diff --git a/README.md b/README.md index 7ed520c..2e31905 100644 --- a/README.md +++ b/README.md @@ -7,135 +7,15 @@ As a hacker, there a ton of techniques, terminologies, and topics you need to fa We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future! -## HTTP basics -In order to be able to learn what and how an application works, you need to be able to understand how you are communicating with it. This section is dedicated to all the resources to understand the HTTP basics. -- All in one resource: https://www.hacker101.com/sessions/web_in_depth - HTTP basics - Cookie security - HTML parsing - MIME sniffing - Encoding sniffing - Same-Origin Policy - CSRF (Cross-Site Request Forgery) -- Request form -https://www.tutorialspoint.com/http/http_requests.htm -- Response form -https://www.tutorialspoint.com/http/http_responses.htm -- Response codes -https://www.tutorialspoint.com/http/http_status_codes.htm -- URL Encoding -https://www.tutorialspoint.com/http/http_url_encoding.htm -- Status Codes -https://www.tutorialspoint.com/http/http_status_codes.htm +--- +## Table of Contents +1. [Basics](basics.md) +2. [Setup](setup.md) +3. [Tools](tools.md) +4. [Labs & Testing Environments](labs.md) +5. [Vulnerability Types](vulns.md) +6. [Blog posts](blogposts.md) -## Networking basics -Recon is a common terminology used in bug bounties. It’s great if you are already using tools to scan a range of IPs for open ports or find subdomain, however, you should first understand why these things matter and how they work. -- Terminology -https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols -- What is an IP? -https://commotionwireless.net/docs/cck/networking/learn-networking-basics/ -- What are ports? -https://www.utilizewindows.com/list-of-common-network-port-numbers/ -- What is DNS? -https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704 -- Intermediate Security Testing with Kali Linux 2 -http://www.penguintutor.com/linux/basic-network-reference - - -## Programming Basics -Being a great programmer is not a requirement to be a successful hacker. However, having the ability to make an educated guess, may increase your chances of successfully identifying and exploiting an issue. In a number of cases, you may need to automate your work or know more than just the “basics” in order to escalate a bug with a medium severity to high/critical. - -- HTML: HTML is very easy to learn and there are a ton of free resources for it. If you are interested in learning about XSS this should be your first step. -If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy! -https://www.codecademy.com/learn/learn-html -https://www.w3schools.com/html/ - -- JavaScript: Once you have familiarized yourself with HTML, you should understand Javascript since you will be using it to exploit XSS vulnerabilities. The usage of Javascript isn’t just limited to when you are exploring XSS, so it’s a very handy programming language to know. -If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy! https://www.codecademy.com/learn/introduction-to-javascript - -- SQL: You may have guessed It already, but you won’t be able to exploit complex SQL injection vulnerabilities before having any SQL knowledge. -As always, if you prefer an interactive course, feel free to use Codecademy! -https://www.codecademy.com/learn/learn-sql -http://www.sqlcourse.com/ - -### Automation -You are welcome to skip this section if you think you’ll never need any automation or in depth web application knowledge. However I think learning bash in addition to one the following four languages may help you work smarter rather than harder. -- Bash -https://www.learnshell.org/ -- Ruby -https://www.learnrubyonline.org/ -- Python -https://docs.python.org/3/tutorial/ -- Additional Resources: - - https://www.codecademy.com/learn/paths/web-development - - https://docs.python.org/3/tutorial/ - - http://www.sqlcourse.com/ - - https://en.wikibooks.org/wiki/Programming_Fundamentals/Advanced_Flowcharting - -## Misc -- Setting up your own web server on a VPS -https://www.linux.com/learn/easy-lamp-server-installation -- Setting up virtualbox + linux -https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox -- Basics of UNIX -https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything -- Setting up Burp -https://www.hacker101.com/playlists/burp_suite -- Previously Disclosed Vulnerabilities -https://hackerone.com/hacktivity - -## Vulnerability Types -Need a description here - -### Cross-Site Scripting XSS -As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application. - - -- Hacker101 -https://www.hacker101.com/sessions/xss -- OWASP -https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) -- A comprehensive tutorial on cross-site scripting -https://excess-xss.com -- Google Application Security (XSS Guide) -https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/ - - - - -#### Hands on material -- XSS-Game -https://xss-game.appspot.com -- Hacker101 -https://hacker101.com -- PentesterLab -https://pentesterlab.com -- HackEdu -https://hackedu.io -- DWVA -http://www.dvwa.co.uk -- Google Gruyere -https://google-gruyere.appspot.com/ -- Web Security Academy by PortSwigger. -https://portswigger.net/web-security - -#### Blog posts -You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts: - -##### DOM XSS -https://hackerone.com/reports/297968 -https://hackerone.com/reports/168165 -https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html -##### Stored XSS -https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html -https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27 -https://opnsec.com/2018/03/stored-xss-on-facebook/ -https://klikki.fi/adv/yahoo.html -https://klikki.fi/adv/yahoo2.html -https://hackerone.com/reports/422043 -https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss -##### CSP Bypass -https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html diff --git a/basics.md b/basics.md new file mode 100644 index 0000000..beb41b6 --- /dev/null +++ b/basics.md @@ -0,0 +1,73 @@ +# Resources-for-Beginner-Bug-Bounty-Hunters + +## Table of Contents +1. [HTTP basics](#HTTP-basics) +2. [Networking basics](#Networking-basics) +3. [Programming Basics](#Programming-Basics) +4. [Automation](#Automation) + +## HTTP basics +In order to be able to learn what and how an application works, you need to be able to understand how you are communicating with it. This section is dedicated to all the resources to understand the HTTP basics. +- All in one resource: https://www.hacker101.com/sessions/web_in_depth + HTTP basics + Cookie security + HTML parsing + MIME sniffing + Encoding sniffing + Same-Origin Policy + CSRF (Cross-Site Request Forgery) +- Request form +https://www.tutorialspoint.com/http/http_requests.htm +- Response form +https://www.tutorialspoint.com/http/http_responses.htm +- Response codes +https://www.tutorialspoint.com/http/http_status_codes.htm +- URL Encoding +https://www.tutorialspoint.com/http/http_url_encoding.htm +- Status Codes +https://www.tutorialspoint.com/http/http_status_codes.htm + + +## Networking basics +Recon is a common terminology used in bug bounties. It’s great if you are already using tools to scan a range of IPs for open ports or find subdomain, however, you should first understand why these things matter and how they work. +- Terminology +https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols +- What is an IP? +https://commotionwireless.net/docs/cck/networking/learn-networking-basics/ +- What are ports? +https://www.utilizewindows.com/list-of-common-network-port-numbers/ +- What is DNS? +https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704 +- Intermediate Security Testing with Kali Linux 2 +http://www.penguintutor.com/linux/basic-network-reference + + +## Programming Basics +Being a great programmer is not a requirement to be a successful hacker. However, having the ability to make an educated guess, may increase your chances of successfully identifying and exploiting an issue. In a number of cases, you may need to automate your work or know more than just the “basics” in order to escalate a bug with a medium severity to high/critical. + +- HTML: HTML is very easy to learn and there are a ton of free resources for it. If you are interested in learning about XSS this should be your first step. +If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy! +https://www.codecademy.com/learn/learn-html +https://www.w3schools.com/html/ + +- JavaScript: Once you have familiarized yourself with HTML, you should understand Javascript since you will be using it to exploit XSS vulnerabilities. The usage of Javascript isn’t just limited to when you are exploring XSS, so it’s a very handy programming language to know. +If you prefer an interactive tool to learn about Javascript, I highly recommend Codecademy! https://www.codecademy.com/learn/introduction-to-javascript + +- SQL: You may have guessed It already, but you won’t be able to exploit complex SQL injection vulnerabilities before having any SQL knowledge. +As always, if you prefer an interactive course, feel free to use Codecademy! +https://www.codecademy.com/learn/learn-sql +http://www.sqlcourse.com/ + +### Automation +You are welcome to skip this section if you think you’ll never need any automation or in depth web application knowledge. However I think learning bash in addition to one the following four languages may help you work smarter rather than harder. +- Bash +https://www.learnshell.org/ +- Ruby +https://www.learnrubyonline.org/ +- Python +https://docs.python.org/3/tutorial/ +- Additional Resources: + - https://www.codecademy.com/learn/paths/web-development + - https://docs.python.org/3/tutorial/ + - http://www.sqlcourse.com/ + - https://en.wikibooks.org/wiki/Programming_Fundamentals/Advanced_Flowcharting \ No newline at end of file diff --git a/blogposts.md b/blogposts.md new file mode 100644 index 0000000..6881b7c --- /dev/null +++ b/blogposts.md @@ -0,0 +1,26 @@ +# Resources-for-Beginner-Bug-Bounty-Hunters + +## Blog posts +A collection of Blog Posts ordered by Vulnerability Types +- [XSS](#XSS) + - [DOM XSS](#DOM-XSS) + - [Sored XSS](#Stored-XSS) + - [CSP Bypass](#CSP-Bypass) +## XSS +You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts: + +### DOM XSS +https://hackerone.com/reports/297968 +https://hackerone.com/reports/168165 +https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html +### Stored XSS +https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html +https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27 +https://opnsec.com/2018/03/stored-xss-on-facebook/ +https://klikki.fi/adv/yahoo.html +https://klikki.fi/adv/yahoo2.html +https://hackerone.com/reports/422043 +https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss +### CSP Bypass +https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html + diff --git a/labs.md b/labs.md new file mode 100644 index 0000000..ca12162 --- /dev/null +++ b/labs.md @@ -0,0 +1,14 @@ +# Resources-for-Beginner-Bug-Bounty-Hunters + +## Labs & Testing Environments + +## General +- [Hacker101](https://www.hacker101.com/) | Good Exercises for Beginners, can earn you private Invites on HackerOne +- [Pentesterlab](https://pentesterlab.com) | Good Labs with a broad variety of Topics, some very good Web Application Exercises +- [HackTheBox](https://www.hackthebox.eu/) | provides Testing Labs, some Web Application Challenges +- [XSS-Game](https://xss-game.appspot.com/) | Learning Platform for XSS +- [HackEdu](https://hackedu.io) +- [DWVA](http://www.dvwa.co.uk) +- [Google Gruyere](https://google-gruyere.appspot.com/) +- [Web Security Academy by PortSwigger](https://portswigger.net/web-security) + diff --git a/setup.md b/setup.md new file mode 100644 index 0000000..8391014 --- /dev/null +++ b/setup.md @@ -0,0 +1,15 @@ +# Resources-for-Beginner-Bug-Bounty-Hunters + +## Setup +This section will help you set up your testing environement. +- [Setting Up Your Ubuntu Box for Pentest and Bug Bounty Automation](https://www.youtube.com/watch?v=YhUiAH5SIqk) by nahamsec +- Setting up your own web server on a VPS:
+https://www.linux.com/learn/easy-lamp-server-installation
+- Setting up virtualbox + linux +https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox +- Basics of UNIX +https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything +- Setting up Burp +https://www.hacker101.com/playlists/burp_suite +- Previously Disclosed Vulnerabilities +https://hackerone.com/hacktivity \ No newline at end of file diff --git a/tools.md b/tools.md new file mode 100644 index 0000000..24422df --- /dev/null +++ b/tools.md @@ -0,0 +1,52 @@ +# Resources-for-Beginner-Bug-Bounty-Hunters + +## Tools + +Here you can find links to a bunch of useful tools for Bug Bounty Hunting. + +## Table of Contents +1. [Proxy & Network Sniffer](#Proxy-&-Network-Sniffer) +2. [Recon, OSINT & Discovery](#Recon,-OSINT-&-Discovery) +3. [Exploitation](#Exploitation) +4. [Scanners](#Scanners) +5. [Mobile Hacking](#Mobile-Hacking) +6. [Others](#Others) + +### Proxy & Network Sniffer +| Name | Description | Written in | Created by | +|------ |------------- |------------ |------------- | +|[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free & paid version).|Java|Port Swigger| +|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP| +|[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.|C, C++|The Wireshark team| + +### Recon, OSINT & Discovery +| Name | Description | Written in | Created by | +|------ |------------- | ------------ |------------- | +|[FFuF](https://github.com/ffuf/ffuf)|A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable.|Go|| +|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.|Python|Ahmed Aboul-Ela| +|[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites.|Python|Mauro Soria| +|[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|Go|OWASP| +|[BuiltWith](https://builtwith.com)|A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built.||BuiltWith®| +|[hunter.io](https://www.hunter.io)|Email Enumeration for big corps||| +|[intelx.io](https://intelx.io/)|Swiss army Knife of OSINT||| +|[Shodan](https://www.shodan.io/)|||| +|[Censys](https://censys.io)|||| +### Exploitation +| Name | Description | Written in | Created by | +|------ |------------- | ------------ |------------- | +|[sqlmap](http://sqlmap.org/)|sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.|Python|sqlmapproject | +### Scanners +| Name | Description | Written in | Created by | +|------ |------------- | ------------ |------------- | +|[Nmap](https://nmap.org)|A well known and powerful Tool for port scanning. Nmap provides the possibility to use scripts to further customize its functionality. |C, C++, Python, Lua|Gordon Lyon| +|[Masscan](https://github.com/robertdavidgraham/masscan)|This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.|C|Robert David Graham| +### Mobile Hacking +| Name | Description | Written in | Created by | +|------ |------------- | ------------ |------------- | +|Frida|||| +|[dex2jar](https://github.com/pxb1988/dex2jar)|Useful to convert dex files into jar to decompile the application.|Java, Smali|Bob Pan| + +### Others +| Name | Description | Written in | Created by | +|------ |------------- | ------------ |------------- | +|[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.||Daniel Miessler| \ No newline at end of file diff --git a/vulns.md b/vulns.md new file mode 100644 index 0000000..a5cbb33 --- /dev/null +++ b/vulns.md @@ -0,0 +1,12 @@ +# Resources-for-Beginner-Bug-Bounty-Hunters + +## Vulnerabilities +Compact descriptions of common vulnerability types with links to useful resources. + +## Cross-Site Scripting XSS +As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application. + +- [Hacker101](https://www.hacker101.com/sessions/xss) +- [OWASP XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) +- [A comprehensive tutorial on cross-site scripting](https://excess-xss.com) +- [Google Application Security (XSS Guide)](https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/) \ No newline at end of file