Aside from being skillful in your recon process, and spotting assets that are exploitable, most Pentesters, Bug-Hunters, and Ethical hackers, do not have a good structure on leveraging assets. This results in missing critical bugs, that may be discovered in an asset.

While getting bugs are based on your skills, what you know, and crafting an out of the box thoughts, here are additional Thirteen (13) tricks from Fixitgearware Security, you can add to your methodology when testing or hunting for bugs; that could make your process very easy and straight forward:


Thirteen Steps To Use for your Ethical Hacking. Image-source: Fixitgearware (Created with DALLE-3)



  1. Read the scope, and out-of-scope of the target picked (Here we are implying the domain or URL whatever you understand it to be 😉).
  2. Read the scope, and out-of-scope of the target (Here we are implying the unacceptable vulnerability e.g. CSP (content security policies), some organizations do not accept XSS as well, if it doesn’t lead to a critical finding etc. Read this, to narrow down your vision, and what you need to test for).
  3. Pick the target domain and conduct recon on the target using tools such as “Amass”, “Sublist3r”, “Subfinder”, “Spiderfoot.” etc. or any other tool you are cool with.
  4. Be Good with google dorking this is also important [Think Deeply there is something we are trying to communicate here].
  5. Found all the assets in the recon? pass them into a file, then filter the contents with the “out-of-scope” domain (We guess you understand grepping (grep-command), and cating (cat command not cat pet 😊 ) into a new file right)? , what is now filtered in the new file using the cat command, are assets you need to test.
  6. Next Probe these filtered assets (we are assuming you have filtered the out-of-scope domains as described in step 5), by passing all the domains to a tool (e.g. Httpx), that tests if these domains are alive, and the ones that are dead (e.g. 301 Moved permanently”) [Think Deeply, there is something we are trying to communicate here].
  7. Grep and filter the domains that are alive (“ok” or “200-ok”), in a text file [Think Deeply there is something we are trying to communicate here]
  8. Test the alive domains based on your skills, to see if there are critical or high severities bugs, you can discover (Honestly this part is based on your skills and what you know). [Think Deeply there is something we are trying to communicate here].
  9. Tested all the OK’s [200-ok]? And nothing found? Don’t worry, visit your file again this time grep the contents with 404’s (This is also based on your skills), to find something cool and juicy. [Think Deeply there is something we are trying to communicate here].
  10. Keep testing, you certainly will find something, to gain more insight into what to exploit. Spend time on your target (This is where critical thinking comes into play e.g. subscribing to their services, finding their official GitHub account, certificates etc. To see what turns up).
  11. Find bugs? Don’t wait until you find more, report immediately, to avoid duplicates due to your late submission of your findings, as rewards are based on first come, first serve.
  12. Still confident and having that tingle that there might be more bugs? Great!!, continue exploring the target.
  13. Keep reporting and keep applying more skills [Think Deeply there is something we are trying to communicate here].


It is important to note, that these steps are not a substitute for skills. Therefore, learn how to have critical thinking, and discover ways to break things, or in most cases using a reverse method, and of course [Think Deeply there is always something we are trying to communicate 😉 😉 😉]. 



Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments