Looking for Bug Bounty Tips/Advice

Hi! I’m new to the bug bounty scene. I was a junior software developer before I got fired when this pandemic started. Hence, I can pretty much read code and I also know how to deploy my own website on a server using IaaS platforms (I still don’t know how to use Docker though).

As for my bug hunting skills, all that I can do is some basic recon using sublist3r, amass, and tomnomnom’s assetfinder, as well as some basic SQLi and basic XSS (reflected and stored). I also know how to use some of BurpSuite’s functionalities like Intruder and Repeater for XSS and some other injection stuff. I’m always watching and studying videos made by Stök, Tomnomnom, NahamSec and TheCyberMentor (I learned all these basic hacking skills from him).

I’m looking for tips on how to approach a large scope, and what to look for (aside from data input parameters and file uploads). Any suggestions for other attacks that I could learn at my current skill level would also help. Thanks!


Welcome to 0x00sec , kindly head over to our dicord channel for better interaction and faster response


IMHO recon is as important as your hacking skills, so make sure you do that right. That’s not only finding subdomains but also endpoints, directories etc.

As to what you should look for, depends also on your knowledge. There are some standard things you can look for, like data input, file uploads, javascript files, outdated products etc. but every web app is different in one way or another.

You can either focus on a couple of vulns, like SQLi and XSS that you mentioned and then, step by step broaden your skills. PortSwigger is really helpful.

You can join us on Discord for more discussions :slight_smile:


Thank you for the replies! I appreciate it.

P.S. I just also joined the discord channel. Looking forward for more learnings from all of you.