https://github.com/hetmehtaa/bug-bounty-noob

https://github.com/hetmehtaa/bug-bounty-noob

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/hetmehtaa/bug-bounty-noob
• Owner: hetmehtaa
• License: mit
• Created: 2021-09-27T07:35:01.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2021-10-03T08:41:45.000Z (about 3 years ago)
• Last Synced: 2024-02-11T21:19:25.586Z (9 months ago)
• Size: 91.8 KB
• Stars: 101
• Watchers: 5
• Forks: 29
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - hetmehtaa/bug-bounty-noob - (Others)

README

        
# Bug-Bounty-n00b ( Yet to organize! Will Update Soon. )

That tweet is only intended for Beginners/Freshers in bug bounty hunting who just started learning about this or want to start! If you are already doing hunting or doing labs then Maybe this won't be too much helpful to you. Thanks!

It all depends on interest and hard work, not on degree, age, branch, college, etc.

 What to study?

 1. Internet, HTTP, TCP/IP

 2. Networking

 3. Command line

 4. Linux

 5. Web technologies, javascript, PHP, java

 6. At least 1 prog language (Python/C/JAVA/Ruby/Golang etc..)

 Choose your path (imp)

 1. Web pentesting

 2. Mobile pentesting

 3. Desktop apps

## Table of Contents

Resources:

 

 1. Books

  For web 

   1. Web app hackers handbook

   2. Web hacking 101

   3. Hacker's playbook 1,2,3

   4. Hacking art of exploitation

   5. Mastering modern web pen testing

   6. OWASP Testing guide 

   7. Bug Bounty Bootcamp.

  For mobile

   1. Mobile application hacker's handbook

Youtube channels:

   1. Live Overflow

   2. John Hammond

   3. Hackersploit

   4. Bugcrowd

   5. Hak5

   6. Hackerone

 Must Check: https://blog.intigriti.com/2020/10/05/top-20-bug-bounty-youtube-channels-to-follow-in-2020/ 

  Programming:

Academind

CS Dojo

Derek Banas

freeCodeCamp

Joshua Fluke

LevelUpTuts

Life of Luba

The Coding Train

Writeups, Articles, blogs  ( I have given below some awesome writeups )

  1. Medium (infosec writeups)

  2. Hackerone public reports

  3. http://owasp.org

  4. Portswigger

  5. Reddit (Netsec)

  6. DEFCON conference videos

  7. Forums 

Practice (imp)

 Tools

  1. Burpsuite

  2. nmap

  3. dirtbuster

  4. sublist3r

  5. Netcat

  6. Python PWN Library

  7. Metasploit framework

Testing labs

  1. DVWA

  2. bWAPP

  3. Vulnhub

  4. Metasploitable

  5. CTF365

  6. Hack the box

Start!   ( Don't Forget this masterpiece- https://book.hacktricks.xyz/ )

*******

Practice Owasp Top 10 and Master at least one Bug.

2. Master In Burpsuite and Nmap

3. Top Tools that will be used on a daily Basis

https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources

4. Read and practice at Portswigger Academy

https://portswigger.net/web-security

5. Read On a daily basis

https://hackerone.com/hacktivity

https://blog.intigriti.com/

https://pentester.land/list-of-bug-bounty-writeups.html

https://infosecwriteups.com/

https://bugbountyguide.com/hunters/books.html

https://owasp.org/www-project-web-security-testing-guide/v42/

https://github.com/devanshbatham/Awesome-Bugbounty-Writeups

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/basics.md

https://github.com/trimstray/the-book-of-secret-knowledge

https://www.bugcrowd.com/hackers/bugcrowd-university/

https://medium.com/tag/bug-bounty-writeup

6. Checklists

https://github.com/OWASP/wstg/tree/master/checklist

https://www.youtube.com/watch?v=uKWu6yhnhbQ  ( Methodology )

******

### Select a Platforms

- [HackerOne](https://hackerone.com/)

- [Bugcrowd](https://bugcrowd.com/)

- [intigriti](https://intigriti.com/)

- [YesWeHack](https://yeswehack.com/)

- [Synack](https://www.synack.com/)

- [HackenProof](https://hackenproof.com/)

- [Detectify](https://cs.detectify.com/)

- [Bugbountyjp](https://bugbounty.jp/)

- [Safehats](https://safehats.com/)

- [BugbountyHQ](https://www.bugbountyhq.com/)

- [Hackerhive](https://hackerhive.io/)

- [CESPPA](https://www.cesppa.com/)

#### Few Responsible Public Disclosure 

     

 - [Google VDP](https://www.google.com/about/appsecurity/reward-program/)

 - [Apple Bug Bounty](https://developer.apple.com/security-bounty/)

 - [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty)

