mirror of
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters.git
synced 2024-11-13 23:57:05 +00:00
added changelog
This commit is contained in:
parent
702addf2a7
commit
8d79f9436c
6 changed files with 142 additions and 109 deletions
|
@ -4,8 +4,10 @@
|
|||
|
||||
There are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?". As a hacker, there a ton of techniques, terminologies, and topics you need to familiarize yourself with to understand how an application works. Cody Brocious [(@daeken)](http://twitter.com/daeken), I put these resources together in order to help new hackers with resources to learn the basics of Web Application Security.
|
||||
|
||||
We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!
|
||||
[Updates: See what's new!](/assets/basics.md)
|
||||
We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!<br>
|
||||
|
||||
[Changelog: See what's new!](/assets/changelog.md)
|
||||
|
||||
---
|
||||
## Table of Contents
|
||||
|
||||
|
|
|
@ -18,84 +18,92 @@ A collection of Blog Posts ordered by Vulnerability Types
|
|||
- [Automation](#Automation)
|
||||
- [Buffer Overflow](#Buffer-Overflow)
|
||||
- [IDOR](#IDOR)
|
||||
- [GraphQL](#GraphQL)
|
||||
- [Misc](#Misc)
|
||||
## XSS
|
||||
You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
|
||||
|
||||
- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) - by LiveOverflow
|
||||
- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) - LiveOverflow
|
||||
- [The Fix](https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa)
|
||||
- [Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program](https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/) - by [Sam Curry](https://twitter.com/samwcyo)
|
||||
- [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - by [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
|
||||
- [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - by [@Qab](https://twitter.com/qab)
|
||||
- [Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program](https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/) - [Sam Curry](https://twitter.com/samwcyo)
|
||||
- [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
|
||||
- [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - [@Qab](https://twitter.com/qab)
|
||||
### DOM XSS
|
||||
- https://hackerone.com/reports/297968
|
||||
- https://hackerone.com/reports/168165
|
||||
- https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html
|
||||
- [Persistent DOM-based XSS in https://help.twitter.com via localStorage](https://hackerone.com/reports/297968) - harisec
|
||||
- [DOM based XSS in search functionality](https://hackerone.com/reports/168165) - sameoldstory
|
||||
- [A Tale Of A DOM Based XSS In Paypal](https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html) - Rafay Baloch
|
||||
- [H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing](https://hackerone.com/reports/422043) - filedescriptor
|
||||
### Stored XSS
|
||||
- https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html
|
||||
- https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
|
||||
- https://opnsec.com/2018/03/stored-xss-on-facebook/
|
||||
- https://klikki.fi/adv/yahoo.html
|
||||
- https://klikki.fi/adv/yahoo2.html
|
||||
- https://hackerone.com/reports/422043
|
||||
- https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss
|
||||
- [Another XSS in Google Colaboratory](https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html) - Michał Bentkowski
|
||||
- [Google adwords 3133.7$ Stored XSS](https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27) - Emad Shanab
|
||||
- [Stored XSS on Facebook](https://opnsec.com/2018/03/stored-xss-on-facebook/) - Enguerran Gillier
|
||||
- [Yahoo Mail stored XSS](https://klikki.fi/adv/yahoo.html) - Jouko Pynnönen
|
||||
- [Yahoo Mail stored XSS #2](https://klikki.fi/adv/yahoo2.html) - Jouko Pynnönen
|
||||
- [Account Recovery XSS](https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss) - Gábor Molnár
|
||||
### CSP Bypass
|
||||
- https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html
|
||||
|
||||
## SSRF
|
||||
- [DEF CON 27 Conference - Ben Sadeghipour - Owning The Clout Through Server Side Request Forgery](https://www.youtube.com/watch?v=o-tL9ULF0KI)<br>- Nahamsec & daeken | DEFCON 2019
|
||||
- [Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks](https://peertube.opencloud.lu/videos/watch/40f39bfe-6d3c-40f5-bcab-43f20944ca6a)<br>- Alyssa Herrera | Hack.lu 2019
|
||||
- [Vimeo upload function SSRF](https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437) - by Sayed Abdelhafiz
|
||||
- [Vimeo upload function SSRF](https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437) - Sayed Abdelhafiz
|
||||
|
||||
|
||||
## Vulnerability Scanning
|
||||
- [NMAP For Vulnerability Discovery](https://www.peerlyst.com/posts/nmap-for-vulnerability-discovery-sachin-wagh) - by Sachin Wagh
|
||||
- [NMAP For Vulnerability Discovery](https://www.peerlyst.com/posts/nmap-for-vulnerability-discovery-sachin-wagh) - Sachin Wagh
|
||||
|
||||
## Token / Authentication
|
||||
- [Abusing feature to steal your tokens](https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74) - by Harsh Jaiswal
|
||||
- [How I was able to bypass OTP code requirement in Razer [The story of a critical bug]](https://medium.com/bugbountywriteup/how-i-was-able-to-bypass-otp-token-requirement-in-razer-the-story-of-a-critical-bug-fc63a94ad572?) - by Ananda Dhakal
|
||||
- [Bypassing GitHub's OAuth flow](https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html) - by [@not_aardvark](https://twitter.com/not_aardvark)
|
||||
- [Abusing feature to steal your tokens](https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74) - Harsh Jaiswal
|
||||
- [How I was able to bypass OTP code requirement in Razer [The story of a critical bug]](https://medium.com/bugbountywriteup/how-i-was-able-to-bypass-otp-token-requirement-in-razer-the-story-of-a-critical-bug-fc63a94ad572?) - Ananda Dhakal
|
||||
- [Bypassing GitHub's OAuth flow](https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html) - [@not_aardvark](https://twitter.com/not_aardvark)
|
||||
|
||||
|
||||
## SQL Injection
|
||||
- [Time-Based Blind SQL Injection In GraphQL](https://medium.com/bugbountywriteup/time-based-blind-sql-injection-in-graphql-39a25a1dfb3c) - Divyanshu Shukla
|
||||
- [SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database](https://hackerone.com/reports/531051) - by spaceraccoon
|
||||
- [SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database](https://hackerone.com/reports/531051) - spaceraccoon
|
||||
- [Finding SQL injections fast with white-box analysis — a recent bug example](https://medium.com/@frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76?) - [@frycos](https://twitter.com/frycos)
|
||||
- [How we hacked one of the worlds largest Cryptocurrency Website](https://strynx.org/insecure-crypto-code-execution/) - [strynx](https://strynx.org/)
|
||||
|
||||
## Mobile
|
||||
### iOS
|
||||
- [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - by spaceraccoon
|
||||
- [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - spaceraccoon
|
||||
## Android
|
||||
- [A deep dive into reversing Android pre-Installed apps](https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf) and the [BlackHat Talk](https://www.youtube.com/watch?v=U6qTcpCfuFc) - by Maddie Stone
|
||||
- [A deep dive into reversing Android pre-Installed apps](https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf) and the [BlackHat Talk](https://www.youtube.com/watch?v=U6qTcpCfuFc) - Maddie Stone
|
||||
|
||||
## HTTP Desync
|
||||
- [HTTP Desync Attacks: Request Smuggling Reborn](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) in combination with this [report](https://hackerone.com/reports/510152) - by [James Kettle](https://twitter.com/albinowax)
|
||||
- [HTTP Request Smuggling on vpn.lob.com](https://hackerone.com/reports/694604) - by 0X0 (painreigns)
|
||||
- [HTTP Desync Attacks: Request Smuggling Reborn](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) in combination with this [report](https://hackerone.com/reports/510152) - [James Kettle](https://twitter.com/albinowax)
|
||||
- [HTTP Request Smuggling on vpn.lob.com](https://hackerone.com/reports/694604) - 0X0 (painreigns)
|
||||
|
||||
## File Upload
|
||||
- [Webshell via File Upload on ecjobs.starbucks.com.cn](https://hackerone.com/reports/506646) - by johnstone
|
||||
- [Facebook Messenger server random memory exposure through corrupted GIF image ](https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html) - by [@xdzmitry](https://twitter.com/xdzmitry)
|
||||
- [A Tale of Exploitation in Spreadsheet File Conversions](https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/) - by [@bbuerhaus](https://twitter.com/bbuerhaus)[@daeken](https://twitter.com/daeken)[@erbbysam](https://twitter.com/erbbysam)[@smiegles](https://twitter.com/smiegles)
|
||||
- [Webshell via File Upload on ecjobs.starbucks.com.cn](https://hackerone.com/reports/506646) - johnstone
|
||||
- [Facebook Messenger server random memory exposure through corrupted GIF image ](https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html) - [@xdzmitry](https://twitter.com/xdzmitry)
|
||||
- [A Tale of Exploitation in Spreadsheet File Conversions](https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/) - [@bbuerhaus](https://twitter.com/bbuerhaus)//[@daeken](https://twitter.com/daeken)//[@erbbysam](https://twitter.com/erbbysam)//[@smiegles](https://twitter.com/smiegles)
|
||||
|
||||
## Automation
|
||||
- [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a) - by Mohd Shibli
|
||||
- [Beginner’s Guide to recon automation](https://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb) - by Ashish Jha
|
||||
- [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - by STÖK & Fisher
|
||||
- [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a) - Mohd Shibli
|
||||
- [Beginner’s Guide to recon automation](https://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb) - Ashish Jha
|
||||
- [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - STÖK & Fisher
|
||||
|
||||
## Buffer Overflow
|
||||
- [Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty](https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/) - by [Sam Curry](https://twitter.com/samwcyo)
|
||||
- [Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty](https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/) - [Sam Curry](https://twitter.com/samwcyo)
|
||||
|
||||
## IDOR
|
||||
- [Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method](https://www.indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html) - by [Vijay Kumar ](https://twitter.com/IndoAppSec)
|
||||
- [GraphQL IDOR leads to information disclosure](https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d) - by [@R0X4R](https://twitter.com/R0X4R)
|
||||
- [From Multiple IDORs leading to Code Execution on a different Host Container](https://www.rahulr.in/2019/10/idor-to-rce.html?m=1) by [@Rahul_R95](https://twitter.com/Rahul_R95)
|
||||
- [Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method](https://www.indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html) - [Vijay Kumar ](https://twitter.com/IndoAppSec)
|
||||
- [GraphQL IDOR leads to information disclosure](https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d) - [@R0X4R](https://twitter.com/R0X4R)
|
||||
- [From Multiple IDORs leading to Code Execution on a different Host Container](https://www.rahulr.in/2019/10/idor-to-rce.html?m=1) - [@Rahul_R95](https://twitter.com/Rahul_R95)
|
||||
|
||||
## GraphQL
|
||||
- [Private System Note Disclosure using GraphQL](https://hackerone.com/reports/633001) - Ron Chan
|
||||
- [Graphql Abuse to Steal Anyone’s Address](https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417) - pratik yadav
|
||||
|
||||
## Misc
|
||||
- [Notes about Nahamsecs Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) by [maverickNerd](https://github.com/maverickNerd)
|
||||
- [Writing a Simple Buffer Overflow Exploit](https://www.youtube.com/watch?v=oS2O75H57qU) by LiveOverflow
|
||||
- [Notes about Nahamsecs Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) - [maverickNerd](https://github.com/maverickNerd)
|
||||
- [Writing a Simple Buffer Overflow Exploit](https://www.youtube.com/watch?v=oS2O75H57qU) - LiveOverflow
|
||||
- [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/)
|
||||
- [Abusing autoresponders and email bounces](https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2) by securinti
|
||||
- [Abusing HTTP hop-by-hop request headers](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) by [@nj_dav](https://twitter.com/nj_dav)
|
||||
- [Cracking reCAPTCHA, Turbo Intruder style](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style) by James Kettle
|
||||
- [Abusing autoresponders and email bounces](https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2) - securinti
|
||||
- [Abusing HTTP hop-by-hop request headers](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) - [@nj_dav](https://twitter.com/nj_dav)
|
||||
- [Cracking reCAPTCHA, Turbo Intruder style](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style) - James Kettle
|
||||
- [Abusing ImageMagick to obtain RCE](https://strynx.org/imagemagick-rce/) - [strynx](https://strynx.org/)
|
||||
|
||||
---
|
||||
back to [Intro Page](/README.md)
|
20
assets/changelog.md
Normal file
20
assets/changelog.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Resources-for-Beginner-Bug-Bounty-Hunters
|
||||
|
||||
## Changelog
|
||||
|
||||
Updates to this repo will be pushed monthly. You can read about the latest changes below.
