How to choose first bug bounty program ?

Many people want to earn money finding bugs/vulnerabilities on the website as a bug bounty hunter but 60% of them do not know what bug bounty hunting is. So if it is the case for you to then I recommend you to read my How to become Bug Bounty Hunter as beginner? – Spin The Hack article to get a better understanding of the basics. 

Now if you have already read the article then you might know that I left the blog with a question about how to find the best target for bug hunting. So let me try to give you the correct answer to this.

Let’s learn how to choose bug bounty program

Look many other people will advise you that there is no sense in choosing a target, you should have better skills to find bugs but it’s not the case. Believe me, if you choose a better target for yourself eventually it can increase your chance of finding bugs.

Nevertheless, there are 2 methods you can use to choose the target. We will talk about them today.

Method 1

1) Choose Bug Bounty Platform

Below are the platforms which provide you website/target for you to hunt bugs on. They have a list of some popular websites and other small websites on which you can perform penetration testing. You can create a free account on any one of the below-provided platforms. If you are new to the field I will suggest you choose the first in the list “Hackerone”.

HackerOne | Hacker-Powered Security, Bug Bounties, & Pentests

#1 Crowdsourced Cybersecurity Platform | Bugcrowd

Intigriti – Bug Bounty & Agile Pentesting Platform

YesWeHack – Global Bug Bounty platform & VDP platform

2) Choosing Target from Hackerone

Once you create your account at Hackerone, you have to visit the directory tab and you will find a page that looks like this.

You can see different programs are listed. We are going to find out which shoots you. To do so, you need to know about some rules which can help you to choose the program in a way that helps you to find bugs easily.

Rule 1: Always try to find your target which has everything in the scope. How will you find it? Just click on any one of the programs listed here and scroll down to the program rules, there you will find in-scope items, as shown in the image below.

In the scope item, there is just one domain which means that you only have one domain to find bugs.
Now as this program is for everyone, many other hunters will be working on it which decreases your hunting rate. So now the solution to this problem is the next rule.

I am blacking out the name of the domain to maintain the privarcy.

Rule 2: As there are so many people already hunting on the same program, the target should have a larger scope. Let’s find out a larger scope target. Have a look at the image below.

You can see there is a “*” asterisk sign made in front of the website domain. The sign means that everything is in scope. For example, if the website name is then every subdomain of such as, are in the scope.

This type of scope helps you to hunt bugs on anything you find related to

Method 2

1) Finding Target using Google Dorks

First of all, if you don’t know what Google Dorking is then you should watch my video linked below.

Popular Google Dorks Use(finding Bug Bounty Websites)

  1. responsible disclosure
  2. inurl:index.php?id=
  3. bug bounty
  4. “index of” inurl:wp-content/ (Identify WordPress Website)
  5. inurl:”q=user/password” (for finding drupal cms )

These are some demo results you can use to identify targets. The sites listed are available for bug bounty hunting. Visit any of them and you will find the rules for each.

These are some demo results you can use to identify targets. The sites listed are available for bug bounty hunting. Visit any of them and you will find the rules for each.

So before winding up the article, I will recommend you to go and watch my videos on Youtube at which will definitely help you to find bugs on your chosen target.

1 thought on “How to choose first bug bounty program ?”

Leave a Comment

Your email address will not be published.