2019-12-12 09:50:59 +00:00
# Resources-for-Beginner-Bug-Bounty-Hunters
2020-01-16 07:46:23 +00:00
## Labs & Testing Environments 🧪
2019-12-12 09:50:59 +00:00
2021-02-25 05:46:20 +00:00
### Web Hacking Fundamentals
#### Free
2019-12-12 09:50:59 +00:00
- [Hacker101 ](https://www.hacker101.com/ ) | Good Exercises for Beginners, can earn you private Invites on HackerOne
- [HackEdu ](https://hackedu.io )
2021-02-25 05:46:20 +00:00
- [Web Security Academy ](https://portswigger.net/web-security )
- [HackThisSite ](https://hackthissite.org/ )
- [CTFChallenge ](https://ctfchallenge.co.uk ) | Web CTF based on real vulnerabilities
- [XSS-Game ](https://xss-game.appspot.com/ ) | Learning Platform for XSS
- [Hacksplaining ](https://www.hacksplaining.com/ )
#### Premium
- [Pentesterlab ](https://pentesterlab.com/referral/olaL4k8btE8wqA ) | Good Labs with a broad variety of Topics, some very good Web Application Exercises
- [BugBountyHunter ](https://www.bugbountyhunter.com/ ) | Learn how to test for security vulnerabilities on web applications
#### Misc
2020-02-26 09:41:06 +00:00
- [0l4bs - Cross-site scripting labs for web application security enthusiasts ](https://github.com/tegal1337/0l4bs ) - by tegal1337
2021-02-25 05:46:20 +00:00
- [Will it CORS? ](https://httptoolkit.tech/will-it-cors/ ) | Tell this magic CORS machine what you want, and it'll tell you exactly what to do
- [XSS Labs from PwnFunction ](https://xss.pwnfunction.com/ ) Great Labs in a beautiful layout
### Vulnerable Apps
- [Google Gruyere ](https://google-gruyere.appspot.com/ )
- [DVWA ](http://www.dvwa.co.uk )
- [OWASP Juice Shop ](https://owasp.org/www-project-juice-shop/ )
- [Metasploitable 3 ](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities )
- [Multidae ](https://sourceforge.net/projects/mutillidae/ )
- [Badstore ](https://www.vulnhub.com/entry/badstore-123,41/ )
- [https://application.security/ - SSRF ](https://application.security/free-application-security-training/server-side-request-forgery-in-capital-one )
#### XSS
- [alert 1 to win ](https://alf.nu/alert1/ )
- [prompt(1) ](http://prompt.ml/0 )
- [XSS Game By Google ](https://xss-game.appspot.com/ )
### General Hacking
#### Free
- [VulnHuB ](https://www.vulnhub.com/ )
- [W3chhalls ](https://w3challs.com/ )
- [PicoCTF][https://picoctf.org/]
- [Root-Me ](https://www.root-me.org/ )
- [OverTheWire ](https://overthewire.org/wargames/natas/ )
#### Premium
- [TryHackMe ](https://tryhackme.com/signup?referrer=nahamsec ) | Cool Hacking & Pentesting Labs with Web Challenges
2020-03-22 16:09:49 +00:00
- Videos: [TryHackMe! Basic Penetration Testing ](https://www.youtube.com/watch?v=xl2Xx5YOKcI ) // [TryHackMe! EternalBlue/MS17-010 in Metasploit ](https://www.youtube.com/watch?v=s6rwS7UuMt8 ) // [TryHackMe! OhSINT - METADATA & Research ](https://www.youtube.com/watch?v=oF0TQQmFu4w )
2021-02-25 05:46:20 +00:00
- [HackTheBox ](https://www.hackthebox.eu/ ) | provides Testing Labs, some Web Application Challenges
2020-05-01 08:57:06 +00:00
- [Cyberseclabs ](https://www.cyberseclabs.co.uk/ )
- [Kontra Application Security Training ](https://application.security/free-application-security-training )
2019-12-12 09:50:59 +00:00
2019-12-12 10:07:53 +00:00
---
2021-02-25 05:46:20 +00:00
back to [Intro Page ](/README.md )
