25 | Bug Bounty Hunter & Pentester

Thank you @Bugcrowd
117
23
852
95,793
So many beginners ask what to do after finding subdomains 🧵 1. Do directory search 2. Do Github dork 3. Do google dork 4. FUZZ for params 5. FUZZ for vhosts 6. Find Wayback data (gau, waybackurl) 7. Find javascript files 1/n
105
580
1,687
Thread about hunting on the main application 🧵 1. Check the login process - Do they allow signup with email or Google etc - Do they allow you to signup with the @company email - what is the content-type of the signup/login page - when you enter valid cred, on which page you
1
495
1,214
I watched nahamsec talk, here is my story. How #bugbounty hunting changed my life. I was born in a poor family. Born on 11 sep 2000 in a small village where nobody knows how to use the computer. Even in today 2022 they don't know how to use the computer. 1/n
123
168
1,067
I asked 10+ top bug hunters who made over $500k+ about their secrets. Here’s what they said: 1. They work insanely hard (280+ hrs/month) even after earning millions. 2. They master 1–3 programs deeply. 3. Speed matters. Never break your momentum. 1/n
1
168
975
68,702
Same /accounts/v1/user/{userid} - 401 /accounts/v1/user/{userid}/ - 200
I submitted 5 critical reports in 2 hours due to 2 bugs. 1- The first mistake is when you add slach at the end it will bypass authentication - /api/x/x --- > 401 Unauthorized - /api/x/x/ -- > 200 Ok (2/1) #bugbounty #hackerone
10
51
702
41,803
I gave retirement (afew months ago) to my father at the age of 44 because of a bug bounty. And i wanted to gift him something. Today I bought this for my Father. our 2nd car. Note possible without bug hunting.
1
16
629
Wanna improve your bug hunting 1. Go to @intigriti bug-byte 2. Every bug-byte blog post contains tools section 3. There are 171 bug-byte blogs. 4. Spend 1 or 2 weeks and learn about tools 5. Don't use something because everyone is using it. #bugbountytips #BugBounty
18
156
604
Anyone can follow this, if not finding bugs. Next 3 months plan for you #bugbounty Thread 1/n
58
207
589
So many people ask how to make notes. This is how I take notes. I can't share of course. I am taking notes for 2yrs. If I learn something new I take notes. You can make your notes like this :)
51
99
600
Can't imagine my life without bug hunting. To everyone don't forget where you come from and also respect your parents. Be kind. Have a great day!
23
10
495
[story of September 2021] #bugbounty #bugbountytip This is how I found 40 open redirection in 2 weeks. Bugcrowd accept open redirect as P4🧵 1. I collected all *,main domains 2. Used passive subdomain finding tools to find domains 1/n
22
121
459
I earned $2,000 for my submission on @bugcrowd #ItTakesACrowd It was SQLi. Tip: every time sleep or wait cmd don't work. website also using PostgreSQL DB so use pg_sleep() cmd to confirm SQLi #bugbounty #bugbountytips
16
63
456
I spent 3 hours non-stop teaching bug bounty for FREE on @NahamSec's server. It was a great experience! I showed them how to get started and find bugs quickly things that others charge money for. I'll join you all again someday!
Been 3 Hours Talking About Bug Hunting With @tabaahi_ On @NahamSec Discord Server
24
15
445
31,783
reel: There are millions of bug hunters on platforms. So much competition. No bugs left etc. reality: Less than 500 hunters are making money every month (who do consistently). Less than 5 people in each program are hunting consistently. 1/n
24
84
436
Tip: Try to send `csrftoken=null` or `csrftoken=%00` just found this one.
13
60
442
25,443
By the mercy of Allah, I’ve been blessed through bug hunting with the honour of sending my father for Umrah 🕋🕋 Alhamdulillah. Grateful beyond words.
49
11
430
17,645
Hacking with my friend, bro works like a robot! 🤖 From 2 PM to 6 AM, locked in with just a few breaks to eat and shower. Dude does nothing but hack. Absolute machine! 🔥 He always has something to work on. How do you have so much energy, dude? 👀 What's your routine, guys?
