Bug Bounty Reconnaissance

You're participating in a bug bounty program and need to efficiently map the target's attack surface.

Prerequisites: Bug bounty program scope, intermediate skills

Authorization Required: Only scan domains and IP addresses you own or have explicit written permission to test.

Step 1 of 50% complete

Step 1

Scope Analysis and Planning

15 minutes

# Set up bug bounty reconnaissance
PROGRAM="example-corp"
SCOPE_DOMAINS="*.example.com,api.example.com,mobile.example.com"
BB_DIR="bugbounty_${PROGRAM}_$(date +%Y%m%d_%H%M%S)"

mkdir -p "$BB_DIR"/{recon,analysis,targets,notes}
cd "$BB_DIR"

# Document scope
cat > notes/scope.md << EOF
# Bug Bounty Scope: $PROGRAM

## In Scope
$SCOPE_DOMAINS

## Out of Scope
- Third-party services
- Social engineering
- Physical attacks
- DoS attacks

## Program Rules
- Report duplicates are not rewarded
- Test accounts: test@example.com / password123
- Rate limiting: Max 10 requests/second
EOF

# Create target list
echo "$SCOPE_DOMAINS" | tr ',' '\n' | sed 's/\*\.//g' > recon/root_domains.txt