AdministratorJune 25, 2021 at 3:30 pm
I don’t think anyone can say that one approach is better than another, since it depends on too many factors including what your personal goals are. Like Hakluke mentioned in his podcast episode one of the bounty hunters making the most money on HackerOne right now is almost entirely relying on automated tools. Of course, they’ve built some of their own tooling and/or extensions for existing tools over the years, so even that requires a ton of work upfront and maintenance along the way.
If you’re mostly interested in learning and experience, then I think a combined approach is best. You don’t want to do everything manually in areas where automation can do a much better job, but you also don’t want to rely exclusively on tools since you’ll want the hands-on practice. They work hand-in-hand.