|
||||
|
||||
## Update 2020.01
|
||||
### Added
|
||||
- New changelog page
|
||||
- New content in [Blogposts](/assets/blogposts.md)
|
||||
- Designated section to get started with [Burp Suite](/assets/setup.md#setup)
|
||||
- Link from the Burp Tool section to the setup guide
|
||||
- Recon Pi to [Tools](/assets/tools.md#others)
|
||||
|
||||
### Changed
|
||||
- Updated the Twitter Descriptions in [media.md](/assets/media.md)
|
||||
- Cleaned up [Setup Page](/assets/setup.md)
|
||||
- Cleaned up [Blogposts Page](/assets/blogposts.md)
|
||||
---
|
||||
back to [Intro Page](/README.md)
|
125
assets/media.md
125
assets/media.md
|
@ -45,71 +45,70 @@ In general ["no starch press"](https://nostarch.com/catalog/security) offers gre
|
|||
|
||||
## Twitter
|
||||
This List does not exclusively contains Bug Bounty themed Accounts but a broad variety of InfoSec and Hacking.<br>
|
||||
Descriptions will be added later!.
|
||||
|
||||
| Name | Topics |
|
||||
| ------------------------------------------------------- | ------ |
|
||||
| [@Alyssa*Herrera*](https://twitter.com/Alyssa_Herrera_) |BB|
|
||||
| [@Bugcrowd](https://twitter.com/Bugcrowd) |BB, Platform|
|
||||
| [@DailySwig](https://twitter.com/DailySwig) |Web Technologie, News|
|
||||
| [@DanielMiessler](https://twitter.com/DanielMiessler) |Security, Researcher, [SecLists](https://github.com/danielmiessler/SecLists)|
|
||||
| [@Dinosn](https://twitter.com/Dinosn) |Researcher, News, Tools|
|
||||
| [@EdOverflow](https://twitter.com/EdOverflow) |Developer, Researcher, @LiveOverflow in disguise|
|
||||
| [@GoogleVRP](https://twitter.com/GoogleVRP) |VRP, Program|
|
||||
| [@GossiTheDog](https://twitter.com/GossiTheDog) |Researcher|
|
||||
| [@Hacker0x01](https://twitter.com/Hacker0x01) |BB, Platform|
|
||||
| [@HackerSploit](https://twitter.com/HackerSploit) |General Hacking, Youtuber|
|
||||
| [@InsiderPhD](https://twitter.com/InsiderPhD) |BB, Teaching, YouTuber, Beginner friendy content|
|
||||
| [@JHaddix](https://twitter.com/Jhaddix) |BB, Bugcrowd, Streaming|
|
||||
| [@KitPloit](https://twitter.com/KitPloit) |News, Tools|
|
||||
| [@LiveOverflow](https://twitter.com/LiveOverflow) |Hacking, CTF, Teaching, YouTuber, @EdOverflow in disguise|
|
||||
| [@MalwareTechBlog](https://twitter.com/MalwareTechBlog) |RE, Security, Hacking, News|
|
||||
| [@NahamSec](https://twitter.com/NahamSec) |BB, Teaching, Streaming|
|
||||
| [@Peerlyst](https://twitter.com/Peerlyst) |Articles, Peer Powered Publications|
|
||||
| [@PortSwigger](https://twitter.com/PortSwigger) |BB, News, BurpSuite|
|
||||
| [@PwnFunction](https://twitter.com/PwnFunction) |YouTuber, Teaching, Web Technologie|
|
||||
| [@Regala\_](https://twitter.com/Regala_)(Fisher) |BB, DISTURBANCE, Podcaster|
|
||||
| [@Rosenawesome](https://twitter.com/Rosenawesome) |Hacking, Events|
|
||||
| [@TheBlindHacker](https://twitter.com/TheBlindHacker) |Hacking, Streamer|
|
||||
| [@TheHackerNews](https://twitter.com/TheHackersNews) |News|
|
||||
| [@TheParanoids](https://twitter.com/TheParanoids) |BB, "Program"|
|
||||
| [@TomNomNom](https://twitter.com/TomNomNom) |Coding, BB, Hacking, DISTURBANCE, Tools|
|
||||
| [@\_johnhammond](https://twitter.com/_johnhammond) |Hacking, Web Technologies, Coding, CTF|
|
||||
| [@\_sn0ww](https://twitter.com/_sn0ww) |Social Enineering, OSINT|
|
||||
| [@ajxchapman](https://twitter.com/ajxchapman) |BB, Researcher|
|
||||
| [@albinowax](https://twitter.com/albinowax) |News, BB, Web Technologies, Researcher, BurpSuite|
|
||||
| [@autothreat](https://twitter.com/autothreat) |Hacking, Cars|
|
||||
| [@brutelogic](https://twitter.com/brutelogic) |Researcher, Teaching, XSS|
|
||||
| [@ceos3c](https://twitter.com/ceos3c) |YouTuber, General Hacking, Teaching|
|
||||
| [@d0nutptr](https://twitter.com/d0nutptr) |Rust.|
|
||||
| [@daeken](https://twitter.com/daeken) |BB, Researcher|
|
||||
| [@evilsocket](https://twitter.com/evilsocket) |Hacking, Coding, Hardware, Tools|
|
||||
| [@firebounty](https://twitter.com/firebounty) |BB, Platform|
|
||||
| [@fluxfingers](https://twitter.com/fluxfingers) |CTF|
|
||||
| [@fs0c131y](https://twitter.com/fs0c131y) |Mobile Applications, Hacking, Web Technologies, Researcher|
|
||||
| [@hakluke](https://twitter.com/hakluke) |Researcher, Coding, Tools|
|
||||
| [@intigriti](https://twitter.com/intigriti) |BB, Platform|
|
||||
| [@jerh17](https://twitter.com/jerh17) |BB, Researcher, Platform|
|
||||
| [@lorenzofb](https://twitter.com/lorenzofb) |Journalist|
|
||||
| [@maddiestone](https://twitter.com/maddiestone) |Project Zero, Researcher|
|
||||
| [@malwareunicorn](https://twitter.com/malwareunicorn) |Researcher, RE, Malware, Unicorn|
|
||||
| [@mongobug](https://twitter.com/mongobug) |BB, Researcher|
|
||||
| [@nahamsec](https://twitter.com/nahamsec) |BB, Researcher, YouTuber, Streamer, Teaching, Recon|
|
||||
| [@nnwakelam](https://twitter.com/nnwakelam) |BB, Researcher|
|
||||
| [@openbugbounty](https://twitter.com/openbugbounty) |Platform|
|
||||
| [@orange_8361](https://twitter.com/orange_8361) |BB, Researcher|
|
||||
| [@owasp](https://twitter.com/owasp) |OWASP|
|
||||
| [@samykamkar](https://twitter.com/samykamkar) |Hacking, News, Tools, Hardware|
|
||||
| [@securinti](https://twitter.com/securinti) |Researcher, BB|
|
||||
| [@spaceraccoonsec](https://twitter.com/spaceraccoonsec) |Researcher, BB|
|
||||
| [@stokfredrik](https://twitter.com/stokfredrik) |Researcher, BB, YouTuber, Teaching, Sunglasses|
|
||||
| [@synack](https://twitter.com/synack) |Platform, Team, BB|
|
||||
| [@thecybermentor](https://twitter.com/thecybermentor) |Streamer, Youtuber, General Hacking, Teaching|
|
||||
| [@thedawgyg](https://twitter.com/thedawgyg) |BB|
|
||||
| [@thegrugq](https://twitter.com/thegrugq) |Researcher|
|
||||
| [@yaworsk](https://twitter.com/yaworsk) |BB, Researcher, Author|
|
||||
| [@yeswehack](https://twitter.com/yeswehack) |BB, Platform|
|
||||
| [@zseano](https://twitter.com/zseano) |BB, Teaching|
|
||||
| ------------------------------------------------------- | ---------------------------------------------------------------------------- |
|
||||
| [@Alyssa*Herrera*](https://twitter.com/Alyssa_Herrera_) | BB |
|
||||
| [@Bugcrowd](https://twitter.com/Bugcrowd) | BB, Platform |
|
||||
| [@DailySwig](https://twitter.com/DailySwig) | Web Technologie, News |
|
||||
| [@DanielMiessler](https://twitter.com/DanielMiessler) | Security, Researcher, [SecLists](https://github.com/danielmiessler/SecLists) |
|
||||
| [@Dinosn](https://twitter.com/Dinosn) | Researcher, News, Tools |
|
||||
| [@EdOverflow](https://twitter.com/EdOverflow) | Developer, Researcher, @LiveOverflow in disguise |
|
||||
| [@GoogleVRP](https://twitter.com/GoogleVRP) | VRP, Program |
|
||||
| [@GossiTheDog](https://twitter.com/GossiTheDog) | Researcher |
|
||||
| [@Hacker0x01](https://twitter.com/Hacker0x01) | BB, Platform |
|
||||
| [@HackerSploit](https://twitter.com/HackerSploit) | General Hacking, Youtuber |
|
||||
