Tbhm
The Bug Hunters Methodology
Install / Use
/learn @jhaddix/TbhmREADME
The Bug Hunter's Methodology (TBHM)
Welcome! This repo is a collection of
- tips
- tricks
- tools
- data analysis
- and notes
related to web application security assessments and more specifically towards bug hunting in bug bounties.
The current sections are divided as follows:
Before You Get Hacking
Reconassiance
Application Analysis
- Mapping
- Authorization and Sessions
- Tactical fuzzing
- Privilege, Transport and Logic
- Web services
- Mobile vulnerabilities
Other
The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during thier day-to-day work.
@jhaddix
History
|Title| Conference | Version| Link |--|--|--|--| | How to Shot Web | Defcon 23 | 1.0 | Link | | The Bug Hunter's Methodology | xxx | xxx | Link | | The Bug Hunter's Methodology | xxx | xxx | Link | | The Bug Hunter's Methodology | xxx | xxx | Link | | The Bug Hunter's Methodology | xxx | xxx | Link |
Related Skills
node-connect
347.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
107.8kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
347.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
347.0kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
Security Score
Audited on Apr 3, 2026