4 Honest Tips For Success With Bug Bounty Hunting
With over 5,000 vulnerabilities reported on 100+ bug bounty programs and no formal education or training, I'm here to share 4 tips.
I've reported 5,000+ vulnerabilities on 100+ bug bounty programs without any form of formal education or training.
Here are 4 pieces of advice for people trying to get into bug bounty hunting:
1. Start With Responsible Disclosure
Instead of hunting on platforms like:
HackerOne
Intigriti
Bugcrowd
Start by looking for non-intrusive vulnerabilities and report them through the responsible disclosure model on a platform like Open Bug Bounty.
Another option is to start on independent programs that don't have many bug bounty hunters, using Google dorks:
inurl: “security policy”
inurl: “responsible disclosure”
inurl: “report vulnerability”
inurl: “bug bounty”
You can also customise these dorks to look for programs on incredibly specific websites—site:edu inurl:”bug bounty” for example to show all educational websites running bug bounty programs.
2. Avoid Using Loads Of Different Tools
When I was active, I only used 6 tools:
Burp Suite
Amass
Dirsearch
Subjack
Parameth
SQLMap
It's not necessary to use loads of scanners.
Otherwise, It will lead to a lack of understanding with how each tool works.
3. Modify Public Methodology—Don't Copy It
Don't copy other people's methodology or one-liners (like #bugbountytips).
Use it as inspiration to create your own methodology.
Too many people copy and paste what's shared, yielding it ineffective.
4. Rapidly Expand Your Attack Surface
Expand your attack surface by:
Looking for endpoints in JS files
Auditing post-authentication web pages
Bruteforcing multi-level subdomains
Attack surface expansion is severely underrated. It's precisely what helped me find so many vulnerabilities when I was active in this space.
Final Words And Conclusion For You
Finally, I hope that this advice is useful to you if you're interested in this field.
It's some of the most honest and accurate advice that I could come up with when reflecting on my experiences in this field.