STRLCPY/Resources-for-Beginner-Bug-Bounty-Hunters

June Update
Peer Heinen committed 4 years ago

4579d114

1 parent 06c6a1a7

■ ■ ■ ■ ■ ■

README.md

		skipped 5 lines
6	6
7	7		We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!<br>
8	8
9		-	## Current Version: 2020.05
	9	+	## Current Version: 2020.06
10	10
11	11		[Changelog: See what's new!](/assets/changelog.md) 📣
12	12
		skipped 15 lines
28	28		- [Mindset & Mental Health](/assets/health.md)
29	29
30	30		---
31		-	If you have more questions or suggestions, come the [Discord Server](https://discord.gg/9jZxjQ5) of nahamsec !
	31	+	If you have more questions or suggestions, check our [NahamSec's Discord](https://discord.gg/9jZxjQ5)!<br>
	32	+	Also, feel free to check out the other resources:
	33	+	- Nahamsec on [YouTube](https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw) and on [Twitch](https://www.twitch.tv/nahamsec)
32	34

■ ■ ■ ■ ■ ■

assets/basics.md

		skipped 8 lines
9	9		3. [Networking basics](#Networking-basics)
10	10		4. [Programming Basics](#Programming-Basics)
11	11		5. [Automation](#Automation)
12		-
	12	+	6. [Computing Fundamentals](#Computing-Fundamentals)
13	13
14	14		### Stanford CS 253 Web Security
15	15
		skipped 68 lines
84	84		- http://www.sqlcourse.com/
85	85		- https://en.wikibooks.org/wiki/Programming_Fundamentals/Advanced_Flowcharting
86	86
	87	+	### Computing Fundamentals
	88	+	- [Hopper's Roppers Computing Fundamentals](https://www.hoppersroppers.org/course.html)
	89	+	- This free course teaches the absolute basics of Linux, hardware, networking, operating systems, and scripting. Designed to get a complete beginner over the first big learning hurdles and so they can move on to anything else and succeed.
	90	+	- [Exeter Q-Step Resources](https://exeter-qstep-resources.github.io/)
	91	+	- Here, you will find a range of teaching materials that have been developed by members of the Q-Step Centre. If you have any questions, please contact [email protected] or [email protected]. Details of Q-Step workshops and events can be found at https://socialsciences.exeter.ac.uk/q-step/events.
87	92
88	93		---
89	94		back to [Intro Page](/README.md)
		skipped 1 lines

