Mirrors/Resources-for-Beginner-Bug-Bounty-Hunters
2
0
Fork 0
mirror of https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters.git synced 2024-11-21 19:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

2023 Updates

Browse source
This commit is contained in:
Ben Sadeghipoour 2023-03-07 15:26:20 -08:00
parent db85d4ba48
commit 89af61c6ef
14 changed files with 285 additions and 493 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CONTRIBUTORS.md
View file

@ -2,6 +2,5 @@ A Big Thank You to the Main-Contributors of the Repo:<br>
Securibee<br>
NahamSec<br>
AshF0x<br>
daeken<br>
and of course everyone else who sends in suggestions for the repo itself <3

12
README.md
View file

@ -1,15 +1,15 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Intro
### Current Version: 2021.01
There are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?". As a hacker, there a ton of techniques, terminologies, and topics you need to familiarize yourself with to understand how an application works. Sera Brocious [(@daeken)](http://twitter.com/daeken), [@0xAshFox](https://twitter.com/0xAshFox), and I put these resources together in order to help new hackers with resources to learn the basics of Web Application Security.
### Current Version: 2023.01
Welcome to our web hacking and bug bounty hunting resource repository! A curated collection of web hacking tools, tips, and resources is available here. We hope that this repository will be a valuable resource for you as you work to secure the internet and make it a safer place for everyone, whether you're a seasoned bug bounty hunter or just getting started.
We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!<br>
If you are interested in learning about top bug bounty hunters in the community check out my [Live Recon VODs](https://www.youtube.com/playlist?list=PLKAaMVNxvLmAkqBkzFaOxqs3L66z2n8LA).
## NahamSec's Resource:
## NahamSec's Personal Resource:
I have also put together my own resource:
- [NahamSec's Udemy Course](https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/?couponCode=NAHOMIES)
@ -21,18 +21,16 @@ I have also put together my own resource:
## Table of Contents
- [Basics](/assets/basics.md)
- [Blog posts & Talks](/assets/blogposts.md)
- [Books](/assets/books.md)
- [Setup](/assets/setup.md)
- [Tools](/assets/tools.md)
- [Labs & Testing Environments](/assets/labs.md)
- [Talks](/assets/talks.md)
- [Vulnerability Types](/assets/vulns.md)
- [Mobile Hacking](/assets/mobile.md)
- [Smart Contracts](/assets/smartcon.md)
- [Coding & Scripting](/assets/coding.md)
- [Hardware & IoT](/assets/hardware.md)
- [Blog posts & Talks](/assets/blogposts.md)
- [Media Resources](/assets/media.md)
- [Certifications](/assets/certs.md)
- [Mindset & Mental Health](/assets/health.md)
---

72
assets/basics.md
View file

@ -1,21 +1,19 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Basics 🤓
Before diving into bug bounty hunting, it is critical to have a solid understanding of how the internet and computer networks work. Understanding key concepts such as Transmission Control Protocol (TCP), a fundamental protocol used for transmitting data over the internet and other networks, is essential. Also, it is critical to understand networking concepts such as IP addresses, subnetting, and routing, which are all critical components of how devices communicate on a network. Another crucial concept to grasp is Domain Name System (DNS), which is in charge of converting human-readable domain names (such as google.com) into machine-readable IP addresses.
Understanding these concepts will provide a solid foundation for your bug bounty hunting journey, allowing you to better understand and navigate the various systems and networks you will encounter.
### Table of Contents
1. [Stanford CS 253 Web Security](#Stanford-CS-253-Web-Security)
2. [HTTP basics](#HTTP-basics)
3. [Networking basics](#Networking-basics)
4. [Programming Basics](#Programming-Basics)
5. [Automation](#Automation)
6. [Linux basics](#Linux-Basics)
7. [Web Server Basics](#Web-Server-Basics)
8. [Computing Fundamentals](#Computing-Fundamentals)
9. [Hacking Basics](#Hacking-Basics)
### Stanford CS 253 Web Security
- [Stanford CS 253 Web Security](https://web.stanford.edu/class/cs253/) - by [@feross](https://twitter.com/feross)
- "This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues."
1. [HTTP basics](#HTTP-basics)
2. [Networking basics](#Networking-basics)
3. [Programming Basics](#Programming-Basics)
4. [Automation](#Automation)
5. [Linux basics](#Linux-Basics)
6. [Web Server Basics](#Web-Server-Basics)
7. [Computing Fundamentals](#Computing-Fundamentals)
8. [Hacking Basics](#Hacking-Basics)
### HTTP basics
In order to be able to learn what and how an application works, you need to be able to understand how you are communicating with it. This section is dedicated to all the resources to understand the HTTP basics.
@ -26,22 +24,29 @@ In order to be able to learn what and how an application works, you need to be a
- MIME sniffing
- Encoding sniffing
- Same-Origin Policy
- CSRF (Cross-Site Request Forgery)
- [Request form](https://www.tutorialspoint.com/http/http_requests.htm)
- [Response form](https://www.tutorialspoint.com/http/http_responses.htm)
- [Response codes](https://www.tutorialspoint.com/http/http_status_codes.htm)
- [URL Encoding](https://www.tutorialspoint.com/http/http_url_encoding.htm)
#### HTTP Basics Video Resources
- [HTTP Crash Course & Exploration](https://www.youtube.com/watch?v=iYM2zFP3Zn0)
- [Same Origin Policy](https://www.youtube.com/watch?v=bSJm8-zJTzQ)
### Networking basics
Recon is a common terminology used in bug bounties. Its great if you are already using tools to scan a range of IPs for open ports or find subdomain, however, you should first understand why these things matter and how they work.
- [Terminology](https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols)
- [What is an IP?](https://commotionwireless.net/docs/cck/networking/learn-networking-basics/)
- [What are ports?](https://www.utilizewindows.com/list-of-common-network-port-numbers/)
- [What is DNS?](https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704)
- [Intermediate Security Testing with Kali Linux 2](http://www.penguintutor.com/linux/basic-network-reference)
- [Network Fundamentals](https://www.youtube.com/playlist?list=PLDQaRcbiSnqF5U8ffMgZzS7fq1rHUI3Q8), A 19 part Video Series about Networking well explained for Beginners
#### Networking Basics Video Resources
-[Network Fundamentals](https://www.youtube.com/playlist?list=PLDQaRcbiSnqF5U8ffMgZzS7fq1rHUI3Q8), A 19 part Video Series about Networking well explained for Beginners
- [IP Addressing and IP Subnetting for the CCNA Exam by David Bombal] (https://youtube.com/watch?v=E-J8EPUvc8E)
- [What is DNS by David Bombal](https://www.youtube.com/watch?v=dl-C6cBoRg4)
- [CCNA 200-301 Complete Course](https://www.youtube.com/watch?v=H8W9oMNSuwo)
- [Free CCNA 200-301 Course: Network Fundamentals by David Bombal](https://www.udemy.com/course/free-ccna-200-301-network-fundamentals/)
### Programming Basics
Being a great programmer is not a requirement to be a successful hacker. However, having the ability to make an educated guess, may increase your chances of successfully identifying and exploiting an issue. In a number of cases, you may need to automate your work or know more than just the “basics” in order to escalate a bug with a medium severity to high/critical.
@ -53,8 +58,14 @@ As always, if you prefer an interactive course, feel free to use [CodeCademy](ht
https://www.codecademy.com/learn/learn-sql
http://www.sqlcourse.com/
### Programming Basics Video Resources
- [HTML Basics In 10 Minutes] (https://www.youtube.com/watch?v=MDLn5-zSQQI)
- [JavaScript Tutorial for Beginners: Learn JavaScript in 1 Hour] (https://www.youtube.com/watch?v=W6NZfCO5SIk)
- [Learn SQL in 1 Hour - SQL Basics for Beginners] (https://www.youtube.com/watch?v=9Pzj7Aj25lw)
### Automation
You are welcome to skip this section if you think youll never need any automation or in depth web application knowledge. However I think learning bash in addition to one the following four languages may help you work smarter rather than harder.
You may skip this section if you believe you will never need automation or in-depth web application knowledge. However, I believe that learning bash in addition to one of the four languages listed below will allow you to work smarter rather than harder.
- Bash
- https://www.learnshell.org/
- https://explainshell.com/
@ -72,6 +83,11 @@ You are welcome to skip this section if you think youll never need any automa
- PHP
- https://php.net
#### Automation Video Resources
- [Beginner's Guide to the Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag)
- [Python for Beginners - Learn Python in 1 Hour] (https://www.youtube.com/watch?v=kqtD5dpn9C8)
### Web Server Basics
If you are looking into getting started with Bug Bounties with a focus on web, I highly recommend learning the nuts and bolts of what make a website work.
@ -81,6 +97,10 @@ If you are looking into getting started with Bug Bounties with a focus on web, I
After creating your own web server, I highly recommend installing a CMS (like Wordpress or drupal) on your localhost to understand how it all works.
#### Web Server Basics Videos
- [Python for Beginners - Learn Python in 1 Hour] (https://www.youtube.com/watch?v=kqtD5dpn9C8)
- [How to Install XAMPP Server on Windows 10](https://www.youtube.com/watch?v=-f8N4FEQWyY)
### Linux Basics
- [Install WSL on Windows 10](https://ubuntu.com/wsl)
- [Basics Linux Commands](https://www.hostinger.com/tutorials/linux-commands)
@ -88,19 +108,25 @@ After creating your own web server, I highly recommend installing a CMS (like Wo
- [Loops](https://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-7.html)
- [xargs](https://www.cyberciti.biz/faq/linux-unix-bsd-xargs-construct-argument-lists-utility/)
### Computing Fundamentals
- [Hopper's Roppers Computing Fundamentals](https://www.hoppersroppers.org/course.html)
- This free course teaches the absolute basics of Linux, hardware, networking, operating systems, and scripting. Designed to get a complete beginner over the first big learning hurdles and so they can move on to anything else and succeed.
- [Exeter Q-Step Resources](https://exeter-qstep-resources.github.io/)
- Here, you will find a range of teaching materials that have been developed by members of the Q-Step Centre. If you have any questions, please contact l.brace@exeter.ac.uk or qstep@exeter.ac.uk. Details of Q-Step workshops and events can be found at https://socialsciences.exeter.ac.uk/q-step/events.
#### Linux Basics Videos
- [How to Install Ubuntu on Windows 10 (WSL)] (https://www.youtube.com/watch?v=X-DHaQLrBi8)
- [Linux Essentials: Curl Fundamentals](https://www.youtube.com/watch?v=Xy7fDxz39FM)
- [Xargs Should Be In Your Command Line Toolbag](https://www.youtube.com/watch?v=rp7jLi_kgPg)
- [Shell Scripting - For Loops](https://www.youtube.com/watch?v=T7hVOiTsSUU)
### Bug Bounty Basics
- [Hacker101's Getting Started](https://www.hacker101.com/start-here)
- [Bug bounty reports that stand out, how to write one?](https://thehackerish.com/bug-bounty-reports-that-stand-out-how-to-write-one/)
- [Bug Bounty Report Templates by @ZephrFish](https://github.com/ZephrFish/BugBountyTemplates/blob/master/Blank.md)
- [Hacker101- Writing Good Reports](https://www.youtube.com/watch?v=z60CFFFyZWE)
- [List of Bug Bounty Platforms](https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/bugbountyplatforms.md)
- [Bug Bounty Cheatsheet](https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html)
#### Bug Bounty Basics Videos
- [HOW TO GET STARTED IN BUG BOUNTY](https://www.youtube.com/watch?v=CU9Iafc-Igs)
- [Hacker101- Writing Good Reports](https://www.youtube.com/watch?v=z60CFFFyZWE)
- [Putting Your Mind to It: Bug Bounties for 12 Months - @zseano] (https://www.youtube.com/watch?v=-PkK9DP5nec)
- [How to Get Into Bug Bounty by Katie Paxton-Fear @InsiderPhD] (https://www.youtube.com/watch?v=19gIJ7gLbXI)
---
back to [Intro Page](/README.md)

