007divyachawla/bug-bounty-noob

bug-bounty-noob

That tweet is only intended for Beginners/Freshers in bug bounty hunting who just started learning about this or want to start! If you are already doing hunting or doing labs then Maybe this won't be too much helpful to you. Thanks!

It all depends on interest and hard work, not on degree, age, branch, college, etc.

What to study?

1. Internet, HTTP, TCP/IP
2. Networking
3. Command line
4. Linux
5. Web technologies, javascript, PHP, java
6. At least 1 prog language (Python/C/JAVA/Ruby..)

Choose your path (imp)

1. Web pentesting
2. Mobile pentesting
3. Desktop apps

Resources:

1. Books

For web

1. Web app hackers handbook

2. Web hacking 101

3. Hacker's playbook 1,2,3

4. Hacking art of exploitation

5. Mastering modern web pen testing

6. OWASP Testing guide

7. Bug Bounty Bootcamp. For mobile

8. Mobile application hacker's handbook

Youtube channels:

1. Live Overflow
2. Hackersploit
3. Bugcrowd
4. Hak5
5. Hackerone

Must Check: https://blog.intigriti.com/2020/10/05/top-20-bug-bounty-youtube-channels-to-follow-in-2020/

Programming:

Academind CS Dojo Derek Banas freeCodeCamp Joshua Fluke LevelUpTuts Life of Luba The Coding Train

Writeups, Articles, blogs ( I have given below some awesome writeups )

1. Medium (infosec writeups)
2. Hackerone public reports
3. http://owasp.org
4. Portswigger
5. Reddit (Netsec)
6. DEFCON conference videos
7. Forums

Practice (imp)

Tools

1. Burpsuite
2. nmap
3. dirtbuster
4. sublist3r
5. Netcat

Testing labs

1. DVWA
2. bWAPP
3. Vulnhub
4. Metasploitable
5. CTF365
6. Hack the box

Start! ( Don't Forget this masterpiece- https://book.hacktricks.xyz/ )

---

Practice Owasp Top 10 and Master at least one Bug.

2. Master In Burpsuite and Nmap

3. Top Tools that will be used on a daily Basis

https://lnkd.in/e_XdiNf

4. Read and practice at Portswigger Academy

https://lnkd.in/euqsViz

5. Read On a daily basis

https://lnkd.in/esRCAdz

https://lnkd.in/e8mNTjf

https://lnkd.in/euFhBUp https://lnkd.in/eVvQhs4 https://lnkd.in/eH8dcBw https://lnkd.in/etmSrGH

https://lnkd.in/e2ea6q6

https://lnkd.in/erX8FMc

https://lnkd.in/e-gFQSr

https://lnkd.in/etFbNCh https://lnkd.in/eXbkbKm

6. Checklists

https://lnkd.in/eYjqC-r

https://lnkd.in/efSi574

---

Select a platform

1. Hackerone

2. Bugcrowd

3. Open bug bounty or any RDP

4. Zerocopter

5. Antihack

6. Synack (private)

7. Choose wisely (first not for bounty)

8. Select a bug for hunt

9. Exhaustive search

10. Not straightforward always

REPORT:

5. Create a descriptive report
6. Follow responsible disclosure
7. Create POC and steps to reproduce

---

Words of wisdom

1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
2. Do not expect someone will spoon feed you everything.
3. Confidence
4. Not always for bounty
5. Learn a lot
6. Won't find at the beginning, don't lose hope
7. Stay focused
8. Depend on yourself
9. Stay updated with the infosec world

The Best skill you can have is Google. Do learn it, it's not only a search bar but more than that! do some Dorking and have tailored results that you want. You can not always be dependent on others, thus learning google is crucial.

Thanks.

All your reference:

• Learn From Bugs Disclosure
• XSS https://medium.com/@corneacristian/top-25-xss-bug-bounty-reports-b3c90e2288c8
• RCE https://medium.com/@corneacristian/top-25-rce-bug-bounty-reports-bc9555cca7bc
• Race Condition https://medium.com/@corneacristian/top-25-race-condition-bug-bounty-reports-84f9073bf9e5
• IDOR https://medium.com/@corneacristian/top-25-idor-bug-bounty-reports-ba8cd59ad331
• Open Redirect https://medium.com/@corneacristian/top-25-open-redirect-bug-bounty-reports-5ffe11788794
• Wordpress https://medium.com/@corneacristian/top-25-wordpress-bug-bounty-reports-f208ea2dad3f

---

Some Bug Bounty tools:

dnscan https://github.com/rbsec/dnscan

Knockpy https://github.com/guelfoweb/knock

Sublist3r https://github.com/aboul3la/Sublist3r

massdns https://github.com/blechschmidt/massdns

nmap https://nmap.org

masscan https://github.com/robertdavidgraham/masscan

EyeWitness https://github.com/ChrisTruncer/EyeWitness

DirBuster https://sourceforge.net/projects/dirbuster/

dirsearch https://github.com/maurosoria/dirsearch

Gitrob https://github.com/michenriksen/gitrob

git-secrets https://github.com/awslabs/git-secrets

sandcastle https://github.com/yasinS/sandcastle

bucket_finder https://digi.ninja/projects/bucket_finder.php

GoogD0rker https://github.com/ZephrFish/GoogD0rker/

Wayback Machine https://web.archive.org

waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/

XRay https://github.com/evilsocket/xray

wfuzz https://github.com/xmendez/wfuzz/

patator https://github.com/lanjelot/patator

datasploit https://github.com/DataSploit/datasploit

hydra https://github.com/vanhauser-thc/thc-hydra

changeme https://github.com/ztgrace/changeme

MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/

Apktool https://github.com/iBotPeaches/Apktool

dex2jar https://sourceforge.net/projects/dex2jar/

sqlmap http://sqlmap.org/

oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ @cyb3rhunt3r

XXE Injector https://github.com/enjoiz/XXEinjector

The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool

ground-control https://github.com/jobertabma/ground-control

ssrfDetector https://github.com/JacobReynolds/ssrfDetector

LFISuit https://github.com/D35m0nd142/LFISuite

GitTools https://github.com/internetwache/GitTools

dvcs-ripper https://github.com/kost/dvcs-ripper

tko-subs https://github.com/anshumanbh/tko-subs

HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web

ysoserial https://github.com/GoSecure/ysoserial

PHPGGC https://github.com/ambionics/phpggc

CORStest https://github.com/RUB-NDS/CORStest

retire-js https://github.com/RetireJS/retire.js

getsploit https://github.com/vulnersCom/getsploit

Findsploit https://github.com/1N3/Findsploit

bfac https://github.com/mazen160/bfac

WPScan https://wpscan.org/

CMSMap https://github.com/Dionach/CMSmap

Amass https://github.com/OWASP/Amass

---

10 Awesome Firefox Extensions to Enhance Your Pentesting/Bug bounty Hunting.

1. FoxyProxy Standard FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities.

Url: https://t.co/QmDKn9616G

2. Firefox Multi-Account Containers Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy.

Containers+authorize = broken access control bugs!

Url: https://t.co/ESdMxAuAyE

3. PwnFox PwnFox is a Firefox/Burp extension that provides useful tools for your security audit. Features include:

Single click BurpProxy Containers Profiles Toolbox injection Security header remover

FoxyProxy + Containers = pwnfox

Url: https://t.co/mbosicOu8A

4. HackTools Hacktools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells to test your web application.

Url: https://t.co/vCOUsGDVAt

5. Wappalyzer Identify technologies on websites

Url: https://t.co/jEPgAQzwm7

6. Shodan The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

Url: https://t.co/v8FEe6skKN

7. DotGit An extension to check if .git is exposed in visited websites.

URL: https://t.co/xiOHkRh7kC

8. Open Multiple URLs Opens a list of URLs

URL: https://t.co/zHdEg1bsjc

9. Cookie-Editor

Cookie-Editor lets you efficiently create, edit and delete a cookie for the current tab. Perfect for developing, quickly testing, or even manually managing your cookies for your privacy.

Url: https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/

10. S3 Bucket List Finds Amazon S3 Buckets while browsing then records it in the add-on content.

---

Cheat Sheets:

XSS https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md https://github.com/ismailtasdelen/xss-payload-list

SQLi https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md

SSRF https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery

CRLF https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection

CSV-Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection

Command Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection

Directory Traversal https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal

LFI https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion

XXE https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md

Open-Redirect https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md

RCE https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md

Crypto https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md

Template Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection

XSLT https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md

Content Injection https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md

LDAP Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection

NoSQL Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection

CSRF Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection

GraphQL Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection

IDOR https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References

ISCM https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management

LaTex Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection

OAuth https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth

XPATH Injection https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection

Bypass Upload Tricky https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files

---

Awesome Bug Bounty Tools

https://github.com/vavkamil/awesome-bugbounty-tools

---

Lots of Write-ups: ( Reading them won't make you expert; Practice yourself.

1)Hacking LG WebOS Smart TVs Using A Phone https://medium.com/geekculture/hacking-lg-webos-smart-tvs-using-a-phone-3fedba5d6f50

2)Quick Heal Addressed Multiple Vulnerabilities in v19.0 https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now/

3)Resetting Expired Passwords Remotely https://www.n00py.io/2021/09/resetting-expired-passwords-remotely/

4)Windows Event Logging & Collection Guidance https://github.com/JSCU-NL/logging-essentials

1)[Zomato Order] Insecure deep link leads to sensitive information disclosure https://hackerone.com/reports/532225

2)CVE-2021-22946: Protocol downgrade required TLS bypassed https://hackerone.com/reports/1334111

3)CVE-2021-22947: STARTTLS protocol injection via MITM https://hackerone.com/reports/1334763

4)Guest Users can create issues for Sentry errors and track their status https://hackerone.com/reports/1117768

5)$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/

6)Using CodeQL to detect client-side vulnerabilities in web applications https://raz0r.name/articles/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications/

