Bug Bounty
A bug bounty program is a deal offered by organizations and software developers by which individuals can receive recognition and compensation for reporting security vulnerabilities. These programs have become a critical component of modern security strategies, with platforms like HackerOne, Bugcrowd, and Intigriti connecting thousands of researchers with companies that want their products tested.
Bug bounty hunting requires a broad skill set — from reconnaissance and attack surface mapping to deep technical knowledge of specific vulnerability classes. Successful hunters understand not just how to find bugs, but how to demonstrate impact, write clear reports, and communicate effectively with security teams. The difference between a duplicate and a high-severity payout often comes down to the depth of investigation and quality of the proof of concept.
The bug bounty ecosystem has matured significantly. Programs range from public programs open to anyone to private, invite-only programs for experienced researchers. Payouts vary from a few hundred dollars for low-severity issues to six-figure rewards for critical vulnerabilities in high-value targets. Many researchers treat bug bounty as a full-time career, while others use it to sharpen their skills alongside traditional security roles.
Key topics include choosing targets, managing scope, avoiding duplicates, writing effective reports, and understanding triage processes across different platforms.
This page collects bug bounty resources, methodologies, success stories, and guides for both beginners and experienced hunters.
From Wikipedia
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-04-29 NEW 2026 | Bug bounty isnt dead but the old model is breaking beginner | Analysis of the bug bounty model's evolution, discussing the impact of AI on report generation and validation costs, leading to programs like IBB pausing submissions and curl removing payouts. It highlights the shift from incentivized disclosure to expected disclosure, with a potential focus on more targeted rewards and better security outcomes rather than sheer report volume. → aikido.dev |
| 2026-04-24 NEW 2026 | GPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and Performance news AI | OpenAI has launched a bug bounty program for its GPT-5.5 Bio model, seeking to enhance AI safety and performance. The program encourages researchers to identify and report vulnerabilities. Details about specific payout amounts are not provided in the content. The initiative aims to proactively address potential issues before widespread deployment. → gbhackers.com |
| 2026-04-24 NEW 2026 | Claude Mythos discovered 271 vulnerabilities in Firefox news Fuzzing | Claude Mythos identified a significant number of vulnerabilities in the Firefox browser, totaling 271. This extensive discovery highlights potential security weaknesses within the popular web browser. → secnews.gr |
| 2026-04-23 NEW 2026 | AI Sparks Bug-Bounty Surge in Crypto but Low-Quality Reports Grow news | Analysis of AI's impact on crypto bug bounties reveals a 900% submission surge, leading to increased noise and false positives. Tools like curl's creator Daniel Stenberg have ceased programs due to AI-generated "slop." HackerOne reported an 7% rise in valid submissions in 2025. Cosmos Labs and Komodo Platform are adapting by tightening scoring, prioritizing trusted researchers, and exploring defensive AI for triage to manage the influx of low-quality reports and maintain program sustainability. |
| 2026-04-22 2026 | Whos Really to Blame When a White Hat Goes Gray? news | Writeup exploring the ethical considerations of vulnerability disclosure programs, questioning who bears responsibility when a researcher, frustrated by a company's slow or dismissive process, publicly releases exploit code. It argues that while releasing exploit code prematurely is unethical due to potential harm to users, companies also have a duty of care to foster credible, fair, and respectful disclosure processes to encourage responsible disclosure and prevent vulnerabilities from being weaponized. |
| 2026-04-22 2026 | Nextcloud ends bug bounty program due to too many low-quality reports news | News about Nextcloud ending its bug bounty program due to an influx of low-quality, AI-generated vulnerability reports. Financial rewards are discontinued for all submissions, even critical ones, impacting the HackerOne platform. Valid reports will still be accepted but will not receive compensation. → techzine.eu |
| 2026-04-22 2026 | The Unofficial HackerOne Disclosure Timeline news | The Unofficial HackerOne Disclosure Timeline |
| 2026-04-22 2026 | Publicly Disclosed HackerOne Bug Bounty Findings news | Publicly Disclosed HackerOne Bug Bounty Findings |
| 2026-04-22 2026 | GraphQL - PortSwigger Lab Writeup intermediate | Writeup detailing GraphQL vulnerabilities and exploitation techniques. It covers bypassing introspection query regex validation, brute-forcing logins using aliases to circumvent rate limiting, and performing CSRF by converting requests to `x-www-form-urlencoded`. The entry also demonstrates how to find hidden GraphQL endpoints using directory fuzzing with Gobuster. |
| 2026-04-22 2026 | BugBoard: Searchable Bug Bounty Writeups news | BugBoard: Searchable Bug Bounty Writeups |
| 2026-04-22 2026 | AI Vulnerability Deep Dive: Prompt Injection (Bugcrowd) intermediate | AI Vulnerability Deep Dive: Prompt Injection (Bugcrowd) → bugcrowd.com |
| 2026-04-22 2026 | A Guide to the Hidden Threat of Prompt Injection (Bugcrowd) beginner | A Guide to the Hidden Threat of Prompt Injection (Bugcrowd) → bugcrowd.com |
| 2026-04-22 2026 | Writeups for Hack The Box Bug Bounty CTF 2025 news | Writeups for Hack The Box Bug Bounty CTF 2025 |
| 2026-04-22 2026 | Bug-Bounty-Methodology: JWT and Other Vulnerability Classes intermediate | Bug-Bounty-Methodology: JWT and Other Vulnerability Classes |
| 2026-04-22 2026 | Bug Bounty Writeups: Available Programs and Writeups news | Writeups collection featuring bug bounty programs and detailed writeups on various vulnerabilities, including XSS, CSRF, LFI, SQL injection, IDOR, 2FA bypass, SSRF, RCE, XXE, insecure deserialization, business logic flaws, SSTI, directory traversal, WebSockets attacks, cache poisoning, and information disclosure. It also lists specific techniques and bypasses for WAFs and SQL injection. |
| 2026-04-22 2026 | Awesome Google VRP Writeups news | Writeups from the Google VRP Bug Bounty program offer detailed insights into real-world vulnerabilities and exploitation techniques. These entries cover a spectrum of security issues, including remote command execution in Google Cloud products, IDOR vulnerabilities, privilege escalation chains, cross-site scripting (XSS) in various Google services like IDX and Gmail, and client-side RCE in Google Web Designer. Specific CVEs like CVE-2025-12080 and CVE-2025-4613 are mentioned, alongside vulnerabilities in Gemini, Looker, and Apigee. |
| 2026-04-22 2026 | AI Sparks Bug-Bounty Surge in Crypto but Low-Quality Reports Grow news | Analysis of AI's impact on bug bounty programs reveals a 900% submission volume increase, leading to noise and false positives for protocols like Cosmos Labs and Komodo Platform. This trend, observed with tools like curl and platforms like HackerOne, necessitates more stringent triage and verification workflows, with potential solutions including defensive AI for filtering reports and prioritizing trusted researchers. The challenge lies in balancing AI-driven discovery with manageable review workloads. |
| 2026-04-20 2026 | Meta and PortSwigger drive offensive security further to find what others miss news | Library. This partnership between Meta Bug Bounty and PortSwigger integrates Meta’s bug bounty program with Burp Suite Professional, aiming to enhance vulnerability discovery and researcher skills. Selected HackerPlus Silver league researchers receive Burp Suite Professional licenses to leverage its technical capabilities alongside Meta's collaborative program, fostering improved tooling and education for the security community. → helpnetsecurity.com |
| 2026-04-20 2026 | Dark web forum hosts $10000 article contest on vulnerability exploitation news | Writeup of a $10,000 vulnerability exploitation contest hosted by the dark web forum TierOne. The contest, running from April 13 to May 14, 2026, incentivizes original research on remote code execution (RCE), command injection, IDOR, SSTI, router/camera firmware exploitation, privilege escalation, and zero-days in browser components. Submissions can also focus on exploiting Cisco or Oracle products, AI-assisted discovery, and bypassing AV/EDR systems. → scworld.com |
| 2026-04-19 2026 | Bug-bounty Writeups Repository — fardeen-ahmed intermediate | Bug-bounty Writeups Repository — fardeen-ahmed |
| 2026-04-19 2026 | Top Bugs That Actually Paid Bounties in 2025 beginner | Top Bugs That Actually Paid Bounties in 2025 |
| 2026-04-16 2026 | PayloadsAllTheThings: Server Side Request Forgery beginner SSRF | Reference detailing Server Side Request Forgery (SSRF) vulnerabilities, including methodologies for bypassing filters, exploiting localhost access via IPv6 notation, domain redirects, CIDR, rare addresses, encoded IPs, URL parsing discrepancies, PHP filter_var(), and the JAR scheme. It covers exploitation via URL schemes, blind exploitation, and upgrading to XSS, referencing tools like swisskyrepo/SSRFmap, tarunkant/Gopherus, In3tinct/See-SURF, teknogeek/SSRF-Sheriff, assetnote/surf, dwisiswant0/ipfuscator, and Horlad/r3dir. The entry also explores accessing cloud metadata, leaking files, network discovery, and sending packets to services for RCE. |
| 2026-04-16 2026 | BugHunterMethodology: A Comprehensive Bug Bounty Methodology beginner | Methodology offering a structured bug bounty approach, including web app reconnaissance, a comprehensive workflow for identifying, analyzing, and exploiting vulnerabilities, detailed checklists, common payloads, and bypass techniques. It also features tricks and advanced methods to enhance bug hunting efficiency and effectiveness. |
| 2026-04-16 2026 | PortSwigger's Top 10 Web Hacking Techniques of 2025 beginner | Reference listing the top 10 web hacking techniques of 2025, curated by an expert panel from community nominations. Techniques include Parser Differentials, Playing with HTTP/2 CONNECT, XSS-Leak, Next.js cache poisoning, Cross-Site ETag Length Leak, SOAPwn (RCE via HttpWebClientProtocol flaw), Unicode normalization attacks like "Lost in Translation," blind SSRF visibility techniques, ORM leaks, and "Successful Errors" for blind server-side template injection. The analysis highlights trends in side-channel attacks and new exploitation primitives. → portswigger.net |
| 2026-04-16 2026 | Automating Bug Bounties with Nuclei intermediate | Automating Bug Bounties with Nuclei |
| 2026-04-16 2026 | Advanced Techniques & Use Cases of Nuclei for Bug Bounty advanced | Advanced Techniques & Use Cases of Nuclei for Bug Bounty → osintteam.blog |
| 2026-04-16 2026 | Crafting Your Bug Bounty Methodology: A Complete Guide beginner | Guide for beginner bug bounty hunters detailing how to craft a personalized methodology. It emphasizes mastering fundamentals like HTTP and OWASP Top 10, identifying personal strengths (e.g., front-end development for XSS, database knowledge for SQLi), and continuous practice. The guide suggests focusing on specific vulnerability classes or target types, leveraging tools like proxies, and developing reusable checklists or scripts to improve efficiency and find unique vulnerabilities. → intigriti.com |
| 2026-04-16 2026 | Top Vulnerabilities for Pentest & Bug Bounty in 2025 beginner | Library of advanced web security techniques for bug bounty hunters in 2025, focusing on vulnerabilities beyond basic payloads. It details methodologies for Cross-Site Scripting (XSS), including blind XSS and cross-domain implications, and Server-Side Request Forgery (SSRF), emphasizing in-depth analysis of application functionality and local environment replication, advising against tools like Burp Collaborator for testing. The resource also covers Path Traversal, stressing URL encoding mastery and API call testing, and Web Cache Deception, highlighting the identification of sensitive data endpoints, testing file extensions, and analyzing caching headers for exploitation opportunities. |
| 2026-04-14 2026 | UIDAI launches bug bounty program to secure Aadhaar ecosystem news | Program launched by the Unique Identification Authority of India (UIDAI) to secure its Aadhaar ecosystem. This bug bounty initiative engages 20 security researchers to identify vulnerabilities in platforms like the official website and myAadhaar portal, classifying them into Critical, High, Medium, and Low tiers with tiered rewards. UIDAI collaborates with ComOlho IT Private Limited for program management and vulnerability handling, mirroring practices of global tech firms and complementing existing government cybersecurity efforts. → scworld.com |
| 2026-04-11 2026 | UIDAI Bug Bounty Program to Boost Aadhaar Cybersecurity news | Library and framework for enhancing the cybersecurity of India's Aadhaar ecosystem through a structured bug bounty program. This initiative enlists independent cybersecurity professionals and ethical hackers to identify vulnerabilities across critical digital platforms like the official UIDAI website, myAadhaar portal, and the Secure QR Code application. Managed in collaboration with ComOlho IT Private Limited, the program categorizes reported flaws into Critical, High, Medium, and Low risk tiers, offering rewards based on severity, and aligns with broader Indian government bug bounty efforts by CERT-In and NCIIPC. → thecyberexpress.com |
| 2026-04-10 2026 | Intigriti: Exploiting JWT vulnerabilities — advanced exploitation guide advanced API Sec JWT | Guide detailing advanced exploitation techniques for JSON Web Tokens (JWTs), covering vulnerabilities arising from misconfigurations and improper input validation. It explains how flaws in handling the 'none' algorithm, missing signature validation, algorithm confusion attacks, and JWK spoofing (including CVE-2018-0114) can lead to authentication bypasses and injection attacks, emphasizing the importance of secure implementation practices. → intigriti.com |
| 2026-04-10 2026 | Writeups - Pentester Land intermediate | Writeups - Pentester Land |
| 2026-04-10 2026 | The Unfiltered 2025 Guide to Web Pentesting & Bug Bounties beginner | The Unfiltered 2025 Guide to Web Pentesting & Bug Bounties |
| 2026-04-10 2026 | Recon to Master: Complete Bug Bounty Checklist beginner Recon | Recon to Master: Complete Bug Bounty Checklist |
| 2026-04-10 2026 | Awesome Bug Bounty Tools - GitHub beginner Recon XXE | Library of curated bug bounty tools for identifying vulnerabilities such as Command Injection, CORS Misconfiguration, Directory Traversal, Insecure Deserialization, and SQL Injection. This repository includes numerous subdomain enumeration utilities like Sublist3r, Amass, and Findomain, alongside port scanners like masscan and RustScan, and web screenshotting tools like EyeWitness and gowitness. It also features technology identification tools such as Wappalyzer and whatweb, and content discovery tools like gobuster and feroxbuster. |
| 2026-04-10 2026 | Bug Bounty Hunter Software in 2026: What Belongs in Your Stack beginner | Library for composing a bug bounty hunting software stack in 2026, emphasizing the need for tools that manage traffic, map assets, generate coverage, validate signals, and create evidence. It highlights that modern bug bounties require a layered approach rather than a single solution, with specific mentions of Burp Suite for traffic control, ProjectDiscovery tools for recon, OWASP Amass for asset mapping, and Nuclei for template-based coverage, acknowledging shifts towards AI vulnerabilities and broken access control. → penligent.ai |
