updates

README.md

@@ -20,6 +20,7 @@ We understand that there are more resources other than the ones we have listed a
 - [Vulnerability Types](/assets/vulns.md)
 - [Mobile Hacking](/assets/mobile.md)
 - [Smart Contracts](/assets/smartcon.md)
+- [Coding & Scripting](/assets/coding.md)
 - [Hardware & IoT](/assets/hardware.md)
 - [Blog posts & Talks](/assets/blogposts.md)
 - [Media Resources](/assets/media.md)

assets/basics.md

@@ -1,10 +1,17 @@
 # Resources-for-Beginner-Bug-Bounty-Hunters
 
 ## Table of Contents
-1. [HTTP basics](#HTTP-basics)
-2. [Networking basics](#Networking-basics)
-3. [Programming Basics](#Programming-Basics)
-4. [Automation](#Automation)
+1. [Stanford CS 253 Web Security](#Stanford-CS-253-Web-Security)
+2. [HTTP basics](#HTTP-basics)
+3. [Networking basics](#Networking-basics)
+4. [Programming Basics](#Programming-Basics)
+5. [Automation](#Automation)
+
+
+## Stanford CS 253 Web Security
+
+- [Stanford CS 253 Web Security](https://web.stanford.edu/class/cs253/) - by [@feross](https://twitter.com/feross)
+   - "This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues."
 
 ## HTTP basics
 In order to be able to learn what and how an application works, you need to be able to understand how you are communicating with it. This section is dedicated to all the resources to understand the HTTP basics.

assets/blogposts.md

@@ -34,6 +34,7 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
 - [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - [@Qab](https://twitter.com/qab)
 - [Reflected XSS in https://blocked.myndr.net](https://hackerone.com/reports/824433) - Thilakesh
+- [Google Bug Bounty Writeup- XSS Vulnerability](https://pethuraj.com/blog/google-bug-bounty-writeup/) - [@itsmepethu](https://twitter.com/itsmepethu)
 
 
 ### DOM XSS
@@ -96,6 +97,7 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a) - Mohd Shibli
 - [Beginner’s Guide to recon automation](https://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb) - Ashish Jha
 - [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - STÖK & Fisher
+- [gitGraber: A tool to monitor GitHub in real-time to find sensitive data](https://blog.yeswehack.com/2019/10/08/gitgraber-a-tool-to-monitor-github-in-real-time-to-find-sensitive-data/) - by [@adrien_jeanneau](https://twitter.com/adrien_jeanneau) & [@R_Marot](https://twitter.com/R_marot)
 
 ## Buffer Overflow
 - [Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty](https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/) - [Sam Curry](https://twitter.com/samwcyo)
@@ -119,6 +121,7 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Subdomain Recon Using Certificate Search Technique](https://www.r00tpgp.com/2020/01/subdomain-recon-using-certificate.html?m=0)
 - [Notes about Nahamsecs Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) - [maverickNerd](https://github.com/maverickNerd)
 - [10 Recon Tools For Bug Bounty](https://medium.com/@hackbotone/10-recon-tools-for-bug-bounty-bafa8a5961bd) - Anshuman Pattnaik
+- [Recon: Create a methodology and start your subdomain enumeration](https://failednuke.info/2020/recon-create-a-methodology-and-start-your-subdomain-enumeration/) - by FailedNuke
 
 ## Smart Contracts
 - [Steal collateral during `end` process, by earning DSR interest after `flow](https://hackerone.com/reports/672664)(Listed as Business Logic Error)
@@ -134,6 +137,9 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Cracking reCAPTCHA, Turbo Intruder style](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style) - James Kettle
 - [Abusing ImageMagick to obtain RCE](https://strynx.org/imagemagick-rce/) - [strynx](https://strynx.org/)
 - [How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN](https://blog.detectify.com/2019/09/19/alyssa-herrera-pulse-corporate-networks-ssl-vpn/) - [Alyssa Herrera](https://twitter.com/Alyssa_Herrera_)
+- [2 Cases of Path Traversal](https://jlajara.gitlab.io/posts/2020/03/29/Path_Traversal.html) - by [@leonishan_](https://twitter.com/leonishan_)
+- [Top 10 web hacking techniques of 2019](https://portswigger.net/research/top-10-web-hacking-techniques-of-2019) - by [James Kettle](https://twitter.com/albinowax)
+- [Understanding Search Syntax on Github](https://help.github.com/en/github/searching-for-information-on-github/understanding-the-search-syntax#exclude-certain-results) - by Github
 