18
19
408
21,169
I am 22y/o now. Happy Birthday to me 🎉❤️🫣
169
4
402
Wanna find bugs before anyone else? #bugbountytip #bugbounty 1. Let's say you have scope,text 2. You run your tools to find domains and save them to subs,text Everyday when you go to sleep run cat scope,txt | domain tools | anew subs,txt | tee -a newly-appear-doman,txt 1/2
18
119
367
Lame bug #bugbountytips If an app uses PHP Laravel and has an endpoint like: GET /api/users/?userid=1234 Try sending: GET /api/users/?userid=-1 It might leak debug info, routes, proxies, API keys. Use it as a gadget and chain with better bugs!
52
366
14,581
Is anyone interested in weekly blog posts from a full-time bug hunter? If so, let me know! I’ll be sharing weekly posts on my Medium account, giving you a glimpse into the ups, downs, and time investment involved in full-time #bugbounty . Comment YES or NO.
139
8
355
22,875
How not to get burnout 🧵(What I do) 1. I don't spend hours on one endpoint/params. If I don't figure out something in 1hr I will move to the next target or endpoint. 2. After awarding each 4-digit bounty, I reward myself. I and my family go somewhere: travel and experience 1/n
15
72
336
I am taking 260 days of hacking & self growth challenge. I will document my journey. My goal is to do bug hunting & more exercise.
21
21
329
Day 1 of #bugbounty260 #bugbounty ## Bug find Reported 2 bugs 😁 ## read 1/n
14
62
328
Once you start treating bug bounty like a business, everything changes. It’s not a side gig. it’s your craft, your company. Show up every day like it’s your business, because it is. 💼
10
24
327
12,292
Reported 10 SQLi 2 triaged and 8 duplicates. Thanks to my friend for teaching me 😊. Just try to use sleep payloads in every request. Still I am noob in SQLi will write about it after approval from the program. #bugbounty
22
19
308
Bug bounty became an addiction. If I’m not finding bugs or not getting paid for pending reports, something inside me snaps. It’s not normal anymore.
27
19
308
16,916
Bug hunting isn’t about luck. It’s about showing up every day, sharpening your skills, and outworking the competition. The more you hunt, the luckier you get. Stay consistent, stay relentless!
14
19
308
9,180
only @Bugcrowd team knows how hard I am pushing my limits, these days. hunting 15-18hr/day. reporting bugs every 3-4hours. This PII leak bug was reported 1hr before and is now triaged. what a triage team.
17
5
298
Long live bug bounty. where skills pay the bills and freedom is the reward.
5
22
297
13,257
Tip for beginner: Learn bug hunting faster 1. Grep all subdomains of point base program 2. Send all domains to burp suite 1/2 #bugbounty #bugbountytips
23
98
284
Doing bug hunting without any goals will lead to burnout, procrastination, etc. Set goals like - traveling - Buying a bike, car, or a new laptop, etc. - moving to a new city Clear your "WHY". When you know WHY you are doing it, You will work for it :)
21
32
268
Starting tomorrow, I will begin a 100-day bug-hunting challenge.
39
12
276
12,670
I heavily use ChatGPT during bug hunting. If a parameter looks weird, I drop it in and boom GPT tells me where it's from. I even upload JS files to get paths, generate wordlists, and skip the boring stuff. Trust me, it's a game changer.
17
16
270
12,342
A few days ago I wrote about my recent finding. Worth $4000. I was not active on Twitter so sharing today #bugbounty link.medium.com/NgItvs6cWpb
5
67
271
Ask me anything. [Only for today]. Also before asking the question, check the comment section. I will not answer the same question more than once.
120
69
264
I reported 2 bug in the morning (10hr ago) and rewarded $1800 in just 10hr after reporting. @Bugcrowd @codingo_ thank you so much. I just want to say @Bugcrowd made my day😍
16
11
259
Recent Bug (Story time) 🐞 Discovered via "?continue=https://privatecompany" that redirects to app.privatecompany and sends the access_token to privatecompany/?access=token. 1/n #bugbounty #bugbountytip #bugbountytips
11
36
260
20,034
If you find hosts like dev, stage, or panel that are only accessible to admin users, try fuzzing to discover hidden endpoints. Also, read the JavaScript files you might find a signup endpoint or an API key that can help you create a user and gain access to the panel.
