πŸ”’ DisposableVM

Your Disposable Bug Bounty Security Lab

Welcome to Your Security Testing Environment

Learn bug bounty hunting with our interactive tutorial. You can also set up a local VM with pre-configured security tools for hands-on practice.

πŸ“¦ Get the VM Setup

πŸ” OWASP ZAP

Web application security scanner

πŸ‹ Docker

Containerized testing environments

🐍 Python 3

With security libraries installed

πŸ“¦ Node.js

JavaScript runtime environment

πŸ—ΊοΈ Nmap

Network scanning and discovery

πŸ’‰ SQLMap

Automated SQL injection tool

πŸ’» Want to Practice Locally?

Clone the repository and set up your own DisposableVM with Vagrant:

git clone https://github.com/jmenichole/DisposableVM.git
cd DisposableVM
vagrant up

The VM includes:

  • βœ… Pre-installed security tools (OWASP ZAP, nmap, sqlmap, etc.)
  • βœ… Throwaway user account for safe testing
  • βœ… Helper scripts for snapshots and cleanup
  • βœ… This tutorial hosted locally

Welcome to Bug Bounty Hunting! 🎯

Step 1 of 7

πŸŽ“ What is Bug Bounty Hunting?

Bug bounty hunting is the practice of finding and reporting security vulnerabilities in web applications, systems, and software. Companies run bug bounty programs to crowdsource security testing and reward researchers who discover security issues.

Key Benefits:

  • Earn money by finding security vulnerabilities
  • Learn real-world security testing skills
  • Help make the internet safer
  • Build your reputation in the security community
Step 2 of 7

πŸ” Reconnaissance Phase

The first step in bug bounty hunting is information gathering (reconnaissance). You need to understand your target before testing.

Key Activities:

  • Subdomain Enumeration: Find all subdomains of the target
  • Port Scanning: Identify open ports and services
  • Technology Stack: Identify frameworks, servers, and technologies used
  • Content Discovery: Find hidden directories and files

Tools to use: nmap, dirb, nikto, or custom scripts

Step 3 of 7

πŸ•·οΈ Common Vulnerability Types

Understanding common vulnerability types is essential for effective bug bounty hunting:

  • XSS (Cross-Site Scripting): Injecting malicious scripts into web pages
  • SQL Injection: Manipulating database queries through user input
  • CSRF (Cross-Site Request Forgery): Forcing users to execute unwanted actions
  • IDOR (Insecure Direct Object Reference): Accessing unauthorized resources
  • Authentication Bypass: Circumventing login mechanisms
  • Authorization Issues: Accessing resources with insufficient privileges
  • SSRF (Server-Side Request Forgery): Making the server perform unintended requests
Step 4 of 7

πŸ› οΈ Using Your DisposableVM Tools

Your VM comes pre-configured with essential security testing tools:

  • OWASP ZAP: Run zap to launch the proxy and scanner
  • Nmap: Scan targets with nmap -sV target.com
  • SQLMap: Test for SQL injection with sqlmap -u "URL"
  • Nikto: Web server scanner with nikto -h target.com
  • Python: Write custom scripts in ~/workspace/
  • Docker: Run isolated testing environments

Pro Tip: Always create a snapshot before testing with ~/scripts/snapshot.sh

Step 5 of 7

πŸ“ Best Practices & Ethics

Ethical bug bounty hunting requires following rules and best practices:

  • Read the Rules: Always read the program's scope and rules carefully
  • Stay In Scope: Only test targets explicitly listed in the program scope
  • Don't Be Destructive: Avoid DoS attacks or data destruction
  • Report Responsibly: Report vulnerabilities to the proper channels
  • Keep It Confidential: Don't disclose vulnerabilities publicly before they're fixed
  • Use Test Data: Never access or exfiltrate real user data
  • Document Everything: Keep detailed notes and screenshots

⚠️ Unauthorized hacking is illegal. Only test systems you have permission to test!

Step 6 of 7

πŸ“Š Setting Up Your Workflow

Establish a systematic workflow for bug bounty hunting:

  1. Choose a Program: Start with beginner-friendly programs on HackerOne, Bugcrowd, or Intigriti
  2. Create a Snapshot: Run ~/scripts/snapshot.sh baseline before testing
  3. Reconnaissance: Gather information about your target
  4. Identify Attack Surface: Map out potential entry points
  5. Test Vulnerabilities: Systematically test for security issues
  6. Document Findings: Take screenshots and notes
  7. Write Report: Create a clear, reproducible vulnerability report
  8. Clean Up: Use ~/scripts/repro.sh baseline to reset your environment
Step 7 of 7

πŸš€ Ready to Start? Here Are Your First Steps!

Now that you understand the basics, here are some suggested starting prompts to begin your bug bounty journey:

Beginner-Friendly Starting Points:

  • "Scan a practice target for open ports"
    nmap -sV scanme.nmap.org
  • "Set up OWASP ZAP proxy"
    zap (Then configure your browser to use the ZAP proxy)
  • "Enumerate subdomains"
    Create a Python script using libraries like requests
  • "Test a deliberately vulnerable app"
    docker run -d -p 3000:3000 bkimminich/juice-shop
    Then test the OWASP Juice Shop at http://localhost:3000
  • "Practice on legal targets"
    Visit HackerOne, Bugcrowd, or use HackTheBox for practice

Remember:

🎯 Start with programs that have "Easy" or "Low Hanging Fruit" labels

πŸ“š Keep learning - read writeups and reports from other hunters

πŸ’ͺ Be persistent - your first bounty may take time, but it will come!

πŸŽ‰ You're all set! Happy hunting, and stay ethical!