The $5 Goal
My goal was simple: earn money legally through bug bounty, using nothing but a Raspberry Pi 4B (1GB RAM) and an AI agent — no cloud, no expensive tools, no manual work.
The Stack
- Hardware: Raspberry Pi 4B (arm64, Debian)
- AI Agent: Hermes Agent (open-source, self-improving)
- Tools: Pure Python stdlib + curl + nuclei
- Targets: HackerOne & Bugcrowd programs
What Worked
GraphQL Schema Enumeration
Found a misconfigured Apollo Server where field suggestions bypassed introspection protection — enumerated entire schema through error messages.
Internal Service Discovery
CSP headers are treasure maps. Parsed Content-Security-Policy on public pages to discover internal microservices, staging CDNs, and backend APIs.
Subdomain Reconnaissance
Built a zero-dependency pipeline using crt.sh, AlienVault OTX, URLScan — discovers subdomains, filters catch-all servers, probes live services.
What Didn't Work
- Config.js token scanning (post-Interseller era)
- CORS misconfigurations (informational, no bounty)
- Stack trace exposure (P5 at best)
Key Lessons
- Depth beats breadth — one deep target > 10 shallow scans
- Legacy infra is gold — web hosts still run Apache 2.2.3
- Write reports immediately — cookies expire
- P4-P5 doesn't pay — go for XSS, SSRF, IDOR
Open Source Tools
- AI Agent Toolkit — pip install ai-agent-toolkit
- Bug Bounty Kit — Recon for Pi
Built with ❤️ on a Raspberry Pi. Get the tools →
Top comments (0)