Maybe one of the most valuable tips I can give you all is: be organized— Heitor Gouvêa (@GouveaHeitor) 16 de maio de 2019
Due to the extreme amount of targets, techs, payloads and differents contexts, it is very easy to get lost and don't give enough attention to some of the most important details during your hunt#bugbountytip
A while time ago I did a Tweet about the importance of the effective organization on your annotations for Bug Bounty Hunting and I was asked about how I do it and through this article, I want to share my favorite tool.
Certainly, my favorite tool for information organization is Swiftness. I discovered it through my Github feed and as soon as I used it for the first time I found myself in love with all the ease and dynamics it delivers.
Swiftness is a cross-platform (Windows, Linux, and MacOS) annotation software for Pentesters/Bug Bounty Hunters made in ElectronJS.
The first feature that I want mention is the section of “Templates”, with the content templates for reports, you are reusing reports that you already write in another moment, example:
In addition, Swiftness has an excellent solution for you to save your Payloads in an organized way:
Through the Libraries you are able to pre-establish a workflow/checklist that you will follow during your hunting:
This for example is a Checklist based on OTGv5. You can download the same by clicking here. You can create your own Libraries.
Switness is an incredible tool, but it by itself is still not enough. I still use a structured folder organization for the files, Quiver for more essay notes, the option for projects in the Burp Suite, and I also try to make my API-related tests in Insomnia well organized. Maybe someday I can write a little more about this in more detail.
Heitor Gouvêa: with more than 3 years of experience in the field of information security offensive, today he acts Independent Information Security Consultant, as well as being the main developer of the Nipe project, a tool responsible for guaranteeing the anonymity of its users, present in several Linux distributions like: Black Arch, Weak Net and LionSec Linux.