Skip to content

Commit

Permalink
ordered and linked Resources
Browse files Browse the repository at this point in the history
  • Loading branch information
@AshF0x
AshF0x committed Dec 12, 2019
1 parent ced56fe commit 2fb63d5
Show file tree
Hide file tree
Showing 7 changed files with 200 additions and 128 deletions.
136 changes: 8 additions & 128 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,135 +7,15 @@ As a hacker, there a ton of techniques, terminologies, and topics you need to fa

We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!

## HTTP basics
In order to be able to learn what and how an application works, you need to be able to understand how you are communicating with it. This section is dedicated to all the resources to understand the HTTP basics.
- All in one resource: https://www.hacker101.com/sessions/web_in_depth
HTTP basics
Cookie security
HTML parsing
MIME sniffing
Encoding sniffing
Same-Origin Policy
CSRF (Cross-Site Request Forgery)
- Request form
https://www.tutorialspoint.com/http/http_requests.htm
- Response form
https://www.tutorialspoint.com/http/http_responses.htm
- Response codes
https://www.tutorialspoint.com/http/http_status_codes.htm
- URL Encoding
https://www.tutorialspoint.com/http/http_url_encoding.htm
- Status Codes
https://www.tutorialspoint.com/http/http_status_codes.htm
---
## Table of Contents

1. [Basics](basics.md)
2. [Setup](setup.md)
3. [Tools](tools.md)
4. [Labs & Testing Environments](labs.md)
5. [Vulnerability Types](vulns.md)
6. [Blog posts](blogposts.md)

## Networking basics
Recon is a common terminology used in bug bounties. It’s great if you are already using tools to scan a range of IPs for open ports or find subdomain, however, you should first understand why these things matter and how they work.
- Terminology
https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols
- What is an IP?
https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
- What are ports?
https://www.utilizewindows.com/list-of-common-network-port-numbers/
- What is DNS?
https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704
- Intermediate Security Testing with Kali Linux 2
http://www.penguintutor.com/linux/basic-network-reference


## Programming Basics
Being a great programmer is not a requirement to be a successful hacker. However, having the ability to make an educated guess, may increase your chances of successfully identifying and exploiting an issue. In a number of cases, you may need to automate your work or know more than just the “basics” in order to escalate a bug with a medium severity to high/critical.

- HTML: HTML is very easy to learn and there are a ton of free resources for it. If you are interested in learning about XSS this should be your first step.
If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy!
https://www.codecademy.com/learn/learn-html
https://www.w3schools.com/html/

- JavaScript: Once you have familiarized yourself with HTML, you should understand Javascript since you will be using it to exploit XSS vulnerabilities. The usage of Javascript isn’t just limited to when you are exploring XSS, so it’s a very handy programming language to know.
If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy! https://www.codecademy.com/learn/introduction-to-javascript

- SQL: You may have guessed It already, but you won’t be able to exploit complex SQL injection vulnerabilities before having any SQL knowledge.
As always, if you prefer an interactive course, feel free to use Codecademy!
https://www.codecademy.com/learn/learn-sql
http://www.sqlcourse.com/

### Automation
You are welcome to skip this section if you think you’ll never need any automation or in depth web application knowledge. However I think learning bash in addition to one the following four languages may help you work smarter rather than harder.
- Bash
https://www.learnshell.org/
- Ruby
https://www.learnrubyonline.org/
- Python
https://docs.python.org/3/tutorial/
- Additional Resources:
- https://www.codecademy.com/learn/paths/web-development
- https://docs.python.org/3/tutorial/
- http://www.sqlcourse.com/
- https://en.wikibooks.org/wiki/Programming_Fundamentals/Advanced_Flowcharting

## Misc
- Setting up your own web server on a VPS
https://www.linux.com/learn/easy-lamp-server-installation
- Setting up virtualbox + linux
https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox
- Basics of UNIX
https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything
- Setting up Burp
https://www.hacker101.com/playlists/burp_suite
- Previously Disclosed Vulnerabilities
https://hackerone.com/hacktivity

## Vulnerability Types
Need a description here

### Cross-Site Scripting XSS
As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.


- Hacker101
https://www.hacker101.com/sessions/xss
- OWASP
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
- A comprehensive tutorial on cross-site scripting
https://excess-xss.com
- Google Application Security (XSS Guide)
https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/




