Building Your Hacking Machine

As we covered in the video, you don't need thousands of tools to be a successful bug bounty hunter, just a handful of powerful ones that work well together.

This guide provides the exact commands to install and configure that core toolkit.

Your Core Toolkit

Before we install anything, it's important to understand the main categories of tools you'll be using.

Your bug bounty arsenal is primarily made up of a Web Proxy, which gives you x-ray vision into how an application communicates by letting you see and change requests. The industry standard we'll use in this course is https://caido.io, with https://portswigger.net/burp as a popular alternative.

You'll also have a set of Reconnaissance Tools. These are your scouts - like subfinder and httpx, that map out a target's entire attack surface and showcases what is actually publicly facing.

Finally, you'll have Fuzzing (Bruteforce) Tools like ffuf, your digital lockpicks for discovering hidden pages and directories.

Your Step-by-Step Installation Guide

This is a one-time setup that will get your machine ready for the rest of the course.

Step 1: Install the Go Programming Language

Most modern security tools are written in Go, so installing it is our first and most important step.

For Linux (Ubuntu/Debian):

echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.bashrc && source ~/.bashrc

For macOS (using Homebrew):

echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.zshrc && source ~/.zshrc

Step 2: Configure Your Terminal's PATH

This is a simple command that tells your terminal where to find the Go-based tools we're about to install.

For Linux or macOS (using Bash terminal):
echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.bashrc && source ~/.bashrc
For modern macOS (using Zsh terminal, the default):
echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.zshrc && source ~/.zshrc

Step 3: Install Your Core Command-Line Tools

Now that Go is ready, you can install your main hacking tools.

Subdomain Discovery: subfinder

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

HTTP Probing: httpx

go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

Vulnerability Scanning: nuclei

go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

Web Fuzzing: ffuf

go install -v github.com/projectdiscovery/ffuf/v2/cmd/ffuf@latest

Historical URL Discovery: gau

This tool pulls URLs from multiple sources (Wayback Machine, Common Crawl, etc.) to find old endpoints that may still be vulnerable.

go install -v github.com/lc/gau/v2/cmd/gau@latest

Step 4: Verify Your Installation

After the installations complete, it's a good habit to verify that everything works. Run these commands; you should see a version number or help menu for each tool.

Bash

subfinder -version
httpx -version
nuclei -version
ffuf -h
gau -version

Step 5: Download Your First Wordlist

Fuzzing tools are only as good as the wordlists you feed them. To start, download this proven wordlist for discovering hidden directories and files:

mkdir -p ~/wordlists && curl -o ~/wordlists/directory-medium.txt https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/directory-list-2.3-medium.txt

This single wordlist will cover most of your fuzzing needs as you start out. You can explore more wordlists from https://github.com/danielmiessler/SecLists as you progress.

Step 6: Install Your Web Proxy

For this course, we will use Caido as our Web Proxy.

Caido:

- Download it from: https://caido.io

- Run the installer for your operating system.

We'll cover Caido in depth in the Web Proxies chapter.

Alternative: Burp Suite

Burp Suite is another popular option in the industry. If you prefer it, download the free Community Edition from https://portswigger.net/burp/communitydownload.

Step 7: Install Useful Browser Extensions

These extensions give you passive reconnaissance while you browse:

- Wappalyzer – Identifies technologies used on websites (frameworks, CMS, servers)

- FoxyProxy – Easily toggle your traffic through Caido or Burp

Install both from your browser's extension store.

Your Arsenal Is Ready

Congratulations. You now have the professional toolkit of a modern bug bounty hunter:

- Recon: subfinder, httpx, gau

- Scanning: nuclei

- Fuzzing: ffuf + SecLists wordlists

- Proxy: Burp Suite and Caido

- Browser: Wappalyzer, FoxyProxy

Your lab is officially set up and ready for action.

In the next chapter, we'll discuss the role of "AI & Bug Bounties" and how new technology is changing the game.

Fun Quiz

Why do we install the Go programming language first?

It is required to run Caido and Burp Suite Web Proxies

Most modern security tools are written in Go

It makes your terminal faster

It's needed for browser extensions

What is the purpose of a web proxy like Caido and Burp Suite?

To speed up your internet connection

To scan for subdomains automatically

To intercept and modify HTTP requests between your browser and the server

To write exploit code