100
assets/blogposts.md
View file

@ -1,11 +1,15 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
This page is designated to hosts blog posts on particular vulnerability and techniques that have led to a bounty. If you would like to learn more about specific vulnerability types, please visit [Vulnerability Types](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/vulns.md)!
## NahamSec's Favorite Blogs & Reading Material
## NahamSec's Favorite Learning Resources
- [HackerOne Hacktivity](https://hackerone.com/hacktivity)
- [Bugcrowd Crowdstream](https://bugcrowd.com/crowdstream)
- [Alex Champman](https://ajxchapman.github.io/)
- [The Daily Swig](https://portswigger.net/daily-swig)
- [The Unofficial HackerOne Disclosure Timeline.](http://h1.nobbd.de/)
- [Detectify Blog](https://blog.detectify.com/)
### Favorite Hacker Blogs
- [Alex Champman](https://ajxchapman.github.io/)
- [Deesee](https://blog.deesee.xyz/)
- [EdOverflow](https://edoverflow.com/)
- [Jon Bottarini](https://jonbottarini.com/)
@ -13,11 +17,16 @@ This page is designated to hosts blog posts on particular vulnerability and tech
- [Orange Tsai](https://blog.orange.tw/)
- [Philippe Harewood](https://philippeharewood.com/)
- [Ron Chan](https://ngailong.wordpress.com)
- [Yassine Aboukir](https://www.yassineaboukir.com/)
- [Shubham Shah](https://shubs.io/)
- [spaceraccoon](https://spaceraccoon.dev)
- [ziot](https://buer.haus/)
- [zlz](https://samcurry.net/blog)
- [Vickie Li](https://vickieli.medium.com)
- [rez0](https://rez0.blog/)
- [MrTuxracer](https://www.rcesecurity.com/blog/)
- [Pentest Book by six2dez](https://github.com/six2dez/pentest-book/)
- [Youssef Sammouda](https://ysamm.com/)
### Reddit
- [/r/BugBounty](https://reddit.com/r/bugbounty)
@ -27,14 +36,15 @@ This page is designated to hosts blog posts on particular vulnerability and tech
- [r/netsecstudents](https://reddit.com/r/netsecstudents)
### Community Curated Blog Posts & Resource
- [Awesome Google VRP Writeups](https://github.com/xdavidhu/awesome-google-vrp-writeups)
- [Top HackerOne Reports](https://github.com/InsiderPhD/hackerone-reports)[By InsiderPhD](https://twitter.com/InsiderPhD)
- [How To Hunt](https://github.com/KathanP19/HowToHunt)
## Blog posts & Disclosed Reports 📝
A collection of Blog Posts ordered by Vulnerability Types
- [Starting out & Tips](#Starting-Out-&-Questions)
- [XSS](#XSS)
- [DOM XSS](#DOM-XSS)
- [Stored XSS](#Stored-XSS)
- [SSRF](#SSRF)
- [Token / Authentication](#Token-/-Authentication)
- [SQL Injection](#SQL-Injection)
- [HTTP Desync](#HTTP-Desync)
- [File Upload](#File-Upload)
@ -42,68 +52,44 @@ A collection of Blog Posts ordered by Vulnerability Types
- [GraphQL](#GraphQL)
- [RCE](#RCE)
- [Recon](#Recon)
- [Smart Contracts](#Smart-Contracts)
- [API](#API)
- [Misc](#Misc)
- [Mobile](#Mobile)
- [iOS](#iOS)
- [Android](#Android)
---
## Starting out & Tips
- [Basic Bug Bounty FAQ](http://blog.oath.ninja/basic-bug-bounty-faq/) - by [@thedawgyg](https://twitter.com/thedawgyg)
- [Getting started in Cyber Security in 2019 The Complete Guide](https://www.ceos3c.com/hacking/getting-started-cyber-security-complete-guide/) - by ceos3c
- [WTF is a Bug Bounty?](https://www.ceos3c.com/hacking/ethical-hacking-diaries-1-wtf-is-a-bug-bounty/) - by ceos3c
- [How to Set up Certificate-Based SSH for Bug Hunting](https://medium.com/@c0ldbr3w/how-to-set-up-certificate-based-ssh-for-bug-hunting-bonus-ef4af95fca05) - by Mack Staples
- [XSS in Google Colaboratory + CSP bypass](https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html) by Michał Bentkowski
- [zseanos notes on hacking & mentoring](https://blog.intigriti.com/2020/04/29/bug-business-3-zseanos-notes-on-hacking-mentoring/) by Intigriti & Zseano
## XSS
### XSS
You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
- [Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program](https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/) - [Sam Curry](https://twitter.com/samwcyo)
- [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
- [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - [@Qab](https://twitter.com/qab)
- [Reflected XSS in https://blocked.myndr.net](https://hackerone.com/reports/824433) - Thilakesh
- [Google Bug Bounty Writeup- XSS Vulnerability](https://pethuraj.com/blog/google-bug-bounty-writeup/) - [@itsmepethu](https://twitter.com/itsmepethu)
- [Found Stored Cross-Site Scripting — Whats Next? — Privilege Escalation like a Boss](https://medium.com/bugbountywriteup/found-stored-cross-site-scripting-whats-next-privilege-escalation-like-a-boss-d-8fb9e606ce60) - by Harsh Bothra
- [Bypassing WAF to perform XSS](https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3) - by Kleitonx00
- [Facebook DOM Based XSS using postMessage](https://ysamm.com/?p=493)
### DOM XSS
- [Airbnb When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities] (https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/)
- [An XSS on Facebook via PNGs & Wonky Content Types](https://whitton.io/articles/xss-on-facebook-via-png-content-types/)
- [Persistent DOM-based XSS in https://help.twitter.com via localStorage](https://hackerone.com/reports/297968) - harisec
- [DOM based XSS in search functionality](https://hackerone.com/reports/168165) - sameoldstory
- [A Tale Of A DOM Based XSS In Paypal](https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html) - Rafay Baloch
- [H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing](https://hackerone.com/reports/422043) - filedescriptor
- [DOM XSS on app.starbucks.com via ReturnUrl](https://hackerone.com/reports/526265) - Gamer7112
### Stored XSS
- [Another XSS in Google Colaboratory](https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html) - Michał Bentkowski
- [Google adwords 3133.7$ Stored XSS](https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27) - Emad Shanab
- [Stored XSS on Facebook](https://opnsec.com/2018/03/stored-xss-on-facebook/) - Enguerran Gillier
- [Yahoo Mail stored XSS](https://klikki.fi/adv/yahoo.html) - Jouko Pynnönen
- [Yahoo Mail stored XSS #2](https://klikki.fi/adv/yahoo2.html) - Jouko Pynnönen
- [Account Recovery XSS](https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss) - Gábor Molnár
- [$6000 CRLF to XSS | Microsoft Bug Bounty] (https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922)
## SSRF
### SSRF
- [A Glossary of Blind SSRF Chains](https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/)
- [A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf)
- [Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks](https://peertube.opencloud.lu/videos/watch/40f39bfe-6d3c-40f5-bcab-43f20944ca6a)<br>- Alyssa Herrera | Hack.lu 2019
- [Pivoting from blind SSRF to RCE with HashiCorp Consul](https://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html)
- [Vimeo upload function SSRF](https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437) - Sayed Abdelhafiz
- [Piercing the Veal](https://medium.com/@d0nut/piercing-the-veal-short-stories-to-read-with-friends-4aa86d606fc5) - by d0nut
- [CVE-2020-13379 - Unauthenticated Full-Read SSRF in Grafana](https://rhynorater.github.io/CVE-2020-13379-Write-Up)
- [MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT](https://www.nahamsec.com/posts/my-expense-report-resulted-in-a-server-side-request-forgery-ssrf-on-lyft) - by nahamsec
- [How I found SSRF on TheFacebook.com](https://w00troot.blogspot.com/2017/12/how-i-found-ssrf-on-thefacebookcom.html)
- [How I made $31500 by submitting a bug to Facebook](https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204)
- [A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf)
- [SSRF on Zimbra Led to Dump All Credentials in Clear Text] (https://infosecwriteups.com/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc)
- [SSRF in Exchange leads to ROOT access in all instances](https://hackerone.com/reports/341876)
## Token / Authentication
- [Abusing feature to steal your tokens](https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74) - Harsh Jaiswal
- [How I was able to bypass OTP code requirement in Razer [The story of a critical bug]](https://medium.com/bugbountywriteup/how-i-was-able-to-bypass-otp-token-requirement-in-razer-the-story-of-a-critical-bug-fc63a94ad572?) - Ananda Dhakal
