Aggressive Scanning in Bug Bounty (and how to avoid it)

Опубликовано: 14 Май 2025
на канале: Intigriti

2,722

146

🧠 What is aggressive scanning / intrusive testing? How can you avoid it? Learn about the importance of adhering to program requirements and the rules of engagement in bug bounty. In this video, we'll configure and test some common web hacking tools to ensure the requests are rate-limited and stay within the maximum requests per second permitted by the program.

🔗 Check out our accompanying blog post: https://blog.intigriti.com/2024/03/18...
🔗 More on rate-limiting / throttling: https://kb.intigriti.com/en/articles/...
🔗 More on testing requirements: https://kb.intigriti.com/en/articles/...

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

Overview:
0:00 Intro
0:19 What is aggressive scanning?
1:00 5 examples from public programs
3:45 Demo: tool defaults
7:24 Why should you avoid it?
9:20 How can you avoid it?
10:50 Demo: configuring common tools
10:54 ffuf
11:41 gobuster
12:48 Be careful with threads!!
14:06 sqlmap
16:11 burp suite
17:19 Conclusion