Question

Before you get started looking for vulnerabilities in the next chapter, a quick word of advice: organizational skills are critical if you want to succeed in bug bounties. When you work on targets with large scopes or hack multiple targets at the same time, the information you gather from the targets could balloon and become hard to manage.

在你开始寻找下一章的漏洞之前，快速给你一个建议：组织能力对于成功参与漏洞赏金计划至关重要。当你在大型目标上工作或同时攻击多个目标时，你从目标中收集到的信息可能会爆炸式增长并变得难以管理。

Often, you won’t be able to find bugs right away. Instead, you’ll spot a lot of weird behaviors and misconfigurations that aren’t exploitable at the moment but that you could combine with other behavior in an attack later on. You’ll need to take good notes about any new features, misconfigurations, minor bugs, and suspicious endpoints that you find so you can quickly go back and use them.

通常，您可能无法立即发现漏洞。相反，您会发现许多奇怪的行为和错误配置，它们目前无法被利用，但您以后可能会将其与其他行为结合在一起进行攻击。您需要用心记录任何新功能、错误配置、小错误和可疑的终端节点，以便您可以快速回来使用它们。

Notes also help you plan attacks. You can keep track of your hacking progress, the features you’ve tested, and those you still have to check. This prevents you from wasting time by testing the same features over and over again.

笔记也可以帮助你规划攻击。你可以追踪你的黑客进度，你已经测试过的功能以及你还需要检查的功能。这可以防止你反复测试同样的功能而浪费时间。

Another good use of notes is to jot down information about the vulnerabilities you learn about. Record details about each vulnerability, such as its theoretical concept, potential impact, exploitation steps, and sample proof-of-concept code. Over time, this will strengthen your technical skills and build up a technique repository that you can revisit if needed.

笔记的另一个好用处是记录你学到的漏洞信息。要记录每个漏洞的细节，如理论概念、潜在影响、攻击步骤和样本概念证明代码等。随着时间的推移，这将加强你的技术能力和建立一个技术库，如果需要时可以重新查看。

Since these notes tend to balloon in volume and become very disorganized, it’s good to keep them organized from the get-go. I like to take notes in plaintext files by using Sublime Text ( https://www.sublimetext.com/ ) and organize them by sorting them into directories, with subdirectories for each target and topic.

由于这些笔记往往数量庞大且杂乱无章，从一开始就保持有组织是很好的。我喜欢使用 Sublime Text（https://www.sublimetext.com/）在纯文本文件中记录笔记，并通过将它们分类到目录中组织它们，为每个目标和主题创建子目录。

For example, you can create a folder for each target you’re working on, like Facebook, Google, or Verizon. Then, within each of these folders, create files to document interesting endpoints, new and hidden features, reconnaissance results, draft reports, and POCs.

例如，您可以为每个目标创建一个文件夹，比如 Facebook、Google 或 Verizon。然后，在每个文件夹中，创建文件以记录有趣的终端、新的和隐藏的特性、侦察结果、草稿报告和 POCs。

Find a note-taking and organizational strategy that works for you. For example, if you are like me and prefer to store notes in plaintext, you can search around for an integrated development environment (IDE) or text editor that you feel the most comfortable in. Some prefer to take notes using the Markdown format. In this case, Obsidian ( https://obsidian.md/ ) is an excellent tool that displays your notes in an organized way. If you like to use mind maps to organize your ideas, you can try the mind-mapping tool XMind ( https://www.xmind.net/ ).

寻找适合自己的笔记和组织策略。例如，如果你像我一样喜欢将笔记存储为纯文本，可以寻找一个你感觉最舒适的集成开发环境（IDE）或文本编辑器。有些人喜欢使用 Markdown 格式记录笔记。在这种情况下，Obsidian 是一个出色的工具，可以有序地显示笔记（https://obsidian.md/）。如果你喜欢使用思维导图来组织你的思路，可以试试思维导图工具 XMind（https://www.xmind.net/）。

Keep your bug bounty notes in a centralized place, such as an external hard drive or cloud storage service like Google Drive or Dropbox, and don’t forget to back up your notes regularly!

将您的漏洞赏金笔记保存在集中的地方，比如外部硬盘或像 Google Drive 或 Dropbox 这样的云存储服务中，并不要忘记定期进行备份！

In summary, here are a few tips to help you take good notes:

以下是几个帮助您记好笔记的小贴士：

• Take notes about any weird behaviors, new features, misconfigurations, minor bugs, and suspicious endpoints to keep track of potential vulnerabilities.
• Take notes to keep track of your hacking progress, the features you’ve tested, and those you still have to check.
• Take notes while you learn: jot down information about each vulnerability you learn about, like its theoretical concept, potential impact, exploitation steps, and sample POC code.
• Keep your notes organized from the get-go, so you can find them when you need to!
• Find a note-taking and organizational process that works for you. You can try out note-taking tools like Sublime Text, Obsidian, and XMind to find a tool that you prefer.