- [Bypassing GitHub's OAuth flow](https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html) - [@not_aardvark](https://twitter.com/not_aardvark)
- [NMAP For Vulnerability Discovery](https://www.peerlyst.com/posts/nmap-for-vulnerability-discovery-sachin-wagh) - Sachin Wagh
- [Subdomain Takeover to Authentication bypass](https://hackerone.com/reports/335330) - by geekboy
- [Ability to know the presence of a person in a private event even if the guest list is hidden.](https://bugreader.com/index.php?pageNav=vivekps143%40193) - by [Vivek PS](https://bugreader.com/vivekps143)
- [Zero-day in Sign in with Apple](https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/)
## SQL Injection
### SQL Injection
- [Time-Based Blind SQL Injection In GraphQL](https://medium.com/bugbountywriteup/time-based-blind-sql-injection-in-graphql-39a25a1dfb3c) - Divyanshu Shukla
- [SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database](https://hackerone.com/reports/531051) - spaceraccoon
- [Finding SQL injections fast with white-box analysis — a recent bug example](https://medium.com/@frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76?) - [@frycos](https://twitter.com/frycos)
@ -111,18 +97,18 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
- [Blind SQL Injection on windows10.hi-tech.mail.ru](https://hackerone.com/reports/786044) - Просто душка (api_0)
- [How to Hack Database Links in SQL Server!](https://blog.netspi.com/how-to-hack-database-links-in-sql-server/) - Antti Rantasaari
## HTTP Desync
### HTTP Desync
- [HTTP Desync Attacks: Request Smuggling Reborn](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) in combination with this [report](https://hackerone.com/reports/510152) - [James Kettle](https://twitter.com/albinowax)
- [HTTP Request Smuggling on vpn.lob.com](https://hackerone.com/reports/694604) - 0X0 (painreigns)
- [Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies](https://hackerone.com/reports/737140) - Evan Custodio
## File Upload
### File Upload
- [Webshell via File Upload on ecjobs.starbucks.com.cn](https://hackerone.com/reports/506646) - johnstone
- [Facebook Messenger server random memory exposure through corrupted GIF image ](https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html) - [@xdzmitry](https://twitter.com/xdzmitry)
- [A Tale of Exploitation in Spreadsheet File Conversions](https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/) - [@bbuerhaus](https://twitter.com/bbuerhaus)//[@daeken](https://twitter.com/daeken)//[@erbbysam](https://twitter.com/erbbysam)//[@smiegles](https://twitter.com/smiegles)
- [External XML Entity via File Upload (SVG)](https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/) - by 0xatul
## IDOR
### IDOR
- [Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method](https://www.indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html) - [Vijay Kumar ](https://twitter.com/IndoAppSec)
- [GraphQL IDOR leads to information disclosure](https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d) - [@R0X4R](https://twitter.com/R0X4R)
- [From Multiple IDORs leading to Code Execution on a different Host Container](https://www.rahulr.in/2019/10/idor-to-rce.html?m=1) - [@Rahul_R95](https://twitter.com/Rahul_R95)
@ -130,16 +116,16 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
- [Another image removal vulnerability on Facebook](https://blog.darabi.me/2020/06/image-removal-vulnerability-on-facebook.html)
- [Stealing Your Private YouTube Videos, One Frame at a Time](https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/)
## GraphQL
### GraphQL
- [Private System Note Disclosure using GraphQL](https://hackerone.com/reports/633001) - Ron Chan
- [Graphql Abuse to Steal Anyones Address](https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417) - pratik yadav
- [Email address of any user can be queried on Report Invitation GraphQL type when username is known](https://hackerone.com/reports/792927) - msdian7
## RCE
### RCE
- [My First RCE (Stressed Employee gets me 2x bounty)](https://medium.com/@abhishake100/my-first-rce-stressed-employee-gets-me-2x-bounty-c4879c277e37) - [Abhishek Yadav](https://medium.com/@abhishake100)
- [How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber](https://medium.com/@andrewaeva_55205/how-dangerous-is-request-splitting-a-vulnerability-in-golang-or-how-we-found-the-rce-in-portainer-7339ba24c871) - by Andrewaeva
## Automation & Recon
### Automation & Recon
- [How to: Recon & Content Discovery](https://www.hackerone.com/blog/how-to-recon-and-content-discovery)
- [Subdomain Recon Using Certificate Search Technique](https://www.r00tpgp.com/2020/01/subdomain-recon-using-certificate.html?m=0)
- [Notes about NahamSec's Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) - [maverickNerd](https://github.com/maverickNerd)
@ -150,19 +136,19 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
- [Beginners Guide to recon automation](https://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb) - Ashish Jha
- [gitGraber: A tool to monitor GitHub in real-time to find sensitive data](https://blog.yeswehack.com/2019/10/08/gitgraber-a-tool-to-monitor-github-in-real-time-to-find-sensitive-data/) - by [@adrien_jeanneau](https://twitter.com/adrien_jeanneau) & [@R_Marot](https://twitter.com/R_marot)
## Smart Contracts
- [Steal collateral during `end` process, by earning DSR interest after `flow](https://hackerone.com/reports/672664)(Listed as Business Logic Error)
- [Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`](https://hackerone.com/reports/684152)(Listed as Improper Input Validation)
## API
### API
- [31 Days of API Security Tips](https://github.com/smodnix/31-days-of-API-Security-Tips) - [smodnix](https://github.com/smodnix)
- [Exploiting Application-Level Profile Semantics (APLS)](https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/)
## Misc
### Misc
- [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)
- [Abusing feature to steal your tokens](https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74) - Harsh Jaiswal
- [Zero-day in Sign in with Apple](https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/)
- [Account hijacking using "dirty dancing" in sign-in OAuth-flows](https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/) By Frans Rosen
- [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/)
- [Abusing autoresponders and email bounces](https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2) - securinti
- [Abusing HTTP hop-by-hop request headers](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) - [@nj_dav](https://twitter.com/nj_dav)
- [Cracking reCAPTCHA, Turbo Intruder style](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style) - James Kettle
- [Abusing ImageMagick to obtain RCE](https://strynx.org/imagemagick-rce/) - [strynx](https://strynx.org/)
- [How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN](https://blog.detectify.com/2019/09/19/alyssa-herrera-pulse-corporate-networks-ssl-vpn/) - [Alyssa Herrera](https://twitter.com/Alyssa_Herrera_)
- [Top 10 web hacking techniques of 2019](https://portswigger.net/research/top-10-web-hacking-techniques-of-2019) by [James Kettle](https://twitter.com/albinowax)
@ -171,12 +157,16 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
- [Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts](https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/) by Sam Curry
- [The Secret sauce of bug bounty](https://medium.com/bugbountywriteup/the-secret-sauce-of-bug-bounty-bdcc2e2d45af) by Mohamed Slamat
- [Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty](https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/) - [Sam Curry](https://twitter.com/samwcyo)
## Mobile
### iOS
- [TJnulls Preparation Guide for PWK/OSCP](https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html)
### Mobile
#### iOS
- [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - spaceraccoon
### Android
#### Android
- [A deep dive into reversing Android pre-Installed apps](https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf) and the
---
back to [Intro Page](/README.md)