| 2026-04-10 2026 | How I'd Start Bug Bounty Hunting in 2026: A 90-Day Plan beginner | How I'd Start Bug Bounty Hunting in 2026: A 90-Day Plan |
| 2026-04-10 2026 | Backend Mastery: The Real Bug Bounty Superpower (2026) beginner | Backend Mastery: The Real Bug Bounty Superpower (2026) |
| 2026-04-10 2026 | Fix Your Bug Bounty Strategy: The 2026 Blueprint beginner | Library for strategic bug bounty hunting, this resource details a 2026 blueprint to overcome common pitfalls like "spray and pray" tactics and tool overload. It emphasizes a surgeon-like mindset focusing on depth over breadth, automating intelligence gathering, and understanding application logic through the "Asset DNA" model. The framework's three pillars include hyper-targeted recon focusing on functionality and change detection, mastering a specific attack vector, and using automation to build intelligent workflows rather than just discovery. It suggests techniques for identifying vulnerable areas by reverse-engineering business logic and prioritizing new code for testing. |
| 2026-04-10 2026 | How I Started a Bug-Bounty Career in 2026 beginner | How I Started a Bug-Bounty Career in 2026 |
| 2026-04-10 2026 | Bug Bounty Hunting Methodology 2025 - Amr Elsagaei beginner | Methodology for bug bounty hunting, detailing foundational steps in reconnaissance, enumeration, and testing. This guide assists cybersecurity enthusiasts in uncovering subdomains, analyzing JavaScript files, and identifying high-impact vulnerabilities. The approach serves as a starting point and blueprint for navigating targets, with ample room for skill growth. |
| 2026-04-10 2026 | Bug Bounty Hunting in 2026 - DEV Community beginner | Guide to bug bounty hunting detailing prerequisites, environment setup, learning paths, and platforms. It covers common vulnerability types like XSS and SQL Injection, recommends tools such as subfinder, httpx, nuclei, and ffuf, and discusses techniques for finding bugs and writing effective reports for programs like HackerOne and Bugcrowd, aiming to help researchers earn income by discovering vulnerabilities. |
| 2026-04-10 2026 | Getting Started With Bug Bounties: 2026 Guide - Coursera beginner | Guide to bug bounty programs, this Coursera resource details how ethical hacking and vulnerability disclosure benefit organizations by identifying weaknesses through initiatives like Hack the Pentagon. It explains bug bounty mechanics, including scope, CVSS scoring for reports, and the varying payouts offered by major companies like Apple, Google, Microsoft, and Intel. The guide also suggests learning resources such as Hacksplaining, BugBountyHunter, and Google's Bug Hunter University, alongside essential technical skills like networking, operating systems, web technologies, and programming. |
| 2026-04-10 2026 | A Beginner's Guide to Bug Bounties beginner | A Beginner's Guide to Bug Bounties |
| 2026-04-10 2026 | Bug Bounty Hunting Methodology 2025 - Phirojshah beginner | Bug Bounty Hunting Methodology 2025 - Phirojshah |
| 2026-04-10 2026 | Bug Bounty 101: Complete Roadmap for Beginners (2026) beginner | Roadmap for beginners entering bug bounty hunting in 2026, this guide emphasizes foundational knowledge in networking, web applications, and cybersecurity concepts. It advocates for a focused approach to target selection, recommending less popular programs or Vulnerability Disclosure Programs (VDPs) over highly competitive ones. The entry details effective reconnaissance methodologies, highlighting the use of tools like Netlas for asset discovery and subdomain enumeration, combined with passive techniques and visual recon with Aquatone to identify potential attack surfaces. |
| 2026-04-10 2026 | Bug Bounty Methodology Version 2025 beginner | Bug Bounty Methodology Version 2025 |
| 2026-04-10 2026 | 31 Bite-Sized Tips and Bug Bounty Resources for 2026 beginner | Library of 31 bite-sized bug bounty tips and techniques for 2026, covering methods like hunting for blind XSS with match and replace rules, fuzzing virtual hosts with FFUF, finding related assets via favicon hash enumeration, identifying hosts with certificate issues, and leveraging copyright notices for reconnaissance. It also details techniques for DOM-based XSS, CSP bypasses, SSRF, bypassing file upload restrictions with Magic Bytes, currency confusion attacks, race conditions, JWT and XXE vulnerabilities, NoSQLi exploitation, Log4Shell hunting, CSRF bug scoring, GraphQL CSRF exploitation, and CORS exploitation via whitelisted third-party origins. → intigriti.com |
| 2026-04-06 2026 | shuvonsec/claude-bug-bounty: AI Bug Bounty Framework intermediate | Framework that transforms Claude Code into an AI bug bounty hunting partner, automating target reconnaissance, vulnerability scanning and validation, and professional report generation. It remembers past findings for improved efficiency, offers an autonomous hunting mode, and integrates with platforms like HackerOne and Bugcrowd. The framework includes specialized agents for various tasks and supports scanning for both Web2 and Web3 vulnerabilities, as well as GitHub Actions security. |
| 2026-04-06 2026 | Disclosed: $4.3m Paid in HackerOne LHEs, PortSwigger Top 10 Released news | Writeup detailing Shazzer's debug-fuzz mode for iterating on payload templates and edge cases, and VulnLLM-R-7B, a code-oriented model for vulnerability identification. It also includes a Bugcrowd announcement about Chime paying double for P1 reports, and Vercel's open-source bug bounty program on HackerOne. The entry further notes Bugcrowd's hiring of Kuzushi as VP of Offensive AI and mentions Shannon, an autonomous web "hacker" agent. |
| 2026-04-06 2026 | HackerOne Hacktivity news | HackerOne Hacktivity → hackerone.com |
| 2026-04-06 2026 | How Bug Bounty Hunters Are Using Claude Code beginner | How Bug Bounty Hunters Are Using Claude Code → infosecwriteups.com |
| 2026-04-03 2026 | API Penetration Testing: Combined Checklist + Scenario List beginner | Checklist and scenario list for API penetration testing, covering secure-by-design countermeasures and real-world attack vectors. It recommends avoiding Basic Auth for JWT or OAuth 2.0, enforcing strong JWT secrets with short TTLs, implementing rate limiting, input validation, and robust authentication. The resource details attack scenarios like password reset flaws, batch query DoS, SSRF via API, and open redirects, emphasizing the importance of business logic and trust boundary analysis over pure tool usage. |
| 2026-04-03 2026 | The Tools I Use for Bug Bounty Hunting beginner | The Tools I Use for Bug Bounty Hunting |
| 2026-04-03 2026 | Full Bug Bounty Hunting Methodology - Recon (DEF CON 32 Workshop) beginner | Workshop slides from DEF CON 32 detailing a bug bounty hunting methodology, focusing on comprehensive reconnaissance. The approach outlines techniques for discovering apex domains using web scraping, Google dorking, and ASN queries, then expands to subdomain enumeration via tools like Amass, brute-forcing with ShuffleDNS, and link discovery. It emphasizes identifying unique attack vectors, including injection and logic flaws, by systematically probing the target's attack surface. |
| 2026-04-03 2026 | The Best Bug Bounty Recon Methodology (2024) | Hive Five beginner | Library of curated resources detailing bug bounty reconnaissance methodologies. Features insights from Jason Haddix's Bug Hunter's Methodology, NahamSec's Recon Sunday series, and talks on techniques like GitHub recon, DNSGrep, Amass, ffuf, and passive reconnaissance. Includes lessons on sensitive data exposure, host discovery, and building custom reconnaissance tooling, emphasizing the creation of a personalized, effective strategy. |
| 2026-04-03 2026 | 2025 Bug Bounty Methodology, Toolsets and Persistent Recon beginner Recon | 2025 Bug Bounty Methodology, Toolsets and Persistent Recon |
| 2026-04-03 2026 | Comprehensive Bug Bounty Hunting Methodology (2024 Edition) beginner | Comprehensive Bug Bounty Hunting Methodology (2024 Edition) → infosecwriteups.com |
| 2026-04-03 2026 | From Recon to Report: Complete Bug Bounty Workflow for 2025 beginner Recon | Library for streamlining bug bounty hunting, this comprehensive guide details a complete workflow from reconnaissance to reporting. It covers essential tools like Subfinder, Amass, Burp Suite, and Nuclei, alongside techniques for identifying vulnerabilities such as XSS, SQLi, and IDOR. The resource emphasizes manual testing, clear report writing with specific examples, and offers advice on leveraging platforms like HackerOne and Bugcrowd. It provides concrete commands and actionable tips for both beginners and experienced hunters, aiming to build a robust skill set for ethical hacking. |
| 2026-04-03 2026 | Recon for Bug Bounty: 8 Essential Tools | Intigriti beginner Recon | Library of 8 essential open-source tools for effective bug bounty reconnaissance, including Amass for asset enumeration, search engine dorking on Google and Bing, Trufflehog and Gitleaks for GitHub secrets, Eyewitness for host screenshotting, Wappalyzer and HTTPX for technology fingerprinting, GAU for URL discovery, ffuf for bruteforcing, Arjun for parameter discovery, and LinkFinder for JavaScript analysis. → intigriti.com |
| 2026-04-03 2026 | Bug Bounty Hunting Methodology 2025 beginner Recon | Library for bug bounty hunting methodologies, this resource details techniques and tools for reconnaissance, including subdomain enumeration with Subfinder and Amass, active scanning with MassDNS, and archive scraping via GAU and Waybackurls. It covers JavaScript analysis with LinkFinder, Git dorking, and parameter discovery using Arjun and ParamSpider. The library also includes methods for cloud asset enumeration, directory brute-forcing with Feroxbuster, and API testing with Kiterunner, alongside specific tests for CSRF, LFI, RCE, SQLi, sensitive data exposure, and open redirects, culminating in structured reporting and proof-of-concept generation. |
| 2026-04-02 2026 | How to start an enterprise bug bounty program: A CISO's guide beginner | Guide for CISOs on establishing enterprise bug bounty programs, detailing proposal strategies to executives, program design including scope definition, terms and conditions, reporting protocols, and payment structures. It contrasts self-managed programs with third-party platforms like HackerOne or Bugcrowd, emphasizing risk management, continuous testing, and the importance of clear communication with researchers to incentivize the reporting of vulnerabilities such as sensitive data disclosure, cross-site scripting, and privilege escalation. |
| 2026-03-19 2026 | RECOX — Recon & Bug Bounty Toolkit beginner Recon | Library for bug bounty hunters that automates subdomain and endpoint discovery from passive sources. It offers a guided post-recon workflow and a bug bounty school, enabling users to map attack surfaces and identify vulnerabilities without active scanning. |
| 2026-03-12 2026 | Needle in the haystack: LLMs for vulnerability research intermediate AI | Library for LLM-assisted vulnerability research, focusing on a minimal scaffolding approach to mitigate "context rot." It leverages previously disclosed CVEs to build threat models, guiding LLMs to identify invariants and potential bypasses. The method emphasizes identifying entry points, trust boundaries, high-risk operations, and attacker-victim models for targeted exploration, as demonstrated by Claude Opus 4.6's findings in Firefox and vulnerabilities discovered in projects like Parse Server and HonoJS. |
| 2026-03-12 2026 | PatrikFehrenbach/h1-brain: MCP server that connects AI assistants to HackerOne for bug bounty hunting beginner AI | Tool for connecting AI assistants like Claude to HackerOne bug bounty hunting. `h1-brain` pulls your bounty history, program scopes, and public disclosed reports into local databases. Its primary function, `hack(handle)`, generates comprehensive attack briefings by analyzing your past findings, program specifics, community knowledge, and untouched assets, suggesting actionable attack vectors. It includes a pre-built database of over 3,600 bounty-awarded HackerOne reports with vulnerability write-ups, weakness types, and bounty amounts. |
| 2026-03-08 2026 | How I use LLMs For Security Work: Part 2 intermediate AI | Agents are a security work technique that provides precise context to LLMs, including documentation, requirements, and situational awareness. SKILLS.md files capture team knowledge for agent decision-making, while Workflows define multi-step LLM processes similar to playbooks. Assistants represent the evolution of LLMs, combining multiple workflows, skills, and tools to tackle complex problems by controlling LLM API calls. The article emphasizes that providing detailed context, such as specific examples and expected outputs, significantly improves LLM inference results over vague instructions. |
| 2026-03-05 2026 | Tips to automate your hacking using N8N | @Bugcrowd intermediate Recon | Implementing automation for the first time can feel overwhelming, as there is so much to learn. Get tips to use N8N to automate hacking. → bugcrowd.com |
| 2026-02-18 2026 | Maniesh-Neupane/BugBounty-Recon-Methodology beginner Recon | Library detailing a comprehensive bug bounty reconnaissance methodology. This resource outlines techniques for identifying an organization's global footprint and network boundaries using tools like `asnmap`, `dnsx`, `whois`, and API data from `urlscan.io` and `VirusTotal`. It covers subdomain enumeration with `subfinder`, `findomain`, `amass`, and `chaos`, followed by data validation using `puredns` and permutation scanning with `alterx`. Service mapping and virtual host discovery are addressed with `naabu`, `nmap`, and `ffuf`. The library further details web application analysis via `httpx`, vulnerability scanning with `nuclei` and `subzy`, and secret extraction from JavaScript and archives using `waymore` and `katana`. Finally, it presents automated testing for injection and path traversal vulnerabilities with `arjun`, `gf`, `qsreplace`, `ffuf`, and `dalfox`. |
| 2026-02-16 2026 | How I Built a 5-Path AI “Recon Beast” with n8n and Gemini (2026 Guide) intermediate AI Recon | In 2026, the bug bounty landscape requires more than just speed, with AI enhancing attacker capabilities. The article discusses building a 5-Path AI "Recon Beast" using n8n and Gemini. This innovative approach leverages automation and AI to enhance reconnaissance processes for bug bounty hunting. The focus is on utilizing technology to improve efficiency and effectiveness in identifying vulnerabilities. |
| 2026-02-10 2026 | ArsenSecurity/Bounties-Exploit-Bugs beginner | Library detailing a donation attack targeting DeFi protocols by exploiting rounding errors in share calculations. This attack leverages the "dust" mechanism, where small remaining balances are zeroed out, to inflate the total assets held by a protocol without a corresponding increase in the total supply of shares. Attackers can then create a state where one share represents a large quantity of assets, enabling them to borrow heavily against this inflated value and ultimately drain the protocol. The library outlines specific steps for exploiting this vulnerability, including creating an imbalance between total assets and total shares through a series of precise deposits and withdrawals designed to trigger rounding discrepancies. |
| 2026-02-06 2026 | Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries news AI | Library utilizing Claude Opus 4.6 for advanced vulnerability discovery, identifying over 500 high-severity flaws in open-source projects like Ghostscript, OpenSC, and CGIF. This AI model demonstrated effectiveness in detecting memory corruption vulnerabilities, including buffer overflows and missing bounds checks, by reasoning about code, identifying patterns, and understanding algorithmic logic, surpassing traditional fuzzing techniques in certain complex scenarios. → thehackernews.com |
