The next set of tools that we will see is focused on target recognition. This is a single point to discuss when we are talking about bug bounty hunting, and maybe one of the most remarkable differences between regular security assessments and bug bounties.

When you perform penetration testing, one of the most important phases is recognition because in this phase the pentester will get all the information about the target company, hosts, services, domain names, and so on. In the case of bug bounty hunting, most of the time the scope is limited to a specific target, which could be an application, a group of servers, a single server, a web service, a mobile application, and so on. But in most cases, it is not necessary to put in the same effort as in a regular assessment. Even more so, the bug bounty establishes legal limits to assess out of the scope, so be careful when you are exploring a target.