0% found this document useful (0 votes)
191 views8 pages

How To Get Started Into Bugbounty

This document provides a beginner's guide to getting started with bug bounty hunting. It discusses what bug bounty programs are, the necessary skills which include web penetration testing knowledge and a programming language. It provides resources for learning about common vulnerabilities, tools, blogs, cheat sheets and training labs. It also offers tips for participating in bug bounty platforms, writing effective vulnerability reports and using google dorks to find private bug bounty programs. The guide emphasizes that it takes time to become proficient and find bounties, requiring patience.

Uploaded by

Ritik Bansal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
191 views8 pages

How To Get Started Into Bugbounty

This document provides a beginner's guide to getting started with bug bounty hunting. It discusses what bug bounty programs are, the necessary skills which include web penetration testing knowledge and a programming language. It provides resources for learning about common vulnerabilities, tools, blogs, cheat sheets and training labs. It also offers tips for participating in bug bounty platforms, writing effective vulnerability reports and using google dorks to find private bug bounty programs. The guide emphasizes that it takes time to become proficient and find bounties, requiring patience.

Uploaded by

Ritik Bansal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

How to Get Started into

Bug Bounty
Complete Beginner Guide
( Part 1 Web Pentesting )

Hello guys, after a lot of requests and questions on topics related


to Bug Bounty like how to start. I researched a lot for collecting
best resources for you Bug bounty. I am starting from basic as
prerequisites to tips and labs along with report writing skills. I
have also included some of my personally recommend tips.

Let’s get started 🔥🔥

Linkedin ID – Sandeep Kumar www.hackittech.com


Hacking is now an accepted profession in which He/She can earn
an honest and decent living. Not only are there many pen testing
jobs within organizations, providing these “startup” hackers with
a place to legitimately fine-tune those skills and abilities , but we
also have a new breed of testing –Bug Bounties.

1) What is Bug Bounty ?

Let me explain you in a very simple way .. A reward or money


offred to a person who finds the bugs (error) or vulnerability in a
website or computer program and report it to the company in a
responsible way.

2) What you need to know before starting a bug


bounty program

 Scope - *.example.com
 Focus - payment processing
 Exclusions - 3rd party sites
 Organization-wide awareness
 Environment - prod vs staging
 Access - shared credentials or self-signup
 Decide - Private or Public?

Learn - Internet, HTTP, TCP/IP , Networking ,Command-line,

Linkedin ID – Sandeep Kumar www.hackittech.com


Linux , Web technologies, java-script, PHP, java ,

At least 1 programming language

3) Skills required to be a bug bounty hunter


Some of the key areas to focus that are part of OWASP Top 10
which are:
o Information gathering
o SQL Injection
o Cross-Site Scripting (XSS)
o Server Side Request Forgery (SSRF)
o Local & Remote file inclusion
o Information Disclosure
o Remote Code execution (RCE)
After understanding these vulnerabilities you can begin reading
others reports ,POCs on the bug bounty platforms like Hackerone
to figure out the common testing techniques.

Tip – Go for Owasp testing Guide

[Version 4.2] - 2020-12-03 - Download the v4.2 PDF here

4) Resources
Writeup – Pentester.land
Infosecwriteups.com

Linkedin ID – Sandeep Kumar www.hackittech.com


Daily news – Portswigger daily

Books - The Web Application Hacker’s Handbook


Web hacking 101
Real-world bug hunting

Usefull Tools - 100 Hacking tools and Resources

Linkedin ID – Sandeep Kumar www.hackittech.com


Cheet Sheet –Edoverflow bugbounty cheetsheet
Gowsundar bug bounty tips

Labs – Portswigger academy

Confrences - Blackhat Defcon zeronight

Youtube Channels for the latest content –


Nahamsec
Jhaddix
Stok
Codingo
Red team Village
The Cyber Mentor
liveoverflow
InsiderPhD
Farah hawa
Do Subscibe my Youtube Channel Hackittech

Linkedin ID – Sandeep Kumar www.hackittech.com


Follow these guys on Twitter -
[+]nahamsec
https://twitter.com/NahamSec
[+]TomNomNom
https://twitter.com/TomNomNom
[+]stokfredrik
https://twitter.com/stokfredrik
[+]Jensec
https://twitter.com/_jensec
[+]cybermentor
https://twitter.com/thecybermentor
[+]Harsh Jaiswal
https://twitter.com/rootxharsh
[+]Rahul Maini
https://twitter.com/iamnoooob
[+]aditya Shende
https://twitter.com/adityashende17
[+]Harsh Bothra
https://twitter.com/harshbothra_

Linkedin ID – Sandeep Kumar www.hackittech.com


5) Bug Bounty Program:
 Open For Signup

 Hackerone

 Bugcrowd

 hackenproof

 Bugbountyjp

 Intigriti

 Open Bug Bounty

6) Tips for report writing –

 A detailed description of how the vulnerability is triggered


 Information outlining what happens when it is triggered –
this helps us know if we’ve reproduced it correctly
 Simple steps to reproduce the vulnerability
 A description of the impact of the vulnerability
To take it a few steps forward, here’s what makes a great report:

 Details about the specific code causing the vulnerability


 Scripted (Bash, Ruby, etc.) reproduction steps if it makes
sense for that bug
 For complex bugs, a video can aid understanding, but this
should not replace the written steps to reproduce

Linkedin ID – Sandeep Kumar www.hackittech.com
7) Sample format of the report:
 Vulnerability Name
 Vulnerability Description
 Vulnerable URL
 Payload
 Steps to Reproduce
 Impact
 Mitigation

8) Looking for more programs using Google Dorks


 inurl:”bug bounty” and intext:”€” and inurl:/security
 intext:bounty inurl:/responsible disclosure
 intext:”BugBounty” and intext:”reward“
 intext:”BugBounty” inurl:”/bounty” and intext:”reward

9) Some usefull tips –


 Do not expect someone will spoon feed you everything.
 PATIENCE IS THE KEY don’t expect you will get
bounty in a single day or a month. It take a year to
master so stay focused.

Support me if you like my work! Do Subscribe my Youtube


Channel and Follow me on Instagram.

Linkedin ID – Sandeep Kumar www.hackittech.com

You might also like