| 2026-02-06 2026 | xalgord/AI-System-Prompts: XBot - Advanced AI Cybersecurity Agent | Gemini system prompt for automated penetration testing and security assessments beginner AI | Library: XBot is an advanced AI cybersecurity agent system prompt for Gemini AI, designed for comprehensive security assessments and penetration testing on authorized systems. It facilitates vulnerability scanning, active exploitation, OWASP Top 10 and advanced web vulnerability testing, source code analysis, and network security assessments. XBot supports multi-target scanning, autonomous operation, and generates actionable security reports with remediation guidance. |
| 2026-02-01 2026 | Prompt Injection Toolkit: 25 Payloads & Techniques for Mastering AI Pentesting intermediate AI | Prompt Injection Toolkit: 25 Payloads & Techniques for Mastering AI Pentesting Ever tried breaking an AI chatbot with a ‘please ignore all previous instructions’ prompt, only to realize it’s … |
| 2026-01-29 2026 | How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs) 🤖🔍 intermediate Burp IDOR | The content titled "How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs)" likely discusses utilizing the Burp Suite tool to automate the discovery of Insecure Direct Object Reference (IDOR) vulnerabilities, leading to the identification of over 20 bugs. The author shares their experience and strategies for leveraging Burp Suite effectively in bug hunting. The content may provide insights into the process of using automation tools for security testing and the successful outcomes achieved through this approach. → infosecwriteups.com |
| 2026-01-22 2026 | Bug Bounty Masterclass | Wiz beginner | Masterclass on bug bounty hunting methodology, drawing from actual successful submissions. It showcases high-value findings like airline data dumps, domain registrar exposure, and admin panel compromises, alongside vulnerabilities such as SSRF and authentication bypasses on major companies. The program aims to guide beginners through a consistent learning path to achieving significant payouts. → wiz.io |
| 2026-01-22 2026 | AI’s Hacking Skills Are Approaching an ‘Inflection Point’ news AI | Analysis of AI's increasing hacking capabilities highlights an "inflection point" where AI models, like RunSybil's Sybil and Anthropic's Claude Sonnet 4.5, are adept at discovering complex zero-day vulnerabilities in systems such as federated GraphQL deployments. This advancement, driven by techniques like simulated reasoning and agentic AI, necessitates proactive defense strategies, including AI-assisted vulnerability discovery and secure-by-design coding practices, as AI's offensive security potential rapidly accelerates. → wired.com |
| 2026-01-22 2026 | Recon to Master: The Complete Bug Bounty Checklist beginner Recon | “” is published by 𝙇𝙤𝙨𝙩𝙨𝙚𝙘 in InfoSec Write-ups. → infosecwriteups.com |
| 2026-01-22 2026 | My 5-Minute Workflow to Find Bugs on Any Website intermediate Recon | My 5-Minute Workflow to Find Bugs on Any Website A step-by-step guide to my most effective, shortcut methods for bug bounty hunting. Introduction Hi everyone, welcome back! Today, I’m going to show … → infosecwriteups.com |
| 2026-01-19 2026 | TrinetLayer advanced XSS | A battle-tested TrinetLayer for vulnerability research, real-world exploit payloads, and modern attack techniques — crafted by hackers, trusted by hackers. |
| 2025-12-19 2025 | KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark. beginner AI | Tool for autonomous white-box penetration testing of web applications and APIs. Shannon analyzes source code, identifies attack vectors like Injection, XSS, SSRF, and Broken Authentication, and executes real exploits to generate reproducible proof-of-concept findings. It leverages tools such as Nmap, Subfinder, and Schemathesis, integrates with AI providers, and can be deployed using Docker. |
| 2025-12-03 2025 | ✨ How to get private invitations on #BugBounty platforms ✨ intermediate Recon | 🗨️ Answer: You don’t have to! I noticed that around 70% of my HackerOne private invitations also have public self-hosted bug bounty programs 🙂 Here’s the dorks list I use to find these platforms 🫡 |
| 2025-11-08 2025 | robre/jsmon: a javascript change monitoring tool for bugbounties intermediate Recon | Library for monitoring JavaScript file changes on websites. JSMon fetches specified JavaScript files, compares them to previous versions, and notifies users via Telegram or Slack of any alterations, including file size differences and a diff file for inspection. Configuration is managed through an `.env` file for notification tokens and chat IDs, and target URLs are listed in files within the `targets/` directory. The tool supports scheduled execution via cron jobs for regular monitoring. |
| 2025-11-08 2025 | If you want to get better at finding and bypassing SSRF, take a look at this repo: intermediate SSRF | https://t.co/qLalHzICrE |
| 2025-11-03 2025 | Advanced Android Hacking Course advanced Mobile | Workshop slides from Ken Gannon, a multi-year Pwn2Own and Pwnie award winner, detailing advanced Android hacking techniques used to compromise devices like the Samsung Galaxy 25. This resource shares insights into the competitive landscape of Pwn2Own and covers strategies employed by top vulnerability researchers. |
| 2025-10-26 2025 | [HackerNotes Ep. 145]: Gr3pme's Secret: Bug Bounty Note Taking Methodology beginner | Library of note-taking templates for bug bounty hunters, detailing Brandyn's methodology for organizing targets, scope, credentials, behavior, tech stack, brainstorming, high-signal findings, error oracles, attack paths, and task tracking. It also references "Syntax Confusion" and techniques like percent encoding within `Content-Disposition` headers, and unusual file URI syntax. |
| 2025-10-12 2025 | Professional Cybersecurity E-books by Brute Logic beginner | Master bug bounty hunting and cybersecurity research with proven methodologies. Professional cybersecurity education from industry expert Brute Logic. |
| 2025-10-05 2025 | API Hacking - Just Hacking Training (JHT) intermediate API Sec | Course on API hacking by Dr. Katie Paxton-Fear, InsiderPhD, guiding learners from API fundamentals and toolkit essentials through reconnaissance, endpoint enumeration, and OWASP API Top 10 vulnerabilities including BOLA, Mass Assignment, and Injection flaws. The interactive course features over 50 videos, quizzes, and a dedicated lab, offering a proven methodology for comprehensive API security testing from bug discovery to reporting. |
| 2025-09-27 2025 | SSRF Mastery Series - Fundamentals: Master Server-Side Request Forgery advanced SSRF | Guide on mastering Server-Side Request Forgery (SSRF) exploitation. This resource details systematic discovery techniques, advanced parser bypasses, and exploitation chains from industry experts like Orange Tsai, Justin Gardner, and Corben Leo. It covers vulnerabilities such as CVE-2025-1974 (IngressNightmare), cloud metadata endpoint exploitation, and container orchestration vulnerabilities, aiming to equip users for significant bug bounty rewards. |
| 2025-08-14 2025 | (Research) Exploiting HTTP Parsers Inconsistencies advanced API Sec | The content titled "(Research) Exploiting HTTP Parsers Inconsistencies" likely discusses a study or investigation into vulnerabilities related to inconsistencies in HTTP parsers. This research may explore how these inconsistencies can be manipulated or exploited for various purposes. The focus is likely on understanding the weaknesses in HTTP parsers and potentially finding ways to enhance security measures to mitigate these vulnerabilities. |
| 2025-08-14 2025 | Top 10 web hacking techniques of 2022 | PortSwigger Research intermediate | Survey of the top 10 web hacking techniques from 2022, highlighting vulnerabilities like request smuggling, client-side path traversal, and Psychic Signatures in Java. The research also covers exploiting Web3's hidden attack surface with XSS and SSRF, bypassing .NET Serialization Binders, and insecure SAML implementations leading to bytecode execution. Practical client-side path-traversal attacks are identified, alongside cache poisoning on Akamai Edge Nodes and Zimbra Email credential theft via Memcache injection. Browser-powered desync attacks and account hijacking through OAuth dirty dancing are also detailed. → portswigger.net |
| 2025-08-14 2025 | HTTP-HOST HEADER ATTACKS. Hi! My name is Hashar Mujahid and today… | by Has intermediate | The content discusses HTTP-Host header attacks and is authored by Hashar Mujahid. It seems to provide information or insights related to this type of cyber attack. → infosecwriteups.com |
| 2025-08-14 2025 | Bug Bounty — Tips / Tricks / JS (JavaScript Files) - InfoSec Write-ups - Me intermediate | The content discusses bug bounty tips, tricks, and JavaScript (JS) files in the context of InfoSec write-ups. It likely includes insights, strategies, and techniques related to identifying and exploiting security vulnerabilities in web applications through bug bounty programs. The author may share their experiences, knowledge, and recommendations for effectively finding and reporting bugs in JavaScript files to enhance cybersecurity practices. |
| 2025-08-14 2025 | https://github.com/dsopas/assessment-mindset beginner | Mindmap structured around security assessment methodologies, including WAHH, OWASP API Security Top 10, and the IoT PenTesting Guide. Exported in OPML, XMind, and PNG formats, it aids organization for pentests, bug bounties, and red-team engagements. Contributions via pull requests are welcomed for new tasks, tools, and sections like mobile applications, networking, Wi-Fi, and IoT. |
| 2025-08-14 2025 | The Hitchhiker’s Guide to Bug Bounty Hunting Throughout the Galaxy. v2 beginner | The content is titled "The Hitchhiker’s Guide to Bug Bounty Hunting Throughout the Galaxy. v2." It suggests a guide or resource for individuals interested in bug bounty hunting, a practice where individuals find and report security vulnerabilities in exchange for rewards. The title alludes to the popular book "The Hitchhiker's Guide to the Galaxy," implying a whimsical or humorous approach to the subject matter. It likely provides tips, strategies, and insights for bug bounty hunters operating in a wide range of environments or platforms. |
| 2025-08-14 2025 | commixproject/commix: Automated All-in-One OS Command Injection Exploitatio intermediate | Tool for automated OS command injection detection and exploitation. Commix supports various injection types, automatically identifies them, and can perform file system and remote command execution. It offers options for bypassing filters and provides detailed usage examples in its wiki. |
| 2025-08-14 2025 | https://bugbountyforum.com/ beginner | The content provided is a URL link to bugbountyforum.com. The website likely focuses on bug bounty programs, where individuals can report security vulnerabilities in exchange for rewards. It serves as a platform for security researchers and companies to collaborate in identifying and fixing potential security issues. The forum may offer discussions, resources, and opportunities related to bug bounty programs. |
| 2025-08-14 2025 | Bug Bounty POC - All Bug Bounty POC write ups by Security Researchers. intermediate | The content is about Bug Bounty Proof of Concepts (POC) which are write-ups created by security researchers. These POCs detail vulnerabilities found in software or systems, demonstrating how they can be exploited. This information is valuable for organizations looking to improve their security by addressing these vulnerabilities. |
| 2025-08-14 2025 | https://www.hahwul.com/2019/09/28/oxml-xxe-payload-inject-tool-docem/ intermediate XXE | The content discusses a tool called "Docem" developed by a security researcher to inject XXE payloads into OXML files. XXE (XML External Entity) vulnerabilities can be exploited to manipulate XML data and potentially lead to security breaches. The tool automates the process of injecting malicious payloads into Office Open XML (OXML) files, making it easier for security professionals to test and identify vulnerabilities in systems that process XML data. The tool's capabilities and potential impact on security testing are highlighted in the article. |
| 2025-08-14 2025 | How to discover up to 10,000 subdomains with your own tool | by _Y000_ | In intermediate | The content discusses a method to uncover up to 10,000 subdomains using a self-created tool by _Y000_. It likely provides insights or instructions on how to utilize this tool effectively for discovering subdomains efficiently. The focus is on empowering individuals to explore a large number of subdomains using a personalized tool. → infosecwriteups.com |
| 2025-08-14 2025 | How to discover up to 10,000 subdomains with your own tool | by _Y000_ | Ne intermediate Recon | The content discusses a method to uncover up to 10,000 subdomains using a self-created tool by _Y000_ on the platform Ne. The focus is on the process of discovering subdomains efficiently through the tool. |
| 2025-08-14 2025 | A ffuf Primer | Daniel Miessler beginner | Tool for command-line web attacks, ffuf emulates functionality similar to Burp Intruder and Dirbuster. This Go-based utility leverages input files to fuzz parts of URLs, including GET parameters and POST data, for discovering vulnerabilities like disallowed paths and credential stuffing. It offers extensive options for matching responses based on HTTP codes, line counts, or size, and can be used with wordlists such as curated.txt from the RobotsDisallowed project to enhance the likelihood of finding sensitive information. → danielmiessler.com |
| 2025-08-14 2025 | https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/ intermediate | The content discusses website penetration testing and database hacking using SQLmap. It covers the importance of penetration testing to identify vulnerabilities, the process of using SQLmap for database hacking, and steps to perform SQL injection attacks. The article emphasizes the ethical use of these techniques for security testing and highlights the risks associated with unauthorized hacking. It provides insights into the tools and methods used in penetration testing and database hacking, aiming to enhance cybersecurity awareness and skills. |
| 2025-08-14 2025 | https://www.reddit.com/r/Hacking_Tutorials/comments/gtpkug/remote_code_execution_explained_with_real_life/?utm_source=share&utm_medium=ios_app&utm_name=iossmf beginner RCE | The content discusses remote code execution, explaining how it works with real-life examples. It likely covers the concept of executing code on a remote system, potential vulnerabilities that can be exploited, and the implications of such attacks. The post may provide insights into how hackers can gain unauthorized access to systems through this method and how to prevent such security breaches. It could also include practical tips or demonstrations to help readers understand the risks associated with remote code execution and how to protect against it. |
| 2025-08-14 2025 | Security Tools | Curated list of security tools for Hackers & Builders! beginner | Library of curated security tools for hackers and builders, featuring solutions for container penetration (CDK), Kubernetes security practice (Kubernetes Goat), attack path analysis (KubeHound), AWS security visualization (aws-security-viz), malicious package detection (Guarddog), URL data extraction (Unfurl), cloud adversary emulation (Stratus Red Team), disposable email (TrashEmail), Infrastructure as Code security (Terrascan, TerraGoat), static code analysis (Semgrep), infrastructure asset mapping (Cartography), secrets discovery (TruffleHog), and real-time data analysis (StreamAlert). |
| 2025-08-14 2025 | devanshbatham/Awesome-Bugbounty-Writeups beginner XSS | Writeup collection detailing numerous Cross-Site Scripting (XSS) variations, including DOM-based, reflected, and stored XSS, along with other vulnerabilities like CSRF, IDOR, LFI, SSRF, and RCE. Entries cover bypass techniques for WAFs and filters, specific vendor vulnerabilities on platforms like Google, Microsoft, Facebook, and Amazon, and methods for achieving account takeover and privilege escalation. Techniques include Angular JS template injection, MIME sniffing, Unicode bypass, and leveraging SWF files. |