#### Hands on material
- XSS-Game
https://xss-game.appspot.com
- Hacker101
https://hacker101.com
- PentesterLab
https://pentesterlab.com
- HackEdu
https://hackedu.io
- DWVA
http://www.dvwa.co.uk
- Google Gruyere
https://google-gruyere.appspot.com/
- Web Security Academy by PortSwigger.
https://portswigger.net/web-security

#### Blog posts
You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:

##### DOM XSS
https://hackerone.com/reports/297968
https://hackerone.com/reports/168165
https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html
##### Stored XSS
https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html
https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
https://opnsec.com/2018/03/stored-xss-on-facebook/
https://klikki.fi/adv/yahoo.html
https://klikki.fi/adv/yahoo2.html
https://hackerone.com/reports/422043
https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss
##### CSP Bypass
https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html


73 changes: 73 additions & 0 deletions basics.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# Resources-for-Beginner-Bug-Bounty-Hunters

## Table of Contents
1. [HTTP basics](#HTTP-basics)
2. [Networking basics](#Networking-basics)
3. [Programming Basics](#Programming-Basics)
4. [Automation](#Automation)

## HTTP basics
In order to be able to learn what and how an application works, you need to be able to understand how you are communicating with it. This section is dedicated to all the resources to understand the HTTP basics.
- All in one resource: https://www.hacker101.com/sessions/web_in_depth
HTTP basics
Cookie security
HTML parsing
MIME sniffing
Encoding sniffing
Same-Origin Policy
CSRF (Cross-Site Request Forgery)
- Request form
https://www.tutorialspoint.com/http/http_requests.htm
- Response form
https://www.tutorialspoint.com/http/http_responses.htm
- Response codes
https://www.tutorialspoint.com/http/http_status_codes.htm
- URL Encoding
https://www.tutorialspoint.com/http/http_url_encoding.htm
- Status Codes
https://www.tutorialspoint.com/http/http_status_codes.htm


## Networking basics
Recon is a common terminology used in bug bounties. It’s great if you are already using tools to scan a range of IPs for open ports or find subdomain, however, you should first understand why these things matter and how they work.
- Terminology
https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols
- What is an IP?
https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
- What are ports?
https://www.utilizewindows.com/list-of-common-network-port-numbers/
- What is DNS?
https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704
- Intermediate Security Testing with Kali Linux 2
http://www.penguintutor.com/linux/basic-network-reference


## Programming Basics
Being a great programmer is not a requirement to be a successful hacker. However, having the ability to make an educated guess, may increase your chances of successfully identifying and exploiting an issue. In a number of cases, you may need to automate your work or know more than just the “basics” in order to escalate a bug with a medium severity to high/critical.

- HTML: HTML is very easy to learn and there are a ton of free resources for it. If you are interested in learning about XSS this should be your first step.
If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy!
https://www.codecademy.com/learn/learn-html
https://www.w3schools.com/html/

- JavaScript: Once you have familiarized yourself with HTML, you should understand Javascript since you will be using it to exploit XSS vulnerabilities. The usage of Javascript isn’t just limited to when you are exploring XSS, so it’s a very handy programming language to know.
If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy! https://www.codecademy.com/learn/introduction-to-javascript

- SQL: You may have guessed It already, but you won’t be able to exploit complex SQL injection vulnerabilities before having any SQL knowledge.
As always, if you prefer an interactive course, feel free to use Codecademy!
https://www.codecademy.com/learn/learn-sql
http://www.sqlcourse.com/

### Automation
You are welcome to skip this section if you think you’ll never need any automation or in depth web application knowledge. However I think learning bash in addition to one the following four languages may help you work smarter rather than harder.
- Bash
https://www.learnshell.org/
- Ruby
https://www.learnrubyonline.org/
- Python
https://docs.python.org/3/tutorial/
- Additional Resources:
- https://www.codecademy.com/learn/paths/web-development
- https://docs.python.org/3/tutorial/
- http://www.sqlcourse.com/
- https://en.wikibooks.org/wiki/Programming_Fundamentals/Advanced_Flowcharting
26 changes: 26 additions & 0 deletions blogposts.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Resources-for-Beginner-Bug-Bounty-Hunters

## Blog posts
A collection of Blog Posts ordered by Vulnerability Types
- [XSS](#XSS)
- [DOM XSS](#DOM-XSS)
- [Sored XSS](#Stored-XSS)
- [CSP Bypass](#CSP-Bypass)
## XSS
You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:

