🤬
  • ■ ■ ■ ■ ■
    CONTRIBUTORS.md
    skipped 1 lines
    2 2  Securibee<br>
    3 3  NahamSec<br>
    4 4  AshF0x<br>
    5  -daeken<br>
    6 5   
    7 6  and of course everyone else who sends in suggestions for the repo itself <3
    8 7   
  • ■ ■ ■ ■ ■ ■
    README.md
    1 1  # Resources-for-Beginner-Bug-Bounty-Hunters
    2 2   
    3 3  ## Intro
    4  -### Current Version: 2021.01
    5  -There are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?". As a hacker, there a ton of techniques, terminologies, and topics you need to familiarize yourself with to understand how an application works. Sera Brocious [(@daeken)](http://twitter.com/daeken), [@0xAshFox](https://twitter.com/0xAshFox), and I put these resources together in order to help new hackers with resources to learn the basics of Web Application Security.
     4 +### Current Version: 2023.01
     5 +Welcome to our web hacking and bug bounty hunting resource repository! A curated collection of web hacking tools, tips, and resources is available here. We hope that this repository will be a valuable resource for you as you work to secure the internet and make it a safer place for everyone, whether you're a seasoned bug bounty hunter or just getting started.
    6 6   
    7 7  We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!<br>
    8 8   
    9 9  If you are interested in learning about top bug bounty hunters in the community check out my [Live Recon VODs](https://www.youtube.com/playlist?list=PLKAaMVNxvLmAkqBkzFaOxqs3L66z2n8LA).
    10 10   
    11 11   
    12  -## NahamSec's Resource:
     12 +## NahamSec's Personal Resource:
    13 13  I have also put together my own resource:
    14 14   
    15 15  - [NahamSec's Udemy Course](https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/?couponCode=NAHOMIES)
    skipped 5 lines
    21 21  ## Table of Contents
    22 22   
    23 23  - [Basics](/assets/basics.md)
     24 +- [Blog posts & Talks](/assets/blogposts.md)
     25 +- [Books](/assets/books.md)
    24 26  - [Setup](/assets/setup.md)
    25 27  - [Tools](/assets/tools.md)
    26 28  - [Labs & Testing Environments](/assets/labs.md)
    27 29  - [Talks](/assets/talks.md)
    28 30  - [Vulnerability Types](/assets/vulns.md)
    29 31  - [Mobile Hacking](/assets/mobile.md)
    30  -- [Smart Contracts](/assets/smartcon.md)
    31 32  - [Coding & Scripting](/assets/coding.md)
    32  -- [Hardware & IoT](/assets/hardware.md)
    33  -- [Blog posts & Talks](/assets/blogposts.md)
    34 33  - [Media Resources](/assets/media.md)
    35  -- [Certifications](/assets/certs.md)
    36 34  - [Mindset & Mental Health](/assets/health.md)
    37 35   
    38 36  ---
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    assets/basics.md
    1 1  # Resources-for-Beginner-Bug-Bounty-Hunters
    2 2   
    3 3  ## Basics 🤓
     4 +Before diving into bug bounty hunting, it is critical to have a solid understanding of how the internet and computer networks work. Understanding key concepts such as Transmission Control Protocol (TCP), a fundamental protocol used for transmitting data over the internet and other networks, is essential. Also, it is critical to understand networking concepts such as IP addresses, subnetting, and routing, which are all critical components of how devices communicate on a network. Another crucial concept to grasp is Domain Name System (DNS), which is in charge of converting human-readable domain names (such as google.com) into machine-readable IP addresses.
    4 5   
    5  -### Table of Contents
    6  -1. [Stanford CS 253 Web Security](#Stanford-CS-253-Web-Security)
    7  -2. [HTTP basics](#HTTP-basics)
    8  -3. [Networking basics](#Networking-basics)
    9  -4. [Programming Basics](#Programming-Basics)
    10  -5. [Automation](#Automation)
    11  -6. [Linux basics](#Linux-Basics)
    12  -7. [Web Server Basics](#Web-Server-Basics)
    13  -8. [Computing Fundamentals](#Computing-Fundamentals)
    14  -9. [Hacking Basics](#Hacking-Basics)
     6 +Understanding these concepts will provide a solid foundation for your bug bounty hunting journey, allowing you to better understand and navigate the various systems and networks you will encounter.