| 2025-08-14 2025 | Bug Bounty Hunting Tips #4 — Develop a Process and Follow It - Craig Hays beginner | The content is about bug bounty hunting tips, specifically emphasizing the importance of developing a process and adhering to it. Following a structured approach can help bug bounty hunters stay organized, efficient, and focused on finding vulnerabilities. By establishing a clear process and consistently following it, hunters can improve their chances of successfully identifying and reporting bugs. Craig Hays highlights the significance of having a systematic method in bug bounty hunting to enhance effectiveness and productivity. |
| 2025-08-14 2025 | (224) @Th3G3nt3lman Shares His Recon Methodology and How He Consistently Co intermediate | @Th3G3nt3lman discusses his recon methodology and how he maintains consistency. The content likely delves into strategies, techniques, or processes used by @Th3G3nt3lman for reconnaissance activities. It may touch on the importance of having a structured approach to gathering information and how this contributes to achieving consistent results. |
| 2025-08-14 2025 | Samesite by Default and What It Means for Bug Bounty Hunters intermediate CSRF XSS | Analysis of SameSite by Default cookie attribute's impact on web vulnerabilities. This change, which sets SameSite=Lax for all cookies by default in Chrome 80, significantly affects bug classes beyond CSRF. Vulnerabilities such as Clickjacking, Cross-Site Script Inclusion (XSSI), JSONP Leaks, Data Exfiltration, XSLeaks, and Cross-Site WebSocket Hijacking are impacted by the prevention of authenticated cross-origin requests. While CORS misconfigurations and certain XSS attack vectors may see less direct impact, the widespread adoption of this attribute necessitates a re-evaluation of common exploitation techniques for bug bounty hunters. |
| 2025-08-14 2025 | Bug-bounty/bugbounty_checklist.md at master · sehno/Bug-bounty beginner | Checklist for comprehensive bug bounty methodology, encompassing reconnaissance with tools like Amass, Subfinder, and ffuf, information gathering, and security testing across authentication, session management, authorization, and various injection vulnerabilities including SQL, XXE, and NoSQL. It also details checks for file upload security, cryptographic issues, denial of service, and specific OWASP categories like cross-site scripting (XSS) and cross-site request forgery (CSRF). |
| 2025-08-14 2025 | https://medium.com/@know.0nix/hunting-good-bugs-with-only-html-d8fd40d17b38 intermediate | The content discusses a method of finding security vulnerabilities in websites using only HTML, focusing on the concept of "good bugs" or vulnerabilities that can be reported to website owners for ethical hacking purposes. It explains how to identify and report these bugs, emphasizing responsible disclosure to help improve website security. The article provides insights into the ethical hacking process and encourages individuals to contribute positively to cybersecurity by reporting vulnerabilities to website owners for remediation. |
| 2025-08-14 2025 | https://github.com/arkadiyt/bounty-targets-data?utm_source=Unsupervised+Learning+Subscribers&utm_campaign=e0ab2b9f11-EMAIL_CAMPAIGN_10_6_2019_8_57_COPY_01&utm_medium=email&utm_term=0_49fdb7d723-e0ab2b9f11-495714773&mc_cid=e0ab2b9f11&mc_eid=f84b93e60d beginner | Database of HackerOne and Bugcrowd bug bounty program scopes, containing lists of in-scope domains and wildcards. Includes raw JSON data for Bugcrowd, Hackerone, Federacy, Intigriti, and YesWeHack platforms. Data is updated every 30 minutes. |
| 2025-08-14 2025 | dsopas/assessment-mindset: Security Mindmap that could be useful for the in beginner | Mindmap for security assessments, incorporating the WAHH Methodology, OWASP API Security Top 10, and the IOT PenTesting Guide. Available in OPML, XMind, and PNG formats, this resource aids in organizing tasks for pentests, bug bounties, and red-team exercises. Contributions and suggestions for new tasks, tools, or improvements are welcomed via pull requests to the repository. |
| 2025-08-14 2025 | https://vavkamil.cz/2019/10/09/understanding-the-full-potential-of-sqlmap-during-bug-bounty-hunting/ intermediate SQLi | The content discusses maximizing the potential of SQLmap during bug bounty hunting. It covers the importance of understanding SQL injection vulnerabilities, using SQLmap effectively, and customizing its options for better results. The article emphasizes the significance of proper reconnaissance, parameter identification, and evasion techniques to enhance the success rate of SQL injection attacks. It also provides insights into exploiting blind SQL injection vulnerabilities and leveraging SQLmap's advanced features to automate the detection and exploitation process. Overall, the content aims to help bug bounty hunters utilize SQLmap efficiently for discovering and exploiting SQL injection vulnerabilities. |
| 2025-08-14 2025 | amass — Automated Attack Surface Mapping | Daniel Miessler beginner | Tool for mapping attack surfaces, amass automates information gathering across multiple dimensions, integrating data from DNS enumeration, scraping various search engines, certificate transparency logs, and numerous APIs. It offers subcommands like `intel` for initial reconnaissance, `enum` for subdomain discovery and attack surface mapping, `viz` for visualizing results (including D3 and Maltego formats), `track` for historical analysis, and `db` for database management. Amass prioritizes diverse input sources and consistent developer attention, making it a robust solution for both offensive and defensive security operations. → danielmiessler.com |
| 2025-08-14 2025 | List of bug bounty writeups beginner | The content is a list of bug bounty writeups. It likely includes detailed accounts of security vulnerabilities discovered by individuals participating in bug bounty programs. These writeups typically outline the steps taken to identify and report the bugs, as well as any rewards received for their findings. The list serves as a valuable resource for cybersecurity enthusiasts and professionals looking to learn from real-world examples of successful bug hunting. |
| 2025-08-14 2025 | How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Pr intermediate | The content discusses setting up an automated sub-domain takeover scanner for bug bounty programs. It likely provides guidance on using tools or scripts to detect potential sub-domain takeover vulnerabilities automatically. This process can help security researchers identify and report such issues to organizations before they are exploited by malicious actors. Overall, the content aims to assist bug bounty hunters in efficiently scanning for sub-domain takeover vulnerabilities to enhance the security of web applications. |
| 2025-08-14 2025 | (640) An overlooked parameter leads to a critical SSRF in Dropbox bug bount intermediate SSRF | The content discusses a critical Server-Side Request Forgery (SSRF) vulnerability discovered in Dropbox's bug bounty program due to an overlooked parameter. This vulnerability could potentially allow attackers to manipulate server requests and access sensitive information. The SSRF flaw was identified as a significant security issue that could have serious consequences if exploited. This finding highlights the importance of thorough security testing and the need for companies to prioritize identifying and addressing such vulnerabilities to protect their systems and data. |
| 2025-04-10 2025 | Best Browser Extensions for Bug Hunting and Cybersecurity beginner Burp | If you are getting into bug hunting or cybersecurity the right tools can make a huge difference. Browser extensions help automate tasks, find hidden vulnerabilities and protect your privacy. Here is… → infosecwriteups.com |
| 2025-04-09 2025 | From Recon to Exploits: Uncovering XSS, Open Redirects, and More using this script intermediate Recon XSS | Step by Step guide to hunt info disclosure, xss and more → osintteam.blog |
| 2025-03-31 2025 | Javascript Recon for Bug Bounty & Pentesting intermediate Recon XSS | Hidden endpoints, secrets, and DOM XSS using Automated JS Analysis |
| 2025-03-30 2025 | Stored XSS in My Flow To RCE in Opera Browser #2 - Renwa - Medium intermediate RCE XSS | Hey Opera team, after your great response and bounties with previous reports motivated me to look more into the program and find more bugs, luckily I found a critical bug in My Flow that allow an… |
| 2025-03-16 2025 | GitHub - m4ll0k/BBTz: BBT - Bug Bounty Tools (examples💡) intermediate | BBT - Bug Bounty Tools (examples💡). Contribute to m4ll0k/BBTz development by creating an account on GitHub. |
| 2025-02-20 2025 | How I got a Stored XSS by searching through JS files. intermediate XSS | Hello Friend, I’m gonna talk about a simple Stored XSS vulnerability I did find in a private bug bounty program at Bugcrowd by searching in… |
| 2025-02-10 2025 | My Bug Hunting Methodology Approach to Finding Bugs Easily 🐞💡 intermediate | إِنَّ اللَّهَ وَمَلَائِكَتَهُ يُصَلُّونَ عَلَى النَّبِيِّ ۚ يَا أَيُّهَا الَّذِينَ آمَنُوا صَلُّوا عَلَيْهِ وَسَلِّمُوا تَسْلِيمًا |
| 2025-01-28 2025 | GitHub - Mehdi0x90/Web_Hacking: Bug Bounty Tricks and useful payloads and bypasses for Web Application Security. intermediate | Library of bug bounty and pentest notes encompassing a wide array of web application security vulnerabilities and bypass techniques. It includes specific attack vectors such as API Key Leaks, CORS, CRLF Injection, CSRF, Cache Poisoning, Command Injection, DOM Clobbering, File Inclusion, File Upload, GraphQL, Host Header Injection, IDOR, JWT, NoSQLi, Open Redirect, Race Condition, Reverse Tab Nabbing, SQLi, SSRF, Sandwich Attacks, XSS, and XXE. Additionally, it features various bypass strategies for 403 errors, 429 limits, Captchas, CSP, Email Verification, Login, Rate Limits, and Password Resets, along with an extensive list of evasive techniques and tools like Nuclei, inql, Logger++, param-miner, Oralyzer, SQLiPy, ParamSpider, and gf. |
| 2025-01-19 2025 | Choosing Your First Program in Bug Bounties: A Beginner’s Guide beginner | Hey geeks, it4chis3c (Twitter) comes up with another write-up in my Bug Bounty Hunting Series: |
| 2024-12-31 2024 | Hidden Gems: Simple Exploits Overlooked by Most Bug Hunters intermediate | Easy but Rare Bugs in Bug Bounty Hunting: Uncovering Hidden Gems |
| 2024-12-29 2024 | How to find SSRF, Bypass Cloudflare, and extract AWS metadata intermediate SSRF | I was working on a program and since I have no permission to disclose the name of the target, let’s call it redacted.com. |
| 2024-12-14 2024 | InfoSec Blog intermediate | Writeup detailing CVE-2020-13379, an unauthenticated full-read SSRF in Grafana versions 3.0.1-7.0.1 achieved through redirect chaining and URL parameter injection. It also covers AWS Metadata API research, explaining how SSRF can escalate in AWS environments by accessing http://169.254.169.254, and offers beginner resources for aspiring bug bounty hunters. |
| 2024-11-16 2024 | HackTricks Training beginner | HackTricks Training |
| 2024-11-01 2024 | Comprehensive Bug Bounty Hunting Methodology (2024 Edition) beginner | Welcome to your complete bug bounty guide! 🕵️ This is designed for beginners, but even if you’re experienced, there’s always something new… |
| 2024-10-17 2024 | 👩💻 $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS… intermediate SSRF | A $600K bounty was awarded due to a business logic flaw in smart contracts. → infosecwriteups.com |
| 2024-10-17 2024 | Story of a 2.5k Bounty — SSRF on Zimbra Led to Dump All Credentials in Clear Text intermediate SSRF | The content discusses a successful bug bounty story where the author and a friend earned approximately $2500 from Cafebazaar by exploiting a Server-Side Request Forgery (SSRF) vulnerability on Zimbra, leading to the exposure of all credentials in clear text. → infosecwriteups.com |
| 2024-10-17 2024 | My First Bug: Blind SSRF Through Profile Picture Upload intermediate SSRF | The content is a writeup detailing the discovery of the author's first bug, which involves a blind Server-Side Request Forgery (SSRF) vulnerability through profile picture upload. The author likely shares their experience, the steps taken to identify the bug, and the impact of the vulnerability. This bug could potentially allow an attacker to manipulate the server into making requests on their behalf, leading to unauthorized access or data leakage. The writeup may also include insights on responsible disclosure and the importance of thorough security testing in web applications. → infosecwriteups.com |
| 2024-10-17 2024 | 10 Types of Web Vulnerabilities that are Often Missed - Labs Detectify beginner SSRF | Library detailing common, often-missed web vulnerabilities beyond the OWASP Top 10. It covers HTTP/2 Smuggling, exploiting desyncs between HTTP/2 and HTTP/1.1; XXE via Office Open XML parsers, leveraging XML parsing within document formats like .docx and .xlsx; SSRF via XSS in PDF Generators, by injecting JavaScript into HTML-to-PDF converters to access internal resources; and XSS via SVG files, a persistent issue with image upload functionalities. → labs.detectify.com |
| 2024-10-17 2024 | How i found 3 SSRF in one day on different bug bounty targets. intermediate SSRF | The blog discusses the author's approach to bug bounty targets, detailing how they discovered three Server-Side Request Forgery (SSRF) vulnerabilities within 5-6 hours on different targets. The focus is on their successful identification of SSRF vulnerabilities and the speed at which they were able to find them. |
| 2024-10-17 2024 | BugBounty | A Simple SSRF intermediate SSRF | Writeup detailing an SSRF vulnerability discovered in a macOS chat client. The vulnerability arises from the client's preview functionality, which fetches URLs and displays content, including favicons and titles. By crafting specific URLs, including those pointing to internal IP addresses and the `file://` scheme, the author was able to exfiltrate sensitive data. Further analysis revealed the potential for JavaScript execution within the preview, allowing for content retrieval beyond Same Origin Policy restrictions, with a proof-of-concept demonstrating the exfiltration of Google's content length and the suggestion of DNS rebinding as a bypass for stricter SOP enforcement. |
| 2024-10-17 2024 | AWS takeover through SSRF in JavaScript intermediate SSRF | Writeup of AWS takeover exploiting a Server-Side Request Forgery (SSRF) vulnerability within a custom JavaScript macro language called Banan++. The `Union()` function, which utilized `eval()` without proper sanitization, was identified as the injection point. By manipulating the `operation` parameter, an attacker could craft malicious Banan++ code to execute arbitrary JavaScript, including making outbound HTTP requests using `fetch()`. This SSRF vulnerability ultimately led to the compromise of AWS credentials and full account takeover, including numerous S3 buckets and EC2 instances. |
| 2024-10-17 2024 | How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! advanced RCE SSRF | Writeup detailing a four-vulnerability exploit chain against GitHub Enterprise, culminating in Remote Code Execution (RCE). The chain begins with bypassing IP restrictions in the `faraday` gem for an initial SSRF. This SSRF is then used to exploit a second SSRF within the Graphite service, forming an SSRF execution chain. A CR-LF injection within this chain allows for protocol smuggling, specifically targeting Memcached with a malicious Marshal object, which triggers RCE upon deserialization. |