11
31
265
9,862
How it started
10
6
259
12,633
Just submitted this issue. Scope: *.company subdomain enum Found subdomain\.company subdomain\.company/FUZZ Found /xyz — contains hundreds of entries (internal directory names, file sizes, lastModified timestamps). 🧵 1/n
11
24
253
13,930
Bro, just shut down everything else and spend the next 4 hours working without any breaks. Put on some great music and start completing tasks. you’ll feel 100x better. You don’t need meditation to feel good. Working and getting things done is the real meditation. Thanks! :)
5
17
241
9,297
Full-time bug hunter? Nah. Full-time ChatGPT script kiddie ✅
7
6
242
13,353
reported 1hr before and triaged now. @Bugcrowd ❤️
14
2
236
New to bug hunting? Use this technique with ChatGPT by prompting it to explain how a specific payload works and what happens in the backend. This will help you learn faster and understand things more effectively.
1
22
233
12,474
Big thanks to @ethicxlhuman learned a lot about organizing my workflow from him!
17
7
229
15,509
They’re busy running subdomain enum tools to find assets. I’m hitting the main domain and still uncovering insane stuff.
13
8
234
15,025
After 2yrs of hard work, I bought a new home in the city, a car, and helped my family. Clear bank loan.
1
4
222
what tools do you use to find subdomain, I am currently using amass & subfinder. Want to improve my recon game. comment tools you use to find domains.
53
28
213
My father is 43yrs old and I am 21. We walk everyday for 30-60 minutes. It feels like he never feels tired. Everyday I talk to him about bug bounty, Now he can explain what bug bounty hunting is lol. Also he knows what P1-P4 means 😂
17
4
215
Bug hunters, what's one piece of advice you'd give to your younger self?
26
17
214
44,018
99% of people never reach their prime because they choose comfort over effort and talk more than they act.
4
14
215
6,785
"You're just one request away from financial freedom. That next captured request could be the key to retire your parents, drive your dream car, or buy your dream home. Keep capturing, keep hunting. your breakthrough is one request away!" - @tabaahi_
8
19
209
9,828
if you want to be good at hacking, read all great bug hunters tweet like this. Here I search "ssrf @nnwakelam" so that I can read everything @nnwakelam post about SSRF. It will help you to be great hacker. Don't ask about tips. Use your brain. #bugbountytips #bugbounty
6
57
202
ever tried to Bruteforce for subdomains like: we are trying to find more domains of dev\.example\.com FUZZ\.dev\.example\.com\.dev\.example\.com FUZZ\.dev\.example\.dev\.example\.com FUZZ\.example\.dev\.example\.com FUZZ\.dev\.dev\.example\.com
5
37
202
I think nobody did something like this before, so it might be fun to try. For every like, I'll spend (1 hour X total Like) hunting bugs in a program. Once the challenge is complete, I'll post a write-up detailing how it went. I will start the challenge on 1st May. #bugbounty
8
1
199
17,356
who said old programs are secure? I found P1s on the program, which started in 2019, and hundreds of bugs were already reported.
22
6
195
Ask me anything related to bug bounty, and I will answer on Saturdays and Sundays.
76
9
192
26,235
Always manually review JS files, even if you have tools like Burp's secret finders, jsMiner, whatever js tool. In my case, the tool failed to identify a crucial key, but a manual review revealed it. This key allowed me to generate a session token for the Super Admin.
9
13
198
9,119
"Ask Me Anything" about #bugbounty
87
32
189
In August, I made $$$$$ digits, and then I took a break for a few days to finish watching Game of Thrones. It’s been three days, and now I feel like I don’t know shit about hacking. 😭
18
6
192
9,899
Day 3 of #bugbounty260 #bugbounty ➡️ Bug report / hours of hacking : 0 (recieved $1800 bounty. I have simple rule: when I recieved bounty I take one day break) ➡️ Read 1/n
7
32
182
Day 1/100 Let me know if you like this format or if you have any suggestions for improvement.
18
9
196
7,119
what you use amass enum -passive -df scope.txt | anew subs.txt or cat scope.txt | while read line; do amass enum -passive -d $line | anew subs.txt ;done
11
46
187
Lets give some tip to beginners about XSS. Comment what approach you use to find XSS. include tools. Tag bug hunter who find lots of XSS. Thanks #bugbounty #bugbountytips
17
68
180
So last night, we didn’t sleep and reported 8 bugs. 2 P2s have been triaged, with 0 duplicates. Not VDP 😅
Was about to sleep, but just got an update on my old program new scope added. HMMMM...
