find any bug thank you for the video I will focus in httpx to get the codes
KEYWORD: All of these comes with YEARS of experience, The more you do these the more you learn.
Hi! love you videos. Starting in Bug Bounty. Long time computer technician with lot a knowledge about network and computers and starting to learn linux and python.
Did you finally make a video about nuclei? Couldn't find it! I learn a lot here, keep the good job!
amazing video we need more like this with practical example
Amass is all I need for recon and waybackurls as well server bugs is all I care about.
need video on how your approach for utilising nuclei while hunting
A nuclei video would be amazing!
I'm still a noob, but I start by throwing the first few things that I found at the wall and see if anything sticks.
To manually brute some some admin pass like u mentioned at 10 min mark, yea..., i was that smoked only twice, and i regret that waste of time XD
Hey i can't find any video of you about how to approach to bug bounty first time, what is the process and the steps
Please can you use nuclei to solve hack the box so that it can be very practical
Awesome video🔥
So.. what kind of hacker are you?
Skid🤐🙃
I'm not a hacker yet. But I WILL be (it's a fate). What would be the options included in this context? The same ones I learned when I was studying for Sec+ like:
Script Kiddie (which I don't consider actually a hacker)
Hacktivist
Insider threat
Nation State (the Elite Hackers like APT).
Or would that be something more like White, Black and Grey hat?
Oh I see what you're saying... I'm still watching the video. 😅
I'm following your path ❤
Great video sir..
Recon, Code Analysis, Payloads Repeat !
u da man bro, thank you for your videos :-)
The 1st approach i hate it but i actually do both
NahamSec, i am new in tech industry.
Fantastic video 🤩
Thanks 🤗
make a live for what should you do after recon on real website
you like to use make instead of nuclei can you post a link of make ?
nuclei from basic installation to advance usage.
Awesome!!! 🔥🔥🔥
you are great
After recon i Start manually hunt.
What does that include?
Thank you for sharing
Thanks for watching!
I made this sick tool when i wad like 26 but it would take hours to scan
How old are you now?
@@Nejtak853 30
Recon is useless for us(beginners),we need to get good on manual testing,if you look at the some of the guys who good at sql or xss,they really good at testing these variations,so thats why little bit of information or 1 more subdomain important for them,get good on testing and understand everything otherwise you will look at the screen with a lot of useless information in your hand.
Ye most beginners use automation tools,so as 99999999 mil other beginners.
💙
❤️
Fuzzing :)
nice
❣
Need a nuclei video
plz make nuclei :)
Thanks nathamsec .I love terminal and im old style Linux lover
full nuclei video
I live in burp
browser site
Terminal Hacking 🎉
Nap?
thanks
How to contact you sir
Please make nuclei video