pentest-bugbountylisted

# pentest-bugbounty Bug bounty hunting discipline — authorized programs only, ROE fidelity, dedupe, quality reports. ## Triggers - "let's write an H1 report" - "Bugcrowd submission" - "calculate the CVSS score" - "how do I dedup" - "bounty report template" ## Program Selection Criteria | Factor | Impact | |--------|------| | Scope breadth (*.target.com vs app only) | Attack surface | | Bounty range (min-max) | ROI | | Response SLA (in days) | Patience | | Disclosure policy (public/private) | Portfolio growth | | Safe Harbor (legal protection) | Risk | | Is a researcher rating required (private prog) | Eligibility | **Recommended starting point**: VDP (vulnerability disclosure program) -> public bounty -> private invitation. ## What NOT to Do (Program Violation) - Testing out-of-scope assets (always a ban + legal risk) - Production data exfil beyond the proof threshold - Automated scan without vendor approval - DoS / load test - Social engineering against employees (usually forbidden) - Brute force (usually forbidden) - Public disclosure before client approval ## Dedup Strategy Before submission: ```bash # H1 hacktivity curl 'https://hackerone.com/<program>/hacktivity' | jq '.results[] | select(.title | contains("<finding-keyword>"))' # Bugcrowd public submissions # Search on the program page ``` If it's the same vulnerability type + same endpoint -> **duplicate risk**, try another program. ## CVSS 3.1 Quick Calculation ``` Base = Impact + Exploitability Impact