Helping you become a BugBountyHunter

We're on a mission to be your go-to place for everything bug bounties and to help you learn how to get started.
Learn how to test for security vulnerabilities on web applications with our various real-life web applications and begin to gain the confidence needed to apply your newly found knowledge on bug bounty programs. Browse and digest security researcher tutorials, guides, writeups and find information related to public bug bounty programs.

Made with love by @zseano


Learning about web application vulnerabilities

New or experienced, learn about various vulnerability types on custom made web application challenges based on real bug bounty findings! Learn about new techniques and bypasses whilst embracing the mindset of a hacker.

You have knowledge on what type of vulnerability you should be looking for but are you able to find it? There are no flags to find and instead you're learning about he various mistakes developers make when developing and how vulnerabilities arise from this.

The stage is yours, take it and have some fun!

Browse free challenges

For newcomers

Checking if a whitelisted string is found is a bad approach
CORS Browse challenge

🔥 Level up

"I've won a bounty" generator
XSS Browse challenge

🔥 Level up

There's cross site request forgery (CSRF) protection, but how good is it?
CSRF Browse challenge

For newcomers

Only relative redirects are allowed!
Open Redirect Browse challenge

Extended learning

ZSeano's Playground

FastFoodHackings is a demo web application designed to test your approach to discovering vulnerabilities. You've learnt about various vulnerability types from our other challenges, but now can you go and find them without knowing where they are?

With over 25 unique findings to discover but no knowledge on what to find, it's up to you to learn the hacker mindset and discover all of the vulnerabilities! Learn how the web application works and explore the various features available and begin your hunt!

Please note there is no triage available for this demo.

Visit playground

BugBountyHunter Membership

Gain confidence testing web applications with BARKER

Take your learning to the next level and put your knowledge & skills around web vulnerabilities to the test and apply them on our fully working web application dubbed BARKER.

BARKER contains over 100 real-life vulnerabilities, real bugs from real life scenarios, all you have to do is understand the features & begin testing for vulnerabilities! True hacker style. Signup, login and begin interacting with the various features and start testing for vulnerabilities instantly.

Gain confidence as you go through the application & begin to understand how everything works, parameters used etc, rather than being told, "there's xss here, can you find the bypass?". Over time the more you play with BARKER, the more you'll begin to find. How many bugs are staring at you in the face?

Learn more about joining BugBountyHunter

Our Community

Contributed by members View our honourable members

Notetaking for bug bounties

An article contributed by one of our top hackers, iBruteforce giving you tips and advice on taking effective notes when participating in bug bounties

BugBountyHunter Member Review

A review of our membership from one of our top hackers, GPRIME31.

My methodology for "FirstBlood" Hackevent

An article contributed by one of our top hackers, Jomar detailing his methodology during our members hackevent, FirstBlood