| 2024-10-16 2024 | reddelexc/hackerone-reports: Top disclosed reports from HackerOne intermediate | Library of disclosed HackerOne reports, featuring top findings categorized by vulnerability type such as XSS, XXE, CSRF, IDOR, RCE, SQLi, SSRF, and business logic flaws. It also ranks reports by program, including Mail.ru, HackerOne, Shopify, Nextcloud, and Twitter. The library is updated using Python 3 scripts that require chromedriver and Chromium executables. |
| 2024-10-15 2024 | Top 13 Vulnerable Web Applications and Websites for Ethical Hacking Practice beginner | This list contains a variety of vulnerable websites, vulnerable web apps, battlegrounds and wargames communities. |
| 2024-10-12 2024 | Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale advanced | Survey of cloud vulnerability discovery techniques, including dangling DNS records and hardcoded secrets, reveals systemic weaknesses in tens of thousands of organizations like Samsung and NVIDIA. This approach identified over 66,000 unique top-level domains with dangling records and more than 15,000 verified API secrets. The research highlights how insecure defaults and incentivized misconfigurations by cloud providers contribute to these vulnerabilities, despite limited customer awareness and insufficient provider accountability. |
| 2024-10-07 2024 | Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open Source news | Library of open-source web scanning tools, including the GBounty Scanner for high-speed vulnerability discovery, customizable GBounty Multi-Step Profiles for defining test sequences, a GBounty Profiles Designer graphical interface for creating these profiles, and the Export to GBounty Burp Suite extension for seamlessly integrating Burp Suite requests into scanner workflows. |
| 2024-10-03 2024 | Top 10 Browser Extensions Every Bug Bounty Hunter Needs beginner Burp | As bug bounty hunters, we need to save time by avoiding constant switching between the terminal, multiple tabs, Burp Suite (including… |
| 2024-10-01 2024 | GitHub - bl4de/security-tools: My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty. beginner Python | My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty. - bl4de/security-tools |
| 2024-09-30 2024 | Top 8 Advanced Features of BLACKBIRD Web App Pentesting Suite intermediate | Find more vulnerabilities and save more time on your next pentesting engagement as a penetration tester with BLACKBIRD Web App Pentesting Suite |
| 2024-09-27 2024 | Payloads/ssrf.txt at main · 1BlackLine/Payloads intermediate SSRF | Library of Server-Side Request Forgery (SSRF) payloads detailing various techniques for bypassing filters and exploiting internal services. It includes examples for localhost, IP address variations, IPv6, octal and hexadecimal encodings, gopher, dict, and file schemes, as well as specific cloud metadata endpoints like those for AWS EC2, Google Compute Engine, and Hetzner. The collection also demonstrates SSRF through jar, file, and other less common URL schemes. |
| 2024-09-24 2024 | xssorRecon/xss0rRecon.sh at main · xss0r/xssorRecon beginner Recon XSS | Library for automating web application security reconnaissance, the xssorRecon.sh script helps discover vulnerabilities. It automates tasks including domain enumeration, URL crawling and filtering, and parameter discovery using tools like HiddenParamFinder. The script also prepares for XSS detection and analyzes query string URLs, culminating in the launch of the xss0r tool for in-depth vulnerability assessment. It includes installation steps for necessary dependencies and offers a guide for deploying on VPS servers. |
| 2024-09-16 2024 | Automating the CORS Vulnerability Scan intermediate API Sec AuthZ | When conducting a bug bounty, automating your scanning process not only saves time but ensures you don’t miss common vulnerabilities. One… |
| 2024-09-16 2024 | What is Prototype Pollution? beginner | Bug Bounty Essentials by Karthikeyan Nagaraj → cyberw1ng.medium.com |
| 2024-09-15 2024 | Mastering WordPress Penetration Testing: A Step-by-Step Guide intermediate | Toolset for WordPress penetration testing, including Wappalyzer for technology profiling, WPintel for detailed WordPress information like versions and vulnerabilities, NMAP for network scanning, FFuF for directory discovery and fuzzing, and Nuclei for template-based vulnerability scanning. The guide also covers manual techniques such as username enumeration and XML-RPC exploitation, as well as Cross-Site Port Attacks (XSPA). |
| 2024-09-14 2024 | Acquiring Malicious Browser Extension Samples on a Shoestring Budget advanced | Library for acquiring malicious browser extension samples using free resources, including cryptanalysis of obfuscated PowerShell scripts. It details techniques for finding initial samples via services like urlscan and MalwareBazaar, then pivots to acquiring and decrypting newer samples by analyzing file structures and performing XOR key and substitution mapping recovery. The library provides a practical approach to obtaining such samples without enterprise-level tools. |
| 2024-09-14 2024 | Mastering GraphQL API Pentesting: The Ultimate Resource Guide beginner GraphQL | Hello! I’m Raunak Gupta, a Security Researcher, Bug Bounty Hunter, and Computer Science student from India. Today, I’m excited to share all… |
| 2024-09-13 2024 | GitHub - xss0r/xssorRecon: Automate Recon XSS Bug Bounty beginner Recon XSS | Library for automating XSS bug bounty reconnaissance. This tool requires downloading and extracting all necessary files, including wordlists and the xssorRecon tool itself, into a single directory. A free 5-day professional plan license is available from the 10th to the 15th of each month via store.xss0r.com. |
| 2024-08-31 2024 | SSRFUtility - SSRF Exploitation Tool intermediate SSRF | A tool to help you exploit SSRF vulnerabilities and get these bounties! |
| 2024-08-27 2024 | This Teen Hacker Found Bugs in School Software That Exposed Millions of Records news | Writeup detailing Bill Demirkapi's discovery of critical vulnerabilities in Blackboard and Follett school software, including SQL injection and cross-site scripting flaws. These bugs potentially exposed millions of student and teacher records, encompassing grades, immunization data, passwords, and personal information. The findings highlight significant security weaknesses in educational technology and the challenges researchers face in getting vendors to address them. → wired.com |
| 2024-08-18 2024 | Using Firefox Add-Ons for #BugBounty beginner | Recently I posted a tweet about using Firefox Add-Ons for Bug Bounty Hunting, so I figured out I should write a guide on using it. |
| 2024-08-02 2024 | Cartesi Honeypot Challenge beginner | Cartesi Honeypot Challenge via /r/bugbounty https://ift.tt/N8IBERh |
| 2024-07-30 2024 | JS Link Finder Burp Suite Extension Guide intermediate Burp | Improve your bug bounty hunting, pentesting, and appsec skills with the JS Link Finder Burp Suite Extension. Discover hidden endpoints and… |
| 2024-07-28 2024 | security-study-plan/web-pentest-study-plan.md at main · jassics/security-study-plan beginner Recon | Library outlining a structured, milestone-based web penetration testing study plan. It details key concepts like HTTP methods and response codes, vulnerability types including XSS, SQLi, and JWT exploitation, and essential tools such as Burp Suite, Nmap, and Metasploit. The plan emphasizes hands-on lab practice with platforms like Hack The Box and OWASP Juice Shop, alongside recommended reading and courses, guiding learners towards entry-level pentesting roles. |
| 2024-07-27 2024 | Udemy - Bug Bounty Hunting Guide to an Advanced Earning Method - Google Drive intermediate | Udemy - Bug Bounty Hunting Guide to an Advanced Earning Method - Google Drive |
| 2024-07-22 2024 | DOM Based XSS | OWASP Foundation beginner XSS | Reference for DOM Based XSS, also known as "type-0 XSS," detailing how client-side scripts execute unexpectedly due to modifications in the DOM environment. It contrasts this with stored and reflected XSS, highlighting attacks utilizing URI fragments to avoid server-side detection, such as the universal XSS against the Acrobat PDF plugin. The entry also mentions testing tools like DOM Snitch and defensive techniques discussed in research papers and presentations. → owasp.org |
| 2023-12-21 2023 | The Unsinkable Maddie Stone Googles Bug-Hunting Badass news | Library for analyzing actively exploited software flaws, including zero-days found in security scanning tools and Android malware. It focuses on understanding attacker behavior, identifying novel techniques, and determining how structural improvements can mitigate entire classes of exploits, aiming to make zero-day vulnerabilities harder to find and exploit in the wild. → wired.com |
| 2023-12-03 2023 | HowToHunt beginner | Library of practical guides and methodologies for vulnerability hunting. This collaborative repository offers step-by-step techniques for finding specific bugs, focusing on actionable advice and real-world examples. It serves as a resource for both beginners and experienced hunters to enhance their bug hunting skills, with contributions from experienced security professionals. |
| 2023-11-27 2023 | Solving HackThisSite Programming Level 1 with Ronin beginner | Library for Ruby that facilitates solving HackThisSite Programming Level 1 by unscrambling words. It utilizes the `wordlist` gem to process a ZIP archive of words, builds a lookup table by sorting characters of each word, and then deciphers scrambled words by matching their sorted character sequences. This approach provides an efficient solution to the challenge. |
| 2023-11-09 2023 | A list of 50 web application exploit techniques that bug bounty hunters should be familiar with. intermediate API Sec | A list of 50 web application exploit techniques that bug bounty hunters should be familiar with. https://ift.tt/0215ejI |
| 2023-11-05 2023 | Offensive C# advanced RCE | Library for offensive C# development, teaching basics from C# fundamentals to advanced red team tradecraft. Learn to build tools for Active Directory enumeration and attacks, create .NET loaders, implement persistence, and leverage WinAPI for techniques like process hollowing, token enumeration, and shellcode injection. The curriculum covers C2 server development, PE backdoor creation, and API hashing/hooking for sophisticated offensive capabilities. |
| 2023-11-05 2023 | BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting beginner | BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting https://ift.tt/YoWdJOL |
| 2023-10-25 2023 | https://thexssrat.podia.com/broad-scope-bug-bounties-handbook-v1?coupon=RFESFSEFSDFSDF beginner | https://ift.tt/RqE7Mny |
| 2023-10-12 2023 | Web AppSec Interview Questions beginner API Sec | Reference for web application security interview questions, covering topics like Web Cache Deception, Session Fixation, SQL Injection variants (Boolean *Error* Inferential), DOM Clobbering, HTTP Request Smuggling (TE.TE), HTTP Parameter Pollution, IDOR, JWKs/JKUs, Business Logic testing, Server-Side Template Injection, WebSocket security, Content Security Policy (CSP), stateless authentication, CSRF mitigation, XXE Injection, DOM-based XSS, CORS preflight requests, Insecure Deserialization, file upload vulnerabilities, Mass Assignment, GraphQL batching, type juggling, and sensitive data exposure techniques. |
| 2023-10-05 2023 | Useful Websites for Pentesters & Hackers beginner Recon | Useful Websites for Pentesters & Hackers https://ift.tt/wL3ZVXG |
| 2023-10-05 2023 | Bug Bounty Hunting Guide: Essential Tools and Strategies beginner Recon | Bug Bounty Hunting Guide: Essential Tools and Strategies https://ift.tt/oqOZFys |
| 2023-09-22 2023 | IDOR - how to predict an identifier? Bug bounty case study intermediate IDOR Talks | The content discusses IDOR (Insecure Direct Object Reference) vulnerability and how to predict an identifier in bug bounty programs. It likely provides a case study or tutorial on exploiting IDOR vulnerabilities for ethical hacking purposes. The video on YouTube may offer insights into identifying and exploiting these vulnerabilities to secure systems better. |
| 2023-09-22 2023 | reddelexc/hackerone-reports beginner | Library of curated HackerOne reports, organized to identify top vulnerabilities and programs. Includes categorized lists of XSS, XXE, IDOR, RCE, SQLi, SSRF, and other bug types, alongside rankings for programs like Mail.ru, Shopify, Twitter, and Uber. Python 3 scripts, requiring chromedriver and Chromium, are provided to update the raw data in data.csv, processing reports through fetching, uniqueness checks, filling, and rating stages. |
| 2023-09-22 2023 | Writeups beginner | Writeups https://ift.tt/PJUnIMy |
| 2023-09-22 2023 | How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports advanced RCE SQLi Talks | The content discusses techniques for exploiting SQL injection vulnerabilities to achieve Remote Code Execution (RCE) or read files. It presents a case study based on 128 bug bounty reports, providing insights into the process of leveraging SQL injection for more severe attacks. The video likely delves into practical examples, demonstrating how attackers can escalate the impact of SQL injection vulnerabilities to gain unauthorized access or execute malicious code on a target system. |
| 2023-09-10 2023 | Python for Hackers Course | Bug Bounty & Ethical Hacking beginner Python | Python for Hackers Course | Bug Bounty & Ethical Hacking https://ift.tt/X9UbTzy |
| 2023-08-29 2023 | Pygoat - Learn Django security the hard way beginner Python | Library for learning Django security by attacking and defending the intentionally vulnerable application Pygoat. This resource covers OWASP Top 10 vulnerabilities, including Broken Access Control and Sensitive Data Exposure, providing mitigation strategies for Django applications. It addresses specific risks like hard-coded passwords and broken cryptography, and discusses SQL injection and insecure direct object references. The library emphasizes secure design patterns, threat modeling, and proper input validation to fortify web applications. |
| 2023-08-20 2023 | Pentest-Cheat-Sheets beginner Recon | Cheatsheet for penetration testing tasks, offering code snippets and commands for efficient workflow. It includes commands for DNS enumeration using tools like `dnsenum` and `fierce`, network scanning with `nmap`, file transfer and reverse shells with `nc` and `ncat`, SNMP enumeration using `onesixtyone` and `snmp-check`, directory brute-forcing with `dirsearch` and `dirb`, RDP exploitation with `xfreerdp` and `crowbar`, SMB client interactions with `pth-smbclient`, and SQL injection exploitation with `sqlmap`. |
| 2023-08-11 2023 | YesWeHack #1 Bug Bounty Platform in Europe beginner | YesWeHack #1 Bug Bounty Platform in Europe https://ift.tt/N0aPy8c → yeswehack.com |
| 2023-08-11 2023 | How To Hack Web Applications in 2022: Part 1 beginner | Library for web application security testing that details techniques for identifying and exploiting vulnerabilities like SQL Injection, Code Injection, XSS, Defacement, Cookie poisoning, and Remote Code Execution. It outlines the setup process using Burp Suite and discusses common web application architectures, including Single Page Applications and Traditional Web Applications, referencing the OWASP Top 10 as a standard vulnerability guide. → labs.detectify.com |
| 2023-08-11 2023 | JeffCX/collection-web3-bug-bounty beginner | Collection of independently hosted Web3 bug bounty programs, curating a comprehensive list of initiatives offering substantial, six-figure rewards. This resource aims to incentivize ethical hackers and security researchers to identify and report vulnerabilities in decentralized applications (dApps), blockchain networks, smart contracts, and decentralized finance (DeFi) protocols, thereby enhancing the security of the evolving Web3 ecosystem. Contributions are welcomed via pull requests on GitHub, detailing project names, bounty amounts, and program links for inclusion in the sorted list. |
