Questions regarding Programming and learning path

Hey @CynicalBug,

Having strong Python skills is a great asset when bug bounty hunting. You ask some interesting questions, which I am not sure can be quickly or easily answered, since the result will probably be “it depends”. :stuck_out_tongue_winking_eye:

Gaining book knowledge is always good. Cybermentor’s courses are pretty good, but you won’t walk away as the next ‘leet coder from it. That’s not its intent. But he does use Python and bash to show how to leverage automation to make you life easier as a hunter.

A better approach to thinking about this is to ask yourself how will your programming skills help you in your bug bounty hunting career? Well that all comes down to the type of vulns you like to chase down. Its common practice to get a breadth of knowledge in all the different type of attack vectors, and then with laser focus tackle one or two vuln types that you like. Then you can apply your programming skills to speed up a lot of the grunt work that can be automated.

You don’t have to be a programmer to hunt bugs, but it definitely can help. JHaddix shows in his Bug Bounty Hunting Methodology a process that doesn’t require a lot of programming skills, but does consider scripting automation to be helpful.

One thing to consider is to find the type of vulns you like and ask yourself “when looking for this what do I have to regularly do”? Surprisingly, this is where you can then think to use those skills.

I’ll give you a personal experience from my own journey. I just love tackling APIs. There is a lot of recon I do to look for inconsistencies in the endpoints. Over time, I wrote myself a nice set of Python scripts that took what felt like hours of recon effort down to minutes. Then I shifted it into a custom Burp extension (yes, you can write Burp extensions in Python using Jython, which is really cool). Now when I see an endpoint call I can click on it and launch my extension and have reproducible results each and every time in short order. A great use of programming to make me much more efficient.


Anyways, to sum it up think about the vuln types you like to pursue. Work on those and get really good at them. In your journey to excel at that, think about how to apply your programming skills to help you do that work more efficiently. Then you will know which programming skills you might want to improve on, if any.

HTH. Happy hunting.