 
 ---

assets/changelog.md

@@ -7,39 +7,61 @@ Updates to this repo will be pushed monthly. You can read about the latest chang
 ---
 ## Update 2020.04
 ### Added
-- New: [Hardware & IoT](/assets/hardware.md)
-    - Added Exploitee.rs Wiki
+- New in [Basics](/assets/basics.md)
+    - Added **Stanford CS 253 Web Security**
+- New Category: [Hardware & IoT](/assets/hardware.md)
+    - Added **Exploitee.rs Wiki**
+- New Category: [Coding & Scripting](/assets/coding.md)
+    - Added **Bash Scripting Full Course 3 Hours**
+    - Added **ShellCheck**
+    - Added **Explainshell**
+    - Added **Discovering the Terminal**
+    - Added **Text Processing in the Shell**
 - New [Podcasts](/assets/media.md#Podcasts):
-    - Darknet Diaries Episode 60 with dawgyg
-    - The Bug Bounty Podscast Episode 3 with nahamsec
+    - **Darknet Diaries Episode 60** with dawgyg
+    - **The Bug Bounty Podscast Episode 3** with nahamsec
 - New in [Tools](/assets/tools.md):
-    - objection - A new Mobile tool
-    - CyberChef
+    - **crithit**
+    - **objection - A new Mobile tool**
+    - **CyberChef**
+    - **RMS - Runtime Mobile Security**
     - New Category: [Notes & Organization](/assets/tools.md#Notes-&-Organization)
-        - Reconness to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
-        - Updog to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
+        - **Reconness** to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
+        - **Updog** to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
     - New Category: [Burp Extensions](/assets/tools.md#Burp-Extensions)
-        - Logger++ to [Burp Extensions](/assets/tools.md#Burp-Extensions)
-        - AuthMatrix to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
-        - Autorize to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
-        - Auto Repeater to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
-        - Progress Tracker to [Burp Extensions](/assets/tools.md#Burp-Extensions)
-        - Flow to [Burp Extensions](/assets/tools.md#Burp-Extensions)
+        - **Logger++** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
+        - **AuthMatrix** to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
+        - **Autorize** to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
+        - **Auto Repeater** to [Burp Extensions](/assets/tools.md#Burp-Extensions) 
+        - **Progress Tracker** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
+        - **Flow** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
 - New in [Labs](/assets/labs.md):
-    - TryHackMe & Videos
+    - **TryHackMe & Videos**
+- New in Media:
+    - **@codingo_** now in Twitter-List
 - New [Streamers](/assets/media.md#Streamers):
     - [sup3rhero1](https://www.twitch.tv/sup3rhero1)
     - [STÖK](https://www.twitch.tv/stokfredrik)
 - New in [BlogPosts](/assets/blogposts.md):
     - New Category: [API](/assets/blogposts.md#API)
-    - Added "31 Days of API Security Tips" - Misc
-    - Added "Blind SQL Injection on windows10.hi-tech.mail.ru" - SQLInjection
-    - Added "DOM XSS on app.starbucks.com via ReturnUrl" - DOMXSS
-    - Added "Email address of any user can be queried on Report Invitation GraphQL type when username is known" - GraphQL
-    - Added "External XML Entity via File Upload (SVG)" - File Upload
-    - Added "Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies" - HTTP Desync
+    - Added **31 Days of API Security Tips**- Misc
+    - Added **Blind SQL Injection on windows10.hi-tech.mail.ru** - SQLInjection
+    - Added **DOM XSS on app.starbucks.com via ReturnUrl** - DOMXSS
+    - Added **Email address of any user can be queried on Report Invitation GraphQL type when username is known** - GraphQL
+    - Added **External XML Entity via File Upload (SVG)** - File Upload
+    - Added **Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies** - HTTP Desync
+    - Added **gitGraber: A tool to monitor GitHub in real-time to find sensitive data** - by [@adrien_jeanneau](https://twitter.com/adrien_jeanneau) & [@R_Marot](https://twitter.com/R_marot)
+    - Added **2 Cases of Path Traversal** by [@leonishan_](https://twitter.com/leonishan_)
+    - Added **Google Bug Bounty Writeup- XSS Vulnerability** - by [@itsmepethu](https://twitter.com/itsmepethu)
+    - Added **Top 10 web hacking techniques of 2019** by [James Kettle](https://twitter.com/albinowax)
+    - Added **Recon: Create a methodology and start your subdomain enumeration** - by FailedNuke
+    - Added **Understanding Search Syntax on Github** - by Github
 - New in [Mobile](/assets/mobile.md):
     - [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources)
+- New in [Vulnerabilities](/assets/vulns.md):
+    - New Video: **Cross-Site Scripting (XSS) Explained** -by PwnFunction
+- New in [Setup](/assets/setup.md):
+    - Added **Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers**
 ### Changed
 ### Fixed
 

assets/coding.md

@@ -0,0 +1,16 @@
+# Resources-for-Beginner-Bug-Bounty-Hunters
+
+## Coding & Scripting ⚙️
+
+### Info
+
+### Resources
+- [Bash Scripting Full Course 3 Hours](https://www.youtube.com/watch?v=e7BufAVwDiM)
+- [Explainshell](https://explainshell.com/)
+- [Discovering the Terminal](https://blog.balthazar-rouberol.com/discovering-the-terminal)
+- [Text Processing in the Shell](https://blog.balthazar-rouberol.com/text-processing-in-the-shell)
+- [Subdomain Enumeration Script](https://twitter.com/Sin_Khe/status/1242785016884625409)
+- [ShellCheck](https://www.shellcheck.net/) - for finding Bugs in your Shell Scripts
+
+---
+back to [Intro Page](/README.md)

