Yeah!!! Good day fellow Hunters and upcoming Hunters.

I myself also had the issues of choosing the right target to hunt on, before I came across a clip from InsiderPhd, Credits of this article goes to her.

So Choosing the right target can be difficult for beginners in bug bounty Hunting, and also it can be the difference between finding a bug and not finding a bug.

Introductions To Choosing The Target In Bug Bounty;

What should you consider when choosing a program?

Where can you find those programs?

How Do I Find Target?

  • Public Programs
  • HackerOne Directory
  • Bug Crowd Bounty List
  • Synack Programs
  • HackerOne Hackitivty
  • Private Programs
  • Invites Only
  • HackerOne rewards private invites for flags on their CTF

Why Does Find A Target Matters

— When you’re just starting out as a bug bounty hunter, it might look intimidating.

— But you can mitigate this by choosing;
    — A responsive program
    — A scope you understand
    — A Target you’re likely to find bugs

— The checkbox of things to look for

What Should You Consider When Choosing A Program

this part is for beginners, cause experienced hunters know this already

— What’s in scope
— Large Scope vs Small Scope
— Public vs Private Programs
— How is the team to work with?

What’s In Scope

A lot of type of assets
— Domain: A website or Web app
— Others: Unrelated to specific assets, If you enjoy recons/Google Dorking you’ll want to take a look at this section.

— Android Play Store: A mobile app available on the store sometimes mobile apps will be listed as .ipa/.apk or TestFlight(iOS Store Bounty Name)

— Source Code: Source Code for a Programs, you can look at the source code or deploy and hack, if you have good experience in programming, you can look into it, cause people don’t give much attention on it.

— Hardware/IoT, Physical Devices: This will be hard for beginners cause it requires a lot of knowledge.

What’s In-Scope: Code Vs App

Code Review
– Already a Developer?
– Interested in contributing to open source?
– More familiar with technical attacks/defence

– More accessible for most people
– Bugs can appear that ain’t necessarily noticeable in code.

Mobile Vs Web

– Less Competition
– Requires some googling to set up
– You can use the emulator if you don’t have a device

– More Competition
– More accessible overall
– Plenty of bugs to find

NB:- Developers will always keep having bugs and we will always keep finding them.

Read Also:  Setting Up VPS for Pentesting and Bug Bounty Automation »

Bug Types and Their Impact

Technical Bugs


Non-Technical Bugs

– Information Disclosure
– Business Logic Errors.

Scope Size In Bug Bounty

– Scope a.k.a Things you can hack against
– Larger Scope Means more things to hack on
– Larger attack area equals lots of low hanging bugs
– Smaller Scope can sometimes be ignored because people think the large scope is easier
– But when the scope is interwoven it can be hard to understand

Public vs Private Programs In Bug Bounty

To be honest with you, it doesn’t matter which one pick, I would say with a public Programs, you are likely to what bugs a program want you to report but on private Programs, you might not understand well.

How Is The Team You Want To Work With

# Each Programs Has Their statistics, e.g Hackerone has statistics of Programs.

# Important ones to Note are;
Average Bounty Range – compare against bounty table to get an idea of what severity bugs are been submitted
# Reports received/resolved
# Last Report Resolved – How active the program is.

Disclosures HackerOne

∗ It can give you an insight into how the team is to work with.
* If the team is understanding and professional they are great for beginners
* If the team are standoffish or need to be reminded, they might not be great for beginners.

Read Also:  How I got a Stored XSS from a private program »

What Should I Look For When Hunting?

  1. Friendly and Responsive Team
  2. Large enough scope that you can pivot
  3. A scope that isn’t completely later connected
  4. A team that is interested in the type of bugs you can find that generate impact
  5. A platform that has an interesting surface.

Things you Should Decide On Before Hunting

  • Assets that play to your strength
  • web apps
  • mobile apps
  • source code
  • A public Program OR
  • A Private Program

That’s all for now, don’t just read this alone, put it to practice and don’t forget to share with friends who need this.


Please enter your comment!
Please enter your name here