English

Bug Bounty Program

Help us make OpenTgResearcher more secure and get a free license!
info

Program Status: Active since June 2025

About Bug Bounty Program

We launched the Bug Bounty program to enhance the security of our application. If you discover vulnerabilities in our software, we will provide you with a free license as a token of appreciation.

The list of available licenses

Scope

Entry
 
Description
 

Includes

apps
Web application: All client and server application features

Includes

api
API: All public API endpoints

Includes

dns
Infrastructure: Web server, database, configuration

Includes

Includes

Includes

desktop_windows

Includes

Exception

block
DoS/DDoS attacks

Exception

person_remove
Social engineering

Exception

location_off
Physical attacks

Exception

report
Spam and phishing

Exception

warning
Disruption of third-party users

Vulnerability Classification and Rewards

Severity Level
 
Description
 
License Type
 
Duration
 
Critical

RCE, SQL Injection, Authentication Bypass, access to all user data

Paid

12 months

High

XSS, CSRF, privilege escalation, confidential data leakage

Paid

6 months

Medium

Information Disclosure, IDOR, insecure configuration

Paid

3 months

Low

Informational vulnerabilities, security UI/UX issues

Paid

1 month

check_circle

Note: The specific license type is determined based on the vulnerability's impact on system security.

Participation Rules

Participant requirements:
cake

Age 18 or older

security

Responsible disclosure

gavel

Compliance with your country's laws

shield

No harm to service or user data

Reporting procedure:
looks_one

Discover vulnerability within program scope

looks_two

Prepare detailed report with reproduction steps

looks_3

Send report to developer's Telegram private message

looks_4

Receive acknowledgment (within 48 hours)

looks_5

Wait for analysis results (up to 30 days)

looks_6

Receive license after vulnerability confirmation

Report format:
subject

Subject: [Bug Bounty] Brief vulnerability description

description

Description: Detailed description of the vulnerability found

refresh

Reproduction: Step-by-step instructions

warning

Impact: Potential damage from exploitation

photo_camera

Evidence: Screenshots, videos, or other materials

lightbulb

Recommendations: Suggestions for remediation (optional)

Important Conditions

Accepted:
fiber_new

New vulnerabilities

replay

Reproducible bugs

priority_high

Critical security issues

article

Detailed reports

Not accepted:
content_copy

Duplicate reports

info

Already known vulnerabilities

psychology

Theoretical attacks

smart_toy

Automated scanner results

https

SSL/TLS configuration issues

warning

Disclaimer: We reserve the right to modify the Bug Bounty program terms at any time. Final decision on vulnerability severity and license type is made by our security team.

Contact

Telegram for reports: OpenTgResearcher

Response time: 48 hours

Analysis time: up to 30 days

privacy_tip

Privacy: All reports are handled confidentially. We do not disclose vulnerability information until they are fixed.

Hall of Fame

Here will be listed the names of researchers who contributed to OpenTgResearcher security

stars

The hall of fame is empty so far. Be the first!

Ready to start hunting vulnerabilities?

Explore our application responsibly and help us make it more secure!

Application logo
OpenTgResearcher

OpenTgResearcher

Copyright Ⓒ 2022 - 2025