Scribd Logo
Upload

Welcome to Scribd!

  • How To Get Started Into Bugbounty

    Uploaded by

    Ritik Bansal
    46 views8 pages
    This document provides a beginner's guide to getting started with bug bounty hunting. It discusses what bug bounty programs are, the necessary skills which include web penetration testing knowledge and a programming language. It provides resources for learning about common vulnerabilities, tools, blogs, cheat sheets and training labs. It also offers tips for participating in bug bounty platforms, writing effective vulnerability reports and using google dorks to find private bug bounty programs. The guide emphasizes that it takes time to become proficient and find bounties, requiring patience.

    Original Description:

    Original Title

    How to Get Started Into Bugbounty

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a beginner's guide to getting started with bug bounty hunting. It discusses what bug bounty programs are, the necessary skills which include web penetration testing knowledge and a programming language. It provides resources for learning about common vulnerabilities, tools, blogs, cheat sheets and training labs. It also offers tips for participating in bug bounty platforms, writing effective vulnerability reports and using google dorks to find private bug bounty programs. The guide emphasizes that it takes time to become proficient and find bounties, requiring patience.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    46 views8 pages

    How To Get Started Into Bugbounty

    Uploaded by

    Ritik Bansal
    This document provides a beginner's guide to getting started with bug bounty hunting. It discusses what bug bounty programs are, the necessary skills which include web penetration testing knowledge and a programming language. It provides resources for learning about common vulnerabilities, tools, blogs, cheat sheets and training labs. It also offers tips for participating in bug bounty platforms, writing effective vulnerability reports and using google dorks to find private bug bounty programs. The guide emphasizes that it takes time to become proficient and find bounties, requiring patience.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    How to Get Started into

    Bug Bounty
    Complete Beginner Guide
    ( Part 1 Web Pentesting )

    Hello guys, after a lot of requests and questions on topics related


    to Bug Bounty like how to start. I researched a lot for collecting
    best resources for you Bug bounty. I am starting from basic as
    prerequisites to tips and labs along with report writing skills. I
    have also included some of my personally recommend tips.

    Let’s get started 🔥🔥

    Linkedin ID – Sandeep Kumar www.hackittech.com


    Hacking is now an accepted profession in which He/She can earn
    an honest and decent living. Not only are there many pen testing
    jobs within organizations, providing these “startup” hackers with
    a place to legitimately fine-tune those skills and abilities , but we
    also have a new breed of testing –Bug Bounties.

    1) What is Bug Bounty ?

    Let me explain you in a very simple way .. A reward or money


    offred to a person who finds the bugs (error) or vulnerability in a
    website or computer program and report it to the company in a
    responsible way.

    2) What you need to know before starting a bug


    bounty program

     Scope - *.example.com
     Focus - payment processing
     Exclusions - 3rd party sites
     Organization-wide awareness
     Environment - prod vs staging
     Access - shared credentials or self-signup
     Decide - Private or Public?

    Learn - Internet, HTTP, TCP/IP , Networking ,Command-line,

    Linkedin ID – Sandeep Kumar www.hackittech.com


    Linux , Web technologies, java-script, PHP, java ,

    At least 1 programming language

    3) Skills required to be a bug bounty hunter


    Some of the key areas to focus that are part of OWASP Top 10
    which are:
    o Information gathering
    o SQL Injection
    o Cross-Site Scripting (XSS)
    o Server Side Request Forgery (SSRF)
    o Local & Remote file inclusion
    o Information Disclosure
    o Remote Code execution (RCE)
    After understanding these vulnerabilities you can begin reading
    others reports ,POCs on the bug bounty platforms like Hackerone
    to figure out the common testing techniques.

    Tip – Go for Owasp testing Guide

    [Version 4.2] - 2020-12-03 - Download the v4.2 PDF here

    4) Resources
    Writeup – Pentester.land
    Infosecwriteups.com

    Linkedin ID – Sandeep Kumar www.hackittech.com


    Daily news – Portswigger daily

    Books - The Web Application Hacker’s Handbook


    Web hacking 101
    Real-world bug hunting

    Usefull Tools - 100 Hacking tools and Resources

    Linkedin ID – Sandeep Kumar www.hackittech.com


    Cheet Sheet –Edoverflow bugbounty cheetsheet
    Gowsundar bug bounty tips

    Labs – Portswigger academy

    Confrences - Blackhat Defcon zeronight

    Youtube Channels for the latest content –


    Nahamsec
    Jhaddix
    Stok
    Codingo
    Red team Village
    The Cyber Mentor
    liveoverflow
    InsiderPhD
    Farah hawa
    Do Subscibe my Youtube Channel Hackittech

    Linkedin ID – Sandeep Kumar www.hackittech.com


    Follow these guys on Twitter -
    [+]nahamsec
    https://twitter.com/NahamSec
    [+]TomNomNom
    https://twitter.com/TomNomNom
    [+]stokfredrik
    https://twitter.com/stokfredrik
    [+]Jensec
    https://twitter.com/_jensec
    [+]cybermentor
    https://twitter.com/thecybermentor
    [+]Harsh Jaiswal
    https://twitter.com/rootxharsh
    [+]Rahul Maini
    https://twitter.com/iamnoooob
    [+]aditya Shende
    https://twitter.com/adityashende17
    [+]Harsh Bothra
    https://twitter.com/harshbothra_

    Linkedin ID – Sandeep Kumar www.hackittech.com


    5) Bug Bounty Program:
     Open For Signup

     Hackerone

     Bugcrowd

     hackenproof

     Bugbountyjp

     Intigriti

     Open Bug Bounty

    6) Tips for report writing –

     A detailed description of how the vulnerability is triggered


     Information outlining what happens when it is triggered –
    this helps us know if we’ve reproduced it correctly
     Simple steps to reproduce the vulnerability
     A description of the impact of the vulnerability
    To take it a few steps forward, here’s what makes a great report:

     Details about the specific code causing the vulnerability


     Scripted (Bash, Ruby, etc.) reproduction steps if it makes
    sense for that bug
     For complex bugs, a video can aid understanding, but this
    should not replace the written steps to reproduce

    Linkedin ID – Sandeep Kumar www.hackittech.com
    7) Sample format of the report:
     Vulnerability Name
     Vulnerability Description
     Vulnerable URL
     Payload
     Steps to Reproduce
     Impact
     Mitigation

    8) Looking for more programs using Google Dorks


     inurl:”bug bounty” and intext:”€” and inurl:/security
     intext:bounty inurl:/responsible disclosure
     intext:”BugBounty” and intext:”reward“
     intext:”BugBounty” inurl:”/bounty” and intext:”reward

    9) Some usefull tips –


     Do not expect someone will spoon feed you everything.
     PATIENCE IS THE KEY don’t expect you will get
    bounty in a single day or a month. It take a year to
    master so stay focused.

    Support me if you like my work! Do Subscribe my Youtube


    Channel and Follow me on Instagram.

    Linkedin ID – Sandeep Kumar www.hackittech.com

    You might also like