This post is a follow-up to the post I made here.

https://www.reddit.com/r/bugbounty/comments/1f7hgq7/i_think_i_messed_up_real_bad_and_would_like_to/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

I have received a lot of responses letting me know not to worry too much about it. I thank them for their responses as it gives me a clear idea on how I see my situation. I thought I did something I wasn't supposed to do but yea maybe it's not as bad as I thought.

But now I've been thinking and I want to hear from you guys. In what specific scenario would you need to contact the company to seek their authorization before you run specific tests to discover system vulnerabilities? I thought if you were gonna conduct a pentest attack on a vulnerability, then you would need to seek their authorization before carrying it out. That makes sense to me.

I freaked out about active scans as I did use them. Active scans sends probes to the target machine to collect information. And since it's an automated scan, it would explore other areas to detect vulnerabilities and infrastructure weaknesses. Due to its probing nature, I thought doing something like this would disrupt their systems and what not. But if the responses I'm getting from my previous thread are telling me it's fine, then it led me to wonder about it.

So are there any information gathering or vulnerability assessments where you need authorization first before you scan it? Can you share some examples so I have a better idea of what to look out for?