■ ■ ■ ■ ■ ■

assets/blogposts.md

		skipped 31 lines
32	32		- [How to Set up Certificate-Based SSH for Bug Hunting](https://medium.com/@c0ldbr3w/how-to-set-up-certificate-based-ssh-for-bug-hunting-bonus-ef4af95fca05) - by Mack Staples
33	33		- [XSS in Google Colaboratory + CSP bypass](https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html) by Michał Bentkowski
34	34		- [Zseano’s notes on hacking & mentoring](https://blog.intigriti.com/2020/04/29/bug-business-3-zseanos-notes-on-hacking-mentoring/) by Intigriti & Zseano
	35	+	- [MY BUG BOUNTY JOURNEY!](https://www.youtube.com/watch?v=ug7FzoByLFc) by Farah Hawa
35	36		## XSS
36	37		You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
37	38
		skipped 5 lines
43	44		- [Reflected XSS in https://blocked.myndr.net](https://hackerone.com/reports/824433) - Thilakesh
44	45		- [Google Bug Bounty Writeup- XSS Vulnerability](https://pethuraj.com/blog/google-bug-bounty-writeup/) - [@itsmepethu](https://twitter.com/itsmepethu)
45	46		- [How to solve the INTIGRITI Easter XSS challenge using only Chrome Devtools](https://www.youtube.com/watch?v=IhPsBMBDFcg) - by STÖK
	47	+	- [Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss](https://medium.com/bugbountywriteup/found-stored-cross-site-scripting-whats-next-privilege-escalation-like-a-boss-d-8fb9e606ce60) - by Harsh Bothra
	48	+	- [Bypassing WAF to perform XSS](https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3) - by Kleitonx00
46	49
47	50
48	51		### DOM XSS
		skipped 15 lines
64	67		- [Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks](https://peertube.opencloud.lu/videos/watch/40f39bfe-6d3c-40f5-bcab-43f20944ca6a)<br>- Alyssa Herrera \| Hack.lu 2019
65	68		- [Vimeo upload function SSRF](https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437) - Sayed Abdelhafiz
66	69		- [Piercing the Veal](https://medium.com/@d0nut/piercing-the-veal-short-stories-to-read-with-friends-4aa86d606fc5) - by d0nut
	70	+	- [MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT](https://www.nahamsec.com/posts/my-expense-report-resulted-in-a-server-side-request-forgery-ssrf-on-lyft) - by nahamsec
67	71
68	72
69	73		## Vulnerability Scanning
		skipped 12 lines
82	86		- [Finding SQL injections fast with white-box analysis — a recent bug example](https://medium.com/@frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76?) - [@frycos](https://twitter.com/frycos)
83	87		- [How we hacked one of the worlds largest Cryptocurrency Website](https://strynx.org/insecure-crypto-code-execution/) - [strynx](https://strynx.org/)
84	88		- [Blind SQL Injection on windows10.hi-tech.mail.ru](https://hackerone.com/reports/786044) - Просто душка (api_0)
	89	+	- [How to Hack Database Links in SQL Server!](https://blog.netspi.com/how-to-hack-database-links-in-sql-server/) - Antti Rantasaari
85	90
86	91		## Mobile
87	92		### iOS
		skipped 36 lines
124	129
125	130		## RCE
126	131		- [My First RCE (Stressed Employee gets me 2x bounty)](https://medium.com/@abhishake100/my-first-rce-stressed-employee-gets-me-2x-bounty-c4879c277e37) - [Abhishek Yadav](https://medium.com/@abhishake100)
	132	+	- [How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber](https://medium.com/@andrewaeva_55205/how-dangerous-is-request-splitting-a-vulnerability-in-golang-or-how-we-found-the-rce-in-portainer-7339ba24c871) - by Andrewaeva
127	133
128	134		## Recon
129	135		- [Subdomain Recon Using Certificate Search Technique](https://www.r00tpgp.com/2020/01/subdomain-recon-using-certificate.html?m=0)
130	136		- [Notes about Nahamsecs Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) - [maverickNerd](https://github.com/maverickNerd)
131	137		- [10 Recon Tools For Bug Bounty](https://medium.com/@hackbotone/10-recon-tools-for-bug-bounty-bafa8a5961bd) - Anshuman Pattnaik
132	138		- [Recon: Create a methodology and start your subdomain enumeration](https://failednuke.info/2020/recon-create-a-methodology-and-start-your-subdomain-enumeration/) - by FailedNuke
	139	+	- [THEY SEE ME SCANNIN’, THEY HATIN’: A BEGINNER’S GUIDE TO NMAP](https://securityqueens.co.uk/they-see-me-scannin-they-hatin-a-beginners-guide-to-nmap/) - by Sophia (https://twitter.com/SecQueens)
133	140
134	141		## Smart Contracts
135	142		- [Steal collateral during `end` process, by earning DSR interest after `flow](https://hackerone.com/reports/672664)(Listed as Business Logic Error)
		skipped 14 lines
150	157		- [Understanding Search Syntax on Github](https://help.github.com/en/github/searching-for-information-on-github/understanding-the-search-syntax#exclude-certain-results) by Github
151	158		- [URL link spoofing (Slack)](https://hackerone.com/reports/481472) by Akaki Tsunoda (akaki)
152	159		- [Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts](https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/) by Sam Curry
	160	+	- [The Secret sauce of bug bounty](https://medium.com/bugbountywriteup/the-secret-sauce-of-bug-bounty-bdcc2e2d45af) by Mohamed Slamat
153	161
154	162
155	163		---
		skipped 1 lines

