Bug Hunting

Bug Bounty : A reward given for reporting a security vulnerability.

Bug Bounty Program : Companies or individuals that reward security researchers for reporting security vulnerabilities in their products. This term is commonly abbreviated to "BBP".

Bug Bounty Hunter : An individual that hunts for security issues on bug bounty programs.

Duplicate : A report describing the same issue as a previously submitted report is referred to as a "duplicate". Bug bounty platforms usually allow programs to set the status of a duplicate report to "duplicate" to inform the hunter that the issue has been submitted previously.

Exploit : Exploit is a code that takes advantage of a software vulnerability or security flaw to gain system access.

Full disclosure : When the entire report is publicly disclosed. Bug bounty hunters will usually request public disclosure of their report once the issue has been resolved or a certain number of days have gone by since the initial report.

Payload : Payloads are simple code or scripts that the hunter use to identify vulnerability.

PoC : Abbreviation for proof of concept, a detailed demonstration of a security vulnerability.

Scope : Outlines the rules of engagement for a bounty program. This includes a clearly defined testing parameter to inform researchers what they can and cannot test, as well as the payout range for accepted vulnerabilities.

Target : A target is the thing (web or mobile application, hardware, API) that the crowd test for vulnerabilities.

Vulnerability : A security flaw or weakness found in software or in an operating system (OS) that can lead to security concerns.

Bug Bounty Platforms

Bug Bounty List - All Active Programs in 2020 by Bugcrowd

The Bug Bounty Roadmap

What is Web? :

Programming Languages :

Networking :

Basic Linux Commands :


Local PentestLab Management Script - Bash script to manage web apps using docker and hosts aliases. Made for Kali linux, but should work fine with pretty much any linux distro.


Burp Suite :

Burp Suite is the world's most widely used web application security testing software.

Burp Suite - Application Security Testing Software : https://portswigger.net/burp

Bug Bounty Forum Tool list :

A huge list of tools that can help you with bug bounty researching. (Recon, Exploiting & Scanning, Fuzzing & bruteforcing, Fingerprinting, Decompilers, Proxy plugins, Monitoring, JS Parsing and Mobile Testing)

BugHunter - Tools for Bug Hunting :

Collection of Information Gathering, Mapping, Discovery and Exploitation Tools for Bug Hunting

git clone https://github.com/thehackingsage/bughunter.git cd bughunter chmod +x bughunter.py sudo cp bughunter.py /usr/bin/bughunter bughunter
  • Get Subdomains and IPs and filter them
  • Find Directories or Files (Fuzzing)
  • Webpage and Server Information
  • Open Ports and Services
  • URL and Parameter
  • Use Google, Github, Shodan, Censys, Spyse and Other Search Engines.

Let's Recon (PDF)

Passive Reconnaissance :

Enumeration Tools :

  • Subfinder - Subdomain discovery tool
  • amass - In-depth Attack Surface Mapping and Asset Discovery
  • assetfinder - Find domains and subdomains related to a given domain
  • GetAllUrls - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl
  • Hosthunter - Recon tool for discovering hostnames using OSINT techniques
  • Altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
  • DNSGen - Generates combination of domain names from the provided input
  • massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance
  • httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
  • subjack - Subdomain Takeover tool written in Go
  • GoSpider - Fast web spider
  • Arjun - HTTP parameter discovery suite
  • qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
  • gf - A wrapper around grep, to help you grep for things
  • Linkfinder - A python script that finds endpoints in JavaScript files
  • ffuf - Fast web fuzzer
  • gobustter - Directory/File, DNS and VHost busting tool
  • CeWL - Custom Word List Generator

Some Useful Links for Reconnaissance & Enumeration :

Share :