Uncle Rat's Ultimate Broad Scope And API Hacking guide

Name: Uncle Rat's Ultimate Broad Scope And API Hacking guide
Rating: 3.9 (18 reviews)

Broad Scope Bug Bounties, Digested Into An Easy Format For You

Created byWesley Thijs

Last updated 3/2025

English

What you'll learn

Students who already tried bug bounties on main app hacking
Students who want to dive into broad scope hacking
Students who want to learn how to automate their Hacking workflow
Students who want to learn new tools to be more effective hackers

Course content

20 sections • 56 lectures • 6h 9m total length

[002-B.1a] Who am i - Introduction4:53
Meet Wesley Tate, ethical hacker and DevOps engineer, as he introduces broad scope bug bounties, API hacking, and automation with custom labs to practice exploring attack surfaces.

[002-B.2a] Subdomain enumeration - Manual recon14:30
Master manual recon and when to deploy automation for bug bounty hunting, using subdomain enumeration, Google and GitHub dorking, and Wayback Machine exploration.
[002-B.2a] Subdomain enumeration - Automated recon16:08
Automate subdomain enumeration with tools like mass and DNS recon, brute-forcing DNS, and permutation techniques to build a comprehensive subdomain list for targeted assets.
Subdomain Enumeration & Recon Mastery

[002-B.2e] OSINT - General presentation11:08
Explore open source intelligence (osint) by gathering publicly available data from websites, social media, search engines, and databases, using passive and active methods to map targets before scanning.
[002-B.2e] OSINT - DORKING6:32
Explore OSINT techniques with Google dorks to discover subdomains and directories, using search operators like site:, minus, plus, in url, and index of to reveal hidden pages.

[002-B.2h] Content discovery - what the fuzz5:10
Learn how to perform content discovery with recursive and non-recursive scanning, identify images, scripts, and documents, optimize word lists, and apply fuzzing and vhost techniques using BurpSuite.
[002-B.2h] Content discovery - Burp suite content discovery is goated3:13
Explore Burp Suite content discovery as a multi-level tool that finds files, directories, backups, and databases from a start directory. Tune recursion depth and extensions to control speed and load.
[002-B.2h] Content discovery - ZAP the bugs ... but find em first with ZAP7:08
Explore content discovery with ZAP and Burp Suite by using Ajax spider and traditional spider to crawl endpoints, discover parameters, and set up context-based authentication for automated scans.

Requirements

Basic Level Python Experience
Basic Level Hacking Experience

Description

Introduction

Since we have made part 1 of our bug bounty guide a bit more basic and still 266 lessons, we have split up this course in multiple sections. You will find section 1 has been published on 25/01 but we want to bring out the new version as soon as possible. We will be re-using what we can but there is a lot of new inspiration here. The syllabus will be documented here as “SECTION - CHAPTER” and each section must meet our quality standards. This means quiz, PPT, article and video, if possible we add labs.

What to gain from this

Bug bounties are very popular, I see a lot of students who will benefit from our first part where it’s more aimed at main app hacking but in this section we want to cater to the students who have already got a bit of experience but want to see how they can up their game with broad scope hacking or API hacking. A full API hacking is not in place here but we will introduce the students to API hacking and bring them what they need to at the very least not be scared of API documentation anymore.

Course description

Elevate your bug bounty skills with our advanced course designed for seasoned hunters ready to broaden their scope. In this course, you'll transition from traditional app hacking to a multifaceted approach that includes broad scope and API hacking. We’ve meticulously crafted each section to include quizzes, presentations, articles, videos, and hands-on labs, ensuring a well-rounded learning experience.

Intended learning outcomes

Broad scope bug bounties
Bug bounty automation
Bug bounty API hacking
Expansive tool set for hacking

Broad Scope Bug Bounties: Expand your reach beyond conventional targets. Master subdomain enumeration, OSINT techniques, content discovery, and vulnerability scanning to uncover hidden opportunities.
Automation Mastery: Streamline your workflow with automation. Develop scripts and leverage AI to automate subdomain discovery, vulnerability scanning, and data chaining, boosting efficiency and accuracy.
API Hacking Essentials: Demystify APIs with practical guidance on tools such as Postman, Curl, Wget, Burp Suite, and ZAP. Understand the OWASP API Top 10 and gain the confidence to navigate API documentation without fear.
Advanced Tools & Techniques: Broaden your hacking arsenal with expansive tool sets, multi-threaded approaches, and error handling strategies to stay ahead in the ever-evolving landscape of cybersecurity.

Who this course is for:

Bug Bounty Hunters Who Are Ready To Automate Their Workflow
Bug Bounty Hunters Who Want To Hunt Broad Scope

Uncle Rat's Ultimate Broad Scope And API Hacking guide

What you'll learn

Explore related topics

Course content

[002-B.1a] Who am i1 lecture • 5min

[002-B.1b] What is this course?1 lecture • 3min

[002-B.1c] From basics to broad scope1 lecture • 7min

[002-B.2a] Subdomain enumeration2 lectures • 31min

[002-B.2b] Seeing what is live1 lecture • 4min

[002-B.2c] Scanning for vulnerabilities1 lecture • 11min

[002-B.2d] Portscanning to find more1 lecture • 6min

[002-B.2e] OSINT + DORKING2 lectures • 18min

[002-B.2g] Waybackmachine1 lecture • 6min

[002-B.2h] Content discovery3 lectures • 16min

Requirements

Description

Who this course is for: