bugcrowd
@Bugcrowd
Followers
167,560
Following
6,458
Media
7,399
Statuses
23,635
The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
San Francisco, CA
Joined September 2012
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Haitian
• 593459 Tweets
Springfield
• 427110 Tweets
Labour
• 373783 Tweets
Yunes
• 242065 Tweets
Argentina
• 225648 Tweets
Colombia
• 203286 Tweets
Morena
• 202474 Tweets
PS5 Pro
• 188817 Tweets
Senado
• 181133 Tweets
PlayStation
• 144481 Tweets
Anna
• 134947 Tweets
Sony
• 134683 Tweets
England
• 117094 Tweets
CONGRATULATIONS BTS
• 88669 Tweets
Nintendo
• 74282 Tweets
Tony
• 73586 Tweets
#الكويت_العراق
• 64390 Tweets
バーレーン
• 51105 Tweets
Swalwell
• 50858 Tweets
Marko Cortés
• 26676 Tweets
#TemptationIsland
• 26417 Tweets
Finland
• 23330 Tweets
Trent
• 22878 Tweets
Lola
• 22589 Tweets
Barranquilla
• 20277 Tweets
Fang Fang
• 16938 Tweets
اليابان
• 16887 Tweets
Dave Grohl
• 16393 Tweets
Bernstein
• 15572 Tweets
Harry Kane
• 15265 Tweets
Adult Content
• 15223 Tweets
#KohLanta
• 14392 Tweets
Alfred
• 11673 Tweets
De Ligt
• 10946 Tweets
#NEDGER
• 10261 Tweets
Like for hacker cat. Retweet for hacker dog. You can only choose one...
46
354
2K
When you encounter a 403 Forbidden page 🚫 , try adding an "X-Client-IP" header with the value "127.0.0.1"
#bugbountytips
✌🏽
11
402
2K
When you encounter a 403 Forbidden page, try adding a "X-Client-IP" header with the value "127.0.0.1".
#bugcrowdtipjar
13
288
934
┏━━┓┏━━┓┏━━┓┏━┓
┗━┓┃┃┏┓┃┗━┓┃┗┓┃
┏━┛┃┃┃┃┃┏━┛┃ ┃┃
HACK THE PLANET
┃┏━┛┃┃┃┃┃┏━┛ ┃┃
┃┗━┓┃┗┛┃┃┗━┓ ┃┃
┗━━┛┗━━┛┗━━┛ ┗┛
8
147
775
Bringing an important tip back! 👇
When you encounter a 403 Forbidden page 🚫 , try adding an "X-Client-IP" header with the value "127.0.0.1"
#BugBountyTips
18
188
780
🎉 100k Giveaway 🎉
Hackers walked so Bugcrowd could run. Thank you for being part of our community! 🏃 💯
To show our appreciation, we're giving away swag all day! 😎
To enter 🎟️ ⤵️
🔁 RETWEET
🧡 LIKE
✅ Drop your fave Bugcrowd memory below👇
#ItTakesACrowd
340
402
710
Found a Wordpress site? The easiest place to find bugs is in the plugins.
1. Find the installed plugins with WPScan
2. Set up your own WP instance and install the same plugins
3. Hack your own instance
4. Report your bugs!
The most common bug you'll find with this method is XSS
13
122
592
Week of
#giveaways
starts now! 🎁
Complete the tasks for your chance to win swag ⤵
✅ Retweet
✅ Like
✅ Tag a friend in the comments
#ItTakesACrowd
#OuthackThemAll
398
385
566
Nobody:
Not even hackers:
Hackers in pop culture after pushing one button: "I'M IN!"
19
82
547
This is very cool. Get cheatsheets in your terminal with a curl command!
⌨️ Try this: curl
Shout out to
@igor_chubin
! 🎉
8
167
561
Our Web Hacking Resources Kit will help you to master the basics and get you on your way to your next P1! 😎
Check it out! 📲
#BugBountyTips
#Hackers
4
163
483
┏━━┓┏━━┓┏━━┓┏━━┓
┗━┓┃┃┏┓┃┗━┓┃┗━┓┃
┏━┛┃┃┃┃┃┏━┛┃┏━┛┃
HACK THE PLANET
┃┏━┛┃┃┃┃┃┏━┛┃┏━┛
┃┗━┓┃┗┛┃┃┗━┓┃┗━┓
┗━━┛┗━━┛┗━━┛┗━━┛
6
82
483
In your opinion, what hacking tool does every hacker needs in their arsenal? 🛠️
162
44
462
What's your favorite part of this hacker setup? 💻👇
We would share ours, but we can't choose just one. 👀
It's. Too. Cool. 😈 😎
Thanks for sharing!!
