bugcrowd
@Bugcrowd
Followers
160,862
Following
6,488
Media
7,033
Statuses
22,736
The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
San Francisco, CA
Joined September 2012
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Rio Grande do Sul
• 183143 Tweets
Madonna
• 133989 Tweets
Tottenham
• 81023 Tweets
Spurs
• 73960 Tweets
Leverkusen
• 64676 Tweets
Palmer
• 56817 Tweets
Dame
• 52458 Tweets
#虎に翼
• 46040 Tweets
Ole Miss
• 35079 Tweets
#ラヴィット
• 32525 Tweets
Ange
• 28780 Tweets
bruno mars
• 27226 Tweets
憲法記念日
• 27062 Tweets
Pacers
• 20275 Tweets
FDNY
• 18840 Tweets
OUÇA FOI INTENSO
• 18302 Tweets
EP INTENSO ZNEC
• 18252 Tweets
Anne Hathaway
• 12710 Tweets
DANNY OCEAN
• 11556 Tweets
Lillard
• 11399 Tweets
#SnowMan結成12周年
• 10840 Tweets
Like for hacker cat. Retweet for hacker dog. You can only choose one...
46
358
2K
When you encounter a 403 Forbidden page 🚫 , try adding an "X-Client-IP" header with the value "127.0.0.1"
#bugbountytips
✌🏽
11
404
2K
When you encounter a 403 Forbidden page, try adding a "X-Client-IP" header with the value "127.0.0.1".
#bugcrowdtipjar
12
287
935
┏━━┓┏━━┓┏━━┓┏━┓
┗━┓┃┃┏┓┃┗━┓┃┗┓┃
┏━┛┃┃┃┃┃┏━┛┃ ┃┃
HACK THE PLANET
┃┏━┛┃┃┃┃┃┏━┛ ┃┃
┃┗━┓┃┗┛┃┃┗━┓ ┃┃
┗━━┛┗━━┛┗━━┛ ┗┛
8
150
781
Bringing an important tip back! 👇
When you encounter a 403 Forbidden page 🚫 , try adding an "X-Client-IP" header with the value "127.0.0.1"
#BugBountyTips
18
191
788
🎉 100k Giveaway 🎉
Hackers walked so Bugcrowd could run. Thank you for being part of our community! 🏃 💯
To show our appreciation, we're giving away swag all day! 😎
To enter 🎟️ ⤵️
🔁 RETWEET
🧡 LIKE
✅ Drop your fave Bugcrowd memory below👇
#ItTakesACrowd
342
404
718
Found a Wordpress site? The easiest place to find bugs is in the plugins.
1. Find the installed plugins with WPScan
2. Set up your own WP instance and install the same plugins
3. Hack your own instance
4. Report your bugs!
The most common bug you'll find with this method is XSS
13
123
598
Week of
#giveaways
starts now! 🎁
Complete the tasks for your chance to win swag ⤵
✅ Retweet
✅ Like
✅ Tag a friend in the comments
#ItTakesACrowd
#OuthackThemAll
400
390
568
Nobody:
Not even hackers:
Hackers in pop culture after pushing one button: "I'M IN!"
19
82
551
This is very cool. Get cheatsheets in your terminal with a curl command!
⌨️ Try this: curl
Shout out to
@igor_chubin
! 🎉
8
166
570
┏━━┓┏━━┓┏━━┓┏━━┓
┗━┓┃┃┏┓┃┗━┓┃┗━┓┃
┏━┛┃┃┃┃┃┏━┛┃┏━┛┃
HACK THE PLANET
┃┏━┛┃┃┃┃┃┏━┛┃┏━┛
┃┗━┓┃┗┛┃┃┗━┓┃┗━┓
┗━━┛┗━━┛┗━━┛┗━━┛
6
84
488
Our Web Hacking Resources Kit will help you to master the basics and get you on your way to your next P1! 😎
Check it out! 📲
#BugBountyTips
#Hackers
4
163
485
In your opinion, what hacking tool does every hacker needs in their arsenal? 🛠️
162
45
465
What's your favorite part of this hacker setup? 💻👇
We would share ours, but we can't choose just one. 👀
It's. Too. Cool. 😈 😎
Thanks for sharing!!
@aditi_singghh
49
29
455
If you're hunting for low-hanging bugs in source code, grep and regex can help you to identify hotspots. For example, you might find basic rXSS in PHP with something like this:
grep -r "echo.*\$_\(GET\|REQUEST\|POST\)" .
