BugBountyHunter.com Updates

Sean (zseano)
4 min readApr 5, 2021

--

Artwork by https://www.instagram.com/laracallejaillustrations/

Greetings!

In this post I plan to outline some changes I’ve made to bugbountyhunter since launch and future plans for the platform. At the time of writing we are not currently accepting new members (we’re training over 700+ members currently!) however after our next major upgrade we will begin to welcome new members. We’re looking to make it more accessible for not only researchers but also those looking to teach others, using BARKER (without me being the teacher!)

I just want to put some emphasis on the fact that BugBountyHunter.com & BARKER are work in progress and they are currently only being maintained by 2 people. Myself and my older brother (maintains barker). We have lots in the pipeline, just bare with us! ;) We are in talks for some potential partnerships but we will share more information on this as discussions progress.

Since launch BARKER has received two major updates and there are currently 116 vulnerabilities to discover and at the time of writing this, 2 unique bugs still remain undiscovered. Our members have hacked for a total of 315 days, 0 hours, 6 minutes and 16 seconds. The users’ GPRIME31, GOOD have absolutely destroyed BARKER and managed to find over 100+ vulnerabilities. Their hard work & dedication is not unnoticed and each will be featured on our next update as well as receiving an official certificate from us. You both should be so proud and we can’t wait to watch you crush it on bug bounty programs.

Changes to the perks on bugbountyhunter

As well as this, the platform itself has received a significant amount of changes including the introduction of PERKS. As users find more bugs they level up, and with leveling up, you get perks. Perks such as swag, invites to special events. We’re still working out how these work best and as such as will be outlining some important changes to the perks below.

Firstly, we are currently facing some issues with swag so we’re putting a pause on this when you reach Level 3 whilst we work out a better process for this. We’re really sorry for this! You will still be sent your swag, just at a later date. Again, really sorry for this!

Level 2 members are invited to what we call, “Hackevents”, which is where I will train a specific topic and then we will apply it on a public target together. This perk is changing and instead you will be hacking on a fresh web application setup by us and you will win BOUNTIES for your findings. As like with bug bounties, it’s first come, first paid. The web application will be like BARKER and the entire experience will be similar, except when you find a valid bug, you’ll win a bounty! It’s the bug bounty experience, just ‘virtually’! You will find more information about this soon on the bugbountyhunter platform.

Secondly, we are moving our training we did on Hackevents and instead opening it to all members. We will re-do the first session for all members, however we will not be hacking on a target after. This is instead currently reserved for users specifically selected by myself (@zseano) and invited to a private channel. Full information will be seen on the next update which will be rolled out soon.

We hope these changes are not too much, we’ve tried to keep things in line with what we’re already doing, just adding & switching some things up. Be sure to let us your know your thoughts in the discord.

Future Updates to come

BARKER received an update not so long ago however we’re always working on new updates and features for BARKER & KREATIVE and we will keep you updated via the platform/discord on new changes. If you have any type of specific bug you’d like to see be sure to drop a message in #barker-suggestions on our discord!

Q2

  • Public bug bounty/vulnerability disclosure program list
    At first our directory list will only include public HackerOne programs as we test a way to help you discover programs worth looking at by utilising daily data, disclosed information and types of bugs found. We will look to expand the list over time.
  • More guides, free challenges and updates to FastFoodHackings
    We’ve been busy writing new guides, creating new challenges and adding more bugs to FastFoodHackings, as well as some new functionality to help you create proof of concepts (think about self XSS and turning it into something). Be sure to follow us on twitter to find out when all of these new changes are added.

Q3 and going forward

  • BugBountyNotes.com relaunch
    Notes are crucial remember? ;) More on this soon.
  • Beta test our own vulnerability disclosure management platform
    We believe by Q3 bugbountyhunter should contain enough information to help newcomers learn the basics of hacking and how to apply them responsibly, so we will be putting our focus on creating our vulnerability disclosure management platform. We have a vision to help connect hackers with companies and we can’t wait to share more with you as the journey progresses.

Thank you everyone for your support over the years and for everyone who’s joined the bugbountyhunter platform. I honestly really hope it helps you! I will do my best to continue helping you on your journey and making sure the process is smooth.

All the best

~zseano (bugbountyhunter creator)

--

--

Sean (zseano)

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com