Security & Bug Bounty

We take security seriously. Help us find vulnerabilities in TurboPentest and earn credit rewards for valid reports.

In Scope

  • turbopentest.com web application
  • API endpoints (api.turbopentest.com)
  • Authentication and authorization flows
  • Payment and billing logic
  • Pentest scheduling and credit management

Out of Scope

  • Denial of Service (DoS/DDoS) attacks
  • Social engineering or phishing
  • Physical security testing
  • Third-party services (Stripe, Mailgun, GitHub)
  • Pentest infrastructure (P4L4D1N agent)
  • Automated pentesting without prior approval

Reward Tiers

Critical
1× Comprehensive credit
High
1× Deep credit
Medium
1× Standard credit
Low
1× Recon credit

Rules of Engagement

Responsible Disclosure: Give us reasonable time to fix issues before public disclosure.

No Disruption: Do not degrade service availability or access other users' data.

One Account: Test only with accounts you own. Do not access or modify other users' data.

Good Faith: Act in good faith and avoid privacy violations, data destruction, or service interruption.

Duplicates: First valid report for an issue receives the reward. Duplicate reports will be closed.

Ready to Submit a Report?

Sign in to submit vulnerability reports and track your submissions.