Tips From A Bugbounty Hunter

Some great success tips in this short beginners guide to bug hunting, from infosec researcher Abartan Dhakal

Tips From A Bugbounty Hunter

If you are already doing bugbounty hunting and are proficient in the field then this article is not for you because you guys already have your secret weapons. This article is for everyone who has not had much success or is just starting out and has very little knowledge but great enthusiasm and energy.

Let me introduce myself, I am Abartan Dhakal, a noob bugbounty hunter from Nepal and currently studying to get my bachelors in IT in Sydney at Federation University. I am doing an internship as a Penetration Tester in a Cyber Security consulting company based in Sydney.

Let The Games Begin

While hunting for a bug in a bugbounty program, if you ask how to start testing a target, everyone will say "Recon and Enumeration", but I still get confused by what that includes. So I made a personal guide for myself and included all the information I could get from the bugbounty hunters and internet itself.

Before jumping into the points, let me give you few tips that my fellow bughunters gave me and are a must to follow.

Rule number 1 : Have patience. Sometimes it takes ages to get to your first bounty and get the bug resolved.

Rule number 2 : Be prepared for duplicates because there will be hundreds other bugbounty hunters looking at the same page as you.

Rule number 3 : Be respectful to everyone and ask for help if you get stuck anywhere but before asking make sure you search for all possible ways to resolve the issue.

Now lets jump into the method I use which has landed me some small bounties, hunt for low hanging fruit that will give you an easy payout.

  1. There's a reason they say "Google is your best friend". I received a $200 bounty from a program just by grabbing a pdf file using a Google Dork and pulled information from an online shop which showed the details of their customers purchases.

  2. Search for subdomains, not just for takeovers, but for interesting information. I found a confidential page where there was a signup option in it. I guess most were checking only for subdomain takeover but forgot to check functionality. Some of the best tools are:

a) "SubFinder created by awesome friends Ice3man (Nizamul), Codingo and picatz" (https://github.com/subfinder/subfinder)
b) Sn1per. This is a beast for me! (https://github.com/1N3/Sn1per)
c) Our very own "KnockPY" (https://github.com/guelfoweb/knock)

  1. Check for sensitive files in strange looking subdomains.

  2. Hunt for logical issues. We are logical creatures, and one very very very simple logical issue actually landed me my first swag pack. I might write about it here in next article if possible.

These are some of my simple tips, thanks for reading folks and welcome to my team. Someday we will be like every major bughunter out there that you respect and think is awesome. Keep hunting and keep reading blogs, reading and learning is the key to bug bounty success.

Main Image Credit : The awesome piece of artwork used to head this article is called 'Hunter' and it was created by graphic designer Alessandro Pautasso.