7)HCRootkit / Sutersu Linux Rootkit Analysis https://www.lacework.com/blog/hcrootkit-sutersu-linux-rootkit-analysis/

8)CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution https://securityaffairs.co/wordpress/122486/hacking/cve-2021-40847-netgear-soho-routers.html

9)Autodiscovering the Great Leak https://www.guardicore.com/labs/autodiscovering-the-great-leak/

1)Used email confirmation link reveals the email address which is tied to it https://hackerone.com/reports/1128358

2)CSV injection in the credentials export https://hackerone.com/reports/1131887

3)Race condition allows sending multiple times feedback for the hacker https://hackerone.com/reports/1132171

4)AWS WAF analysis: How it works and how to attack it https://thexssrat.medium.com/aws-waf-analysis-how-it-works-and-how-to-attack-it-8a456e561c74

5)ffuf https://broad-frost-983.notion.site/ffuf-bd8180578bec4dd2986781e09df46cdc

6)New Remote Code Execution Vulnerability In Nagios Can Compromise Complete Network https://cyberworkx.in/2021/09/22/new-remote-code-execution-vulnerability-in-nagios-can-compromise-complete-network/

1)Privilege Escalation vulnerability in steam's Remote Play feature leads to the arbitrary kernel-mode driver installation https://hackerone.com/reports/852091

2)HTML Injection in Email https://hackerone.com/reports/1248585

3)A fever Worth 750$- [Accessing Private Projects ] https://medium.com/@shakti.gtp/a-fever-worth-750-accessing-private-projects-d113c561311f

4)Look Out For These Top 7 Things When Choosing A VPN Service https://cyberdessy.medium.com/look-out-for-these-top-7-things-when-choosing-a-vpn-service-801ed9a7b5ae

5)OMIGOD - CVE-2021-38647 https://www.alteredsecurity.com/post/omigod-cve-2021-38647 https://github.com/AlteredSecurity/CVE-2021-38647

1)MSSQL for Pentester: Hashing http://rajhackingarticles.blogspot.com/2021/09/mssql-for-pentester-hashing.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HackingArticlesrajChandelsBlog+%28Hacking+Articles%7CRaj+Chandel%27s+Blog%29

2)zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise

3)Ex-Apple Employee Exposes Apple M1 Chip’s Secrets https://analyticsindiamag.com/ex-apple-employee-exposes-apple-m1-chips-secrets/

4)IoT Security (Internet of Things Security) https://latesthackingnews.com/2021/09/20/iot-security-internet-of-things-security/

1. Text injection or content spoofing on forbidden page https://hackerone.com/reports/1310925

2)Log Analysis using Splunk, Solving “Juicy Details TryHackMe” https://medium.com/@pandeydipanshu57/log-analysis-using-splunk-solving-juicy-details-tryhackme-92ea1b13eb0d

3)You are entering the XSS game area https://www.hackingtruth.in/2020/08/you-are-entering-xss-game-area.html

4)My Notes and What I Learned This Week! https://www.getrevue.co/profile/anugrahsr/issues/weekly-newsletter-of-anugrah-sr-issue-2-763659

5)Google Hacking Dorks 2021 https://hackersonlineclub.com/google-hacking/

6)Email Header Analysis – Use Cases Including SPF, DKIM & DMARC https://www.socinvestigation.com/email-header-analysis-use-cases-including-spf-dkim-dmarc/

7)QLOG provides enriched Event Logging for security-related events on Windows-based systems. https://github.com/threathunters-io/QLOG

1)Admin access !! https://dewangpanchal98.medium.com/admin-access-799b50694965

2)Investigating Scam/Phishing links campaign circulating in Whatsapp. https://kunaldas9.medium.com/investigating-scam-phishing-links-campaign-circulating-in-whatsapp-6bf89b2520eb

3)A small change and things go in your hand: Story of a $250 bounty https://fardeen-ahmed.medium.com/a-small-change-and-things-go-in-your-hand-story-of-a-250-bounty-5ddc43c31463

4)SIEM Monitoring using Wazuh by Francis Jeremiah https://hakin9.org/siem-monitoring-using-wazuh-by-francis-jeremiah/

5)Complete Google Dorks List in 2020 For Ethical Hacking and Penetration Testing https://gbhackers.com/latest-google-dorks-list/

6)Edward Snowden urges users to stop using ExpressVPN https://www.hackread.com/edward-snowden-stop-using-expressvpn/

7)How To Protect Yourself From Malicious Websites While Online https://latesthackingnews.com/2021/09/18/how-to-protect-yourself-from-malicious-websites-while-online/

8)Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". https://github.com/jacob-baines/concealed_position

9)A tool for generating multiple types of NTLMv2 hash theft files. https://github.com/Greenwolf/ntlm_theft

10)client-side prototype pollution https://github.com/BlackFan/client-side-prototype-pollution

There's a lot more on the internet that won't be completed! Here I am giving more than enough for the complete beginners, after brushing up your hands on this, you will automatically start finding stuff!

Thanks, I hope this helps - Feel free to connect/contact.

• Het Mehta ( twitter.com/hetmehtaa )