There are mainly 2 cases here, if I do manual hacking or semi-automated. It really depends on my mood for that day. But to be more precise:

- Case 1 When I choose 1 target. Usually it is a private program which I've got invite recently. I do spend 1–4 hours on it, hacking. 1st hour is for poking around, reading docs, getting know the application. If I like the application, I spend the next 2–3 hours testing for common bugs like XSS and IDORs since those are pretty common. I do inspect areas where those bugs usually occur. If I really like the app, I spend more time on it and try to look for less common vulns like SSRF, XXE and etc. If the target has wider scope, then I start to use some AXIOM and google dorking on single target as well.

- Case 2 Hacking on most of the programs at the same time. I pick a lot of wildcard domains, do mass dorking on all of them. Also use axiom to gather domains, scan for ports, gather URLs, check vulnerabilities.