I am really eager to start pentesting for real using the bugcrowd and hackerone programs but i am kind of scared to do it from home (using my own IP adress).
Is it wise to just use my own IP or do you guys recommend using a VPN service? Or maybe TOR?
One thing to keep in mind is that if you go with a bug hunting program like the 2 you mention, then these are legal programs sanctioned by the companies themselves. You’re doing nothing illegal, so there’s actually no need to hide or be scared of them finding your IP address.
On the other hand, if you are going after targets that are not listed on either program, then you don’t have permission to bug hunt.
The other consideration is if your ISP considers the activity coming from you is not appropriate. They could cut your internet access. This might be a reason to hide utilizing VPN services or TOR. Using a VM in the cloud might be another way around this.