0% found this document useful (0 votes)

464 views5 pages

Bug Bounty Checklist Fillable

The document outlines a two-week bug bounty learning path checklist, detailing daily tasks and resources from platforms like TryHackMe and PortSwigger. It covers fundamental topics such as web reconnaissance, various types of vulnerabilities, and practical exercises for exploitation. Additionally, it includes estimated payouts for common bugs like XSS, SQL Injection, and CSRF.

Uploaded by

Nassur Juma

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

464 views5 pages

Bug Bounty Checklist Fillable

Uploaded by

Nassur Juma

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 5

Bug Bounty Learning Path Checklist

This checklist helps you track progress in your two-week bug bounty learning journey
using free resources from TryHackMe, Hack The Box, and PortSwigger. Tick off each
task as you complete it.

Week 1: Bug Bounty Fundamentals & Recon

Day 1: Introduction to Bug Bounties

Read 'What is Bug Bounty?' on
HackerOne Complete TryHackMe:
Web Fundamentals Set up a Burp
Suite environment

Day 2: Web Reconnaissance

Learn Passive vs. Active Recon
Complete PortSwigger: Information
Disclosure TryHackMe: OSINT Module
Day 3: Google Dorking & Shodan
Practice Google Dorks
Use Shodan to find vulnerable
assets TryHackMe: Google
Dorking Module
Day 4: Subdomain Enumeration
Use Sublist3r and Amass for subdomain
discovery TryHackMe: Subdomain
Enumeration Lab
Read about Wildcard DNS and Takeovers
Day 5: Directory Bruteforcing
Use Gobuster and FFUF to find hidden
directories TryHackMe: Web Directory
Enumeration
Understand Forbidden Directory Bypasses
Day 6: Parameter Discovery
Use Arjun for parameter fuzzing
Read about URL parameters and attack
vectors TryHackMe: Parameter Tampering
Bug Bounty Learning Path Checklist

Lab
Day 7: Review & Capture The Flag (CTF)
Solve a web-based CTF challenge
Bug Bounty Learning Path Checklist

Review recon
techniques Plan for
Week 2

Week 2: Exploiting Bugs for Bug Bounties

Day 8: XSS - Cross-Site Scripting

Complete PortSwigger: XSS
Labs TryHackMe: XSS
Fundamentals Practice DOM-
based XSS

Day 9: SQL Injection

Complete PortSwigger: SQL Injection
Labs Use SQLMap for automated
testing
TryHackMe: SQL Injection Module
Day 10: IDOR (Insecure Direct Object Reference)
Understand how IDOR works
TryHackMe: Broken Access
Control Test real-world API
endpoints for IDOR
Day 11: CSRF (Cross-Site Request
Forgery) Learn about CSRF token
validation Complete
PortSwigger: CSRF Labs Practice
CSRF exploitation

Day 12: SSRF (Server-Side Request Forgery)

Complete PortSwigger: SSRF
Labs Use Burp Suite to test for
SSRF
TryHackMe: SSRF Module
Day 13: Exploiting Authentication Flaws
Learn about JWT and Session
Hijacking TryHackMe: Authentication
Bug Bounty Learning Path Checklist

Bypass
Test OAuth and SSO vulnerabilities
Day 14: Reporting & Bug Submission
Read 'How to Write a Good Bug Report'
Bug Bounty Learning Path Checklist

Review top bug bounty write-

ups Submit a report on a test
platform

Low-Hanging Bugs & Payouts

XSS (Cross-Site Scripting) (Easy) - Estimated Payout: $500 -

$1,500 SQL Injection (Medium) - Estimated Payout: $2,000 -
$10,000
IDOR (Broken Access Control) (Easy) - Estimated Payout: $500 - $5,000
CSRF (Cross-Site Request Forgery) (Medium) - Estimated Payout: $1,000 -
$3,000 SSRF (Server-Side Request Forgery) (Hard) - Estimated Payout:
$3,000 - $10,000