 - [Intel Security](https://www.intel.com/content/www/us/en/security-center/default.html)

 - [Yahoo Security](https://safety.yahoo.com/Security/REPORTING-ISSUES.html)

 - [Cisco VDP](https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html)

 - [Facebook Whitehat](https://www.facebook.com/whitehat/)

 - [Dropbox Security](https://help.dropbox.com/accounts-billing/security/how-security-works)

 - [Mozilla](https://www.mozilla.org/en-US/security/bug-bounty/)

 - [Vimeo](https://vimeo.com/about/security)

 - [Github](https://bounty.github.com/)

 - [Uber Security](https://eng.uber.com/bug-bounty-map/)

 - [PHP](https://bugs.php.net/report.php?bug_type=Security)

 - [PayTM Security](https://paytm.com/offer/bug-bounty/)

#### To Find More Programs, You Can Have a Look Into Google Dorkings.

 1. Choose wisely (first not for bounty)

 2. Select a bug for hunt

 3. Exhaustive search

 4. Not straightforward always

### REPORT:

 5. Create a descriptive report

 6. Follow responsible disclosure

 7. Create POC and steps to reproduce

*******

### Words of wisdom

 1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success

 2. Do not expect someone will spoon feed you everything.

 3. Confidence

 4. Not always for bounty

 5. Learn a lot

 6. Won't find at the beginning, don't lose hope

 7. Stay focused

 8. Depend on yourself

 9. Stay updated with the infosec world

The Best skill you can have is Google. Do learn it, it's not only a search bar but more than that! do some Dorking and have tailored results that you want. You can not always be dependent on others, thus learning google is crucial. 

Thanks. 

All your reference:

- Learn From Bugs Disclosure

- XSS

[https://medium.com/@corneacristian/top-25-xss-bug-bounty-reports-b3c90e2288c8](https://medium.com/@corneacristian/top-25-xss-bug-bounty-reports-b3c90e2288c8)

- RCE

[https://medium.com/@corneacristian/top-25-rce-bug-bounty-reports-bc9555cca7bc](https://medium.com/@corneacristian/top-25-rce-bug-bounty-reports-bc9555cca7bc)

- Race Condition

[https://medium.com/@corneacristian/top-25-race-condition-bug-bounty-reports-84f9073bf9e5](https://medium.com/@corneacristian/top-25-race-condition-bug-bounty-reports-84f9073bf9e5)

- IDOR

[https://medium.com/@corneacristian/top-25-idor-bug-bounty-reports-ba8cd59ad331](https://medium.com/@corneacristian/top-25-idor-bug-bounty-reports-ba8cd59ad331)

- Open Redirect

[https://medium.com/@corneacristian/top-25-open-redirect-bug-bounty-reports-5ffe11788794](https://medium.com/@corneacristian/top-25-open-redirect-bug-bounty-reports-5ffe11788794)

- Wordpress

[https://medium.com/@corneacristian/top-25-wordpress-bug-bounty-reports-f208ea2dad3f](https://medium.com/@corneacristian/top-25-wordpress-bug-bounty-reports-f208ea2dad3f)

*************

Some Bug Bounty tools:

dnscan https://github.com/rbsec/dnscan

Knockpy https://github.com/guelfoweb/knock

Sublist3r https://github.com/aboul3la/Sublist3r

massdns https://github.com/blechschmidt/massdns

nmap https://nmap.org

masscan https://github.com/robertdavidgraham/masscan

EyeWitness https://github.com/ChrisTruncer/EyeWitness

DirBuster https://sourceforge.net/projects/dirbuster/

dirsearch https://github.com/maurosoria/dirsearch

Gitrob https://github.com/michenriksen/gitrob 

git-secrets https://github.com/awslabs/git-secrets

sandcastle https://github.com/yasinS/sandcastle

bucket_finder https://digi.ninja/projects/bucket_finder.php

GoogD0rker https://github.com/ZephrFish/GoogD0rker/

Wayback Machine https://web.archive.org

waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/

XRay https://github.com/evilsocket/xray

wfuzz https://github.com/xmendez/wfuzz/

patator https://github.com/lanjelot/patator

datasploit https://github.com/DataSploit/datasploit

hydra https://github.com/vanhauser-thc/thc-hydra

changeme https://github.com/ztgrace/changeme

MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/

 Apktool https://github.com/iBotPeaches/Apktool

dex2jar https://sourceforge.net/projects/dex2jar/

sqlmap http://sqlmap.org/

oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ @cyb3rhunt3r

XXE Injector https://github.com/enjoiz/XXEinjector

The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool

ground-control https://github.com/jobertabma/ground-control

ssrfDetector https://github.com/JacobReynolds/ssrfDetector

LFISuit https://github.com/D35m0nd142/LFISuite

GitTools https://github.com/internetwache/GitTools

dvcs-ripper https://github.com/kost/dvcs-ripper

tko-subs https://github.com/anshumanbh/tko-subs

HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web

ysoserial https://github.com/GoSecure/ysoserial

PHPGGC https://github.com/ambionics/phpggc

CORStest https://github.com/RUB-NDS/CORStest

retire-js https://github.com/RetireJS/retire.js

getsploit https://github.com/vulnersCom/getsploit

Findsploit https://github.com/1N3/Findsploit

bfac https://github.com/mazen160/bfac

WPScan https://wpscan.org/

CMSMap https://github.com/Dionach/CMSmap

Amass https://github.com/OWASP/Amass

************

10 Awesome Firefox Extensions to Enhance Your Pentesting/Bug bounty Hunting.

1. FoxyProxy Standard

FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities.

Url: https://t.co/QmDKn9616G 

2. Firefox Multi-Account Containers

Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy.

Containers+authorize = broken access control bugs!

Url: https://t.co/ESdMxAuAyE 

3. PwnFox

PwnFox is a Firefox/Burp extension that provides useful tools for your security audit.

Features include:

> Single click BurpProxy

> Containers Profiles

> Toolbox injection

> Security header remover

FoxyProxy + Containers = pwnfox

Url: https://t.co/mbosicOu8A 

4. HackTools

Hacktools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells to test your web application.

Url: https://t.co/vCOUsGDVAt 

5. Wappalyzer

Identify technologies on websites

Url: https://t.co/jEPgAQzwm7 

6. Shodan

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

Url: https://t.co/v8FEe6skKN

7. DotGit

An extension to check if .git is exposed in visited websites.

URL: https://addons.mozilla.org/en-US/firefox/addon/dotgit/

8. Open Multiple URLs

Opens a list of URLs

URL: https://addons.mozilla.org/en-US/firefox/addon/open-multiple-urls/

9. Cookie-Editor

Cookie-Editor lets you efficiently create, edit and delete a cookie for the current tab. Perfect for developing, quickly testing, or even manually managing your cookies for your privacy.

Url: https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/

10. S3 Bucket List

Finds Amazon S3 Buckets while browsing then records it in the add-on content.

************

Cheat Sheets:

XSS

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md

https://github.com/ismailtasdelen/xss-payload-list

SQLi

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md

SSRF

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery

CRLF

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection

CSV-Injection

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection

Command Injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection

Directory Traversal

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal

LFI

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion

XXE

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md

Open-Redirect

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md

RCE

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md

Crypto

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md

Template Injection

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection

XSLT

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md

Content Injection

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md

LDAP Injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection

NoSQL Injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection

CSRF Injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection

GraphQL Injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection

IDOR

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References

ISCM

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management

LaTex Injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection

OAuth 

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth

XPATH Injection

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection

Bypass Upload Tricky

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files

*******

Awesome Bug Bounty Tools

https://github.com/vavkamil/awesome-bugbounty-tools

*****

Lots of Write-ups: ( Reading them won't make you expert; Practice yourself.

1)Hacking LG WebOS Smart TVs Using A Phone

https://medium.com/geekculture/hacking-lg-webos-smart-tvs-using-a-phone-3fedba5d6f50

2)Quick Heal Addressed Multiple Vulnerabilities in v19.0

https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/

3)Resetting Expired Passwords Remotely

https://www.n00py.io/2021/09/resetting-expired-passwords-remotely/

4)Windows Event Logging & Collection Guidance

https://github.com/JSCU-NL/logging-essentials

1)[Zomato Order] Insecure deep link leads to sensitive information disclosure

https://hackerone.com/reports/532225

2)CVE-2021-22946: Protocol downgrade required TLS bypassed

https://hackerone.com/reports/1334111

3)CVE-2021-22947: STARTTLS protocol injection via MITM

https://hackerone.com/reports/1334763

4)Guest Users can create issues for Sentry errors and track their status

https://hackerone.com/reports/1117768

5)$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser

https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/

6)Using CodeQL to detect client-side vulnerabilities in web applications

https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications/

7)HCRootkit / Sutersu Linux Rootkit Analysis

https://www.lacework.com/blog/hcrootkit-sutersu-linux-rootkit-analysis/

8)CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

https://securityaffairs.co/wordpress/122486/hacking/cve-2021-40847-netgear-soho-routers.html

