Bug bounty hunting involves testing large numbers of web resources, including directoriesand subdomains, yet hunters face a fundamental challenge: time is limited and report-ing a vulnerability before other researchers is critical to receiving a reward. This makesintelligent resource prioritization a decisive competitive advantage. Despite this, exist-ing tooling provides little guidance on where to focus manual effort, particularly whenautomated scanners report no findings.This thesis proposes a systematic framework for prioritizing web application resources(from an attacker’s point of view), including directories, domains, and subdomains. Theframework computes an Importance score (Imp Score) for every resource. The main pur-pose of this score is to assess the importance of the resource, which can guide the bugbounty hunter or the tester in general to know where to focus more on the manual in-vestigation. In addition, as a secondary purpose of this score, it can show the potentialof a weakness in a resource. The way that this score is calculated is by consideringthe functionalities of the resource. These functionalities are mapped to specific Com-mon Weakness Enumeration (CWE) [61] identifiers, and each CWE is assigned a severityweight derived from two complementary data sources: historical Common VulnerabilityExposure (CVE) [60] records from the National Vulnerability(NVD) [64] Database andreal-world bug bounty reports from HackerOne Platform [32]. The importance score iscomputed using both static and dynamic methodologies: the static approach applies reg-ular expression (regex) patterns matching against resource identifiers and page content,while the dynamic approach leverages large language models (LLMs) to reason aboutfunctionality in cases where regex coverage is insufficient.Alongside the importance score, the framework computes a Severity Score (Sev score)representing the exploitability and impact of any vulnerability detected within the re-source. The primary purpose of this score is to surface the resources that are mosthistorically associated with known vulnerabilities, along with their corresponding severityvalues. From a bug bounty hunter’s perspective, this translates directly into actionableintelligence resources carrying a high Sev score are those most likely to yield impactfulfindings, and any vulnerabilities discovered within them should be prioritised for reportingabove others. This is achieved through automated scanning using Nuclei [74], a widelyadopted vulnerability detection engine. The two scores are then combined into a unified1metric termed the Importance and Severity Score (ImpSev score).The primary purpose of the ImpSev Score is twofold: to indicate to the tester thata discovered vulnerability within a given resource may warrant escalation to a higherseverity rating, and to provide a systematic, matrix-driven framework for categorisingand prioritising resources during a security engagement.A decision matrix maps ImpSev score ranges to concrete recommended actions for thehunter. For instance, a resource exhibiting both high importance and high severity isimmediately escalated for manual investigation and reported directly. The prioritisationdecision is governed by an action matrix that considers the combination of the ImportanceScore and the Severity Score together. For instance, resources carrying a high ImportanceScore combined with a high Severity Score, or a low Importance Score combined with ahigh Severity Score, are placed at the top of the testing queue — as these resources arehistorically associated with known vulnerabilities and therefore represent the highest-valuetargets.Conversely, a resource with a high Importance Score but a zero or negligible Vulnera-bility Score carries no recorded vulnerability history yet remains functionally significant,and is therefore assigned to the next priority tier, warranting careful manual investigationafter the higher priority resources have been addressed.The thesis further introduces a novel approach to directory brute-forcing designedto complement the prioritization framework and support both authorized penetrationtesting and bug bounty hunting engagements. Traditional directory discovery relies onstatic wordlists that are generic and target-agnostic.The proposed approach replaces this with a dynamic, context-aware methodologydriven by LLMs and open source Common Crawling data (CC-Data) [15]. This ideais implemented practically as a tool that combines: passive crawling, active crawling,directory pattern matching with CC-data, and LLM-guided dynamic path generation.The result is a curated, target-specific list of discovered directories categorized into threetiers: passively discovered paths, actively probed paths, and LLM-extended candidatepaths, giving hunters a significantly more actionable and contextually relevant attacksurface than conventional wordlist-based tools produce.