Complete Roadmap For Bug Bounty
No ratings yet
Complete Roadmap For Bug Bounty
2 pages
Bug Bounty 12 Week Daily Plan
No ratings yet
Bug Bounty 12 Week Daily Plan
3 pages
Comprehensive Bug Bounty Training Guide
No ratings yet
Comprehensive Bug Bounty Training Guide
4 pages
Bug Bounty Blueprint A Beginners Guide
No ratings yet
Bug Bounty Blueprint A Beginners Guide
34 pages
Beginner's Guide to Bug Bounty
No ratings yet
Beginner's Guide to Bug Bounty
8 pages
Bugbounty Compressed
No ratings yet
Bugbounty Compressed
36 pages
Bug Bounty
No ratings yet
Bug Bounty
3 pages
Bug Bounty Course Contents
No ratings yet
Bug Bounty Course Contents
6 pages
Bug Bounty Guide: Tools & Tips
100% (2)
Bug Bounty Guide: Tools & Tips
36 pages
Beginner's Cyber Security Roadmap Guide
No ratings yet
Beginner's Cyber Security Roadmap Guide
1 page
M0chan Bug Bounty Cheatsheet
No ratings yet
M0chan Bug Bounty Cheatsheet
43 pages
Complete Bug Bounty Cheat Sheet
100% (1)
Complete Bug Bounty Cheat Sheet
5 pages
Hacking Courses Link
No ratings yet
Hacking Courses Link
1 page
Advanced Penetration Testing Course
100% (1)
Advanced Penetration Testing Course
2 pages
Bug Bounty Course LEAK 2023
No ratings yet
Bug Bounty Course LEAK 2023
1 page
HackQuest 8: Round 1 Summary
No ratings yet
HackQuest 8: Round 1 Summary
2 pages
Bug Bounty Advanced Course
No ratings yet
Bug Bounty Advanced Course
3 pages
OSCP Preparation Guide @infosectrain
No ratings yet
OSCP Preparation Guide @infosectrain
22 pages
Business Logic Vulnerability
No ratings yet
Business Logic Vulnerability
13 pages
Web Security Tools Guide
No ratings yet
Web Security Tools Guide
4 pages
Exploiting LFI Vulnerabilities in Apache
100% (1)
Exploiting LFI Vulnerabilities in Apache
7 pages
Passive Recon
No ratings yet
Passive Recon
7 pages
Bypass 403 Error 1698924938
No ratings yet
Bypass 403 Error 1698924938
9 pages
Bug Bounty Insights on Web Vulnerabilities
No ratings yet
Bug Bounty Insights on Web Vulnerabilities
14 pages
Free Bug Bounty Tools for Termux & Kali
No ratings yet
Free Bug Bounty Tools for Termux & Kali
2 pages
7 Bug Bounty Myths
No ratings yet
7 Bug Bounty Myths
11 pages
GitHub - Bettercap:Bettercap: The Swiss Army Knife For 802.11, BLE and Ethernet Networks Reconnaissa
No ratings yet
GitHub - Bettercap:Bettercap: The Swiss Army Knife For 802.11, BLE and Ethernet Networks Reconnaissa
3 pages
The Art of Authentication Bypass
No ratings yet
The Art of Authentication Bypass
49 pages
Abusing HTTP Misconfigurations
No ratings yet
Abusing HTTP Misconfigurations
61 pages
Host Header Injection and Risks
No ratings yet
Host Header Injection and Risks
11 pages
Bugbounty Cheetsheet
No ratings yet
Bugbounty Cheetsheet
33 pages
Security Operation Center Cheat Sheet
No ratings yet
Security Operation Center Cheat Sheet
4 pages
Cybersecurity Course Overview
No ratings yet
Cybersecurity Course Overview
56 pages
Vulnerabilities in Modern Web Applications
100% (2)
Vulnerabilities in Modern Web Applications
34 pages
Free Web Penetration Testing Course
No ratings yet
Free Web Penetration Testing Course
5 pages
Bug Bounty
No ratings yet
Bug Bounty
1 page
Bug Bounty SEO Tips & Tricks
No ratings yet
Bug Bounty SEO Tips & Tricks
1 page
Web Penetration Testing Roadmap
No ratings yet
Web Penetration Testing Roadmap
11 pages
JHaddix Bug Hunting Methodology V4
0% (1)
JHaddix Bug Hunting Methodology V4
1 page
Subdomain Analysis and Header Extraction Guide
No ratings yet
Subdomain Analysis and Header Extraction Guide
1 page
G O N Y: Ignite Technologies
No ratings yet
G O N Y: Ignite Technologies
34 pages
XSS Attack Techniques and Payloads Guide
No ratings yet
XSS Attack Techniques and Payloads Guide
11 pages
Chatgpt For Bugbounty
No ratings yet
Chatgpt For Bugbounty
28 pages
Cybersecurity Learning Roadmap
No ratings yet
Cybersecurity Learning Roadmap
2 pages
XSS-Tips N Tricks
No ratings yet
XSS-Tips N Tricks
19 pages
Lab 03 SQL Vulnerabilities
No ratings yet
Lab 03 SQL Vulnerabilities
4 pages
Bug Bounty Lab Manual for Teachers
No ratings yet
Bug Bounty Lab Manual for Teachers
30 pages
OWASP - WebGoat - Introduction To XSS
No ratings yet
OWASP - WebGoat - Introduction To XSS
11 pages
Bug Bounty Hunting Roadmap For Beginners by Digitokawn
No ratings yet
Bug Bounty Hunting Roadmap For Beginners by Digitokawn
10 pages
Bug Bounty
No ratings yet
Bug Bounty
7 pages
Recon To Master - The Complete Bug Bounty Checklist - by Coffinxp - Jul, 2025 - InfoSec Write-Ups
No ratings yet
