Home

Posts

How to use “Caido Workflows” to scan for anything

How to build Caido passive workflows to scan all HTTP requests & responses… In this tutorial, I will guide you through the steps to build your custom Caido Workflows, which can help you identify bugs based on your methodology… You can scan for patterns like API keys or tokens, or take it to the next level by integrating it with “Match & Replace” rules to inject payloads and match for high-impact bugs, such as OS command injection. ...

July 26, 2025 · 3 min · 494 words · The7th

I Built a Bug Bounty Framework in Over 2 Years

It took over two years to build my bug bounty automation framework (The Blue Whale), so I like to share the story of the building process and some details about the project architecture… Talking about bug bounty automation … basically, you want to automate the tasks that will be repeated over and over, which will cost you effort and time each round. The second and most important reason is “scalability”, the power of being able to scale a scan of a single bug on all of the bug bounty programs. ...

June 25, 2025 · 4 min · 711 words · The7th

How to setup a Monthly Free VPS for Bug Hunting

As a bug hunter, you may need a powerful VPS to run your tools, and as a beginner, you should achieve this goal at the lowest cost. What is a VPS? VPS or (Virtual Private Server): is a machine on the cloud that you can use to run your CLI tools and commands remotely. What is GitHub CodeSpace? Based on GitHub definition: GitHub Codespaces is an instant, cloud-based development environment that uses a container to provide you with common languages, tools, and utilities for development. ...

May 7, 2025 · 2 min · 328 words · The7th

How to hunt for (P1, P2) Blind XSS

Hunting for Blind XSS can be tricky because you should have a server that runs 24/7 and is ready to receive any payload fired on the admin’s screen. So, after a lot of research and testing, I will provide the best option you can use without paying for subscriptions. Steps Create a new account at: https://xss.report/register After that, you will need to activate the Telegram bot to receive an alert when your payload fires. ...

May 1, 2025 · 2 min · 241 words · The7th

How to set up your ultimate bug hunting server

Intro Having your own hacking server is one of the most important investments that you can make in your bug bounty journey. You can use your server to achieve the following: Hunting bugs that require OOB (Out-Of-Band) interaction like SSRF Exploiting bugs like CORS misconfiguration that requires custom subdomains Host your exploit files like CSRF POCs, and more. Can you use any public OOB server? Yes, you can but it comes with its problems and limitations, and the biggest problem is that some firewalls and security systems will block the outgoing traffic to these public OOB servers, making you miss some important bugs. In this post, I will help set up “Interactsh Server” to use in your pentest or bug bounty hunting operations. ...

February 27, 2025 · 4 min · 707 words · The7th