| 2023-08-11 2023 | The Ultimate Guide to Finding Bugs With Nuclei intermediate | Library for efficient, extensible vulnerability scanning using YAML-based templates. Nuclei supports HTTP, DNS, SSL, and raw TCP protocols, allowing users to define custom checks for vulnerabilities. It can scan thousands of hosts rapidly, integrates into existing workflows, and offers template filtering by technology, severity, or CVE. Advanced features include custom template creation, fuzzing, multi-step interactions, and support for network, DNS, file, and headless modes. |
| 2023-07-30 2023 | 0xPugazh/One-Liners beginner | Library aggregating numerous command-line one-liners for application security reconnaissance and vulnerability testing. It compiles practical examples for subdomain enumeration using tools like subfinder, dnsx, and httpx, alongside methods for discovering sensitive files, identifying SQL injection and XSS vulnerabilities with sqlmap, ghauri, dalfox, and xsstrike, and checking for CORS misconfigurations. The library also includes techniques for hidden directory discovery with dirsearch and ffuf, and for finding hidden parameters within JavaScript files. |
| 2023-07-26 2023 | Web Application Black-Box testing beginner API Sec Recon | Web Application Black-Box testing https://ift.tt/d1Mrqn4 |
| 2023-07-11 2023 | Using SpiderFoot to Investigate a Public Bug Bounty Program intermediate OSINT | Using SpiderFoot to Investigate a Public Bug Bounty Program https://ift.tt/OklK085 |
| 2023-07-08 2023 | 10 tips for crushing bug bounties beginner | Tips for bug bounty success, including actionable advice like starting immediately, targeting less competitive programs, leveraging existing skills while diversifying, mastering OWASP Top 10 basics, and prioritizing health. It also emphasizes community involvement, smart collaboration, utilizing resources like PentesterLab and "The Web Application Hacker's Handbook," embracing automation for efficiency, and maintaining persistence throughout the learning process. |
| 2023-06-17 2023 | The Complete Guide to Bug Bounty Hunting beginner | Library of training materials covering bug bounty hunting essentials, including OWASP Top 10 vulnerabilities, Kali Linux tools like Nmap, SQLmap, and Metasploit for web application hacking, and techniques for finding and exploiting vulnerabilities in Android applications. |
| 2023-06-09 2023 | dwisiswant0/awesome-oneliner-bugbounty beginner | Library of one-liner scripts for bug bounty hunting. This collection includes commands for discovering subdomains using tools like `subfinder`, `assetfinder`, and `amass`, then identifying vulnerable endpoints with techniques such as LFI, redirect, and XSS checks. It also features scripts for web scraping with `gau`, `gospider`, and `waybackurls`, and for network reconnaissance using Shodan searches and DNS queries. |
| 2023-06-08 2023 | kargisimos/offensive-bookmarks beginner OSINT Recon | Collection of browser bookmarks for penetration testers and bug bounty hunters, featuring curated links for OSINT, cheat sheets across multiple operating systems and tools, malware development and analysis resources, shell collections, encoders, decoders, and obfuscation tools for various languages. It also includes sections on privilege escalation, password cracking, and practice labs, streamlining access to essential offensive security information. |
| 2023-06-01 2023 | Zseanos methodology beginner | https://ift.tt/AwRf0Q6 |
| 2023-05-09 2023 | How I Automate BugBounty Using Chatgpt intermediate AI | How I Automate BugBounty Using Chatgpt https://ift.tt/93SQsPD |
| 2023-05-09 2023 | How I'd Get Into Bug Bounty Hunting: A Practical Guide beginner | How I'd Get Into Bug Bounty Hunting: A Practical Guide https://ift.tt/L2fKWOr |
| 2023-05-04 2023 | Hacking Techniques and Intrusion Detection beginner Recon | Library of materials covering software exploitation, debugging fundamentals, and intrusion detection. It details the use of debuggers like GDB and Immunity Debugger for vulnerability analysis, including a walkthrough of discovering a NULL pointer dereference in a C program by examining program execution and memory states. |
| 2023-04-02 2023 | $10.000 bounty for exposed .git to RCE news RCE | $10.000 bounty for exposed .git to RCE https://ift.tt/1AxW3QH |
| 2023-04-02 2023 | How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty intermediate SQLi | How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty https://ift.tt/8yQVgw5 |
| 2023-04-02 2023 | Top 25 IDOR Bug Bounty Reports intermediate IDOR | Top 25 IDOR Bug Bounty Reports https://ift.tt/HCA9b4O → corneacristian.medium.com |
| 2023-04-02 2023 | Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters intermediate XSS | Mastering XSS: A Comprehensive Guide for Bug Bounty Hunters https://ift.tt/tFcafTi |
| 2023-03-29 2023 | skills/secure-code-game beginner AuthZ | Game for learning secure coding practices through an in-editor, browser-based experience. Season 4 focuses on securing Agentic Workflows and Multi-Agent Communications within an AI coding assistant that generates bash commands, browses the web, and orchestrates workflows. Players progress through five difficulty levels without requiring prior AI or coding experience. The game is self-contained per season and readily available in GitHub Codespaces. |
| 2022-10-14 2022 | HTTP-HOST HEADER ATTACKS intermediate | The content discusses HTTP-Host header attacks, a type of security vulnerability where attackers manipulate the host header to exploit web applications. By altering the host header, attackers can bypass security measures, access unauthorized data, or perform other malicious activities. These attacks can be used to trick servers into processing requests differently, potentially leading to data breaches or system compromise. It is crucial for web developers and security professionals to be aware of these vulnerabilities and implement proper security measures to prevent HTTP-Host header attacks. |
| 2022-06-09 2022 | Favorite tweet by @fardeenahmed411 beginner API Sec | Favorite tweet: API Bug-Bounty Tools Check list (Part - 1) - Postman (It is like Burpsuite for API) - APISec - AppKnox - Synopsis API Scanner - Data Theorem API Secure #cybersecuritytips #bugbountyti... |
| 2022-05-24 2022 | Favorite tweet by @0xAsm0d3us beginner | Favorite tweet: Bug Hunter Handbook: a book that contains lists of resources that will help bug bounty hunters with resources that are useful during their bug bounty journey. https://t.co/Db2d6AnxXs ... |
| 2022-05-11 2022 | Favorite tweet by @Nickieyey beginner XSS | Favorite tweet: Top XSS (Cross Site Scripting) Tools : 1) BeeF 2) BlueLotus_XSSReceiver 3) xssor2 4) Xsser-Varbaek 5) Xsser-Epsylon 6) Xenotix #pentesting #ethicalhacking #cybersecurity #CyberSec #we... |
| 2022-04-17 2022 | GitHub - EdOverflow/bugbounty-cheatsheet: A list of interesting payloads, t beginner | Cheatsheet compiling interesting payloads and techniques for bug bounty hunters, emphasizing contributions through the issue tracker and adherence to a Markdown style guide for uniformity. It encourages users to search for existing issues before reporting, advocates for syntax highlighting in code blocks, and suggests specific formatting for titles and subheadings. |
| 2022-04-14 2022 | Favorite tweet by @e11i0t_4lders0n intermediate Burp XSS | Favorite tweet: Burp Extension for XSS Thread 🧵 #bugbounty #bugbountytip #bugbountytips — Tushar Verma 🇮🇳 (@e11i0t_4lders0n) Apr 14, 2022 |
| 2022-04-14 2022 | Favorite tweet by @Jhaddix intermediate AuthZ | Favorite tweet: 🧵Another hacker story thread!🧵 === Penetrating a Porn Site === How I hacked access to the most sensitive areas of a porn site using only low severity vulnerabilities. Here's how I did... |
| 2022-04-09 2022 | Favorite tweet by @Jhaddix intermediate | Favorite tweet: 4/8/22 #bugbountydiary #bugbountytips Everyone is sick in the house but I had some running scans I needed to check up on. I found a SQL injection bug on a blog. Here's how I did it, s... |
| 2022-04-06 2022 | Favorite tweet by @harshbothra_ beginner Recon | Favorite tweet: 14 Payload Repositories to find all the required Payloads & Attack Vectors. 🧵 — Harsh Bothra (@harshbothra_) Apr 1, 2022 |
| 2022-04-06 2022 | Favorite tweet by @hakluke beginner RCE | Favorite tweet: I see people confuse these terms all the time, so I wrote a reference-style blog about it! The difference between code injection, command injection, RCE, remote code execution and rem... |
| 2022-03-23 2022 | Favorite tweet by @imranparray101 beginner API Sec | Favorite tweet: We at @snap_sec recently published a bunch of articles on “Attacking modern web apps” , go check them out. 👇 https://t.co/dwzeO7cGl2 https://t.co/8bpZX25CTL https://t.co/WHT1rreRro ht... |
| 2022-03-19 2022 | Favorite tweet by @NandanLohitaksh beginner Recon | Favorite tweet: Pentest-Book: A collection of some awesome tools or techniques, tricks that might be useful in pentests/bugbounties (by @Six2dez1) #cybersecurity #bughunting #hacking #malware https:/... |
| 2022-03-17 2022 | Favorite tweet by @0xAsm0d3us beginner Recon | Favorite tweet: Pentest-Book: A collection of some awesome tools or techniques, tricks that might be useful in pentests/bugbounties (by @Six2dez1) #cybersecurity #bughunting #hacking #malware https:/... |
| 2022-03-17 2022 | Favorite tweet by @0x1shu beginner Secrets | Favorite tweet: 🧙♂️Git Secrets Leaks Simplified by @sec_r0 ✨ In this flyer, you'll learn about how git works and the reason behind the git secrets leaks. Download the flyer: https://t.co/zMruBpl6c4 ... |
| 2022-03-06 2022 | Favorite tweet by @AnubhavSingh_ beginner Recon | Favorite tweet: Tips and Resources to learn about pentesting 28 Attack Surface by @0xAwali A thread 🧵 ↓ #AppSec #infosec #bugbountytips #Pentesting — Anubhav Singh🇮🇳 (@AnubhavSingh_) Mar 6, 2022 |
| 2022-03-06 2022 | Favorite tweet by @fardeenahmed411 beginner Burp Recon | Favorite tweet: Top 10 essential tools for Bug-Bounty Hunting : 1. Burp Suite / ZAP-Proxy 2. Google Dorking Script 3. DNS-Discovery 4. Reverse IP Lookup 5. Wapiti 6. INalyzer 7. IronWASP 8. Wfuzz 9. ... |
| 2022-03-06 2022 | Favorite tweet by @Sm4rty_ beginner | Favorite tweet: Inspired by @harshbothra_ talk at #IWCON by @InfoSecComm , I finally managed to start a smaller challenge i.e. LEARN101 challenge. I will be posting my daily learning's both over twit... |
| 2022-02-28 2022 | Favorite tweet by @NandanLohitaksh intermediate RCE | Favorite tweet: Top 25 Remote Code Execution (RCE) Parameters 1. ?cmd={payload} 2. ?exec={payload} 3. ?command={payload} 4. ?execute={payload} 5. ?ping={payload} 6. ?query={payload} 7. ?jump={payload... |
| 2022-02-27 2022 | Favorite tweet by @ZAProxyCon beginner Talks | Favorite tweet: You're invited to #ZAPCon 2022! ⚡️ Whether you are just getting started, or have a decade of experience with ZAP, ZAPCon will level-up your AppSec skills. 100% Virtual. 100% Free! 🎟️ ... |
| 2022-01-19 2022 | ZAPCon news Talks | ZAPCon |
| 2022-01-15 2022 | Must-Have Tools For Hacking beginner Recon | Must-Have Tools For Hacking |
| 2022-01-09 2022 | Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com beginner | Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com |
| 2022-01-09 2022 | The Cyber Mentor beginner | The Cyber Mentor |
| 2022-01-03 2022 | BUG BOUNTY HUNTING WITH BURP SUITE beginner Burp | BUG BOUNTY HUNTING WITH BURP SUITE |
| 2021-12-28 2021 | A Summary Of Fancy Attack Injection Methods - Part 1 intermediate | A Summary Of Fancy Attack Injection Methods - Part 1 |
| 2021-12-27 2021 | Awesome Bug Bounty Builder intermediate | Tool that automates the discovery and exploitation of web vulnerabilities. It integrates a vast array of reconnaissance and attack tools such as Amass, Sublister, Gauplus, HTTPX, Sqlmap, Commix, Paramspider, Nuclei, and FFUF. The script provides commands for identifying XSS, SQL injection, LFI, SSRF, file upload bypasses, and header injections, along with guidance on WAF bypassing techniques and token extraction. |
| 2021-12-26 2021 | 2014 06 25 minimal viable program intermediate | 2014 06 25 minimal viable program |
| 2021-12-09 2021 | TryHackMe: A Beginners Guide to Getting Started beginner | Platform offering hands-on cybersecurity education through gamified challenges and virtual rooms. Users can learn specific skills via "Rooms" or follow structured "Learning Paths" composed of "Modules." Features include vulnerable "Networks" like Throwback, Holo, and Wreath, and competitive "King of the Hill" challenges. The platform uses a points and ranking system, with both free and premium tiers available. |
| 2021-12-06 2021 | Hakluke: Creating the Perfect Bug Bounty Automation intermediate | Library for building bug bounty automation frameworks, detailing iterations from simple Bash scripts to a Django application utilizing PostgreSQL and RabbitMQ. This framework enables efficient data storage, modular vulnerability detection through custom management commands, and horizontal scaling with worker instances, inspired by the development of tools like Interlace for concurrent task execution. → labs.detectify.com |
| 2021-11-26 2021 | BBRE Premium intermediate | Membership offers bi-weekly articles with hacking tips, tool tutorials, and career advice for bug bounty and web application security professionals. Subscribers gain access to a complete archive of past issues, a private Discord community for collaboration, and hands-on labs for replicating vulnerabilities. The content focuses on advanced offensive security techniques, not OWASP Top 10 basics, and is ideal for those who lack time to comb through conference talks and disclosed write-ups. A 30-day money-back guarantee is included. |
| 2021-11-24 2021 | Install Nuclei beginner Recon | Tool for high-performance vulnerability scanning, Nuclei uses simple YAML templates for custom detection scenarios, minimizing false positives through real-world simulation. It supports numerous protocols including HTTP, DNS, and TCP, integrates with CI/CD pipelines, and offers extensive filtering and output options. Installation requires Go version 1.24.2 or later. |
| 2021-11-21 2021 | HTB: BountyHunter intermediate Recon | Tool for exploiting XXE vulnerabilities, demonstrated on the HTB: BountyHunter machine. This writeup details how to leverage an XXE flaw in an XML parsing script to read sensitive files like `/etc/passwd` and PHP configuration files. The exploit allows initial shell access, leading to privilege escalation via Python `eval` injection in a root-owned ticket validation script. |
| 2021-11-13 2021 | Web Attack Cheat Sheet intermediate API Sec SQLi XSS | Library of web attack techniques and resources, covering enumeration, scanning, payloads, and bypasses for vulnerabilities such as SSRF, XXE, OAuth, SQLi, XSS, Path Traversal, LFI, SSTI, HTTP/SMTP Header Injection, and deserialization. It includes links to tools for ASN lookup, favicon-based IP discovery, CDN IP range identification, and discovering origin IPs for Cloudflare-protected sites. The library also references methods for subdomain enumeration and broader attack surface discovery through various data sources and active reconnaissance. |
| 2021-11-10 2021 | Penetration Testing : Report Writing intermediate | Guide to penetration testing report writing, inspired by OWASP RailGoat. It structures the report process from template creation and findings documentation to executive summaries, attack summaries, optional components, and finalization. Key sections covered include executive summaries, attack walkthroughs, findings with remediation, and value-adds such as graphical analysis and chained issue summaries. The guide references sample reports from public repositories like `juliocesarfort/public-pentesting-reports`. |
| 2021-11-02 2021 | https://bughuntr.io/ beginner | https://bughuntr.io/ |
| 2021-10-28 2021 | Haklukes Guide to AmassHow to Use Amass More Effectively for Bug Bounties intermediate Recon | Haklukes Guide to AmassHow to Use Amass More Effectively for Bug Bounties |