40
assets/books.md Normal file
View file

@ -0,0 +1,40 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Books 📚
This Section is dedicated to all books related to Hacking, Web Hacking, & Bug Bounty Hunting
### NahamSec's Must Read Picks
- [RTFM: Red Team Field Manual v2](https://amzn.to/3IZXVj2) by Ben Clark, Nick Downer
- [The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws](https://amzn.to/3F5H9xT) by Dafydd Stuttard, and Marcus Pinto
- [The Hacker Playbook 3: Practical Guide To Penetration Testing](https://amzn.to/3mwdDLt) by Peter Kim
- [Bug Bounty Bootcamp](https://amzn.to/3l1a8fn) by Vickie Li
- [Black Hat Python](https://amzn.to/3T3a4Zd) by Justin Seitz and Tim Arnold
### Fundamental Books
- [Ethical Hacking](https://amzn.to/41TLu12) by Daniel G. Graham
- [Foundations of Information Security](https://amzn.to/41VOPga) by Jason Andress
- [Penetration Testing](https://amzn.to/3mweg7N) by Georgia Weidman
- [Metasploit](https://amzn.to/3Zq362M) by David Kennedy, Jim OGorman, Devon Kearns, and Mati Aharoni
- [The Tangled Web: A Guide to Securing Modern Web Applications](https://amzn.to/3yhgv14) by Michal Zalewski
### Web Hacking & Bug Bounty
- [Hacking APIs](https://amzn.to/3F3M1Dw) by Corey Ball
- [Real-World Bug Hunting](https://amzn.to/3ZLqc3F) by Peter Yaworski
### Coding for Hacking
- [Automate the Boring Stuff with Python, 2nd Edition](https://amzn.to/3L5q76S) by Al Sweigart
- [Python One-Liners](https://amzn.to/3JgSnC9) by Christian Mayer
- [Black Hat GraphQL](https://amzn.to/3YpeOJH) by Dolev Farhi, Nick Aleks
- [Black Hat Go](https://amzn.to/3mvzh2f) by Tom Steele, Chris Patten, and Dan Kottmann
- [JavaScript for hackers - Learn to think like a hacker](https://amzn.to/3ZudIxA) by Gareth Heyes
### Misc
- [Practical Malware Analysis](https://amzn.to/3Zsi2O1) by Michael Sikorski and Andrew Honig
- [Practical Social Engineering](https://amzn.to/3kPhItI) by Joe Gray
- [The Ghidra Book](https://amzn.to/3yh0KHN) by Chris Eagle and Kara Nance
- [Operator Handbook: Red Team + OSINT + Blue Team Reference](https://amzn.to/3F4MqG9) by Joshua Picolet
---
back to [Intro Page](/README.md)

17
assets/certs.md
View file

@ -1,17 +0,0 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Certifications 📜
Quite a lot of beginners ask about certifications and if they can help in Bug Bounty. Similar to Coding itself it is a nice thing to have but not a necessity to be successful.<br>
Due to the fact that a lot more Hunters are trying to get better in different fields, and are curious about the certifications, I wanted to add some Info and Notes about some of them.
### OSCP
- OSCP Videos from John Hammond:
- [OSCP - Taking Notes & Resources](https://www.youtube.com/watch?v=MQGozZzHUwQ)
- [100% OSCP: Offensive Security Certified Professional](https://www.youtube.com/watch?v=kdobdnQ2sGw)
- [ALL NEW OSCP - REVAMPED 2020](https://www.youtube.com/watch?v=wjTt-5mfyhY)
- [OSCP Preparation](https://github.com/superhero1/OSCP-Prep) by sup3rhero1
- [TJnulls Preparation Guide for PWK/OSCP](https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html)
- [hax](https://github.com/unmeg/hax) by unmeg (Useful scripts for OSCP boxes and other Certs)
---
back to [Intro Page](/README.md)

