- English
- Русский
Bug Bounty Program
Help us make OpenTgResearcher more secure and get a free license!
Program Status: Active since June 2025
About Bug Bounty Program
We launched the Bug Bounty program to enhance the security of our application. If you discover vulnerabilities in our software, we will provide you with a free license as a token of appreciation.
Scope
Entry | Description |
|---|---|
Includes | apps
Web application: All client and server application features |
Includes | api
API: All public API endpoints |
Includes | dns
Infrastructure: Web server, database, configuration |
Includes | web
|
Includes | terminal
|
Includes | desktop_windows
|
Includes | terminal
|
Exception | block
DoS/DDoS attacks |
Exception | person_remove
Social engineering |
Exception | location_off
Physical attacks |
Exception | report
Spam and phishing |
Exception | warning
Disruption of third-party users |
Vulnerability Classification and Rewards
Severity Level | Description | License Type | Duration |
|---|---|---|---|
| Critical | RCE, SQL Injection, Authentication Bypass, access to all user data | Paid | 12 months |
| High | XSS, CSRF, privilege escalation, confidential data leakage | Paid | 6 months |
| Medium | Information Disclosure, IDOR, insecure configuration | Paid | 3 months |
| Low | Informational vulnerabilities, security UI/UX issues | Paid | 1 month |
Note: The specific license type is determined based on the vulnerability's impact on system security.
Participation Rules
Participant requirements:
cake
Age 18 or older |
security
Responsible disclosure |
gavel
Compliance with your country's laws |
shield
No harm to service or user data |
Reporting procedure:
looks_one
Discover vulnerability within program scope |
looks_two
Prepare detailed report with reproduction steps |
looks_3
Send report to developer's Telegram private message |
looks_4
Receive acknowledgment (within 48 hours) |
looks_5
Wait for analysis results (up to 30 days) |
looks_6
Receive license after vulnerability confirmation |
Report format:
subject
Subject: [Bug Bounty] Brief vulnerability description |
description
Description: Detailed description of the vulnerability found |
refresh
Reproduction: Step-by-step instructions |
warning
Impact: Potential damage from exploitation |
photo_camera
Evidence: Screenshots, videos, or other materials |
lightbulb
Recommendations: Suggestions for remediation (optional) |
Important Conditions
Accepted:
fiber_new
New vulnerabilities |
replay
Reproducible bugs |
priority_high
Critical security issues |
article
Detailed reports |
Not accepted:
content_copy
Duplicate reports |
info
Already known vulnerabilities |
psychology
Theoretical attacks |
smart_toy
Automated scanner results |
https
SSL/TLS configuration issues |
Disclaimer: We reserve the right to modify the Bug Bounty program terms at any time. Final decision on vulnerability severity and license type is made by our security team.
Contact
Telegram for reports: OpenTgResearcher
Response time: 48 hours
Analysis time: up to 30 days
Privacy: All reports are handled confidentially. We do not disclose vulnerability information until they are fixed.
Hall of Fame
Here will be listed the names of researchers who contributed to OpenTgResearcher security
The hall of fame is empty so far. Be the first!
Ready to start hunting vulnerabilities?
Explore our application responsibly and help us make it more secure!
OpenTgResearcher
OpenTgResearcher
Copyright Ⓒ 2022 - 2025