@aditi_singghh
48
29
455
13
112
451
If you're hunting for low-hanging bugs in source code, grep and regex can help you to identify hotspots. For example, you might find basic rXSS in PHP with something like this:
grep -r "echo.*\$_\(GET\|REQUEST\|POST\)" .
3
135
440
3 ways to use Nmap as a vulnerabiltiy scanner
🐛 nmap -sV --script vuln <target>
🪲 nmap -sV --script vulners.nse <target>
🐞 nmap -sV --script vulscan/vulscan.nse <target>
Details on using vulscan in thread 🧵👇
2
106
411
GIVEAWAY 🎁🎁
It's simple, here are the rules:
🧑💻 Be a hacker
🔁 Retweet
❤️ Like
📝 Fill out the survey
👇 Drop an emoji when done
You could win an entire swag bundle just by filling out the survey 😱
228
224
400
XXE's are still quite common, and they're usually a P1!
Here are places that you can look for them, comment if you have any other ideas!
Thread 👇.
6
127
394
When hunting for bugs, look for features that are complex. As a rule of thumb:
More complex = less secure.
#BugBountyTips
11
76
383
Here are a few ways to make the most of an XSS. Comment if you can think of some other ideas or resources! Thread 👇.
18
132
391
.
@InsiderPHD
's top bug bounty hunting tools of 2023 🚀
🔨 Burp Suite
🔧 Kiterunner
🪛 Shodan
🪚 Amass
🗜️ FFUF
⛏️ SQLMap
🪓 Frida
🔩 TruffleHog
🛠️ XSS Hunter Express
⚒️ Nuclei
🧰 Interactsh
What would you add or remove from this list in 2024?
5
60
383
In case you missed it, this Web Hacking Resources kit is here for you. 😎
What tools would you like to see added? 👇
#BugBountyTips
8
117
365
Have you been lookin for a crash course on XXE bugs? It's a class of bugs often missed by even the most seasoned hackers. 🤓
Here is everything you need to know to start finding XXE bugs. Godspeed! Happy hacking!
7
152
367
Did you know: The term 'bug' (as it refers to computers) was first coined in 1947 when a group of computer scientists found an actual moth causing malfunctions in a computer.
14
66
352
What hacking tool does every hacker needs in their arsenal? Let us know 👇
105
69
355
10 recon tools for bug bounty hunting in 2024 🪲🔍
1️⃣ Nmap
2️⃣ SecurityTrails
3️⃣ Amass
4️⃣ Dirsearch
5️⃣ subfinder
6️⃣ Httpx
7️⃣ GitHub code search
8️⃣ Google Dorks
9️⃣ Shodan
🔟 Censys
What tools would you add to this list?
10
73
359
Looking to quickly dump URLs from a webpage using curl and some regex magic!? Try:
curl -s
https://www.bugcrowd[.]com
| pcregrep -o "(http:\/\/|https:\/\/).*?(?=\"|'| )" | sort -u
3
112
341
"For me, the ninth month of the Islamic calendar, Ramadan, is the month to think about the blessings Allah has casted on me and my family, reflect on the year and act towards becoming a better Muslim."
- Murtaza Haizji (Senior Manager Demand Gen)
Ramadan Mubarak 🙏
24
31
325
How to enumerate subdomains using Ffuf and SecLists!
Just like you would fuzz directories but you put "FUZZ" at the start of the URL instead of at the end.
⌨️ ffuf -u FUZZ.<target> -w <wordlist>
4
80
326
What's something a non-hacker wouldn't understand?
We'll go first: congratulating each other for finding bugs 🐛
65
18
311
New to bounties?
We've created this page containing links to everything you need to know including free educational resources, researcher docs, how to find bugs, beginner resources, how to get private invites, and more. Login to view!
#BugcrowdTipJar
2
114
318
If you ever find a SSRF on a Windows box, try running on your own VPS, then send the SSRF to file://<yourvps>. With a bit of luck, the server will send you some tasty Windows NetNTLMv2 hashes to crack!
What are other methods do you use?
#BugcrowdTipJar
5
78
318
Here's one for all you Google Dorks out there! 🤓
Try something like "© [COMPANY]. All rights reserved." to find new root domains!
2
65
320
XSS is the most common bug class! It pays to be good at finding them. In the latest how-to blog post,
@hakluke
covers what XSS is, different discovery methods, contexts, filter bypasses, weaponized payloads, and more.
3
134
313
Hacking is fun and all, but what are your hobbies outside of infosec?
