Overview
Bug bounty/vulnerability disclosure platforms are used by companies to coordinate the triaging, reporting and in some cases, rewarding, of best security vulnerabilities.
In many platforms the numerous programs are not always public - some may be public, some may be unlisted but public, some may be private and some may be personal invite-only.
In this post I've outlined how I am founding a set of public programs that were not listed on the platform site but were searchable via Google searches. Simple use below dorks to find the unlisted bug bounty program.
What you need to do
- Avoid harm or risk to website users, or third parties.
- This is common sense, but guidelines can be found below on what companies are not looking for.
- Report through a legitimate channel.
- This includes our all bug bounty program.
- Don't disclose without our agreement.
- Keep information about potential vulnerabilities confidential between yourself and website owner until website owner has verified the vulnerability, and has then had at least 90 days to resolve it.
What you can't do
- No privacy violations.
- Respect privacy by only using accounts you have created.
- Nothing that degrades website service.
- Examples include Denial of Service and modifying configurations. Instead, show deficiencies in any rate limiting through a well-targeted test.
- No deletion or damage of resources.
- Instead, limit damage to resources you create or own.
- No creation or sharing of inappropriate content.
- Just keep any content you generate as part of a proof-of-concept simple and respectful of others.
- No lasting harm.
- Avoid leaving persistent payloads, XSS or the like behind you. Instead, use non-harmful payloads, track what you do, limit who is exposed as much as possible, and clean up!
- No targeting our staff, investors or physical environment.
- This includes spear phishing and physical testing.
Rewards
As part of encouraging security researchers to put website security to the test, they offer a variety of rewards for doing so if:
- The reported vulnerability is verifiable
- It hasn't been reported already
- You've conducted your activities in a manner consistent with website guidelines
- Rewards are provided at any website discretion based on the severity of the bug and the quality of the report.
List of Bug Bounty Dorks
- inurl /bug bounty
- inurl : / security
- inurl:security.txt
- inurl:security "reward"
- inurl : /responsible disclosure
- inurl : /responsible-disclosure/ reward
- inurl : / responsible-disclosure/ swag
- inurl : / responsible-disclosure/ bounty
- inurl:'/responsible disclosure' hoodie
- responsible disclosure swag r=h:com
- responsible disclosure hall of fame
- responsible disclosure europe
- responsible disclosure white hat
- white hat program
- insite:"responsible disclosure" -inurl:nl
- intext responsible disclosure
- site eu responsible disclosure
- site .nl responsible disclosure
- site responsible disclosure
- responsible disclosure:sites
- responsible disclosure r=h:nl
- responsible disclosure r=h:uk
- responsible disclosure r=h:eu
- responsible disclosure bounty r=h:nl
- responsible disclosure bounty r=h:uk
- responsible disclosure bounty r=h:eu
- responsible disclosure swag r=h:nl
- responsible disclosure swag r=h:uk
- responsible disclosure swag r=h:eu
- responsible disclosure reward r=h:nl
- responsible disclosure reward r=h:uk
- responsible disclosure reward r=h:eu
- "powered by bugcrowd" -site:bugcrowd.com
- "powered by hackerone" "submit vulnerability report"
- "submit vulnerability report"
- site:responsibledisclosure.com
- inurl:'vulnerability-disclosure-policy' reward
- intext:Vulnerability Disclosure site:nl
- intext:Vulnerability Disclosure site:eu
- site:*.*.nl intext:security report reward
- site:*.*.nl intext:responsible disclosure reward
- "security vulnerability" "report"
- inurl"security report"
- "responsible disclosure" university
- inurl:/responsible-disclosure/ university
- buy bitcoins "bug bounty"
- inurl:/security ext:txt "contact"
- "powered by synack"
- intext:responsible disclosure bounty
- inurl: private bugbountyprogram
- inurl:/.well-known/security ext:txt
- inurl:/.well-known/security ext:txt intext:hackerone
- inurl:/.well-known/security ext:txt -hackerone -bugcrowd -synack -openbugbounty
- inurl:reporting-security-issues
- inurl:security-policy.txt ext:txt
- site:*.*.* inurl:bug inurl:bounty
- site:help.*.* inurl:bounty
- site:support.*.* intext:security report reward
- intext:security report monetary inurl:security
- intext:security report reward inurl:report
- site:security.*.* inurl: bounty
- site:*.*.de inurl:bug inurl:bounty
- site:*.*.uk intext:security report reward
- site:*.*.cn intext:security report reward
- "vulnerability reporting policy"
- "van de melding met een minimum van een" -site:responsibledisclosure.nl
- inurl:/security ext:txt "contact"
- inurl:responsible-disclosure-policy
- "Submission Form powered by Bugcrowd" -bugcrowd.com
- "If you believe you've found a security vulnerability"
- intext:"BugBounty" and intext:"BTC" and intext:"reward"
- intext:bounty inurl:/security
- inurl:"bug bounty" and intext:"€" and inurl:/security
- inurl:"bug bounty" and intext:"$" and inurl:/security
- inurl:"bug bounty" and intext:"INR" and inurl:/security
- inurl:/security.txt "mailto*" -github.com -wikipedia.org -portswigger.net -magento
If you've found some of new dorks kindly comment, here we'll add that into the above list.
COMMENTS