The $5 Goal My goal was simple: earn money legally through bug bounty, using nothing but a Raspberry Pi 4B (1GB RAM) and an AI agent — no cloud, no expensive tools, no manual work. The Stack Hardware : Raspberry Pi 4B (arm64, Debian) AI Agent : Hermes Agent (open-source, self-improving) Tools : Pure Python stdlib + curl + nuclei Targets : HackerOne & Bugcrowd programs What Worked GraphQL Schema Enumeration Found a misconfigured Apollo Server where field suggestions bypassed introspection protection — enumerated entire schema through error messages. Internal Service Discovery CSP headers are treasure maps. Parsed Content-Security-Policy on public pages to discover internal microservices, staging CDNs, and backend APIs. Subdomain Reconnaissance Built a zero-dependency pipeline using crt.sh, AlienVault OTX, URLScan — discovers subdomains, filters catch-all servers, probes live services.…