Bug Bounty Hunting Tips #1— Always read the source code

One of the first things I do when approaching a target is to search for and read through all of their public source code repositories on sites like github.com looking at every file in every directory. I also check through the commit history to see what has changed with each commit. Yes this takes time to do it and it isn’t as fun as jumping straight into hacker typer mode fuzzing inputs on web applications and APIs but it is invaluable. Once I’ve finished the official code repositories of the target I then look at contributors to each of the projects and do the same thing for each of those. Developers often share a lot of code, config, SSH keys, usernames, and passwords between work and personal projects. This has the following benefits:

1. OSINT — a huge amount of information can be gained about the target, how they code, their workflow processes, technologies used for the front end, APIs, and out of band processing, URLs called, ports used, etc.
2. Understanding — by reading through their application logic you can start to understand how the entire solution works as a whole. If an application uses ruby for their API and python for their post-collection data processing you might be able to target the back end system by slipping crafted payloads passed the front end filters.
3. Code analysis — It’s often…