■ ■ ■ ■ ■ ■

assets/changelog.md

		skipped 4 lines
5	5		Updates to this repo will be pushed monthly. You can read about the latest changes below.
6	6
7	7		---
	8	+	## ___Update 2020.06___
	9	+	### Added
	10	+	- [Blogposts & Disclosed Reports](/assets/blogposts.md):
	11	+	- THEY SEE ME SCANNIN’, THEY HATIN’: A BEGINNER’S GUIDE TO NMAP - by Sophia
	12	+	- How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber - by Andrewaeva
	13	+	- Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss - by Harsh Bothra
	14	+	- How to Hack Database Links in SQL Server! - by Antti Rantasaari
	15	+	- The Secret sauce of bug bounty - by Mohamed Slamat
	16	+	- MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT - by nahamsec
	17	+	- MY BUG BOUNTY JOURNEY! - by Farah Hawa
	18	+	- Bypassing WAF to perform XSS - by Kleitonx00
	19	+	- [Labs](/assets/labs.md):
	20	+	- Will it CORS?
	21	+	- [Coding](/assets/coding.md):
	22	+	- Linux Beginner Boost
	23	+	- [Media](/assets/media.md):
	24	+	- rwxrob as a streamer
	25	+	- ChaosComputerClub Germany Media Resources under Misc
	26	+	- @ZephrFish in Twitter List
	27	+	- @CalumBoal in Twitter List
	28	+	- @_superhero1 in Twitter List
	29	+	- CRE in Podcasts
	30	+	- Phrack in Misc
	31	+	- CCC Luxembourg Podcast in Podcasts
	32	+	- [Tools](/assets/tools.md):
	33	+	- KeyHacks in the Scanner section<br>
	34	+	- Notion in the Notes section<br>
	35	+	- Joplin in the Notes section<br>
	36	+	- Xmind in the Notes section<br>
	37	+	- SpiderFoot in the Recon section
	38	+	- Axiom in the Notes section
	39	+	- webhook in Misc
	40	+	- requestcatcher in Misc
	41	+	- canarytokens in Misc
	42	+	- Nmap command helper in Scanner
	43	+	- [Mindset & Mental Health](/assets/health.md):
	44	+	- Happy Hacking
	45	+	- [Basics](/assets/basics.md)
	46	+	- Computing Fundamentals
	47	+	- Exeter Q-Step Resources
	48	+
	49	+	- Setup bugbounty hunting env on termux - by @hahwul
	50	+	### Changes
	51	+
	52	+	### Fixes
	53	+
	54	+	---
8	55		## ___Update 2020.05___
9	56		### Added
10	57		- [Media](/assets/media.md):
		skipped 174 lines

■ ■ ■ ■ ■ ■

assets/coding.md

		skipped 15 lines
16	16		- [Subdomain Enumeration Script](https://twitter.com/Sin_Khe/status/1242785016884625409)
17	17		- [ShellCheck](https://www.shellcheck.net/) - for finding Bugs in your Shell Scripts
18	18		- [Bug Bounty with Bash](https://medium.com/cyberverse/bug-bounty-with-bash-438596ff72f5) - by Aditya Soni
	19	+	- [Linux Beginner Boost](https://rwx.gg/) - by [rwxrob](https://www.twitch.tv/rwxrob)
19	20		### Learning Platforms
20	21		- [Exercism](https://exercism.io/) - "Code Practice and Mentorship.."
21	22		- [CodeCademy](https://www.codecademy.com/)
		skipped 5 lines

■ ■ ■ ■ ■ ■

assets/health.md

		skipped 6 lines
7	7		(Thanks STÖK for putting out great videos regarding this point)
8	8		Getting in the right Mindset:
9	9		- [Mental Hacking 4 Better Bounties:](https://youtu.be/roVg_wgGgxQ) by STÖK
	10	+	- [Happy Hacking:](http://phrack.com/issues/68/7.html#article) Phrack Volume 0x0e, Issue 0x44, Phile #0x07 of 0x13
10	11
11	12
12	13		---
		skipped 1 lines

■ ■ ■ ■ ■ ■

assets/labs.md

		skipped 16 lines
17	17		- Videos: [TryHackMe! Basic Penetration Testing](https://www.youtube.com/watch?v=xl2Xx5YOKcI) // [TryHackMe! EternalBlue/MS17-010 in Metasploit](https://www.youtube.com/watch?v=s6rwS7UuMt8) // [TryHackMe! OhSINT - METADATA & Research](https://www.youtube.com/watch?v=oF0TQQmFu4w)
18	18		- [Cyberseclabs](https://www.cyberseclabs.co.uk/)
19	19		- [Kontra Application Security Training](https://application.security/free-application-security-training)
	20	+	- [Will it CORS?](https://httptoolkit.tech/will-it-cors/) \| Tell this magic CORS machine what you want, and it'll tell you exactly what to do
20	21
21	22		---
22	23		back to [Intro Page](/README.md)

■ ■ ■ ■ ■ ■

assets/media.md

		skipped 7 lines
8	8		- [Podcasts](#Podcasts)
9	9		- [Books](#Books)
10	10		- [Twitter](#Twitter)
	11	+	- [Misc](#Misc)
11	12		---
12	13
13	14		## Youtube Channels
		skipped 7 lines
21	22		- [PwnFunction](https://www.youtube.com/PwnFunction) explanatory videos about Web App vulnerabilities
22	23		- [DEFCONConference](https://www.youtube.com/user/DEFCONConference/videos) - Tons of Talks from Defcon.
23	24		- [Jason Haddix](https://www.youtube.com/channel/UCk0f0svao7AKeK3RfiWxXEA) - VODs of his Stream
	25	+	- [rwxrob](https://www.twitch.tv/rwxrob) - Linux God
24	26
25	27		## Streamers
26	28		- [Nahamsec](https://www.twitch.com/nahamsec) on Twitch
		skipped 11 lines
38	40		- [The Bug Bounty Podcast](https://open.spotify.com/show/3yTTlfXH1avrI3FsXZyCpv) by Fisher
39	41		- [Episode 3 with nahamsec](https://anchor.fm/bugbountypodcast/episodes/Episode-3-ft--NahamSec-ebl392)
40	42		- [Bug Hunter Podcast](https://anchor.fm/bughunter)
	43	+	- [CRE](https://cre.fm/) German Podcast - CRE ist ein unregelmäßig erscheinender Interview-Podcast mit Tim Pritlove zu Themen aus den Bereichen Technik, Kultur und Gesellschaft.
	44	+	- [CRE197 IPv6](https://cre.fm/cre197-ipv6) Episode revolving around IPv6
	45	+	- [CCC Luxembourg Podcast](http://wiki.c3l.lu/doku.php?id=projects:entr0py_encore) Luxembourgish Podcast from CCC Lux.
41	46
42	47		## Books
43	48		- [Real-World Bug Hunting](https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616) by [Peter Yaworski](https://twitter.com/yaworsk)
		skipped 76 lines
120	125		\| [@yaworsk](https://twitter.com/yaworsk) \| BB, Researcher, Author \|
121	126		\| [@yeswehack](https://twitter.com/yeswehack) \| BB, Platform \|
122	127		\| [@zseano](https://twitter.com/zseano) \| BB, Teaching \|
	128	+	\| [@ZephrFish](https://twitter.com/ZephrFish) \| BB,Researcher \|
	129	+	\| [@CalumBoal](https://twitter.com/CalumBoal) \| Pentester, Software dev, Coder \|
	130	+	\| [@_superhero1](https://twitter.com/_superhero1) \| Streamer, Content Creator, BB \|
123	131
124	132
	133	+	## Misc
	134	+	- [ChaosComputerClub Germany Media Resources](https://media.ccc.de/) - bunch of conference talks and other media
	135	+	- [Phrack](http://www.phrack.org/)
125	136		---
126	137		back to [Intro Page](/README.md)

■ ■ ■ ■ ■ ■

assets/setup.md

		skipped 11 lines
12	12		- [Introduction to Docker for CTFs](https://www.youtube.com/watch?v=cPGZMt4cJ0I) (Works for Bug Bounty too) - by LiveOverflow
13	13		- [Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers](https://www.youtube.com/watch?v=fqMOX6JJhGo) - freecodecamp
14	14		- [Creating Wordlists for Pentesting & Bug Bounty](https://www.youtube.com/watch?v=QGbTaxtEQlg) - by nahamsec
	15	+	- [Setup bugbounty hunting env on termux](https://www.hahwul.com/2020/05/setup-bugbounty-hunting-env-on-termux-d.html?m=1) - by @hahwul
15	16		## Burp Suite
16	17		This section should help you get familiar with BurpSuite.
17	18		- [Setting up Burp (Video Series)](https://www.hacker101.com/playlists/burp_suite) by Hacker101
		skipped 5 lines