Recon To Master - The Complete Bug Bounty Checklist - by Coffinxp - Jul, 2025 - InfoSec Write-Ups
1 page
Mastering The Art of Web Application Penetration Testing - Learn
No ratings yet
Mastering The Art of Web Application Penetration Testing - Learn
22 pages
Projectdiscovery - Katana - A Next-Generation Crawling and Spidering Framework
No ratings yet
Projectdiscovery - Katana - A Next-Generation Crawling and Spidering Framework
15 pages
Attacking Web Applications With Ffuf
No ratings yet
Attacking Web Applications With Ffuf
24 pages
Bug Bounty Beginner's
No ratings yet
Bug Bounty Beginner's
8 pages
Penetration Testing Web Application - Web Application (In) Security
No ratings yet
Penetration Testing Web Application - Web Application (In) Security
2 pages
Cyber-Security Roadmap
No ratings yet
Cyber-Security Roadmap
3 pages
Understanding Cross Site Scripting (XSS)
100% (1)
Understanding Cross Site Scripting (XSS)
15 pages
Attacking Web Applications With Ffuf
No ratings yet
Attacking Web Applications With Ffuf
24 pages
Bug Bounty Learning Path
No ratings yet
Bug Bounty Learning Path
5 pages
CNS Unit 3
No ratings yet
CNS Unit 3
38 pages
Lesson 16 - Hacking Web Application
No ratings yet
Lesson 16 - Hacking Web Application
112 pages
Lab 1.4
No ratings yet
Lab 1.4
2 pages
AVG Anti-Virus Free Edition 9.0 Overview
No ratings yet
AVG Anti-Virus Free Edition 9.0 Overview
4 pages
Cloud Security - A Primer by Yogesh Gupta, CISSP® CCSK CCSP - The Cloud, Services, Standards - Peerlyst
No ratings yet
Cloud Security - A Primer by Yogesh Gupta, CISSP® CCSK CCSP - The Cloud, Services, Standards - Peerlyst
8 pages
Information Security Overview
No ratings yet
Information Security Overview
11 pages
CA v1.0 Skills Assessment
No ratings yet
CA v1.0 Skills Assessment
4 pages
Nis Unit2
No ratings yet
Nis Unit2
28 pages
Security+ Guide To Network Security Fundamentals, Fourth Edition
No ratings yet
Security+ Guide To Network Security Fundamentals, Fourth Edition
54 pages
ICDL Cyber Security - Syllabus 2.0
No ratings yet
ICDL Cyber Security - Syllabus 2.0
9 pages
Microsoft Azure Explained
No ratings yet
Microsoft Azure Explained
2 pages
CH1 Introduction To Information Assurance and Security
No ratings yet
CH1 Introduction To Information Assurance and Security
37 pages
Cylinders Brochure
No ratings yet
Cylinders Brochure
20 pages
MAS - Methodology To Select Security Information and Event Management (SIEM) Use Cases
No ratings yet
MAS - Methodology To Select Security Information and Event Management (SIEM) Use Cases
35 pages
Instant Access To Mike Meyers CompTIA Security Certification Passport Exam SY0 501 Fifth Edition Dunkerley Ebook Full Chapters
100% (1)
Instant Access To Mike Meyers CompTIA Security Certification Passport Exam SY0 501 Fifth Edition Dunkerley Ebook Full Chapters
55 pages
Lecture 8 - Firewall IPS
No ratings yet
Lecture 8 - Firewall IPS
32 pages
ICT IGCSE Safety and Security Guide
100% (2)
ICT IGCSE Safety and Security Guide
5 pages
Lecture No 6
No ratings yet
Lecture No 6
21 pages
Vyatta-VPN 6.5R1 v01
No ratings yet
Vyatta-VPN 6.5R1 v01
502 pages
Ethical Hacking Intermediate Course
No ratings yet
Ethical Hacking Intermediate Course
32 pages
Huawei Wireless CWA With Identity Services Engine
No ratings yet
Huawei Wireless CWA With Identity Services Engine
15 pages
SOC & SIEM Essentials for IT Teams
No ratings yet
SOC & SIEM Essentials for IT Teams
52 pages
Artigo 2 - The Evolution of Cybercrime
No ratings yet
Artigo 2 - The Evolution of Cybercrime
3 pages
Cissp Domain 6
No ratings yet
Cissp Domain 6
9 pages
Database User Insertions
No ratings yet
Database User Insertions
22 pages
CP18 Ubuntu22 Training Answer Key
No ratings yet
CP18 Ubuntu22 Training Answer Key
11 pages
IT Security Audit Essentials
No ratings yet
IT Security Audit Essentials
4 pages
Chapter 8 CNS
No ratings yet
Chapter 8 CNS
28 pages
Active Directory Pentest Course-1
No ratings yet
Active Directory Pentest Course-1
19 pages
Invoice Format 23
No ratings yet
Invoice Format 23
7 pages

Bug Bounty Checklist Fillable

Uploaded by

Bug Bounty Checklist Fillable

Uploaded by

Bug Bounty Learning Path Checklist

Week 1: Bug Bounty Fundamentals & Recon

Day 1: Introduction to Bug Bounties

Day 2: Web Reconnaissance

Week 2: Exploiting Bugs for Bug Bounties

Day 8: XSS - Cross-Site Scripting

Day 9: SQL Injection

Day 12: SSRF (Server-Side Request Forgery)

Review top bug bounty write-

Low-Hanging Bugs & Payouts

XSS (Cross-Site Scripting) (Easy) - Estimated Payout: $500 -

You might also like