3
137
443
13
115
451
3 ways to use Nmap as a vulnerabiltiy scanner
🐛 nmap -sV --script vuln <target>
🪲 nmap -sV --script vulners.nse <target>
🐞 nmap -sV --script vulscan/vulscan.nse <target>
Details on using vulscan in thread 🧵👇
2
108
418
XXE's are still quite common, and they're usually a P1!
Here are places that you can look for them, comment if you have any other ideas!
Thread 👇.
6
128
395
When hunting for bugs, look for features that are complex. As a rule of thumb:
More complex = less secure.
#BugBountyTips
11
76
383
Here are a few ways to make the most of an XSS. Comment if you can think of some other ideas or resources! Thread 👇.
18
134
393
.
@InsiderPHD
's top bug bounty hunting tools of 2023 🚀
🔨 Burp Suite
🔧 Kiterunner
🪛 Shodan
🪚 Amass
🗜️ FFUF
⛏️ SQLMap
🪓 Frida
🔩 TruffleHog
🛠️ XSS Hunter Express
⚒️ Nuclei
🧰 Interactsh
What would you add or remove from this list in 2024?
5
60
389
In case you missed it, this Web Hacking Resources kit is here for you. 😎
What tools would you like to see added? 👇
#BugBountyTips
8
116
371
Did you know: The term 'bug' (as it refers to computers) was first coined in 1947 when a group of computer scientists found an actual moth causing malfunctions in a computer.
14
66
359
Have you been lookin for a crash course on XXE bugs? It's a class of bugs often missed by even the most seasoned hackers. 🤓
Here is everything you need to know to start finding XXE bugs. Godspeed! Happy hacking!
7
152
368
What hacking tool does every hacker needs in their arsenal? Let us know 👇
105
69
357
10 recon tools for bug bounty hunting in 2024 🪲🔍
1️⃣ Nmap
2️⃣ SecurityTrails
3️⃣ Amass
4️⃣ Dirsearch
5️⃣ subfinder
6️⃣ Httpx
7️⃣ GitHub code search
8️⃣ Google Dorks
9️⃣ Shodan
🔟 Censys
What tools would you add to this list?
11
74
363
Looking to quickly dump URLs from a webpage using curl and some regex magic!? Try:
curl -s
https://www.bugcrowd[.]com
| pcregrep -o "(http:\/\/|https:\/\/).*?(?=\"|'| )" | sort -u
3
115
344
"For me, the ninth month of the Islamic calendar, Ramadan, is the month to think about the blessings Allah has casted on me and my family, reflect on the year and act towards becoming a better Muslim."
- Murtaza Haizji (Senior Manager Demand Gen)
Ramadan Mubarak 🙏
24
32
331
How to enumerate subdomains using Ffuf and SecLists!
Just like you would fuzz directories but you put "FUZZ" at the start of the URL instead of at the end.
⌨️ ffuf -u FUZZ.<target> -w <wordlist>
3
80
328
What's something a non-hacker wouldn't understand?
We'll go first: congratulating each other for finding bugs 🐛
65
18
312
New to bounties?
We've created this page containing links to everything you need to know including free educational resources, researcher docs, how to find bugs, beginner resources, how to get private invites, and more. Login to view!
#BugcrowdTipJar
2
113
319
If you ever find a SSRF on a Windows box, try running on your own VPS, then send the SSRF to file://<yourvps>. With a bit of luck, the server will send you some tasty Windows NetNTLMv2 hashes to crack!
What are other methods do you use?
#BugcrowdTipJar
5
78
317
XSS is the most common bug class! It pays to be good at finding them. In the latest how-to blog post,
@hakluke
covers what XSS is, different discovery methods, contexts, filter bypasses, weaponized payloads, and more.
3
133
313
Hacking is fun and all, but what are your hobbies outside of infosec?
163
16
304
While he hits some pretty big bounties, you might be surprised how
@hunter0x7
got started in bug hunting.
Join us for this researcher spotlight and down to earth chat with Ahsan Khan!
#ItTakesACrowd
25
34
304
Roses are red. 🌹
P5's are blue. 5️⃣
Dups happen sometimes, 🐜
but they're valid bugs too! 🌟
8
40
286
A meme a day keeps the blues away.
🔁 Retweet for meme 1
💙 Like for meme 2
⚠️ We will choose one random participant to win SWAG!
#BugBountyMemes
by
👉
@thecryptohack3r
16
88
290
When you find an XSS, at minimum, use alert(document.domain) over alert(1). This helps to demonstrate the context that the JavaScript is executing in. Even better, escalate the XSS to perform an account takeover!
