Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,006,104 coordinated disclosures
628,905 fixed vulnerabilities
1,348 bug bounty programs, 2,698 websites
23,362 researchers, 1,318 honor badges

k0tTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month | Security Researcher Profile


Security researcher k0t has already helped fix 3448 vulnerabilities.



Researcher reputation:  2290

About me:
Penetration tester & webdev.

Contact email:
[email protected]

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Bug Bounty Payment, Gift Card, T-Shirts.

Recommendations and Acknowledgements

@darione90     14 June, 2021
    Twitter darione90 Dario from Società Astronomica G.V. Schiaparelli:
Many thanks for finding and reporting an XSS vulnerability on our website!
@infoclimat     11 June, 2021
    Twitter infoclimat Frederic A from Infoclimat:
I can confirm k0t has found an XSS vulnerability on our website, that was fixed quickly after. Thanks for the finding.
@williamdam_dk     20 May, 2021
    Twitter williamdam_dk Kasper from William Dams Boghandel:
I would like to give a HUGE thank you to k0t for letting me know about a XXS vulnerability in our shop.
@obb20210429     6 May, 2021
    Twitter obb20210429 Ian from CUPE:
Thanks for a quick and useful report that helped us find and resolve the issue.
@ALLESkralle     28 April, 2021
    Twitter ALLESkralle Security Team from alleskralle:
k0t did a good job helping us fix a problem.
@OnurBuyuktezgel     21 April, 2021
    Twitter OnurBuyuktezgel Onur from U-Multirank:
Thank you for reporting the vulnerability! We appreciate your help.
@MrMoney84315336     16 April, 2021
    Twitter MrMoney84315336 Don Irmscher from Mr-Money:
Serious, fast and professional.Thanks for the report.
@NathyliciousBe     7 April, 2021
    Twitter NathyliciousBe Nathylicious from Nathylicious:
K0t did a great job of identifying and communicating the security issue he found. He provided us with the necessary information for us to validate and fix the issue. Unfortunately we can't offer any rewards for found bugs.
@cwg     21 February, 2021
    Twitter cwg Christian from Fluxicon:
Good find, detailed and prompt communication -- thanks, k0T!
@pers_fitness     18 February, 2021
    Twitter pers_fitness Oliver from Personalfitness:
Vielen Dank für die prompte Hilfe. Mit der Hilfe von k0T konnten wir einige Lücken schnell schließen. Ich bin sehr begeistert. k0T hat uns motiviert viel mehr über Datensicherheit nachzudenken und werden auch noch mehr tun.

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:5837
Total reports on VIP sites:1002
Total patched vulnerabilities:3448
Total vulnerabilities on Hold (Open Bug Bounty):1388
Recommendations received:123
Active since:05.05.2016
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Reported Vulnerabilities

All Submissions VIP Submissions




No posts in blog yet










  Latest Patched

 21.06.2021 govtech.com
 20.06.2021 gdrfad.gov.ae
 20.06.2021 realcommercial.com.au
 20.06.2021 allofustec.nnlm.gov
 19.06.2021 getchu.com
 19.06.2021 explorelearning.com
 19.06.2021 fibre2fashion.com
 19.06.2021 tme.eu
 18.06.2021 www1.caixa.gov.br
 18.06.2021 butantan.gov.br

  Latest Blog Posts

25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)
25.05.2021 by darklotuskdb
Easy XSS On Mostly Educational Websites Via Moodle
25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism

  Recent Recommendations

@darione90     19 June, 2021
    Twitter darione90:
Many thanks to garlet_marco for finding an XSS vulnerability on our website!
@RyanBoehm12     16 June, 2021
    Twitter RyanBoehm12:
Vighnesh Gupta was professional, considerate, and thorough in helping us resolve a security flaw on our website. He communicated with in a timely manner, and provided all necessary support to fix the issue. I highly recommend him.
@rus_cert     16 June, 2021
    Twitter rus_cert:
Thanks for informing us about the vulnerability and providing helpful details :-)
@Cyber91998806     16 June, 2021
    Twitter Cyber91998806:
He responded to my mails quickly and helped us how to fix the vulnerability in a professional way. I recommended this guy.
@contactsplus     15 June, 2021
    Twitter contactsplus:
Tuhin reported 3 valid vulnerabilities to us of severities High, Medium and Low.

He was very professional and helped us recreate the issues until we were able to verify.
He was awarded a bounty for his efforts.

Thank you Tuhin!

Contacts+ Security Team.