272
assets/changelog.md
View file

@ -1,272 +0,0 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Changelog 📬
This page is no longer maintained. If you are interested in the changelog please check out the commit.
---
## ___Update 2020.08___
### Added
- [Tools](/assets/tools.md):
- **threader3000** in the Scanner section<br>
- **subfinder** in the Recon, OSINT & Discovery Section<br>
- **SUBway** in the Recon, OSINT & Discovery Section<br>
- **PenTest.ws** in the Notetaking Section<br>
- [Blogposts & Disclosed Reports](/assets/blogposts.md):
- **Ability to know the presence of a person in a private event even if the guest list is hidden.** - by Vivek PS<br>
- **Another image removal vulnerability on Facebook** - by Pouya<br>
- [Cheat Sheets](/assets/cheat.md):
- **CloudPentestCheatsheets**
- **HackTricks**
- **Everything curl**
- **GTFObins**
- **Finding ENdpoints in JS Files**
- **The Bug Hunter's Methodology v.4.01**
- [Certifications](/assets/certs.md):
- **hax**
- [Setup](/assets/setup.md):
- **Technical Project Ideas Towards Learning Cyber Security**
- **Getting Starting With Tmux Isn't That Scary**
- [Media](/assets/media.md):
- **The Linux Command Line**
- **The Mayor** in the Streamer Section
- Added **Nahamsec,Hacker101,TryHackMe,HTB,TCM,AshF0x,TheMayor,Sup3rhero1 6 Ceos3c** to Discord Servers
- Added **@PhillipWylie** on the Twitter-list
- [Health](/assets/health.md):
- **BSidesSF 2020 - Panel: Mental Health for Hackers (Chloé M • Ryan L • Susan P)**
### Changes
- Added a new section called [Cheat Sheets, Slides & More](/assets/cheat.md)
- Added a new subcategory in [Setup](/assets/setup.md) for Tools
- Added a sub category called [One Liners](/assets/cheat.md#One-Liners)
- Added a sub category called [Slides](/assets/cheat.md#Slides)
- Renamed "Media" to ["Media & Communities"](/assets/media.md)
- Added a new section called [Discord Servers](/assets/media.md#Discord-Servers) in "Media & Communities"
### Fixes
- fixed Notion Link
- fixed typo in Labs
---
## ___Update 2020.06___
### Added
- [Blogposts & Disclosed Reports](/assets/blogposts.md):
- **THEY SEE ME SCANNIN, THEY HATIN: A BEGINNERS GUIDE TO NMAP** - by Sophia
- **How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber** - by Andrewaeva
- **Found Stored Cross-Site Scripting — Whats Next? — Privilege Escalation like a Boss** - by Harsh Bothra
- **How to Hack Database Links in SQL Server!** - by Antti Rantasaari
- **The Secret sauce of bug bounty** - by Mohamed Slamat
- **MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT** - by nahamsec
- **MY BUG BOUNTY JOURNEY!** - by Farah Hawa
- **Bypassing WAF to perform XSS** - by Kleitonx00
- [Labs](/assets/labs.md):
- **Will it CORS?**
- [Coding](/assets/coding.md):
- **Linux Beginner Boost**
- [Media](/assets/media.md):
- **rwxrob** as a streamer
- **ChaosComputerClub Germany Media Resources** under Misc
- **@ZephrFish** in Twitter List
- **@CalumBoal** in Twitter List
- **@_superhero1** in Twitter List
- **CRE** in Podcasts
- **Phrack** in Misc
- **CCC Luxembourg Podcast** in Podcasts
- [Tools](/assets/tools.md):
- **KeyHacks** in the Scanner section<br>
- **Notion** in the Notes section<br>
- **Joplin** in the Notes section<br>
- **Xmind** in the Notes section<br>
- **SpiderFoot** in the Recon section
- **Axiom** in the Notes section
- **webhook** in Misc
- **requestcatcher** in Misc
- **canarytokens** in Misc
- **Nmap command helper** in Scanner
- [Mindset & Mental Health](/assets/health.md):
- **Happy Hacking**
- [Basics](/assets/basics.md)
- **Computing Fundamentals**
- **Exeter Q-Step Resources**
- **Setup bugbounty hunting env on termux** - by @hahwul
### Changes
### Fixes
---
## ___Update 2020.05___
### Added
- [Media](/assets/media.md):
- New curated **Bug Bounty List** (Twitter)
- **Curated List of YT Channels** by TCM
- [Labs](/assets/labs.md):
- **Kontra Application Security Training**
- **Cyberseclabs**
- [Coding](/assets/coding.md):
- **Exercism**
- **CodeCademy**
- **Khan Academy**
- **Learn Python the Hard Way**
- **Udacity**
- **Bug Bounty with Bash**
- [Setup](/assets/setup.md):
- New Video by nahamsec: **Creating Wordlists for Pentesting & Bug Bounty**
- [Blogposts & Disclosed Reports](/assets/blogposts.md):
- **Piercing the Veal** by d0nut
- **Basic Bug Bounty FAQ** by dawgyg
- **How to Set up Certificate-Based SSH for Bug Hunting** by Mack Staples
- **Getting started in Cyber Security in 2019 The Complete Guide** by ceos3c
- **WTF is a Bug Bounty?** by ceos3c
- **How to solve the INTIGRITI Easter XSS challenge using only Chrome Devtools** by STÖK
- **URL link spoofing (Slack)** by Akaki Tsunoda (akaki)
- **Subdomain Takeover to Authentication bypass** by geekboy
- **Zseanos notes on hacking & mentoring** by Intigriti & Zseano
- **Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts** by Sam Curry
- [Mobile](/assets/mobile):
- **Android App Reverse Engineering 101** by Maddie Stone
- [Tools](/assets/tools.md):
- **Ghidra** -> Mobile
- **jadx** -> Mobile
- **nuclei** -> Recon & OSINT
- New Category: [Certifications](/assets/certs.md)
- Fot the moment one Cert: **OSCP**
- New Category: [Mindset & Mental Health](/assets/health.md)
### Changes
- Changed the formating of the Changelog starting this month to make it cleaner
- Removed the links for every new addition to its article.<br>
The headers for every category now links to their page instead.
- Changed the formatting of the **HTTP** Section in the **Basics** Category
- Changed **Blogposts** to -> **Blogposts & Disclosed Reports**
- Changed some of the formatting in the XSS Blogposts, cleaner now
### Fixes
- Fixed some layout errors
- Added missing Header in **Basics** Category
- Fixed Typos
---
## ___Update 2020.04___
### Added
- New in [Basics](/assets/basics.md)
- Added **Stanford CS 253 Web Security**
- New Category: [Hardware & IoT](/assets/hardware.md)
- Added **Exploitee.rs Wiki**
- New Category: [Coding & Scripting](/assets/coding.md)
- Added **Bash Scripting Full Course 3 Hours**
- Added **ShellCheck**
- Added **Explainshell**
- Added **Discovering the Terminal**
- Added **Text Processing in the Shell**
- New [Podcasts](/assets/media.md#Podcasts):
- **Darknet Diaries Episode 60** with dawgyg
- **The Bug Bounty Podscast Episode 3** with nahamsec
- New in [Tools](/assets/tools.md):
- **crithit**
- **objection - A new Mobile tool**
- **CyberChef**
- **RMS - Runtime Mobile Security**
- New Category: [Notes & Organization](/assets/tools.md#Notes-&-Organization)
- **Reconness** to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
- **Updog** to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
- New Category: [Burp Extensions](/assets/tools.md#Burp-Extensions)
- **Logger++** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
- **AuthMatrix** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
- **Autorize** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
- **Auto Repeater** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
- **Progress Tracker** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
- **Flow** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
- New in [Labs](/assets/labs.md):
- **TryHackMe & Videos**
- New in Media:
- **@codingo_** now in Twitter-List
- New [Streamers](/assets/media.md#Streamers):
- [sup3rhero1](https://www.twitch.tv/sup3rhero1)
- [STÖK](https://www.twitch.tv/stokfredrik)
- New in [BlogPosts](/assets/blogposts.md):
- New Category: [API](/assets/blogposts.md#API)
- Added **31 Days of API Security Tips**- Misc
- Added **Blind SQL Injection on windows10.hi-tech.mail.ru** - SQLInjection
- Added **DOM XSS on app.starbucks.com via ReturnUrl** - DOMXSS
- Added **Email address of any user can be queried on Report Invitation GraphQL type when username is known** - GraphQL
- Added **External XML Entity via File Upload (SVG)** - File Upload
- Added **Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies** - HTTP Desync
- Added **gitGraber: A tool to monitor GitHub in real-time to find sensitive data** - by [@adrien_jeanneau](https://twitter.com/adrien_jeanneau) & [@R_Marot](https://twitter.com/R_marot)
- Added **2 Cases of Path Traversal** by [@leonishan_](https://twitter.com/leonishan_)
- Added **Google Bug Bounty Writeup- XSS Vulnerability** - by [@itsmepethu](https://twitter.com/itsmepethu)
- Added **Top 10 web hacking techniques of 2019** by [James Kettle](https://twitter.com/albinowax)
- Added **Recon: Create a methodology and start your subdomain enumeration** - by FailedNuke
- Added **Understanding Search Syntax on Github** - by Github
- New in [Mobile](/assets/mobile.md):
- [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources)
- New in [Vulnerabilities](/assets/vulns.md):
- New Video: **Cross-Site Scripting (XSS) Explained** -by PwnFunction
- New in [Setup](/assets/setup.md):
- Added **Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers**
### Changed
### Fixed
---
## ___Update 2020.03___
### Added
- New: [Smart Contracts](/assets/smartcon.md) (special thanks to [@0xatul](https://twitter.com/0xatul))
- New White-/yellowpapers in [Smart Contracts](/assets/smartcon.md):
**Bitcoin whitepaper & Ethereum yellowpaper**
- New **How to Audit a Smart Contract**
- New Smart Contracts Category under [Blogposts](/assets/blogposts.md#Smart-Contracts) and added two Writeups
- New in [Blogposts](/assets/blogposts.md):
- **10 Recon Tools for Bug Bounty**
- New in [Setup](/assets/setup.md):
- **Finding your First Bug and getting a Bounty with InsiderPhD**
- **Introduction to Docker for CTFs**
- New in [Vulnerabilities](/assets/vulns.md):
- **Finding your first Bug - CSRF**
- **CSRF-Basics**
- New in [Tools](/assets/tools.md):
- **Knockpy**
- New in [Labs](/assets/labs.md):
- **0l4bs for XSS**
- New in [Mobile](/assets/mobile.md):
- **Q&A with Android Hacker bagipro**
- **Introduction to Android Hacking**
- **Mobile Hacking Cheat Sheet**
- **Android Pentesting Github Repo by [Riddhi Shree](https://github.com/riddhi-shree)**
### Changed
- Nothing
### Fixed
- Format Issue in [Changelog](/assets/changelog.md)
- Changed Format in [README](/assets/README.md)
---
## ___Update 2020.02___
### Added
- New XSS Lab: **XSS Labs from PwnFunction**
- New Recon & OSINT Tool: **Reconness**
- New [IDOR Blogspost](/assets/blogposts.md#IDOR): **Automating BURP to find IDORs**
- New [Misc Blogpost](/assets/blogposts.md#Misc): **How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN**
- New Blogspost Category: [RCE](/assets/blogposts.md#RCE)
- New RCE Blogpost: **My First RCE (Stressed Employee gets me 2x bounty)**
- New Blogpost Cetegory: [Recon](/assets/blogposts.md#Recon)
- New Recon Blogpost/Guide: **Subdomain Recon Using Certificate Search Technique**
- New Vulnerabilities Post: **The 7 main XSS cases everyone should know**
- Added Jason Haddix to [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee))
### Changed
- Moved **Notes about Nahamsecs Recon Sessions** from [Misc](/assets/blogposts.md#Misc) to [Recon](/assets/blogposts.md#Recon)
### Fixed
- Typos in [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee))
---
## ___Update 2020.01___
### Added
- New changelog page
- New content in [Blogposts](/assets/blogposts.md)
- Designated section to get started with [Burp Suite](/assets/setup.md#setup)
- Link from the Burp Tool section to the setup guide
- Recon Pi to [Tools](/assets/tools.md#others)
### Changed
- Updated the Twitter Descriptions in [media.md](/assets/media.md)
- Cleaned up [Setup Page](/assets/setup.md)
- Cleaned up [Blogposts Page](/assets/blogposts.md)
---
back to [Intro Page](/README.md)

1
assets/coding.md
View file

@ -8,6 +8,7 @@ Short Answer: No.<br>
But as often discussed on @nahamsec Twitch Channel, it is a good tool to have in General. Coding can help you a lot with understanding stuff that you will encounter on your Hacking Sessions, but it is also generally a good skill to have in the current times. You can automate your Tools with Python for example, or write completely new ones if you have a specific task for it in mind. We will add a lot more in here over the next updates and also reorganize the Resources by Languages and so on.
TL,DR: ___Python___ and ___Bash___ are really good skills to have and start out with.
### Resources
- [Bash Scripting Full Course 3 Hours](https://www.youtube.com/watch?v=e7BufAVwDiM)
- [Explainshell](https://explainshell.com/)

8
assets/hardware.md
View file

@ -1,8 +0,0 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Hardware & IoT ⚙️
### Resources
- [Exploitee.rs Wiki](https://www.exploitee.rs/index.php/Main_Page) - IoT Wiki Page with a bunch of Info when getting into Hardware (provided by @securibee 🐝)
---
back to [Intro Page](/README.md)