■ ■ ■ ■ ■ ■

assets/tools.md

		skipped 48 lines
49	49		\|[Knockpy](https://github.com/guelfoweb/knock)\|A python tool designed to enumerate subdomains on a target domain through a wordlist\|Python\|[@guelforweb](http://twitter.com/guelfoweb)\|
50	50		\|[crithit](https://github.com/codingo/crithit)\|Takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.\|C++\|[codingo](https://github.com/codingo)\|
51	51		\|[nuclei](https://github.com/projectdiscovery/nuclei)\|"Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use."\|Go\|[ProjectDiscovery](https://github.com/projectdiscovery)\|
	52	+	\|[SpiderFoot](https://github.com/smicallef/spiderfoot)\|SpiderFoot is an OSINT automation tool that queries over 100 data sources to build up a complete profile of your target, from host enumeration, to breached e-mail addresses and more.\|Python\|[SpiderFoot](http://twitter.com/spiderfoot)\|
52	53
53	54
54	55		#### OSINT Webpages
		skipped 11 lines
66	67		\|[NerdyData](https://nerdydata.com/)\|Search Engine for Source Code\|[NerdyData](https://www.crunchbase.com/organization/nerdydata)\|
67	68		\|[Crunchbase](https://www.crunchbase.com/)\|For finding Information about Businesses and their acquisitions\|[TechCrunch](https://techcrunch.com)\|
68	69		\|[Searchcode](https://searchcode.com/)\|Helping you find real world examples of functions, API's and libraries over 90 languages across multiple sources\|[searchcode](https://searchcode.com/about/#team)\|
69		-
70		-
71		-
72	70
73	71
74	72
		skipped 7 lines
82	80		\|------ \|------------- \| ------------ \|------------- \|
83	81		\|[Nmap](https://nmap.org)\|A well known and powerful Tool for port scanning. Nmap provides the possibility to use scripts to further customize its functionality. \|C, C++, Python, Lua\|Gordon Lyon\|
84	82		\|[Masscan](https://github.com/robertdavidgraham/masscan)\|This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.\|C\|Robert David Graham\|
	83	+	\|[KeyHacks](https://github.com/streaak/keyhacks)\|Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.\|/\|streaak\|
	84	+	\|[Nmap command helper](https://competent-goldberg-e5eefe.netlify.app/)\|A tool that helps you with nmap commands. Has a build in training feature to help memorizing them.\|\|0x0n0x\|
85	85		### Mobile Hacking
86	86		\| Name \| Description \| Written in \| Created by \|
87	87		\|------ \|------------- \| ------------ \|------------- \|
		skipped 11 lines
99	99		\|------ \|------------- \| ------------ \|------------- \|
100	100		\|[Reconness](https://github.com/reconness/reconness)\|"ReconNess helps you to run and keep all your #recon in the same place allowing you to focus only on the potentially vulnerable targets without distraction and without required a lot of bash skill or programing skill in general."\|C#\|[Reconness](https://github.com/reconness)\|
101	101		\|[Updog](https://github.com/sc0tfree/updog)\|"Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use HTTP basic auth."\|Python\|[sc0tfree](https://github.com/sc0tfree)\|
102		-
	102	+	\|[Notion](notion.so)\|"Write, plan, collaborate, and get organized — all in one tool."\|\|Notion Labs\|
	103	+	\|[Joplin](https://joplinapp.org/)\|"Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. The notes are searchable, can be copied, tagged and modified either from the applications directly or from your own text editor. The notes are in Markdown format."\|JavaScript\|Laurent Cozic\|
	104	+	\|[Xmind](https://www.xmind.net/)\|XMind, a full-featured mind mapping and brainstorming tool, designed to generate ideas, inspire creativity, brings productivity in a remote WFH team.\|/\|XMind Ltd.\|
	105	+	\|[Axiom](https://github.com/pry0cc/axiom)\|Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting.\|Bash\|[@pry0cc](https://twitter.com/pry0cc)\|
103	106
104	107		### Others
105	108		\| Name \| Description \| Written in \| Created by \|
		skipped 1 lines
107	110		\|[SecLists](https://github.com/danielmiessler/SecLists)\|A huge collection of word lists for hacking.\|\|Daniel Miessler\|
108	111		\|[Recon Pi](https://github.com/x1mdev/ReconPi)\|A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.\|\|[@x1m_martijn](https://twitter.com/x1m_martijn)\|
109	112		\|[CyberChef](https://gchq.github.io/CyberChef/)\|Awesome Tool for de-/encoding stuff. Try it out!\|JavaScript\|[gchq](https://github.com/gchq)\|
	113	+	\|[webhook.site](https://webhook.site)\|Webhook.site allows you to easily test, inspect, forward and create Custom Actions for any incoming HTTP request or e-mail.\|\|[fredsted](https://github.com/fredsted)\|
	114	+	\|[requestcatcher](https://requestcatcher.com/)\|Request Catcher will create a subdomain on which you can test an application. All requests sent to any path on the subdomain are forwarded to your browser in real time.\|\|\|
	115	+	\|[canarytokens](https://canarytokens.org/)\|[Description](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html)\|\|[Thinkst Canary](canary.tools)\|
110	116
111	117		---
112	118		back to [Intro Page](/README.md)

June Update