18
4
190
13,766
10k ❤️🫶
29
1
184
Day 2 of #bugbounty260 #bugbounty ➡️Bug found 1. 2 business logic 2. One privilege escalation ➡️ Yesterday bug update No reply yet 1/n
11
34
182
Front-end GET /api/users/5200,5233/info BackEnd API POST /internal/backend-api/info Content-Type: application/json {"user-id":[5200,5233]}
wow, Ive actually never seen this. Am i the only one?
4
22
188
10,428
POV: I wrote my own Python script after thoroughly understanding the program's structure and found 6 IDOR vulnerabilities. Always create custom scripts tailored to how the application processes data this approach is much more effective than relying on generic tools.
8
2
189
14,696
What burp extension do you use and why? #bugbounty
13
42
180
Rule No. 1: No matter how hard life gets in any aspect, never take your own life. Face your struggles like a warrior because real strength is in fighting through, not giving up.
5
10
180
6,451
In 2013, at just 13 years old, I worked in this small shop, where I first learned about computers. Today, after 12 years, I revisited the man who unknowingly shaped my journey. I shared my progress in bug bounty hunting, and it was heartwarming to see his happiness for me.
1
2
180
6,075
I still remember back in 2021 when someone was awarded $2, and my friend and I shared that screenshot in our WhatsApp group. That guy has now become a million-dollar bug hunter. "KEEP WORKING HARD"
6
7
167
11,953
Next week 🫡 Dropping a blog post on how a simple finding earned me a P2 bounty. It's not highly technical or impactful for many, but on crypto platforms, it’s a game-changer. I’ve earned $2k-$4k for similar bugs before. Stay tuned! 🚀
3
11
177
7,657
learning from zseano :) this is what I do basically to find XSS. instead of <h2> you can use <u> or <s> tags. sometimes WAF blocks every HTML tag. So try <tabaahi> :)
3
44
181
I just received a bounty, and customer rewarded $1000 for a SITE-WIDE CSRF vulnerability, but it was rewarded as P3. The bug was initially triaged as P2 which was correct. Why did customer change severity to P3 without any clarification? Hope to get some help from bugcrowd team
6
5
179
5,508
I found around 10 XSS in one POST request all 10 params are vulnerable. can I report 10 bugs or include them all in one report?
39
4
166
Woke up, didn't even brush my teeth just sat down and started grinding. Two hours in, I found this.
19
2
177
8,188
400th issue. Full account takeover. No chance to get dup lol🤞
I want the 400th bug to be a P1 or P2 valid rewarding issue :)
20
7
175
Reported few bugs, Awarded $xxxx and evening ride 😁
7
5
164
7,869
To all married bug hunters: Is it a good idea to marry at 24 as a full-time bug bounty hunter? What challenges did you face post-marriage time, focus, pressure? Any lessons or advice from your experience would mean a lot.
33
5
167
27,823
my birthday is tomorrow so take it as a gift for all of you :) have a great day ahead!
27
3
173
what is stopping you to find bugs?
101
5
162
99% of my problems are gone since I: 1. Stay silent when angry or emotional. 2. Stopped talking to relatives. 3. Stopped arguing with people. 4. Stopped caring about other's opinions. 5. Hire personal GYM trainer
6
165
5,623
People are finding insane bugs while I'm just replacing IDs 🥲
16
4
163
9,064
The only thing stopping you from achieving your goals is the hours of work and grind you've been avoiding for a while.
6
17
159
4,748
Big shoutout to @Bugcrowd and @RelentlessT7 bug reported yesterday, triaged the same day, and bounty awarded today. That’s some real SPEEEDDDD! 📈🔥 BTW, here’s what my report title looked like:
10
3
164
9,621
Because I was facing back pain issues. It took him 7 months to buy a $60 chair. I still use the same chair to not forget where I come from.
3
1
151
For the last four months, I have been using Burp Community Edition without any extensions. I am only using the Proxy, History, and Repeater.
21
3
156
13,577
@Bugcrowd @codingo_ Thank you so much I was awarded $4000. I reported bug 2hr before and company paid me in 2hr. Tip It was MFA bypass, read documentation, spend a lot of time on target.
10
10
153
Not hacking for a few days feels like I’ve forgotten how to find bugs. WTF is this feeling, lol. Happens every time!
4
3
154
7,250