20
assets/labs.md
View file

@ -1,16 +1,24 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Labs & Testing Environments 🧪
- [NahamSec's Free Bug Bounty Learning Lab](https://tryhackme.com/room/nahamstore)
### Web Hacking Fundamentals
### Downloadables
- [NahamSec.Training](https://github.com/nahamsec/nahamsec.training/)
- [OWASP Juiceshop](https://owasp.org/www-project-juice-shop/)
- [Google Gruyere](https://google-gruyere.appspot.com/)
- [DVWA](http://www.dvwa.co.uk)
- [Metasploitable 3](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities)
- [Multidae](https://sourceforge.net/projects/mutillidae/)
- [Badstore](https://www.vulnhub.com/entry/badstore-123,41/)
#### Free
- [Hacker101](https://www.hacker101.com/) | Good Exercises for Beginners, can earn you private Invites on HackerOne
- [HackEdu](https://hackedu.io)
- [Web Security Academy](https://portswigger.net/web-security)
- [HackThisSite](https://hackthissite.org/)
- [CTFChallenge](https://ctfchallenge.co.uk) | Web CTF based on real vulnerabilities
- [XSS-Game](https://xss-game.appspot.com/) | Learning Platform for XSS
- [Hacksplaining](https://www.hacksplaining.com/)
@ -24,12 +32,6 @@
- [XSS Labs from PwnFunction](https://xss.pwnfunction.com/) Great Labs in a beautiful layout
### Vulnerable Apps
- [Google Gruyere](https://google-gruyere.appspot.com/)
- [DVWA](http://www.dvwa.co.uk)
- [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
- [Metasploitable 3](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities)
- [Multidae](https://sourceforge.net/projects/mutillidae/)
- [Badstore](https://www.vulnhub.com/entry/badstore-123,41/)
- [https://application.security/ - SSRF](https://application.security/free-application-security-training/server-side-request-forgery-in-capital-one)
#### XSS
@ -48,10 +50,8 @@
#### Premium
- [TryHackMe](https://tryhackme.com/signup?referrer=nahamsec) | Cool Hacking & Pentesting Labs with Web Challenges
- Videos: [TryHackMe! Basic Penetration Testing](https://www.youtube.com/watch?v=xl2Xx5YOKcI) // [TryHackMe! EternalBlue/MS17-010 in Metasploit](https://www.youtube.com/watch?v=s6rwS7UuMt8) // [TryHackMe! OhSINT - METADATA & Research](https://www.youtube.com/watch?v=oF0TQQmFu4w)
- [HackTheBox](https://www.hackthebox.eu/) | provides Testing Labs, some Web Application Challenges
- [Cyberseclabs](https://www.cyberseclabs.co.uk/)
- [Kontra Application Security Training](https://application.security/free-application-security-training)
---
back to [Intro Page](/README.md)

61
assets/media.md
View file

@ -8,7 +8,6 @@ If you are interested in interviews with the top hackers and bug bounty hunters,
- [YouTube Channels](#Youtube-Channels)
- [Streamers](#Streamers)
- [Podcasts](#Podcasts)
- [Books](#Books)
- [Twitter](#Twitter)
- [Misc](#Misc)
@ -20,58 +19,46 @@ If you are interested in interviews with the top hackers and bug bounty hunters,
- [TryHackMe](https://discord.gg/KsAEejZ)
- [HackTheBox](https://discord.gg/FrRJ3Z8)
- [TheCyberMentor](https://discord.gg/)
- [AshF0x - The F0xbox](https://discord.gg/RCTy5zS)
- [The Mayor](https://discord.gg/EN2ya9h)
- [Ceos3c](https://discord.gg/SBK3hkR)
- [InsiderPhD](https://discord.gg/rdQcSk7a)
## Youtube Channels
## Cyber Security Content Creators
- [Curated List of YT Channels](https://threader.app/thread/1248351836672872456) by TCM
- [Nahamsec](https://www.youtube.com/nahamsec) - Educational Videos and VODs of his Stream, Vlogs
- [STÖK](https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg) - Videos About Hacking, Live Events, Bug Bounty Tips & Vlogs
- [Bug Bounty Reports Explained](https://www.youtube.com/c/bugbountyreportsexplained/)
- [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) - Educational Videos about CTFs, Hacking in General
- [TomNomNom](https://www.youtube.com/user/TomNomNomDotCom)- Educational Videos about Hacking, Scripting, Bug Bounty, Writing your own Tools
- [The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw) - Educational Videos about InfoSec, Penetration Testing, Web Security, Scripting, etc.
- [InsiderPhD](https://www.youtube.com/channel/UCPiN9NPjIer8Do9gUFxKv7A) - An excellent Introduction series for beginners to help them find their first bug.
- [PwnFunction](https://www.youtube.com/PwnFunction) explanatory videos about Web App vulnerabilities
- [DEFCONConference](https://www.youtube.com/user/DEFCONConference/videos) - Tons of Talks from Defcon.
- [John Hammond](https://www.youtube.com/@_JohnHammond)
- [The Cyber Mentor](https://www.youtube.com/TheCyberMentor) - Educational Videos about InfoSec, Penetration Testing, Web Security, Scripting, etc.
- [InsiderPhD](https://www.youtube.com/insiderphd) - An excellent Introduction series for beginners to help them find their first bug.
- [PwnFunction](https://www.youtube.com/PwnFunction)- Explanatory videos about Web App vulnerabilities
- [ippsec](https://www.youtube.com/ippsec)
- [Jason Haddix](https://www.youtube.com/channel/UCk0f0svao7AKeK3RfiWxXEA) - VODs of his Stream
- [rwxrob](https://www.twitch.tv/rwxrob) - Linux God
- [bug Bounty Reports Explained](https://www.youtube.com/c/bugbountyreportsexplained/)
- [Farah Hawa](https://www.youtube.com/c/farahhawa)
- [Rana Khalil](https://www.youtube.com/@RanaKhalil101)
- [David Bombal](https://www.youtube.com/@davidbombal)
- [NetworkChuck](https://www.youtube.com/NetworkChuck)
- [PhD Security](https://www.youtube.com/@phd_security)
- [HackerSploit](https://www.youtube.com/HackerSploit)
## Streamers
- [Nahamsec](https://www.twitch.com/nahamsec) on Twitch
- [d0nutptr](https://www.twitch.tv/d0nutptr/) on Twitch
- [TheCyberMentor](https://twitch.tv/thecybermentor) on Twitch
- [TheBlindHacker](https://twitch.tv/theblindhacker) on Twitch
- [TheMayor](https://www.twitch.tv/themayor11) on Twitch
- [Ash_F0x](https://www.twitch.tv/ash_f0x)
- [mbcrump](https://www.twitch.tv/mbcrump)
- [Nahamsec](https://www.twitch.com/nahamsec)
- [0xtib3rius](https://www.twitch.tv/0xtib3rius)
- [alh4zr3d](https://www.twitch.tv/alh4zr3d)
- [d0nutptr](https://www.twitch.tv/d0nutptr/)
- [TheCyberMentor](https://twitch.tv/thecybermentor)
- [thealtf4stream](https://www.twitch.tv/thealtf4stream)
- [dowright](https://www.twitch.tv/dowright)
## Conferences
- [The Red Team Village](https://www.twitch.tv/redteamvillage)
- [NahamCon](https://www.youtube.com/@NahamSec)
- [Bsides Ahmedabad](https://www.youtube.com/@BSidesAhmedabad/videos)
## Podcasts
- [Darknet Diaries](https://darknetdiaries.com/) by [Jack Rhysider](https://twitter.com/jackrhysider)
- [Episode 60 with dawgyg](https://darknetdiaries.com/episode/60/)
- [The Bug Bounty Podcast](https://open.spotify.com/show/3yTTlfXH1avrI3FsXZyCpv) by Fisher
- [Episode 3 with nahamsec](https://anchor.fm/bugbountypodcast/episodes/Episode-3-ft--NahamSec-ebl392)
- [Bug Hunter Podcast](https://anchor.fm/bughunter)
- [CRE](https://cre.fm/) German Podcast - CRE ist ein unregelmäßig erscheinender Interview-Podcast mit Tim Pritlove zu Themen aus den Bereichen Technik, Kultur und Gesellschaft.
- [CRE197 IPv6](https://cre.fm/cre197-ipv6) Episode revolving around IPv6
- [CCC Luxembourg Podcast](http://wiki.c3l.lu/doku.php?id=projects:entr0py_encore) Luxembourgish Podcast from CCC Lux.
## Books
- [Real-World Bug Hunting](https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616) by [Peter Yaworski](https://twitter.com/yaworsk)
- [The Web Application Hacker's Handbook](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/) by Dafydd Stuttard & Marcus Pinto
- [The Tangled Web: A Guide to Securing Modern Web Applications](https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886) by
Michal Zalewski
- [Web Hacking 101: How to Make Money Hacking Ethically](https://leanpub.com/web-hacking-101) by [Peter Yaworski](https://twitter.com/yaworsk)
- [Black Hat Go](https://nostarch.com/blackhatgo) by Tom Steele, Chris Patten, and Dan Kottmann
- [Black Hat Python](https://nostarch.com/blackhatpython) by Justin Seitz
- [The Linux Command Line](https://nostarch.com/tlcl2) by William Shotts
In general ["no starch press"](https://nostarch.com/catalog/security) offers great books in the hacking category. [Humble Bundle](https://www.humblebundle.com) sometimes offers great book deals for an awesome price, so have a eye out for those.
- [Critical Thinking: A Bug Bounty Podcast](https://open.spotify.com/show/4GiJnv8f4a4ZR6Jc6TQJ3k)
## Twitter

10
assets/smartcon.md
View file

@ -1,10 +0,0 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Smart Contracts 📜
### Bitcoin whitepaper & Ethereum yellowpaper - cruicial to undestand how those work:
- [Bitcoin whitepaper](https://bitcoin.org/bitcoin.pdf)
- [Ethereum yellowpaper](https://ethereum.github.io/yellowpaper/paper.pdf)
- [How to Audit a Smart Contract](https://blockgeeks.com/guides/audit-smart-contract/) - Blockgeeks
---
back to [Intro Page](/README.md)