9)Autodiscovering the Great Leak

https://www.guardicore.com/labs/autodiscovering-the-great-leak/

1)Used email confirmation link reveals the email address which is tied to it

https://hackerone.com/reports/1128358

2)CSV injection in the credentials export

https://hackerone.com/reports/1131887

3)Race condition allows sending multiple times feedback for the hacker

https://hackerone.com/reports/1132171

4)AWS WAF analysis: How it works and how to attack it

https://thexssrat.medium.com/aws-waf-analysis-how-it-works-and-how-to-attack-it-8a456e561c74

5)ffuf

https://broad-frost-983.notion.site/ffuf-bd8180578bec4dd2986781e09df46cdc

6)New Remote Code Execution Vulnerability In Nagios Can Compromise Complete Network

https://cyberworkx.in/2021/09/22/new-remote-code-execution-vulnerability-in-nagios-can-compromise-complete-network/

1)Privilege Escalation vulnerability in steam's Remote Play feature leads to

the arbitrary kernel-mode driver installation

https://hackerone.com/reports/852091

2)HTML Injection in Email

https://hackerone.com/reports/1248585

3)A fever Worth 750$- [Accessing Private Projects ]

https://medium.com/@shakti.gtp/a-fever-worth-750-accessing-private-projects-d113c561311f

4)Look Out For These Top 7 Things When Choosing A VPN Service

https://cyberdessy.medium.com/look-out-for-these-top-7-things-when-choosing-a-vpn-service-801ed9a7b5ae

5)OMIGOD - CVE-2021-38647

https://www.alteredsecurity.com/post/omigod-cve-2021-38647

https://github.com/AlteredSecurity/CVE-2021-38647

1)MSSQL for Pentester: Hashing

http://rajhackingarticles.blogspot.com/2021/09/mssql-for-pentester-hashing.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HackingArticlesrajChandelsBlog+%28Hacking+Articles%7CRaj+Chandel%27s+Blog%29

2)zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise

https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise

3)Ex-Apple Employee Exposes Apple M1 Chip’s Secrets

https://analyticsindiamag.com/ex-apple-employee-exposes-apple-m1-chips-secrets/

4)IoT Security (Internet of Things Security)

https://latesthackingnews.com/2021/09/20/iot-security-internet-of-things-security/

1) Text injection or content spoofing on forbidden page

https://hackerone.com/reports/1310925

2)Log Analysis using Splunk, Solving “Juicy Details TryHackMe”

https://medium.com/@pandeydipanshu57/log-analysis-using-splunk-solving-juicy-details-tryhackme-92ea1b13eb0d

3)You are entering the XSS game area

https://www.hackingtruth.in/2020/08/you-are-entering-xss-game-area.html

4)My Notes and What I Learned This Week!

https://www.getrevue.co/profile/anugrahsr/issues/weekly-newsletter-of-anugrah-sr-issue-2-763659

5)Google Hacking Dorks 2021

https://hackersonlineclub.com/google-hacking/

6)Email Header Analysis – Use Cases Including SPF, DKIM & DMARC

https://www.socinvestigation.com/email-header-analysis-use-cases-including-spf-dkim-dmarc/

7)QLOG provides enriched Event Logging for security-related events on Windows-based systems.

https://github.com/threathunters-io/QLOG

1)Admin access !!

https://dewangpanchal98.medium.com/admin-access-799b50694965

2)Investigating Scam/Phishing links campaign circulating in Whatsapp.

https://kunaldas9.medium.com/investigating-scam-phishing-links-campaign-circulating-in-whatsapp-6bf89b2520eb

3)A small change and things go in your hand: Story of a $250 bounty

https://fardeen-ahmed.medium.com/a-small-change-and-things-go-in-your-hand-story-of-a-250-bounty-5ddc43c31463

4)SIEM Monitoring using Wazuh by Francis Jeremiah

https://hakin9.org/siem-monitoring-using-wazuh-by-francis-jeremiah/

5)Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing

https://gbhackers.com/latest-google-dorks-list/

6)Edward Snowden urges users to stop using ExpressVPN

https://www.hackread.com/edward-snowden-stop-using-expressvpn/

7)How To Protect Yourself From Malicious Websites While Online

https://latesthackingnews.com/2021/09/18/how-to-protect-yourself-from-malicious-websites-while-online/

8)Concealed Position is a local privilege escalation attack against Windows using

the concept of "Bring Your Own Vulnerability".

https://github.com/jacob-baines/concealed_position

9)A tool for generating multiple types of NTLMv2 hash theft files.

https://github.com/Greenwolf/ntlm_theft

10)client-side prototype pollution

https://github.com/BlackFan/client-side-prototype-pollution

There's a lot more on the internet that won't be completed! Here I am giving more than enough for the complete beginners, after brushing up your hands on this, you will automatically start finding stuff!

Thanks, I hope this helps - Feel free to connect/contact.

- Het Mehta ( twitter.com/hetmehtaa )