Sooo...Bug Bounties, huh?

here i'm going to lay out stuff i am learning for (web) Bug Bounties mostly for my own sanity but perhaps you, dear reader

may find it useful as well.

(maybe, idk)

!!!DISCLAIMER!!!

1) off i am an absolute noob at this so please let me know if you find anything wrong with any of this infopage

2) please don't use anything on this page to do illegal shit. i am not going to court for you, sorry

3) this is for EDUCATIONAL PURPOSES ONLY

4) lets have fun, people :)

:Tools:

::Proxies::

okay so first thing you need is a proxy tool of some sort. the big 3 are:

::Others::

subdomain enumeration (subfinder)

free API keys to broaden scope

most of the Project Discovery tools for various tasks

besides this you will need some sort of developer tools panel, CTRL+SHIFT+I for Windows in your web browser of choice

maybe an open notepad or something to store logs in

Platforms:

so there are 3 main platforms but as discussed in this video there are also smaller, specific platforms that are connected to individual companies/sites (sometimes they run their own shit) that may be better for lower-level bounty hunters

anyway here seem to be the main 3

HackerOne

BugCrowd

Intigriti

these are the main platforms that you can sign up for to actually get paid for bounties.

Learning:

after this its about learning What the different types of vulnerabilities are and how to exploit them. now there are plenty of places to learn but if you, like me, like a nice shortform video tutorial i highly recommend Nahamsec's video series on the basics, complete with exploitation examples

List of Vulns

Hacker101 Web Hacking Series

J Haddix Bug Hunting Methodology

J Haddix Dark Side of BB Talk(things to look out for/be aware of in the industry)

Rhynorator's Top BB War Stories