73
assets/tools.md
View file

@ -18,52 +18,62 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
| Name | Description | Written in | Created by |
|------ |------------- |------------ |------------- |
|[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free & paid version). [Here](/assets/setup.md#setup) you can find Tips & Tricks to get started with Burp.|Java|Port Swigger|
|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP|
|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP
|[Caido](https://caido.io/)|A lightweight web security auditing toolkit.|Web|Caido|
|[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.|C, C++|The Wireshark team|
### Burp Extension
| Name | Description | Written in |
|------ |------------- |------------ |
|[Logger++](https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81)|"This extension can be used to log the requests and responses made by all Burp tools, and display them in a sortable table. It can also save the logged data in CSV format."|Java|
|[Flow](https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d)|"This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools."|Java|
|[AuthMatrix](https://portswigger.net/bappstore/30d8ee9f40c041b0bfec67441aad158e)|"AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are displayed through the UI in a similar format to that of an access control matrix commonly built in various threat modeling methodologies."|Python (Needs Jython version 2.7.0 or later)|
|[Autorize](https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f)|"Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities..."|Python (Needs Jython)|
|[Auto Repeater](https://portswigger.net/bappstore/f89f2837c22c4ab4b772f31522647ed8)|"This extension automatically repeats requests, with replacement rules and response diffing. It provides a general-purpose solution for streamlining authorization testing within web applications."|Java|
|[Progress Tracker](https://portswigger.net/bappstore/17544cadcec64dcf8ed68df8518592e4)|"Burp Suite extension to track vulnerability assessment progress"|Python|
|[Autorize](https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f)|"Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities..."|Python (Needs Jython)|
|[Burp Bounty](https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a)|"Burp Bounty helps Burp Suite Professional users to quickly and easily build their own scan checks for use with Burp Scanner"||
|[Param Miner](https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943)|"Built to identify hidden, unlinked parameters, Param Miner is very useful when hunting for web cache poisoning vulnerabilities"||
### Recon, OSINT & Discovery
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
|[FFuF](https://github.com/ffuf/ffuf)|A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable.|Go||
|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.|Python|Ahmed Aboul-Ela|
|[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites.|Python|Mauro Soria|
|[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|Go|OWASP|
|[BuiltWith](https://builtwith.com)|A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built.||BuiltWith®|
|[findomain](https://github.com/Edu4rdSHL/findomain)|Very fast cross-platform subdomain enumerator|Rust|[Eduard Tolosa](https://github.com/Edu4rdSHL)|
|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain|Go|[Tom Hudson](https://github.com/tomnomnom)|
|[meg](https://github.com/tomnomnom/meg)|meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.|Go|[Tom Hudson](https://github.com/tomnomnom)|
|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working http and https servers.|Go|[Tom Hudson](https://github.com/tomnomnom)|
|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning|Python|[j3ssie](https://github.com/j3ssie)|
|[hakrawler](https://github.com/hakluke/hakrawler)|hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover Forms, Endpoints, Subdomains, Related documents and JS Files|Go|[@hakluke](https://twitter.com/hakluke)|
|[Reconness](https://github.com/reconness)|A Web App Tool to Run and Keep all your #recon in the same place.|C#|[@reconness](https://twitter.com/reconness)|
|[Knockpy](https://github.com/guelfoweb/knock)|A python tool designed to enumerate subdomains on a target domain through a wordlist|Python|[@guelforweb](http://twitter.com/guelfoweb)|
|[crithit](https://github.com/codingo/crithit)|Takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.|C++|[codingo](https://github.com/codingo)|
|[nuclei](https://github.com/projectdiscovery/nuclei)|"Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use."|Go|[ProjectDiscovery](https://github.com/projectdiscovery)|
|[SpiderFoot](https://github.com/smicallef/spiderfoot)|SpiderFoot is an OSINT automation tool that queries over 100 data sources to build up a complete profile of your target, from host enumeration, to breached e-mail addresses and more.|Python|[SpiderFoot](http://twitter.com/spiderfoot)|
|[subfinder](https://github.com/projectdiscovery/subfinder)|subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.|Go|[ProjectDiscovery](https://github.com/projectdiscovery)|
|[SUBway](https://github.com/Sam-Lane/subway)|Enumerate subdomains by either using DNS lookup or by virtual hosting HTTP requests, useful for things like Hack The Box or Try Hack Me. SUBway requires a wordlist to use for subdomain discovery, SecLists is the recomended pairing for use with this tool.|Go|[Sam Lane](https://github.com/Sam-Lane)|
### Asset Discovery
| Name | Description
|------ |-------------
|[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|
|[BuiltWith](https://builtwith.com)|A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built.|
|[subfinder](https://github.com/projectdiscovery/subfinder)|subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.|
|[dnsgen]()|generates a combination of domain names from the provided input.|
### Fuzzing
| Name | Description |
|------ |------------- |
|[FFuF](https://github.com/ffuf/ffuf)|A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable.|
|[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites|
|[FeroxBuster](https://github.com/epi052/feroxbuster)|A simple, fast, recursive content discovery tool written in Rust|
#### OSINT Webpages
### Content Discovery
| Name | Description |
|------ |------------- |
|[meg](https://github.com/tomnomnom/meg)|meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.|
|[httpx](https://github.com/projectdiscovery/httpx)|A fast and multi-purpose HTTP toolkit that allows running multiple probes.|
|[hakrawler](https://github.com/hakluke/hakrawler)|hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover Forms, Endpoints, Subdomains, Related documents and JS Files|
|[nuclei](https://github.com/projectdiscovery/nuclei)|"Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use."|
|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain|
### Recon Framework
| Name | Description |
|------ |------------- |
|[meg](https://github.com/six2dez/reconftw)| Automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.|
|[sn1per](https://github.com/1N3/Sn1per)|Discover hidden assets and vulnerabilities in your environment.|
|[Spiderfoot](https://github.com/smicallef/spiderfoot)| An open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.|
|[reNgine](https://github.com/yogeshojha/rengine)| reNgine is a web application reconnaissance suite with a focus on a highly configurable streamlined recon process.|
|[AutoRecon](https://github.com/Tib3rius/AutoRecon)| AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP).|
|[Osmedeus](https://github.com/j3ssie/osmedeus)| A Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.|
#### OSINT Search Engines
| Name | Description | Created by |
|------ |------------- |------------- |
|[Recon.Dev](https://www.recon.dev)|Recon Data specifically created for bug bounty hunters|[NahamSec & StaticFlow](https://www.recon.dev)|
|[hunter.io](https://www.hunter.io)|Email Enumeration for big corps|[Hunter Team](https://hunter.io/about)|
|[intelx.io](https://intelx.io/)|Swiss army Knife of OSINT|[Intelligence X](https://twitter.com/_IntelligenceX)|
|[Shodan](https://www.shodan.io/)|Search engine that lets you find systems connected to the internet with a variety of filters|John Matherly|
|[Censys](https://censys.io)|"Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet."|[Censys](https://censys.io/company)|
|[Lookyloo](https://lookyloo.circl.lu/scrape)|Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. [Github Page of the Project](https://github.com/CIRCL/lookyloo) |[CIRCL](https://circl.lu/)|
|[Spyse.com](https://spyse.com/)|New Search Engine made for pentesters and cyber security specialists|[Spyse Team](https://spyse.com/about)|
|[crt.sh](https://crt.sh)|SSL certificate search tool|[Sectigo](https://sectigo.com/)|
|[Virus Total](https://www.virustotal.com)|WHOIS, DNS, and subdomain recon|[Virus Total Team](https://support.virustotal.com/hc/en-us/categories/360000160117-About-us)|
|[ZoomEye](https://www.zoomeye.org/)|Search engine for specific network components|[Team from Knownsec](https://www.knownsec.com/)|
@ -72,8 +82,6 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
|[Searchcode](https://searchcode.com/)|Helping you find real world examples of functions, API's and libraries over 90 languages across multiple sources|[searchcode](https://searchcode.com/about/#team)|
### Exploitation
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
@ -85,7 +93,7 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
|[Masscan](https://github.com/robertdavidgraham/masscan)|This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.|C|Robert David Graham|
|[KeyHacks](https://github.com/streaak/keyhacks)|Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.|/|streaak|
|[Nmap command helper](https://competent-goldberg-e5eefe.netlify.app/)|A tool that helps you with nmap commands. Has a build in training feature to help memorizing them.||0x0n0x|
|[threader3000](https://github.com/dievus/threader3000)|Threader3000 is a script written in Python3 that allows multi-threaded port scanning. The program is interactive and simply requires you to run it to begin. Once started, you will be asked to input an IP address or a FQDN as Threader3000 does resolve hostnames. A full port scan should take less than 1 minute 30 seconds depending on your internet connection.|Python|[Joe Helle](https://github.com/dievus),[Tittimus](https://github.com/Sam-Lane),[plasticuproject](https://github.com/plasticuproject)|
### Mobile Hacking
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
@ -113,6 +121,7 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
|[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.||Daniel Miessler|
|[AssetNote's Wordlists](https://wordlists.assetnote.io/)| Collection of wordlists created by AssetNote.|AssetNote.io|
|[Recon Pi](https://github.com/x1mdev/ReconPi)|A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.||[@x1m_martijn](https://twitter.com/x1m_martijn)|
|[CyberChef](https://gchq.github.io/CyberChef/)|Awesome Tool for de-/encoding stuff. Try it out!|JavaScript|[gchq](https://github.com/gchq)|
|[webhook.site](https://webhook.site)|Webhook.site allows you to easily test, inspect, forward and create Custom Actions for any incoming HTTP request or e-mail.||[fredsted](https://github.com/fredsted)|

