CBBH

HackTheBox

HTB Certified Bug Bounty Hunter

Intermediate 7-day practical exam Pass: Passing report $210

Web vulnerability assessment for bug bounty — XSS, IDOR, SSRF, auth bypass, API hacking.

Official Page

IssuerHackTheBox

Format7-day practical exam

Duration7 days

Pass ScorePassing report

Overview Syllabus (7) Tools (7) Cheat Sheets (1) Labs (1)

Recommended Tools

ffuf Essential

Fuzzing

Web fuzzer

installsudo apt install ffuf

usageffuf -u http://target/FUZZ -w wordlist.txt

jwt_tool Essential

JWT

JWT testing toolkit

installpip3 install jwt_tool

usagepython3 jwt_tool.py <token> -X a

amass Essential

Recon

In-depth subdomain enumeration

installgo install github.com/owasp-amass/amass/v3/...@master

usageamass enum -d target.com -o amass.txt

gau Essential

Recon

Fetch known URLs from various sources

installgo install github.com/lc/gau/v2/cmd/gau@latest

usagegau target.com | sort -u > urls.txt

httpx Essential

Recon

Fast HTTP probing

installgo install github.com/projectdiscovery/httpx/cmd/httpx@latest

usagecat subs.txt | httpx -sc -title -tech-detect

subfinder Essential

Recon

Subdomain discovery tool

installgo install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

usagesubfinder -d target.com -o subs.txt

Nuclei Essential

Scanning

Template-based scanner

installgo install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

usagenuclei -u https://target.com -t cves/ -t exposures/

SQLMap Essential

SQLi

SQL injection automation

installsudo apt install sqlmap

usagesqlmap -u "target?id=1" --level 3 --risk 2 --batch

Burp Suite Pro Essential

Web Proxy

Web app testing proxy

installDownload portswigger.net

usageIntruder, Repeater, Scanner, Collaborator

Dalfox Essential

XSS

XSS scanner

installgo install github.com/hahwul/dalfox/v2@latest

usagedalfox url "http://target/?q=test" --silence