| 2021-10-25 2021 | Bug Bounty Playbook 2 beginner | Bug Bounty Playbook 2 |
| 2021-10-04 2021 | 10 Types of Web Vulnerabilities that are Often Missed intermediate IDOR SQLi SSRF XSS | Reference outlining 10 web vulnerabilities often missed by security testers, including HTTP/2 Smuggling exploiting HTTP/1.1 desyncs, XXE via Office Open XML parsers in document uploads, SSRF through XSS in PDF generators by leveraging headless browser execution, and XSS via SVG file uploads. The entry highlights techniques and considerations for discovering these less-common but impactful attack vectors. → labs.detectify.com |
| 2021-09-15 2021 | My Favorite Pentest Tools (Top 15) intermediate Recon | My Favorite Pentest Tools (Top 15) |
| 2021-09-10 2021 | IAM Vulnerable - An AWS IAM Privilege Escalation Playground beginner AuthZ | Library for AWS IAM privilege escalation, IAM Vulnerable, uses Terraform to deploy over 250 intentionally vulnerable IAM resources. This playground facilitates hands-on practice for identifying and exploiting common AWS misconfigurations, including assume-role chains, building upon research from Spencer Gietzen and Gerben Kleijn. It supports 31 unique privilege escalation test cases, with options for both free and non-free AWS resources to simulate various attack vectors. |
| 2021-09-07 2021 | Automating Authorization Testing: AuthMatrix Part 1 intermediate AuthZ | Tool for automating authorization testing, AuthMatrix enables comprehensive security assessments by systematically verifying access controls across applications. This method goes beyond basic penetration testing, focusing on the granular evaluation of user permissions and potential privilege escalation vulnerabilities. → whiteoaksecurity.com |
| 2021-09-07 2021 | AWS Security for Noobs beginner | AWS Security for Noobs |
| 2021-08-30 2021 | Hakluke's huge list of resources for beginner hackers beginner Recon | Library: This catalog entry lists curated resources for beginner hackers, covering bug bounty hunting and penetration testing. It highlights platforms like Pentesterlab, Portswigger labs, Tryhackme, Hackthebox, Kontra, Hacker101.com, and Vulnhub for hands-on learning. The entry also recommends YouTube channels and Twitter accounts from established cybersecurity professionals, and lists blogs and write-up platforms such as Hackerone Hacktivity, Crowdstream, and Intigriti for exploring disclosed vulnerabilities and methodologies. → labs.detectify.com |
| 2021-08-21 2021 | The Scariest Things We Saw at Black Hat 2021 news Talks | The Scariest Things We Saw at Black Hat 2021 |
| 2021-07-28 2021 | Chaining password reset link poisoning IDOR and information leakage to achieve account takeover at api.redacted.com advanced AuthZ IDOR | Researchers successfully exploited a critical vulnerability on api.redacted.com, achieving account takeover. The attack involved chaining three distinct vulnerabilities: password reset link poisoning, an Insecure Direct Object Reference (IDOR), and information leakage. By combining these weaknesses, an attacker could potentially gain unauthorized access to user accounts. The content does not mention a specific bug bounty payout amount. |
| 2021-07-19 2021 | Finding And Exploiting S3 Amazon Buckets For Bug Bounties intermediate | This content likely discusses how security researchers can find and exploit misconfigured Amazon S3 buckets as part of bug bounty programs. The focus would be on identifying publicly accessible or improperly permissioned buckets that may contain sensitive data or be vulnerable to unauthorized access. Successful exploitation could lead to bug bounty payouts, though specific amounts are not mentioned in the provided title. The core idea is leveraging S3 misconfigurations for bug bounty hunting. |
| 2021-07-19 2021 | Top 11 extensions to turn your browser into an advance hacking tool intermediate Burp | This content lists eleven browser extensions that can transform a user's browser into an advanced hacking tool. The article highlights tools for various cybersecurity tasks, implying a focus on offensive security capabilities. No specific payout amounts are mentioned in relation to these extensions. |
| 2021-07-01 2021 | AWS Pen-Testing Laboratory : Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet intermediate Recon | This content describes an AWS-based penetration testing laboratory. It features a Kali Linux instance accessible via SSH and WireGuard VPN. This setup allows users to practice pentesting against vulnerable instances hosted within a private subnet. The lab provides a controlled environment for security professionals and learners to develop and test their skills. No specific bug bounty payout amounts are mentioned in the provided text. |
| 2021-06-30 2021 | Web-Application-Pentest-Checklist intermediate API Sec Recon | This document is a comprehensive checklist designed for web application penetration testing. It outlines various areas and techniques to thoroughly assess the security of web applications. The checklist covers crucial aspects such as reconnaissance, vulnerability scanning, authentication and authorization testing, session management, input validation, business logic flaws, and API security. It serves as a systematic guide for pentesters to ensure no critical security weaknesses are overlooked during an engagement, promoting a structured and effective testing methodology. |
| 2021-06-28 2021 | This Is How I Hacked My Neighbors Computer intermediate | The provided content, "This Is How I Hacked My Neighbors Computer," is a title that suggests a technical guide or personal account of exploiting a neighbor's computer. However, without the actual content, it's impossible to know the methods used, the success of the hack, or any details about potential vulnerabilities or payouts. The title itself does not state any bug bounty payout amounts. |
| 2021-06-14 2021 | Intro to Bug Bounty Hunting and Web Application Hacking beginner | This content introduces bug bounty hunting and web application hacking. It explains the fundamentals of identifying vulnerabilities in web applications, a crucial skill for security professionals and ethical hackers. The goal is to discover and report security flaws, often rewarded with bounties for valid findings. The text provides a foundational understanding of how to approach this field, setting the stage for learning more advanced techniques in identifying and exploiting web application weaknesses. |
| 2021-05-23 2021 | Bug Bounty Bootcamp beginner | Book detailing bug bounty hunting from fundamentals to advanced techniques, including Cross-Site Scripting, API hacking, and the use of fuzzers. It offers step-by-step instructions for finding and reporting vulnerabilities, developing testing methodologies, and navigating bug bounty platforms, making it a comprehensive resource for beginners and experienced security professionals alike. |
| 2021-05-18 2021 | If you find powerful OXML XXE tool? it’s “DOCEM” intermediate XXE | The content shares a tool called "DOCEM" for XXE testing, which is more convenient than manually working or using previously available tools. It aims to assist in finding a powerful OXML XXE tool for testing purposes. |
| 2021-05-17 2021 | How to discover up to 10,000 subdomains with your own tool | by _Y000_ | In intermediate | The content discusses creating a tool using bash to discover up to 10,000 subdomains. The tool's development involves programming tasks in bash and breaking them down into parts for better understanding and implementation. → infosecwriteups.com |
| 2021-05-11 2021 | VPS-web-hacking-tools beginner Recon | Library for automatically installing web hacking and bug bounty tools on Debian, Kali Linux, Linux Mint, and Ubuntu VPS. Supports both direct installation via an installer script and a Docker image for containerized use. Includes tools such as Corsy and CORScanner. Users are advised to configure tools for effective subdomain enumeration and to use them only on authorized targets. |
| 2021-05-10 2021 | nOtWASP bottom 10: vulnerabilities that make you cry beginner | Reference to the nOtWASP Bottom 10 highlights vulnerabilities often found in security reports that are impractical, misunderstood, or outdated. This list includes issues like overly strict session timeouts that annoy users, trivial information disclosures such as "Server: Apache" banners, and CSV injection vectors that require multiple user interactions. It also covers obsolete XSS techniques, unnecessary security headers like CSP on simple pages, tabnabbing, the overzealous application of httponly cookie flags, and vulnerable software version reporting without exploit validation. → portswigger.net |
| 2021-05-06 2021 | CVE-2019-15515 Detail news | Reference to CVE-2019-15515 provides advisories and solutions related to the vulnerability. Links are provided to external websites that may contain additional information, tools, or commercial products. NIST does not necessarily endorse the views or facts presented on these external sites. |
| 2021-05-04 2021 | Web App #Penetration Testing for Beginners: beginner Recon | This content is a title for a guide on web application penetration testing aimed at beginners. It suggests a resource that will introduce fundamental concepts and methodologies for testing the security of web applications. The title implies a focus on practical, introductory-level techniques and knowledge, making it accessible for individuals new to the field of cybersecurity and penetration testing. |
| 2021-04-13 2021 | Analysing JavaScript Files For Bug Bounty Hunters | by Thexssrat | Apr, 202 beginner | The content discusses the importance of analyzing JavaScript files for bug bounty hunters. It raises the question "What is JS even?" implying a deeper exploration into the significance of JavaScript in bug hunting activities. The article likely delves into the role of JavaScript in identifying vulnerabilities, understanding its impact on web security, and providing insights for bug bounty hunters on how to effectively analyze JavaScript files to uncover potential bugs and security flaws. |
| 2021-04-10 2021 | Intro to Bug Bounty Automation (pt.2): Port Scanning with Slack | InfoSec W intermediate | The content discusses using Slack as a communication channel for delegating tasks like port scanning, even though Slack itself cannot perform port scans. It highlights the importance of utilizing automation tools and platforms like Slack to streamline bug bounty processes and improve efficiency in cybersecurity tasks. → infosecwriteups.com |
| 2021-04-10 2021 | $10000 Facebook SSRF (Bug Bounty) | by Amine Aboud | Medium intermediate SSRF | Amine Aboud discovered a $10,000 blind Server-Side Request Forgery (SSRF) vulnerability on Facebook through a combination of subdomain enumeration, file bruteforcing, and code review. This bug bounty success showcases the importance of thorough testing and review processes in identifying critical security flaws. |
| 2021-04-04 2021 | GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of reso beginner | Library of curated web hacking tools, tips, and resources for bug bounty hunters. It covers basics, blog posts, talks, setup, tools, labs, vulnerability types, mobile hacking, coding, scripting, media, and mindset. |
| 2021-03-07 2021 | GitHub - theinfosecguy/QuickXSS: Automating XSS using Bash intermediate XSS | Tool for automating XSS discovery, integrating waybackurls, gau, gf, and dalfox. QuickXSS simplifies setup with `pip install quickxss` or `pipx install quickxss` and an auto-installation script for dependencies. Scans can be performed with basic commands, blind XSS callbacks via `-b`, or custom output naming using `-o`. It also supports Docker builds and integration tests with pytest. |
| 2021-03-05 2021 | nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for beginner | Library providing a curated collection of web hacking tools, tips, and resources for aspiring bug bounty hunters. It categorizes essential information including basic concepts, blog posts, talks, books, setup guides, tools, testing environments, vulnerability types, mobile hacking techniques, coding and scripting advice, media resources, and mindset guidance. The repository also links to Live Recon VODs featuring top bug bounty hunters and encourages community engagement via NahamSec's Discord. |
| 2021-02-24 2021 | Top 10 web hacking techniques of 2020 beginner | Survey of top 10 web hacking techniques from 2020, highlighting advancements in WAF evasion with malformed chunk techniques, deep attacks on MS Exchange Web Interfaces, RCE via ImageMagick, unauthenticated RCE on MobileIron MDM, SSL client authentication bypass via header underscores, IP fragmentation for NAT slipstreaming, SNI injection for internal service exploitation, exploiting secondary contexts in web applications, PDF parser manipulation for data exfiltration, and H2C smuggling for request tunneling. → portswigger.net |
| 2021-02-21 2021 | Noob’s Basic JSON web Token Exploit Guide | by Circle Ninja | Bug Bounty Hu beginner | The content is a guide for exploiting JSON web tokens, aimed at beginners. It is written by Circle Ninja and is part of Bug Bounty Hu. The guide likely covers basic techniques and strategies for manipulating JSON web tokens for security testing purposes. |
| 2021-02-21 2021 | 002: Uncle Rat's Bug Bounty Guide beginner | The content is titled "002: Uncle Rat's Bug Bounty Guide." It appears to be a guide related to bug bounty programs. The guide may provide information and tips on how to participate in bug bounty programs, which involve finding and reporting security vulnerabilities in software or websites in exchange for rewards. Uncle Rat's Bug Bounty Guide likely offers insights and strategies for individuals interested in bug hunting as a way to contribute to cybersecurity and earn rewards for identifying vulnerabilities. |
| 2021-02-17 2021 | Finding My First Bug: HTTP Request Smuggling intermediate | The content describes the author's first bug discovery, which was related to HTTP Request Smuggling. The bug was reported and resulted in a bounty reward of $200. |
| 2021-02-17 2021 | HTTP Request Smuggling: A Primer beginner | The content provides an introduction to HTTP request smuggling, explaining its basics and offering guidance on self-protection. It aims to educate readers on understanding this vulnerability and taking measures to safeguard against potential risks. |
| 2021-02-16 2021 | A ffuf Primer | Daniel Miessler beginner | Tool, ffuf, is a flexible CLI-based web attack utility written in Go, often compared to Burp Intruder on the command line. It excels at fuzzing by injecting input from wordlists into various parts of a web application, including URLs, GET parameters, and POST data. ffuf can emulate tools like Dirbuster and even perform password guessing, making it a versatile addition to a web tester's toolkit, especially when combined with curated wordlists like those found in RobotsDisallowed. → danielmiessler.com |
| 2021-02-08 2021 | BugBountyHunting.com - The Bug Bounty Writeups Search Tool beginner | BugBountyHunting.com is a platform that gathers writeups, resources, and content on bug bounty hunting to aid quick access. It aims to assist beginners in web application security by providing valuable information on bug bounty hunting. |
| 2021-01-24 2021 | WebApp Security CTF: [Dec 11–15] - Pwning under 5 mins intermediate | Learn how to quickly solve the WebApp Security Capture The Flag (CTF) challenge taking place from December 11 to 15 in under 5 minutes. |
| 2020-05-31 2020 | r/Hacking_Tutorials - Remote Code Execution explained with real life bug bounty reports intermediate RCE | The Reddit post on r/Hacking_Tutorials discusses Remote Code Execution with real-life bug bounty reports. It has received 36 votes but no comments yet. The content likely delves into the explanation of Remote Code Execution vulnerabilities using examples from bug bounty reports to provide practical insights and guidance on this hacking technique. |
