Bug Bounty Phase 3 - Vulnerability Assessment

In this short blog, we discuss the tools and continuous learning required to keep finding vulnerabilities for your bug bounty journey.

Bug Bounty Phase 3 - Vulnerability Assessment
Photo by Ed Hardie / Unsplash

This part of the bug bounty workflow is where the magic happens. This is where you go out and find bugs to report. You will have found the perfect platform and program, you will have conducted your recon based on the scope and now you are in the position to dive into the deep and find those elusive bugs.

To be clear, nothing beats knowledge. There are so many tools you can use to help you find bugs, but at the end of the day, everyone is using these tools as well. So if you are going to spend all your time scanning, you just need to get lucky. If this is what you want to do, here are some useful tools you can use to get lucky:

In reality, what you should be doing is using your own knowledge to search for bugs based on things you see from the recon and information gathering stages. You are much further ahead than most if you start manually testing and your chances of finding bugs only improves with the more knowledge you gain. We talk about this in our other blog below:

Bug Bounty Phase 0 - Practice and Research
Practice makes perfect, as they say. In this short blog, we discuss the resources and continual learning to help stay relevant in bug bounty hunting and penetration testing.

Ultimately, we can't tell you exactly how to find bugs. It's up to you to learn techniques, learn as you go and keep finding bugs. What we do suggest, is creating your own exploits.

Bug Bounty Exploit Generation

Probably the number one thing that will make you bug bounty money is creating your own exploits and searching for them across a wide range of assets.

This may sound scary and potentially above your skillset, but it's not! The bug bounty game is about speed. How quickly can you create an exploit and scan your targets for any potentially affected assets.

The best way to do this is with Nuclei. Don't wait for others to create new exploit templates, go ahead and look at any new CVEs and make the template yourself.

If you are feeling advanced, don't wait for CVEs, find your own and make the template!

See the next part of our Bug Bounty Phase blogs:

Bug Bounty Phase 4 - Reporting
In this short blog, we provide you the resources to review to ensure you write a thorough and well presented bug bounty report.

See the previous part of our Bug Bounty Phase blogs:

Bug Bounty Phase 2 - Recon
In this short blog we discuss Bug Bounty Recon to find assets which may be vulnerable to our exploits.