# ✍ Tips and Write-ups

* [https://kingcoolvikas.medium.com/how-i-was-able-to-see-sensitive-information-on-one-of-the-indias-best-school-website-5800b5ab834c](https://kingcoolvikas.medium.com/how-i-was-able-to-see-sensitive-information-on-one-of-the-indias-best-school-website-5800b5ab834c)
* [https://ajaksecurity.medium.com/how-to-become-a-successful-bug-bounty-hunter-in-2023-f3c1499959da](https://ajaksecurity.medium.com/how-to-become-a-successful-bug-bounty-hunter-in-2023-f3c1499959da)
* [https://bxmbn.medium.com/](https://bxmbn.medium.com/)
* [https://infosecwriteups.com/bug-bounty-hunting-methodology-tools-tips-tricks-blogs-books-6f84cda7ce34](https://infosecwriteups.com/bug-bounty-hunting-methodology-tools-tips-tricks-blogs-books-6f84cda7ce34)

### Subdomain Enumeration

The best terminal-based subdomain scanner tools to find subdomains

* AMASS
* SubBrute
* Knock
* DNSRecon
* Sublist3r
* AltDNS
* Axiom
* Haktrails
* Anubis
* Lepus
* subfinder

## Subdomain Enumeration Guide

* [https://sidxparab.gitbook.io/subdomain-enumeration-guide/passive-enumeration/passive-sources](https://sidxparab.gitbook.io/subdomain-enumeration-guide/passive-enumeration/passive-sources)

## Writeup About XSS Finding

* [https://infosecwriteups.com/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1](https://infosecwriteups.com/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1)

## Writeup about SQL Injection

* [https://medium.com/@a7madhacck/how-i-found-my-first-sql-injection-2-in-two-different-website-9c6c324b53c](https://medium.com/@a7madhacck/how-i-found-my-first-sql-injection-2-in-two-different-website-9c6c324b53c)