The Bug Hunter's Methodology (TBHM)

A comprehensive methodology for web application bug bounty hunting, based on Jason Haddix's Bug Hunter's Methodology.

• 01 - Philosophy - Mindset, differences from standard testing, report writing tips
• 02 - Discovery - Finding the road less traveled, recon tools, port scanning
• 03 - Mapping - Directory bruteforce, OSINT, platform identification
• 04 - Authorization and Session - Auth flaws, session management testing
• 05 - XSS - Cross-site scripting, polyglot payloads, input vectors
• 06 - SQLi - SQL injection, polyglots, SQLmap, cheat sheets
• 07 - File Upload - LFI, malicious uploads, RFI, open redirects
• 08 - CSRF - Cross-site request forgery testing checklist
• 09 - Privilege / Logic / Transport - Privilege escalation, IDOR, business logic, transport security
• 10 - Mobile - Mobile app data storage, logs, iOS testing
• 11 - Auxiliary Info - Noise vulns, data-driven assessment workflow
• 12 - IDOR - Insecure direct object references
• Fast Testing Checklist - Quick reference checklist for time-boxed assessments
• v4 README - Version 4 updates

1. Hit all forms (search, registration, contact, password reset, comment) with polyglot strings
2. Scan those functions with Burp's built-in scanner
3. Check cookie behavior across login/logout/timeout cycles
4. Perform user enumeration checks
5. Test password reset flows (plaintext? URL token? reusable?)
6. Rotate numeric account identifiers in URLs
7. Test sensitive functions for IDOR, auth bypass, CSRF, HTTP downgrade
8. Directory brute with SecLists top short list
9. Test upload functions for executable file types