Aggressive Scanning in Bug Bounty (and how to avoid it)
HTML-код
- Опубликовано: 28 июн 2024
- 🧠 What is aggressive scanning / intrusive testing? How can you avoid it? Learn about the importance of adhering to program requirements and the rules of engagement in bug bounty. In this video, we'll configure and test some common web hacking tools to ensure the requests are rate-limited and stay within the maximum requests per second permitted by the program.
🔗 Check out our accompanying blog post: blog.intigriti.com/2024/03/18...
🔗 More on rate-limiting / throttling: kb.intigriti.com/en/articles/...
🔗 More on testing requirements: kb.intigriti.com/en/articles/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:19 What is aggressive scanning?
1:00 5 examples from public programs
3:45 Demo: tool defaults
7:24 Why should you avoid it?
9:20 How can you avoid it?
10:50 Demo: configuring common tools
10:54 ffuf
11:41 gobuster
12:48 Be careful with threads!!
14:06 sqlmap
16:11 burp suite
17:19 Conclusion
Srsly, I wasn't expecting that much by intigriti to make that much in depth video
Hope it was useful! 💜
This was very helpful video, thank you
Welcome! 🥰
Those rate limits are imposed by intrigiti or by the programs it self, because in others platforms i didnt see those rate limits rules ..
It's imposed by the programs, if they are happy for unlimited requests then it's no problem for us. It is rare to see no limits though, especially with small companies for the reasons mentioned in the video/blog. I (CryptoCat) was recently hacking on a program on another platform and at first I thought there was no limit because it didn't state "requests per second" or "throttling" or "rate limiting" etc anywhere. Eventually I realised they didn't permit use of automated tools, full stop! 😣
@@intigriti thanks for the answer..
🙌❤
👊💜
what if we send 100 using ip rotation
NO! 😂🙈