assets/hardware.md

@@ -3,6 +3,6 @@
 ## Hardware & IoT ⚙️
 
 ### Resources
-- [Exploitee.rs Wiki](https://www.exploitee.rs/index.php/Main_Page) - IoT Wiki Page with a bunch of Info when getting into Hardware 
+- [Exploitee.rs Wiki](https://www.exploitee.rs/index.php/Main_Page) - IoT Wiki Page with a bunch of Info when getting into Hardware (provided by @securibee 🐝)
 ---
 back to [Intro Page](/README.md)

assets/media.md

@@ -86,6 +86,7 @@ This List does not exclusively contains Bug Bounty themed Accounts but a broad v
 | [@autothreat](https://twitter.com/autothreat)           | Hacking, Cars                                                                |
 | [@brutelogic](https://twitter.com/brutelogic)           | Researcher, Teaching, XSS                                                    |
 | [@ceos3c](https://twitter.com/ceos3c)                   | YouTuber, General Hacking, Teaching                                          |
+| [@codingo_](https://twitter.com/codingo_)                   | General Hacking, Bug Bounty, Coding                                         |
 | [@d0nutptr](https://twitter.com/d0nutptr)               | BB, Researcher, (Rust.)                                                      |
 | [@daeken](https://twitter.com/daeken)                   | BB, Researcher                                                               |
 | [@evilsocket](https://twitter.com/evilsocket)           | Hacking, Coding, Hardware, Tools                                             |

assets/setup.md

@@ -10,7 +10,7 @@ This section will help you set up your testing environement.
 - [Previously Disclosed Vulnerabilities / HackerOne Hacktivity](https://hackerone.com/hacktivity)
 - [Finding your First Bug and Getting a Bounty - Personal Story by @InsiderPhD](https://www.youtube.com/watch?v=iEDoIEBD7gM) - YouTube Discussion
 - [Introduction to Docker for CTFs](https://www.youtube.com/watch?v=cPGZMt4cJ0I) (Works for Bug Bounty too) - by LiveOverflow
-
+- [Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers](https://www.youtube.com/watch?v=fqMOX6JJhGo) - freecodecamp
 ## Burp Suite
 This section should help you get familiar with BurpSuite.
 - [Setting up Burp (Video Series)](https://www.hacker101.com/playlists/burp_suite) by Hacker101

assets/tools.md

@@ -46,7 +46,8 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
 |[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning|Python|[j3ssie](https://github.com/j3ssie)|
 |[hakrawler](https://github.com/hakluke/hakrawler)|hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover Forms, Endpoints, Subdomains, Related documents and JS Files|Go|[@hakluke](https://twitter.com/hakluke)|
 |[Reconness](https://github.com/reconness)|A Web App Tool to Run and Keep all your #recon in the same place.|C#|[@reconness](https://twitter.com/reconness)|
-|[Kockpy](https://github.com/guelfoweb/knock)|A python tool designed to enumerate subdomains on a target domain through a wordlist|Python|[@guelforweb](http://twitter.com/guelfoweb)|
+|[Knockpy](https://github.com/guelfoweb/knock)|A python tool designed to enumerate subdomains on a target domain through a wordlist|Python|[@guelforweb](http://twitter.com/guelfoweb)|
+|[crithit](https://github.com/codingo/crithit)|Takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.|C++|[codingo](https://github.com/codingo)|
 
 
 #### OSINT Webpages
@@ -89,6 +90,7 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
 |[andriller](https://github.com/den4uk/andriller)|Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. [andriller.com](https://www.andriller.com/)|Python|[Denis Sazonov](https://github.com/den4uk)|
 |[Mobile Security Framework (MobSF)](https://github.com/MobSF/Mobile-Security-Framework-MobSF/)|Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.|Python|MobSF Team|
 |[objection](https://github.com/sensepost/objection)|"objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak."|Python & TypeScript|[sensepost](https://github.com/sensepost)|
+|[RMS - Runtime Mobile Security](https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security)|Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime|Python|[@mobilesecurity_](https://twitter.com/mobilesecurity_)|
 
 ### Notes & Organization
 | Name 	| Description 	    | Written in    | Created by   |

assets/vulns.md

@@ -17,6 +17,7 @@ As we start to build this repository, we'll be adding more vulnerability types a
 - [What is PHP and why is XSS so common there?](https://www.youtube.com/watch?v=Q2mGcbkX550) - by LiveOverflow
 - [Finding Your First Bug: Cross Site Scripting (XSS)](https://www.youtube.com/watch?v=IWbmP0Z-yQg) - by InsiderPhD
 - [The 7 main XSS cases everyone should know](https://brutelogic.com.br/blog/the-7-main-xss-cases-everyone-should-know/) - [brutelogic](https://brutelogic.com.br/blog/about/)
+- [Cross-Site Scripting (XSS) Explained](https://www.youtube.com/watch?v=EoaDgUgS6QA) - by LiveOverflow
 
 ## Cross-Site Request Forgery (CSRF)
 - [Cross-Site Request Forgery Attack](https://www.youtube.com/watch?v=eWEgUcHPle0) - by PwnFunction