HTB Certified Bug Bounty Hunter

Intermediate Multi-day practical web bug-bounty style exam + report Pass: Report/objective quality based; exact threshold n… $210

CBBH is a practical bug-bounty oriented credential centered on modern web/API attack techniques and reproducible findings. For 2026, focus on authz logic, chaining medium-severity issues, and crisp PoCs.

Official Page

IssuerHackTheBox

FormatMulti-day practical web bug-bounty style exam + report

DurationUp to 7 days (indicative)

Pass ScoreReport/objective quality based; exact threshold n…

Overview Syllabus (5) Tools (7) Cheat Sheets (2) Labs (3)

Recommended Tools

Burp Suite Essential

Proxy

Intercept, modify, and automate web testing workflows.

usageburpsuite

ffuf Essential

Web Fuzzing

Directory, parameter and virtual host fuzzing.

installsudo apt install -y ffuf

usageffuf -u https://target/FUZZ -w wordlist.txt

SecLists Essential

Wordlists

Payloads/wordlists for discovery and exploitation.

installsudo apt install -y seclists

usagels /usr/share/seclists

Nuclei

Automation

Template-based vulnerability checks for breadth.

installgo install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

usagenuclei -u https://target

feroxbuster

Content Discovery

Recursive web content discovery.

installcargo install feroxbuster

usageferoxbuster -u https://target

sqlmap

Injection Testing

Automated SQL injection testing and validation.

installsudo apt install -y sqlmap

usagesqlmap -u "https://target/item?id=1" --batch

Pwnbox/Kali

Platform

Consistent HTB exam-like tooling baseline.

usageMaintain reusable aliases and workflow scripts