### DOM XSS
https://hackerone.com/reports/297968
https://hackerone.com/reports/168165
https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html
### Stored XSS
https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html
https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
https://opnsec.com/2018/03/stored-xss-on-facebook/
https://klikki.fi/adv/yahoo.html
https://klikki.fi/adv/yahoo2.html
https://hackerone.com/reports/422043
https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss
### CSP Bypass
https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html

14 changes: 14 additions & 0 deletions labs.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Resources-for-Beginner-Bug-Bounty-Hunters

## Labs & Testing Environments

## General
- [Hacker101](https://www.hacker101.com/) | Good Exercises for Beginners, can earn you private Invites on HackerOne
- [Pentesterlab](https://pentesterlab.com) | Good Labs with a broad variety of Topics, some very good Web Application Exercises
- [HackTheBox](https://www.hackthebox.eu/) | provides Testing Labs, some Web Application Challenges
- [XSS-Game](https://xss-game.appspot.com/) | Learning Platform for XSS
- [HackEdu](https://hackedu.io)
- [DWVA](http://www.dvwa.co.uk)
- [Google Gruyere](https://google-gruyere.appspot.com/)
- [Web Security Academy by PortSwigger](https://portswigger.net/web-security)

15 changes: 15 additions & 0 deletions setup.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Resources-for-Beginner-Bug-Bounty-Hunters

## Setup
This section will help you set up your testing environement.
- [Setting Up Your Ubuntu Box for Pentest and Bug Bounty Automation](https://www.youtube.com/watch?v=YhUiAH5SIqk) by nahamsec
- Setting up your own web server on a VPS:<br>
https://www.linux.com/learn/easy-lamp-server-installation<br>
- Setting up virtualbox + linux
https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox
- Basics of UNIX
https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything
- Setting up Burp
https://www.hacker101.com/playlists/burp_suite
- Previously Disclosed Vulnerabilities
https://hackerone.com/hacktivity
52 changes: 52 additions & 0 deletions tools.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Resources-for-Beginner-Bug-Bounty-Hunters

## Tools

Here you can find links to a bunch of useful tools for Bug Bounty Hunting.

## Table of Contents
1. [Proxy & Network Sniffer](#Proxy-&-Network-Sniffer)
2. [Recon, OSINT & Discovery](#Recon,-OSINT-&-Discovery)
3. [Exploitation](#Exploitation)
4. [Scanners](#Scanners)
5. [Mobile Hacking](#Mobile-Hacking)
6. [Others](#Others)

### Proxy & Network Sniffer
| Name | Description | Written in | Created by |
|------ |------------- |------------ |------------- |
|[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free & paid version).|Java|Port Swigger|
|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP|
|[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.|C, C++|The Wireshark team|

### Recon, OSINT & Discovery
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
|[FFuF](https://github.com/ffuf/ffuf)|A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable.|Go||
|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.|Python|Ahmed Aboul-Ela|
|[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites.|Python|Mauro Soria|
|[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|Go|OWASP|
|[BuiltWith](https://builtwith.com)|A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built.||BuiltWith®|
|[hunter.io](https://www.hunter.io)|Email Enumeration for big corps|||
|[intelx.io](https://intelx.io/)|Swiss army Knife of OSINT|||
|[Shodan](https://www.shodan.io/)||||
|[Censys](https://censys.io)||||
### Exploitation
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
|[sqlmap](http://sqlmap.org/)|sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.|Python|sqlmapproject |
### Scanners
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
|[Nmap](https://nmap.org)|A well known and powerful Tool for port scanning. Nmap provides the possibility to use scripts to further customize its functionality. |C, C++, Python, Lua|Gordon Lyon|
|[Masscan](https://github.com/robertdavidgraham/masscan)|This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.|C|Robert David Graham|
### Mobile Hacking
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
|Frida||||
|[dex2jar](https://github.com/pxb1988/dex2jar)|Useful to convert dex files into jar to decompile the application.|Java, Smali|Bob Pan|

### Others
| Name | Description | Written in | Created by |
|------ |------------- | ------------ |------------- |
|[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.||Daniel Miessler|
12 changes: 12 additions & 0 deletions vulns.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Resources-for-Beginner-Bug-Bounty-Hunters

## Vulnerabilities
Compact descriptions of common vulnerability types with links to useful resources.

## Cross-Site Scripting XSS
As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.

- [Hacker101](https://www.hacker101.com/sessions/xss)
- [OWASP XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
- [A comprehensive tutorial on cross-site scripting](https://excess-xss.com)
- [Google Application Security (XSS Guide)](https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/)

0 comments on commit 2fb63d5

Please sign in to comment.