Bug Hunting - Weekend Batch
Duration: 8 Weeks (Weekends Only)
Mode: Online
Prerequisites: Basic Web & Network Pentesting, Knowledge of HTTP, Burp Suite
🗓️ Month 1: Foundations & Common Vulnerabilities
Week 1: Introduction to Bug Bounty & Reconnaissance
● Understanding Bug Bounty Platforms (HackerOne, Bugcrowd, Synack)
● Setting Up Your Bug Hunting Environment (Kali Linux, Burp Suite, Automation Tools)
● Reconnaissance Techniques:
○ Subdomain Enumeration (Subfinder, Assetfinder, Amass)
○ HTTP Probing (httprobe, httpx)
○ Screenshot Automation (Aquatone, Eyewitness)
○ Osmedeus, reconftw, jeales ,nuclie
● Hands-On: Recon on Public Bug Bounty Programs
2
Week 2: Information Gathering & Target Profiling
● Identifying Technologies & Web Frameworks (Wappalyzer, BuiltWith)
● Web Archive Analysis (Wayback Machine, gau, katana)
● Extracting Sensitive Data (GitHub Dorking, Google Dorking)
● Hands-On: Identifying Targets & Gathering Intel
Week 3: Web Vulnerabilities (OWASP Top 10 - Part 1)
● Injection Attacks
○ SQL Injection (SQLmap, Manual Techniques)
○ NoSQL Injection & XML Injection
● Authentication & Authorization Issues
○ Broken Authentication (JWT, OAuth Exploits)
○ Insecure Direct Object References (IDOR)
● Hands-On: Testing & Exploiting OWASP Top 10 Issues on Bug Bounty Targets
Week 4: Web Vulnerabilities (OWASP Top 10 - Part 2)
3
● Client-Side Vulnerabilities
○ Cross-Site Scripting (XSS) - Reflected, Stored, DOM-Based
○ Clickjacking & CSRF Exploitation
● Server-Side Attacks
○ Server-Side Request Forgery (SSRF)
○ Remote Code Execution (RCE)
● Hands-On: Bug Hunting in Real-World Applications
🗓️ Month 2: Advanced Techniques & Real-World Exploits
Week 5: Business Logic & API Testing
● Identifying Business Logic Vulnerabilities
● API Security Testing (Burp Suite, Postman)
● GraphQL & REST API Exploits
● Hands-On: API Bug Hunting on Public Targets
Week 6: Advanced Bug Hunting Techniques
4
● Mass Vulnerability Scanning (nuclei, dalfox)
● WAF Bypassing & Advanced Payloads
● Race Conditions & Rate Limit Bypasses
● Hands-On: Automating Bug Hunting with Custom Scripts
Week 7: Mobile & Cloud Security Testing
● Mobile App Pentesting (Android & iOS) Basics
○ Reverse Engineering APKs (jadx, apktool)
○ Mobile API Testing (Burp Mobile Config)
● Cloud Security Misconfigurations
○ S3 Bucket Enumeration & Exploitation
○ Firebase & Google Cloud Leaks
● Hands-On: Testing Mobile & Cloud Targets
Week 8: Reporting & Final CTF Challenge
● Writing High-Quality Bug Reports (PoC, Impact, Reproduction Steps)
5
● Ethical Disclosure & Maximizing Bug Bounty Rewards
● Final Capture The Flag (CTF) Challenge
● Career Guidance & Next Steps in Bug Hunting
🔧 Tools Covered:
🔹 Recon & OSINT: Amass, Subfinder, httpx, gau, katana
🔹 Exploitation: Burp Suite, SQLmap, dalfox, ffuf
🔹 Automation: Nuclei, GF Patterns, Custom Python Scripts
🔹 Cloud & API: AWS CLI, Postman, GraphQL Explorer