| [@InsiderPhD](https://twitter.com/InsiderPhD) | BB, Teaching, YouTuber, Beginner friendy content |
|
||||
| [@JHaddix](https://twitter.com/Jhaddix) | BB, Bugcrowd, Streaming |
|
||||
| [@KitPloit](https://twitter.com/KitPloit) | News, Tools |
|
||||
| [@LiveOverflow](https://twitter.com/LiveOverflow) | Hacking, CTF, Teaching, YouTuber, @EdOverflow in disguise |
|
||||
| [@MalwareTechBlog](https://twitter.com/MalwareTechBlog) | RE, Security, Hacking, News |
|
||||
| [@NahamSec](https://twitter.com/NahamSec) | BB, Teaching, Streaming |
|
||||
| [@Peerlyst](https://twitter.com/Peerlyst) | Articles, Peer Powered Publications |
|
||||
| [@PortSwigger](https://twitter.com/PortSwigger) | BB, News, BurpSuite |
|
||||
| [@PwnFunction](https://twitter.com/PwnFunction) | YouTuber, Teaching, Web Technologie |
|
||||
| [@Regala\_](https://twitter.com/Regala_)(Fisher) | BB, DISTURBANCE, Podcaster |
|
||||
| [@Rosenawesome](https://twitter.com/Rosenawesome) | Hacking, Events |
|
||||
| [@TheBlindHacker](https://twitter.com/TheBlindHacker) | Hacking, Streamer |
|
||||
| [@TheHackerNews](https://twitter.com/TheHackersNews) | News |
|
||||
| [@TheParanoids](https://twitter.com/TheParanoids) | BB, "Program" |
|
||||
| [@TomNomNom](https://twitter.com/TomNomNom) | Coding, BB, Hacking, DISTURBANCE, Tools |
|
||||
| [@\_johnhammond](https://twitter.com/_johnhammond) | Hacking, Web Technologies, Coding, CTF |
|
||||
| [@\_sn0ww](https://twitter.com/_sn0ww) | Social Enineering, OSINT |
|
||||
| [@ajxchapman](https://twitter.com/ajxchapman) | BB, Researcher |
|
||||
| [@albinowax](https://twitter.com/albinowax) | News, BB, Web Technologies, Researcher, BurpSuite |
|
||||
| [@autothreat](https://twitter.com/autothreat) | Hacking, Cars |
|
||||
| [@brutelogic](https://twitter.com/brutelogic) | Researcher, Teaching, XSS |
|
||||
| [@ceos3c](https://twitter.com/ceos3c) | YouTuber, General Hacking, Teaching |
|
||||
| [@d0nutptr](https://twitter.com/d0nutptr) | BB, Researcher, (Rust.) |
|
||||
| [@daeken](https://twitter.com/daeken) | BB, Researcher |
|
||||
| [@evilsocket](https://twitter.com/evilsocket) | Hacking, Coding, Hardware, Tools |
|
||||
| [@firebounty](https://twitter.com/firebounty) | BB, Platform |
|
||||
| [@fluxfingers](https://twitter.com/fluxfingers) | CTF |
|
||||
| [@fs0c131y](https://twitter.com/fs0c131y) | Mobile Applications, Hacking, Web Technologies, Researcher |
|
||||
| [@hakluke](https://twitter.com/hakluke) | Researcher, Coding, Tools |
|
||||
| [@intigriti](https://twitter.com/intigriti) | BB, Platform |
|
||||
| [@jerh17](https://twitter.com/jerh17) | BB, Researcher, Platform |
|
||||
| [@lorenzofb](https://twitter.com/lorenzofb) | Journalist |
|
||||
| [@maddiestone](https://twitter.com/maddiestone) | Project Zero, Researcher |
|
||||
| [@malwareunicorn](https://twitter.com/malwareunicorn) | Researcher, RE, Malware, Unicorn |
|
||||
| [@mongobug](https://twitter.com/mongobug) | BB, Researcher |
|
||||
| [@nahamsec](https://twitter.com/nahamsec) | BB, Researcher, YouTuber, Streamer, Teaching, Recon |
|
||||
| [@nnwakelam](https://twitter.com/nnwakelam) | BB, Researcher |
|
||||
| [@openbugbounty](https://twitter.com/openbugbounty) | Platform |
|
||||
| [@orange_8361](https://twitter.com/orange_8361) | BB, Researcher |
|
||||
| [@owasp](https://twitter.com/owasp) | OWASP |
|
||||
| [@samykamkar](https://twitter.com/samykamkar) | Hacking, News, Tools, Hardware |
|
||||
| [@securinti](https://twitter.com/securinti) | Researcher, BB |
|
||||
| [@spaceraccoonsec](https://twitter.com/spaceraccoonsec) | Researcher, BB |
