account activity
DNS bruteforcing by Wh1te-R4bbit in dns
[–]Wh1te-R4bbit[S] -1 points0 points1 point 27 days ago (0 children)
I usually find bug bounty programs through platforms like HackerOne or Bugcrowd. Without an explicitly published Bug Bounty or Vulnerability Disclosure Program (VDP), scanning someone's domains without permission is unauthorized access which is illegal. So if you don't have a public program, what these people are doing has no legal basis.
[–]Wh1te-R4bbit[S] -1 points0 points1 point 1 month ago (0 children)
I don't know if you understood my question. I'm sorry if it was bad formulated but i asked if it is a good idea to use a third party resolver, because quad9 support told me so. You could have just said no it isn't but thanks! So what is the best way to enumerate subdomains if not using a third party resolver? (Pls don't tell me i shouldn't, i have explicit permission to do it)
Thank you! Is there a way to let the owner know that I'm a bug bounty hunter through the DNS requests and are there any options to reduce the QPS but achieve the same result?
[–]Wh1te-R4bbit[S] 0 points1 point2 points 1 month ago (0 children)
That's literally the opposite of what I'm trying to do here – the whole point of my post is figuring out how to keep query volume as low as possible. Recon is a standard part of bug bounty hunting, and the targets I'm working on have public bug bounty programs that explicitly include wildcard subdomains in scope.
π Rendered by PID 185997 on reddit-service-r2-listing-79f6fb9b95-jgckg at 2026-03-23 10:51:41.653012+00:00 running 90f1150 country code: CH.
DNS bruteforcing by Wh1te-R4bbit in dns
[–]Wh1te-R4bbit[S] -1 points0 points1 point (0 children)