| 2020-05-30 2020 | Security Tools | Curated list of security tools for Hackers & Builders! beginner | Library of curated security tools for hackers and builders. It includes CDK for container penetration and Kubernetes cluster takeover, Kubernetes Goat for hands-on learning, KubeHound for visualizing Kubernetes attack paths, and aws-security-viz for EC2 security group visualization. GuardDog identifies malicious PyPI and npm packages, while Unfurl extracts and visualizes data from URLs. Stratus Red Team emulates cloud attack techniques, and TrashEmail offers disposable email addresses via Telegram. Terrascan detects IaC compliance violations, StreamAlert analyzes real-time data, and TerraGoat demonstrates Terraform configuration errors. Semgrep is a static analysis tool for code security, Cartography maps infrastructure assets, and TruffleHog discovers secrets. |
| 2020-03-21 2020 | Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018) beginner | Reference notes from Jason Haddix's "The Bug Hunters Methodology v3(ish)" talk detail reconnaissance techniques. This includes discovering IP space via ASN lookups, ARIN/RIPE queries, and reverse WHOIS tools like reverse.report. Methods for finding new brands and TLDs involve analyzing acquisitions and utilizing Burp Suite's spider functionality. For subdomain discovery, the notes highlight scraping techniques using sources like crt.sh and DNSDB, recommending tools such as Amass and Subfinder, and exploring subdomain brute-forcing with Massdns. |
| 2020-03-19 2020 | Bug Bounty Hunting Tips #4 — Develop a Process and Follow It - Craig Hays beginner | The key point of the content is that having a structured process is crucial for success in bug bounty hunting. Random searching without a clear methodology can lead to failure. Developing and following a systematic approach is essential for effective bug hunting. |
| 2020-02-14 2020 | Samesite by Default and What It Means for Bug Bounty Hunters intermediate CSRF XSS | Analysis of SameSite=Lax cookie attribute default for bug bounty hunters, detailing its impact on Clickjacking, Cross-Site Script Inclusion (XSSI), JSONP Leaks, Data Exfiltration, XSLeaks, CORS Misconfigurations, Cross-Site WebSocket Hijacking, and XSS exploits that rely on cross-origin authenticated requests. The shift in default behavior, as implemented in Chrome 80, reduces the effectiveness of these vulnerabilities by preventing cookies from being sent in many cross-origin contexts. |
| 2020-01-19 2020 | Bug Bounty Toolkit - BugBountyHunting - Medium beginner | The content titled "Bug Bounty Toolkit" on BugBountyHunting's Medium page was last updated on January 17, 2021. |
| 2019-12-29 2019 | Bug Bounty — Tips / Tricks / JS (JavaScript Files) beginner | The content discusses the beginning of a bug bounty journey in August, where the author reached out to Gerben Javado with a basic question. The focus seems to be on bug bounty tips, tricks, and JavaScript files. The content likely delves into strategies for finding and reporting bugs, possibly emphasizing the importance of JavaScript files in identifying vulnerabilities. |
| 2019-12-03 2019 | GitHub - arkadiyt/bounty-targets-data: This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports beginner | Library containing hourly-updated data dumps of bug bounty platform scopes from Hackerone, Bugcrowd, Intigriti, Federacy, and YesWeHack. This resource offers lists of in-scope domains, including both direct and wildcard entries, to assist security researchers in identifying targets eligible for vulnerability reports. The data is refreshed every 30 minutes, and the generation code is available in a separate repository. |
| 2019-11-17 2019 | Understanding the full potential of sqlmap during bug bounty hunting intermediate SQLi | The content discusses leveraging sqlmap, a tool for exploiting SQL injection vulnerabilities, in bug bounty hunting. It highlights using offensive website security techniques and ethical hacking practices to identify and report security flaws. By understanding the full potential of sqlmap, bounty hunters can efficiently uncover vulnerabilities and earn rewards for responsibly disclosing them. The focus is on utilizing sqlmap effectively within bug bounty programs to enhance cybersecurity measures and protect websites from potential threats. |
| 2019-11-12 2019 | amass — Automated Attack Surface Mapping | Daniel Miessler intermediate | Tool for automated attack surface mapping, `amass` gathers information across multiple dimensions, leveraging various input sources like DNS enumeration, scraping from search engines (Baidu, Bing, Google), certificate transparency logs (Censys, Crtsh), APIs (Shodan, VirusTotal), and web archives. Its modules include `intel` for information gathering, `enum` for attack surface mapping, `viz` for visualization, `track` for historical data, and `db` for database manipulation. Examples showcase finding organizations via `-org` and discovering domains within CIDR ranges using `-cidr`. → danielmiessler.com |
| 2019-10-03 2019 | jobertabma/relative-url-extractor: A small tool that extracts relative URLs intermediate | Tool that extracts relative URLs from minified JavaScript and other files by accepting STDIN input. It aids reconnaissance by surfacing potential targets for security researchers and bug bounty hunters, especially in complex frontend pipelines. The `--show-line` flag includes line excerpts for context. |
| 2019-10-03 2019 | GitHub - nahamsec/JSParser beginner | Library for parsing relative URLs from JavaScript files using Python 2.7, Tornado, and JSBeautifier. This tool aids in discovering AJAX requests during security research and bug bounty hunting, facilitating tasks like those demonstrated in IDOR and SSRF vulnerability analyses. It includes support for the safeurl library and can be installed and run via `setup.py` and `handler.py`. |
| 2019-09-07 2019 | How a Scottish schoolboy who failed computing makes millions hacking beginner | Writeup profiling Mark Litchfield, an ethical hacker who failed his computing A-level but now earns millions by finding and reporting vulnerabilities to companies like Yahoo! and Google through platforms like HackerOne. The profile details his self-taught journey, his motivation being financial reward, and contrasts his success with the risks of criminal hacking, noting how major breaches like Equifax highlight the importance of bug bounty programs. |
| 2019-08-30 2019 | GitHub - fransr/bountyplz: Automated security reporting from markdown templ beginner | Library for automated security reporting, supporting HackerOne and Bugcrowd. This tool creates draft reports from Markdown files, handling attachments, inline images, assets, weaknesses, and severity, including 2FA support. It parses Markdown frontmatter for report attributes like severity, weakness, and asset, and automatically uploads referenced images and videos. Reports are modified to prevent duplicates, with a force option available for re-submission. |
| 2019-08-30 2019 | GitHub - ZephrFish/BugBountyTemplates: A collection of templates for bug bo beginner | Library of Markdown templates simplifies bug bounty report writing, offering solutions for various reporting needs. "Blank.md" provides guidance for detailed vulnerability documentation, "HeadersOnly.md" offers quick scaffolding for experienced researchers, and "short.md" is ideal for straightforward findings. "Example.md" serves as a reference for well-written reports, while specialized templates like "SSRF.md" and "API.md" cater to specific vulnerability types such as Server-Side Request Forgery and API flaws including BOLA and IDOR. The collection also includes guidance on essential elements like screenshots, HTTP requests, and impact demonstration, alongside common pitfalls to avoid. |
| 2019-08-30 2019 | Bug Bounty POC - All Bug Bounty POC write ups by Security Researchers. intermediate | The content features Bug Bounty POC (Proof of Concept) write-ups created by security researchers. These write-ups likely detail the discovery and demonstration of security vulnerabilities found through bug bounty programs. The information shared in these write-ups can be valuable for understanding the security landscape, learning about vulnerabilities, and improving cybersecurity practices. |
| 2019-08-29 2019 | List of bug bounty writeups intermediate | The content is a list of bug bounty writeups. It likely includes detailed accounts of security vulnerabilities discovered by individuals participating in bug bounty programs. These writeups typically outline the steps taken to identify and exploit the bugs, as well as the impact of the vulnerabilities. Readers can learn from these writeups to improve their own security practices and understand common vulnerabilities. |
| 2019-08-29 2019 | GitHub - ngalongc/bug-bounty-reference: Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature intermediate | Reference catalog of bug bounty write-ups, categorized by vulnerability type. This resource compiles publicly disclosed reports covering common exploits such as XSS, SQL Injection, RCE, XXE, IDOR, CSRF, and brute force attacks. Specific examples include write-ups on vulnerabilities in Uber, Google, Facebook, Yahoo, and eBay, detailing techniques like Relative Path Overwrite, authentication bypass, and various code execution methods. |
| 2019-08-29 2019 | List of bug bounty writeups · Pentester Land intermediate | The content is a list of bug bounty writeups available on Pentester Land. These writeups likely detail successful bug bounty submissions, showcasing vulnerabilities found in various systems and applications. Readers can learn from these examples to improve their own bug hunting skills and understand common security flaws. Bug bounty programs offer rewards to ethical hackers who discover and report vulnerabilities, benefiting both the security of systems and the researchers who participate. |
| 2019-08-28 2019 | The Bugs Are Out There, Hiding in Plain Sight advanced | The content discusses the challenging nature of bug bounty hunting, emphasizing that success in this field requires years of experience. The top hunters have honed their skills over time, making it difficult for newcomers to achieve the same level of success quickly. Bug bounty hunting is portrayed as a field that demands dedication and expertise to excel. |
| 2019-08-28 2019 | Bug Hunting Methodology from an Average Bug Hunter intermediate | The content discusses bug hunting methodology, addressing common industry questions about how bugs are sought out. It aims to provide insights into the process followed by bug hunters. |
| 2019-08-27 2019 | Finding Hidden API Keys & How to use them beginner | The content provided is too brief to summarize as it only contains a greeting. If you can provide more information or context, I would be happy to help summarize it for you. |
| 2019-08-25 2019 | Bug Bounty Forum beginner | Bug Bounty Forum is a community of over 150 security researchers who collaborate and share information. |
| 2019-08-24 2019 | Cookie worth a fortune | I'm Gaurav Narwani intermediate | Writeup detailing how to convert a cookie-based Cross-Site Scripting (XSS) vulnerability into a Reflected XSS. The technique involves manipulating the `redirect` parameter to set a `redirectTo` cookie containing an XSS payload, followed by a second request to the login page without the `redirect` parameter, causing the application to execute the payload from the cookie. This process is demonstrated through a case study on a three-tier web application, illustrating the steps via HTTP requests and analyzing source code, and concludes with a CSRF Proof-of-Concept to automate the exploit. |
| 2019-08-21 2019 | The Bugs Are Out There, Hiding in Plain Sight advanced | The content discusses the challenging nature of bug bounty hunting, highlighting that success in this field requires years of experience. It emphasizes that top bug hunters have honed their skills over time, indicating that expertise is crucial for success in this specialized area. |
| 2019-08-21 2019 | Bug Hunting Methodology from an Average Bug Hunter intermediate | The content discusses bug hunting methodology from the perspective of an average bug hunter. It addresses common industry questions about bug hunting approaches and strategies. The post aims to provide insights into how bug hunters search for bugs and their methodologies. |
| 2019-08-20 2019 | Automated monitoring of subdomains for fun and profit — Release of Sublert intermediate | "Sublert" is a tool released for automated monitoring of subdomains for bug bounty programs. The bug bounty industry is rapidly growing, leading to fierce competition among programs. Sublert aims to assist in identifying security vulnerabilities in subdomains, potentially leading to financial rewards for bug hunters. |
| 2019-06-24 2019 | What I have learn in my first month of Hacking and Bug Bounty beginner | The content discusses the author's experiences and lessons learned in their first month of hacking, bug bounty programs, programming, and available resources like CIFs. The post aims to share insights and knowledge gained in these areas. |
| 2019-04-13 2019 | enaqx/awesome-pentest: A collection of awesome penetration testing resource beginner | Library enaqx/awesome-pentest offers a curated collection of resources for penetration testing and offensive cybersecurity. It categorizes tools and guides for various domains including Android Utilities, Web Exploitation, Anti-virus Evasion Tools like AVET and Veil, and extensive book references such as "Black Hat Python" and "The Art of Exploitation." The library also lists exploit development tools, network scanners, and collaboration frameworks, providing a comprehensive reference for security professionals. |
| 2019-04-10 2019 | Spokeo Bug bounty Experience beginner | The content discusses the author's experience reporting an XSS bug in Spokeo's bug bounty program. |
| 2019-03-21 2019 | Source code disclosure via exposed .git folder · Pentester Land intermediate | Tutorial on identifying and exploiting exposed `.git` folders on web applications. This method allows for the reconstruction of source code, potentially revealing critical vulnerabilities such as hardcoded credentials or new endpoints. The process involves domain enumeration using tools like Amass or Sublist3r, followed by forced browsing with tools like dirsearch to detect `.git` directory exposure, and automated extraction of repository contents using GitTools. Analyzing the retrieved source code can lead to significant bug bounty payouts, as seen in reports from vendors like Grabtaxi and Boozt Fashion. |
Frequently Asked Questions
- How do I get started in bug bounty?
- Start by learning common vulnerability classes (XSS, IDOR, SSRF) through platforms like PortSwigger Web Security Academy and HackTheBox. Create accounts on HackerOne and Bugcrowd, begin with programs that have wide scopes and are beginner-friendly, and focus on thorough reconnaissance before testing. Reading disclosed reports is one of the fastest ways to learn what works.
- How much can you earn from bug bounties?
- Earnings vary widely. Low-severity bugs may pay $100-$500, medium $500-$5,000, high $5,000-$20,000, and critical findings $20,000-$100,000+. Top researchers earn six figures annually. Consistency and skill matter more than volume — one well-researched critical finding outweighs dozens of low-severity reports.
- What makes a good bug bounty report?
- A good report includes a clear title, step-by-step reproduction instructions, the security impact explained in business terms, proof of concept (screenshots, HTTP requests, or video), affected endpoints, and suggested remediation. Reports should be concise, professional, and demonstrate that the vulnerability was not pushed beyond what was necessary to prove impact.
Weekly AppSec Digest
Get new resources delivered every Monday.