163
16
300
While he hits some pretty big bounties, you might be surprised how
@hunter0x7
got started in bug hunting.
Join us for this researcher spotlight and down to earth chat with Ahsan Khan!
#ItTakesACrowd
25
34
298
Roses are red. 🌹
P5's are blue. 5️⃣
Dups happen sometimes, 🐜
but they're valid bugs too! 🌟
8
40
286
What are the best resources for beginners? What do you recommend to hackers who are just starting out? We're all 👂👂👂
35
73
292
A meme a day keeps the blues away.
🔁 Retweet for meme 1
💙 Like for meme 2
⚠️ We will choose one random participant to win SWAG!
#BugBountyMemes
by
👉
@thecryptohack3r
16
86
287
WOAHHHHHHHHHHH! congratulations!! 🐛💸👏
I was awarded $65,400 for my submissions on
@bugcrowd
#ItTakesACrowd
The
#bugbounty
#bugbountytip
here is turn off your testing mindset and turn on your vulnerability research mindset.
58
39
712
4
14
287
When you find an XSS, at minimum, use alert(document.domain) over alert(1). This helps to demonstrate the context that the JavaScript is executing in. Even better, escalate the XSS to perform an account takeover!
Don't forget to share your own XSS tips using
#BugBountyTipJar
8
50
286
.
@binance
has launched a public
#bugbounty
program with
@Bugcrowd
! Get all the new program details here:
#OuthackThemAll
31
82
241
Step 1: Go to your computer.
Step 2: Start hacking.
Step 3: Submit your bugs.
21
35
277
Do you have a New Year's resolution to start bug bounty hunting?
Get a head start with
@nahamsec
's HUGE list of resources for beginners:
🐞 Basics
🐛 Blogs & Talks
🐜 Books
🦟 Setup
🪲 Tools
🪳 Labs
🕷️ Talks
🐜 Coding
🦟 Mindset
And more! 👇
4
87
275
We're giving swag, you're giving tips!
Day 4 of
#giveaways
🎁 👇
What's the best resource you've added to your
#bugbounty
library? 👀
133
47
275
Researchers,
⊂_ヽ
\\ we
\( ͡° ͜ʖ ͡°)
> ⌒ヽ
/ へ\
/ / \\appreciate
レ ノ ヽ_つ
/ /
/ /|
( (ヽ
| |、\you!
| 丿 \⌒)
| | ) /
ノ ) Lノ
(_/
Have a great weekend. 😎
7
21
259
👋 Researchers!
What's a hacking tool all beginners should be using? 🛠️
Asking for a friend! 🤭
#ItTakesACrowd
75
40
263
Today seems like a good day to watch YouTube 🥱
Tell us your favorite
#hacker
content creator and be entered to win a Pentesterlab Subscription!👇
Week of
#giveaways
day 2 🎁
220
29
261
New year, new swag, new game!
Hacker's choice: THIS or THAT❓
Drop your choice below and be entered to win NEW swag! 👇
#MacintoshDay
361
20
255
We're dropping some
#BugBountyTips
👉 Chain AutoRepeater and Taborator to Automate SSRF Findings.
Created by:
@bsysop
👏
Check the thread below for more details ⤵️
10
78
248
Looking at getting into bug bounty hunting?
Bugcrowd University is a ✨FREE✨ project to help you level-up your skills!
Modules include:
✅ Making a Good Submission
✅ Burp Suite
✅ XSS
✅ Recon and Discovery
✅ SSRF
✅ XXE
And more!
Jump in 👇
7
71
251
Want to WIN SWAG?🏆
Play the game!🎮
🔒Guess the password (26 letters)
🔢Numbers correspond to letters
✍️Example: 1 = A, 2 = B, 3 = C
🔑We'll drop a hint for every 100 likes
👇Comment your guess below, no letters allowed
Hint:
#StarWars
#MayTheForceBeWithYou
#WorldPasswordDay
90
25
242
A quick one-liner that will gather + crawl all subdomains, then convert to a custom wordlist unique to that organisation based on discovered URLs!
subfinder -d bugcrowd[.]com -silent | httpx -silent | hakrawler -plain | tr "[:punct:]" "\n" | sort -u
0
81
247
🚨CHALLENGE TIME🚨
Can you popup an alert?😉
Rules⤵️
📣DM us a screenshot once complete
📣100 likes & we'll release a hint
15 winners⤵️
🥇5 winners: hoodies
🥈5 winners: t-shirts
🥉5 winners: stickers + glasses
GO 👉
Challenge by
@MRCodedBrain
29
38
245