91
assets/vulns.md
View file

@ -1,49 +1,98 @@
# Resources-for-Beginner-Bug-Bounty-Hunters
## Vulnerabilities 💉
This page is created to help hackers understand a specific vulnerability type in details. If you would like to read blog posts and see example vulnerability, please read the [blog posts](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/blogsposts.md) page
This page is created to help hackers understand a specific vulnerability type in details.
### Online Resources
- If you would like to get some hands on experience by hacking more in detailed labs, please read the [labs](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/labs.md) page
- If you would like to read blog posts and see example vulnerability, please read the [blog posts](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/blogsposts.md) page
### Online Resources & Frameworks
- [Owasp Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)
- [TryHackMe's OWASP Top 10 Room](https://tryhackme.com/room/owasptop10)
- [OWASP top 10 by Snyk](https://learn.snyk.io/learning-paths/owasp-top-10/javascript/)
- [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
- [Bug Bounty Cheat Sheets](https://github.com/EdOverflow/bugbounty-cheatsheet) - by EdOverflow
- [WebSecurity Academy by PortSwigger](https://portswigger.net/web-security/)
---
## Cross-Site Scripting (XSS)
As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.
As we start to build this repository, we'll be adding more vulnerability types and resources for each one.
- [Hacker101](https://www.hacker101.com/sessions/xss)
## Cross-Site Scripting (XSS)
XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.
### Reading Material
- [WebSec Academy - Cross-Site Scripting](https://portswigger.net/web-security/cross-site-scripting)
- [OWASP XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
- [XSS Filter Evasion Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html)
- [Cross-site scripting - Executing untrusted JavaScript in a trusted context](https://learn.snyk.io/lessons/xss/javascript/)
- [A comprehensive tutorial on cross-site scripting](https://excess-xss.com)
- [Google Application Security (XSS Guide)](https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/)
- [What is PHP and why is XSS so common there?](https://www.youtube.com/watch?v=Q2mGcbkX550) - by LiveOverflow
- [Finding Your First Bug: Cross Site Scripting (XSS)](https://www.youtube.com/watch?v=IWbmP0Z-yQg) - by InsiderPhD
- [The 7 main XSS cases everyone should know](https://brutelogic.com.br/blog/the-7-main-xss-cases-everyone-should-know/) - [brutelogic](https://brutelogic.com.br/blog/about/)
### Video Content
- [Cross-Site Scripting (XSS) Explained](https://www.youtube.com/watch?v=EoaDgUgS6QA) - by PwnFunction
- [Finding Your First Bug: Cross Site Scripting (XSS)](https://www.youtube.com/watch?v=IWbmP0Z-yQg) - by InsiderPhD
### Labs
- [WebSec Academy - Labs](https://portswigger.net/web-security/all-labs#cross-site-scripting)
- [xssLABS](https://www.xsslabs.com/)
- [Codelatte](https://codelatte.id/labs/xss/)
- [Google XSS Game](https://xss-game.appspot.com/)
- [Pwnfunction XSS](https://xss.pwnfunction.com/)
## Cross-Site Request Forgery (CSRF)
- [Cross-Site Request Forgery Attack](https://www.youtube.com/watch?v=eWEgUcHPle0) - by PwnFunction
### Reading Material
- [WebSec Academy - CSRF](https://portswigger.net/web-security/csrf)
- [CSRF-Basics](https://princetechhavenz.wordpress.com/2019/12/11/csrf-basics/) - by Princethilak
- [Cross Site Request Forgery (CSRF) by Snyk](https://snyk.io/learn/csrf-cross-site-request-forgery/)
### Videos
- [Cross-Site Request Forgery Attack](https://www.youtube.com/watch?v=eWEgUcHPle0) - by PwnFunction
- [Finding Your First Bug: Cross-Site Request Forgery](https://www.youtube.com/watch?v=ULvf6N8AL2A) - by Insider PhD
## XML External Entities (XXE)
- [XML External Entities ft. JohnHammond](https://www.youtube.com/watch?v=gjm6VHZa_8s) - by PwnFunction
- [Cross Site Request Forgery - Computerphile](https://www.youtube.com/watch?v=vRBihr41JTo)
### Labs
- [WebSec Academy - CSRF Labs]https://portswigger.net/web-security/all-labs)
## Insecure Direct Object Reference (IDOR)
### Reading Material
- [WebSec Academy - Insecure direct object references (IDOR) By PortSwigger](https://portswigger.net/web-security/access-control/idor)
- [Insecure Direct Object Reference (IDOR) by Intigriti](https://blog.intigriti.com/hackademy/idor/)
- [IDOR tutorial hands-on OWASP Top 10 training](https://thehackerish.com/idor-tutorial-hands-on-owasp-top-10-training/)
### Videos
- [Insecure Direct Object Reference Vulnerability](https://www.youtube.com/watch?v=rloqMGcPMkI) - by PwnFunction
- [Finding Your First Bug: Manual IDOR Hunting](https://www.youtube.com/watch?v=gINAtzdccts) - by Insider PhD
- [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - by STÖK & Fisher
### Labs
- (WebSec Academy - IDOR Lab)[https://portswigger.net/web-security/access-control/lab-insecure-direct-object-references]
- (IDOR on TryHackMe)[https://tryhackme.com/room/idor]
- (Corridor on TryHackMe)[https://tryhackme.com/room/corridor]
## Open Redirect
- [Open Redirect Vulnerability](https://www.youtube.com/watch?v=4Jk_I-cw4WE) - by PwnFunction
## Server-Side Request Forgery
### Reading Material
- [WebSec Academy - Server-Side Request Forgery](https://portswigger.net/web-security/ssrf)
- [SSRF by OWASP](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)
- [What is server-side request forgery (SSRF)?](https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/)
- [Server-side request forgery - Unintended access to internal resources via exploited serve](https://learn.snyk.io/lessons/ssrf-server-side-request-forgery/javascript/)
- [SSRF vulnerabilities and where to find them](https://labs.detectify.com/2022/09/23/ssrf-vulns-and-where-to-find-them/)
### Videos
- (Find and Exploit Server-Side Request Forgery (SSRF))[https://www.youtube.com/watch?v=eVI0Ny5cZ2c]
- (Server-Side Request Forgery (SSRF) | Complete Guide)[https://www.youtube.com/watch?v=ih5R_c16bKc&t=1s]
- [SSRF in 100 seconds](https://www.youtube.com/watch?v=3dKavgfL2pA)
- [How To Search For SSRF!](https://www.youtube.com/watch?v=Ku6CK3Aes8Y)
- [How to exploit a blind SSRF?](https://www.youtube.com/watch?v=o6AJH9PFEd4)
## HTTP Parameter Pollution
- [HTTP Parameter Pollution Attacks](https://www.youtube.com/watch?v=QVZBl8yxVX0) - by PwnFunction
### Labs
- [WebSec Academy - Server-Side Request Forgery Labs](https://portswigger.net/web-security/all-labs#server-side-request-forgery-ssrf)
- [WebSec Academy - Blind SSRF vulnerabilities](https://portswigger.net/web-security/ssrf/blind)
- [Server-Side Request Forgery (SSRF) vulnerable Lab](https://github.com/incredibleindishell/SSRF_Vulnerable_Lab)
- [Server-Side Request Forgery on TryHackMe](https://tryhackme.com/room/seasurfer)
## XML External Entities (XXE)
### Reading Material
- [WebSec Academy - XML External Entity (XXE) injection](https://portswigger.net/web-security/xxe)
- [XML External Entity (XXE) Processing by OWASP](https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing)
- [How to Find XXE Bugs: Severe, Missed and Misunderstood by Luke Stephens](https://www.bugcrowd.com/blog/how-to-find-xxe-bugs/)
### Videos
- [XML External Entities ft. JohnHammond](https://www.youtube.com/watch?v=gjm6VHZa_8s) - by PwnFunction
- [How to search for XXE!](https://www.youtube.com/watch?v=0DQnWalxYb4)
- [How to run an XXE injection via an SVG Image Upload!](https://www.youtube.com/watch?v=lbLV0jISMjY)
### Labs
- [WebSec Academy - XML External Entity (XXE) Labs](https://portswigger.net/web-security/all-labs#xml-external-entity-xxe-injection)
- [XXE Lab (On GitHub)](https://github.com/jbarone/xxelab)
## Logic Errors
- [Finding Your First Bug: Business Logic Errors](https://www.youtube.com/watch?v=RobCqW2KwGs) - by InsiderPhD
## Remote Code Execution
- [Finding Your First Bug: Goal Setting / Remote Code Execution (RCE)](https://www.youtube.com/watch?v=5BTvTE3gEq8) - by InsiderPhD
---
back to [Intro Page](/README.md)