Don't forget to share your own XSS tips using
#BugBountyTipJar
8
51
288
What are the best resources for beginners? What do you recommend to hackers who are just starting out? We're all 👂👂👂
35
73
291
WOAHHHHHHHHHHH! congratulations!! 🐛💸👏
I was awarded $65,400 for my submissions on
@bugcrowd
#ItTakesACrowd
The
#bugbounty
#bugbountytip
here is turn off your testing mindset and turn on your vulnerability research mindset.
59
39
708
4
14
293
Step 1: Go to your computer.
Step 2: Start hacking.
Step 3: Submit your bugs.
21
35
279
.
@binance
has launched a public
#bugbounty
program with
@Bugcrowd
! Get all the new program details here:
#OuthackThemAll
31
83
247
Do you have a New Year's resolution to start bug bounty hunting?
Get a head start with
@nahamsec
's HUGE list of resources for beginners:
🐞 Basics
🐛 Blogs & Talks
🐜 Books
🦟 Setup
🪲 Tools
🪳 Labs
🕷️ Talks
🐜 Coding
🦟 Mindset
And more! 👇
4
88
281
We're giving swag, you're giving tips!
Day 4 of
#giveaways
🎁 👇
What's the best resource you've added to your
#bugbounty
library? 👀
137
47
279
Researchers,
⊂_ヽ
\\ we
\( ͡° ͜ʖ ͡°)
> ⌒ヽ
/ へ\
/ / \\appreciate
レ ノ ヽ_つ
/ /
/ /|
( (ヽ
| |、\you!
| 丿 \⌒)
| | ) /
ノ ) Lノ
(_/
Have a great weekend. 😎
7
21
261
👋 Researchers!
What's a hacking tool all beginners should be using? 🛠️
Asking for a friend! 🤭
#ItTakesACrowd
76
40
265
Today seems like a good day to watch YouTube 🥱
Tell us your favorite
#hacker
content creator and be entered to win a Pentesterlab Subscription!👇
Week of
#giveaways
day 2 🎁
223
30
266
New year, new swag, new game!
Hacker's choice: THIS or THAT❓
Drop your choice below and be entered to win NEW swag! 👇
#MacintoshDay
367
20
256
We're dropping some
#BugBountyTips
👉 Chain AutoRepeater and Taborator to Automate SSRF Findings.
Created by:
@bsysop
👏
Check the thread below for more details ⤵️
10
79
247
Looking at getting into bug bounty hunting?
Bugcrowd University is a ✨FREE✨ project to help you level-up your skills!
Modules include:
✅ Making a Good Submission
✅ Burp Suite
✅ XSS
✅ Recon and Discovery
✅ SSRF
✅ XXE
And more!
Jump in 👇
6
70
250
Researchers
⊂_ヽ
\\ we
\( ͡° ͜ʖ ͡°)
> ⌒ヽ
/ へ\
/ / \\appreciate
レ ノ ヽ_つ
/ /
/ /|
( (ヽ
| |、\you
| 丿 \ ⌒)
| | ) /
ノ ) Lノ
(_/ Have a great weekend 🧡
2
16
245
Want to WIN SWAG?🏆
Play the game!🎮
🔒Guess the password (26 letters)
🔢Numbers correspond to letters
✍️Example: 1 = A, 2 = B, 3 = C
🔑We'll drop a hint for every 100 likes
👇Comment your guess below, no letters allowed
Hint:
#StarWars
#MayTheForceBeWithYou
#WorldPasswordDay
90
25
243
A quick one-liner that will gather + crawl all subdomains, then convert to a custom wordlist unique to that organisation based on discovered URLs!
subfinder -d bugcrowd[.]com -silent | httpx -silent | hakrawler -plain | tr "[:punct:]" "\n" | sort -u
0
81
246
👀 Want to win swag?
👇 As a hacker, tell us 1 way you take care of your mental health.
🧡 Reminder:
#YouMatter
#YourMindMatters
#MentalHealthAwarenessMonth
301
17
246
🚨CHALLENGE TIME🚨
Can you popup an alert?😉
Rules⤵️
📣DM us a screenshot once complete
📣100 likes & we'll release a hint
15 winners⤵️
🥇5 winners: hoodies
🥈5 winners: t-shirts
🥉5 winners: stickers + glasses
GO 👉
Challenge by
@MRCodedBrain
29
38
246
Today’s
#BugcrowdScholar
challenge is simple!
Comment below with your best bug bounty tip that's helped you save time or make impact and we'll choose some random scholars!
#BugBountyTips
#BugcrowdTipJar
🤓
88
46
242
A list of payloads to detect XSS vulnerabilities:
🐞 XSS in HTML/Applications
🐛 XSS in wrappers javascript and data URI
🐜 XSS in files
🦟 XSS in PostMessage
🪲 Filter Bypass and exotic payloads
And more! 👇
0
63
242