|
||||
| [@stokfredrik](https://twitter.com/stokfredrik) | Researcher, BB, YouTuber, Teaching, Sunglasses |
|
||||
| [@synack](https://twitter.com/synack) | Platform, Team, BB |
|
||||
| [@thecybermentor](https://twitter.com/thecybermentor) | Streamer, Youtuber, General Hacking, Teaching |
|
||||
| [@thedawgyg](https://twitter.com/thedawgyg) | BB |
|
||||
| [@thegrugq](https://twitter.com/thegrugq) | Researcher |
|
||||
| [@yaworsk](https://twitter.com/yaworsk) | BB, Researcher, Author |
|
||||
| [@yeswehack](https://twitter.com/yeswehack) | BB, Platform |
|
||||
| [@zseano](https://twitter.com/zseano) | BB, Teaching |
|
||||
|
||||
|
||||
---
|
||||
|
|
|
@ -7,10 +7,13 @@ This section will help you set up your testing environement.
|
|||
- [Setting up virtualbox + linux](https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox)
|
||||
- [Docker For Pentesting And Bug Bounty Hunting](https://www.youtube.com/watch?v=5G6tA8Q9AuQ)
|
||||
- [Basics of UNIX](https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything)
|
||||
- [Setting up Burp (Video Series)](https://www.hacker101.com/playlists/burp_suite) by Hacker101
|
||||
- [Burp Suite Introduction](https://github.com/bugcrowd/bugcrowd_university/blob/master/An_introduction_to_Burp_Suite/Bugcrowd%20University%20-%20Burp%20Suite%20Introduction.pdf) by Jason Haddix
|
||||
- [Burp Hacks for Bounty Hunters](https://www.youtube.com/watch?v=boHIjDHGmIo) by James Kettle
|
||||
- [Previously Disclosed Vulnerabilities / HackerOne Hacktivity](https://hackerone.com/hacktivity)
|
||||
|
||||
## Burp Suite
|
||||
This section should help you get familiar with BurpSuite.
|
||||
- [Setting up Burp (Video Series)](https://www.hacker101.com/playlists/burp_suite) by Hacker101
|
||||
- [Burp Suite Introduction](https://github.com/bugcrowd/bugcrowd_university/blob/master/An_introduction_to_Burp_Suite/Bugcrowd%20University%20-%20Burp%20Suite%20Introduction.pdf) by Jason Haddix
|
||||
- [Beginners Guide to Burpsuite Payloads (Part 1)](https://www.hackingarticles.in/beginners-guide-burpsuite-payloads-part-1/) by Raj Chandel
|
||||
- [Burp Hacks for Bounty Hunters](https://www.youtube.com/watch?v=boHIjDHGmIo) by James Kettle
|
||||
---
|
||||
back to [Intro Page](/README.md)
|
|
@ -15,7 +15,7 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
|
|||
### Proxy & Network Sniffer
|
||||
| Name | Description | Written in | Created by |
|
||||
|------ |------------- |------------ |------------- |
|
||||
|[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free & paid version).|Java|Port Swigger|
|
||||
|[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free & paid version). [Here](/assets/setup.md#setup) you can find Tips & Tricks to get started with Burp.|Java|Port Swigger|
|
||||
|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP|
|
||||
|[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.|C, C++|The Wireshark team|
|
||||
|
||||
|
@ -78,6 +78,7 @@ Here you can find links to a bunch of useful tools for Bug Bounty Hunting.
|
|||
| Name | Description | Written in | Created by |
|
||||
|------ |------------- | ------------ |------------- |
|
||||
|[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.||Daniel Miessler|
|
||||
|[Recon Pi](https://github.com/x1mdev/ReconPi)|A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.||[@x1m_martijn](https://twitter.com/x1m_martijn)|
|
||||
|
||||
---
|
||||
back to [Intro Page](/README.md)
|
Loading…
Reference in a new issue