Pentest engineer for Telegram bots

Hello!

I am interested in the task of testing the security of Telegram bots. I possess the necessary skill set to conduct a quality analysis and find vulnerabilities.

Why I am suitable for this task:

Deep understanding of architecture: I actively work with APIs and network protocols, which allows me to see vulnerabilities at the implementation level (logic, improper input handling, insecure APIs).

Technical background: I have experience in development with Python/Java/C++, which helps me quickly analyze the bot's source code and find hidden bugs in the logic that are not accessible during regular "black box" testing.
…
Methodology: In my work, I rely on OWASP Top 10 standards and the specifics of API protection.

What I am ready to do right now:

Attack surface analysis: Checking endpoints and interactions with the Telegram Bot API.

Finding logical vulnerabilities: Checking for bypassing restrictions, manipulating the bot's state, and data leaks.

Reporting: I will provide a detailed report that will include not only the found vulnerabilities but also specific recommendations for their remediation (with code examples, if necessary).

I am ready to start working on the task immediately after discussing the details. Please let me know if there is access to the bot's source code or if testing needs to be conducted using the "black box" method?

I would be happy to help ensure the security of your product.

Best regards,
Yaroslav

Show original

Translate

Good day, Alexey!

I specialize in the security of Telegram bots and their APIs — I will conduct a pentest on the matter, without any fluff.

What I will check:
• Bot logic: authorization by chat_id/user_id, IDOR (access to others' data), bypassing scenarios and states, injections in commands and user input.
• API and webhooks: endpoint authentication, data leaks, lack of rate-limiting, request forgery, secrets in traffic.
• Integrations and third-party services: token security, error handling, leaks through logs and responses.
• Methodology: OWASP Top 10 and OWASP API Security Top 10.
…
Result: a report with vulnerabilities, their criticality by risk, and specific recommendations for remediation — clear for both developers and the business.

Timeline: 2 days for one bot (I will clarify the volume for the cluster).
Cost: 25 EUR upfront, final price based on the exact volume.

Examples of work and reviews: Freelancehunt

Ready to start immediately after access clarification.

Show original

Translate

Good day, Alexey!

I see you have also posted a project on load testing — I am ready to take both on a turnkey basis, as they logically complement each other.

Regarding the pentest:

I will check for typical vulnerabilities in Telegram bots:

IDOR via chat_id / user_id — unauthorized access to others' data
… Injection in user inputs (SQL, command injection)
Leakage of bot token / webhook URL
Webhook security (SSL, secret token, replay attacks)
Bypassing authorization and privilege escalation
API security — rate limiting, data leakage in responses
Result: a report detailing vulnerabilities, severity level (CVSS), and specific recommendations for remediation.

Deadline: 3 days
Cost: please specify the budget — competitors in your project have set unrealistic amounts, I will propose a reasonable price.

Please clarify: is the bot on webhook or polling, are there any external integrations?

Show original

Translate

Hello. Does the bot use external APIs or third-party services for data processing?

I will clarify the details regarding deadlines and budget in personal correspondence.

Here’s how I will execute this project:
1. I will conduct a manual and automated analysis of the bot's logic and its commands.
2. I will test the API endpoints and integrations for data leaks and injections.
3. I will compile a report describing the identified risks, their criticality, and specific recommendations.

… Thank you for considering my proposal. I look forward to the opportunity to collaborate with you!

Show original

Translate

Good day! We have experience in conducting pentests for bots and integrations. We implement checks through API analysis, search for logical vulnerabilities, and assess risks according to OWASP. We will provide a detailed report with practical recommendations for addressing identified threats. We are ready to start the security audit of your project in the near future.

Show original

Translate