This is a structured playbook for reconnaissance and vulnerability discovery, covering the full chain from subdomain enumeration through endpoint discovery to actual bug hunting. It walks you through passive and active recon with tools like subfinder, ffuf, and nuclei, then shifts into the mindset piece: how to actually find bugs others miss by going deep instead of wide, testing where filters exist, and understanding what each parameter type implies about server-side behavior. The Zseano methodology section is the strongest part, it's less about running tools and more about developing intuition for where vulnerabilities hide. Use this when you're starting work on a new bug bounty target or need to systematize your recon process instead of just throwing automated scanners at everything.
npx skills add https://github.com/yaklang/hack-skills --skill recon-and-methodology