    15 7   
    16  -### Stanford CS 253 Web Security
    17  -- [Stanford CS 253 Web Security](https://web.stanford.edu/class/cs253/) - by [@feross](https://twitter.com/feross)
    18  - - "This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues."
     8 +### Table of Contents
     9 +1. [HTTP basics](#HTTP-basics)
     10 +2. [Networking basics](#Networking-basics)
     11 +3. [Programming Basics](#Programming-Basics)
     12 +4. [Automation](#Automation)
     13 +5. [Linux basics](#Linux-Basics)
     14 +6. [Web Server Basics](#Web-Server-Basics)
     15 +7. [Computing Fundamentals](#Computing-Fundamentals)
     16 +8. [Hacking Basics](#Hacking-Basics)
    19 17   
    20 18  ### HTTP basics
    21 19  In order to be able to learn what and how an application works, you need to be able to understand how you are communicating with it. This section is dedicated to all the resources to understand the HTTP basics.
    skipped 4 lines
    26 24   - MIME sniffing
    27 25   - Encoding sniffing
    28 26   - Same-Origin Policy
    29  - - CSRF (Cross-Site Request Forgery)
    30 27  - [Request form](https://www.tutorialspoint.com/http/http_requests.htm)
    31 28  - [Response form](https://www.tutorialspoint.com/http/http_responses.htm)
    32 29  - [Response codes](https://www.tutorialspoint.com/http/http_status_codes.htm)
    33 30  - [URL Encoding](https://www.tutorialspoint.com/http/http_url_encoding.htm)
    34 31   
    35 32   
     33 +#### HTTP Basics Video Resources
     34 +- [HTTP Crash Course & Exploration](https://www.youtube.com/watch?v=iYM2zFP3Zn0)
     35 +- [Same Origin Policy](https://www.youtube.com/watch?v=bSJm8-zJTzQ)
     36 + 
    36 37  ### Networking basics
    37 38  Recon is a common terminology used in bug bounties. It’s great if you are already using tools to scan a range of IPs for open ports or find subdomain, however, you should first understand why these things matter and how they work.
    38 39  - [Terminology](https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols)
    39 40  - [What is an IP?](https://commotionwireless.net/docs/cck/networking/learn-networking-basics/)
    40 41  - [What are ports?](https://www.utilizewindows.com/list-of-common-network-port-numbers/)
    41 42  - [What is DNS?](https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704)
    42  -- [Intermediate Security Testing with Kali Linux 2](http://www.penguintutor.com/linux/basic-network-reference)
    43  -- [Network Fundamentals](https://www.youtube.com/playlist?list=PLDQaRcbiSnqF5U8ffMgZzS7fq1rHUI3Q8), A 19 part Video Series about Networking well explained for Beginners
    44 43   
     44 +#### Networking Basics Video Resources
     45 +-[Network Fundamentals](https://www.youtube.com/playlist?list=PLDQaRcbiSnqF5U8ffMgZzS7fq1rHUI3Q8), A 19 part Video Series about Networking well explained for Beginners
     46 +- [IP Addressing and IP Subnetting for the CCNA Exam by David Bombal] (https://youtube.com/watch?v=E-J8EPUvc8E)
     47 +- [What is DNS by David Bombal](https://www.youtube.com/watch?v=dl-C6cBoRg4)
     48 +- [CCNA 200-301 Complete Course](https://www.youtube.com/watch?v=H8W9oMNSuwo)
     49 +- [Free CCNA 200-301 Course: Network Fundamentals by David Bombal](https://www.udemy.com/course/free-ccna-200-301-network-fundamentals/)
    45 50   
    46 51  ### Programming Basics
    47 52  Being a great programmer is not a requirement to be a successful hacker. However, having the ability to make an educated guess, may increase your chances of successfully identifying and exploiting an issue. In a number of cases, you may need to automate your work or know more than just the “basics” in order to escalate a bug with a medium severity to high/critical.
    skipped 5 lines
    53 58  https://www.codecademy.com/learn/learn-sql
    54 59  http://www.sqlcourse.com/
    55 60   
     61 +### Programming Basics Video Resources
     62 +- [HTML Basics In 10 Minutes] (https://www.youtube.com/watch?v=MDLn5-zSQQI)
     63 +- [JavaScript Tutorial for Beginners: Learn JavaScript in 1 Hour] (https://www.youtube.com/watch?v=W6NZfCO5SIk)
     64 +- [Learn SQL in 1 Hour - SQL Basics for Beginners] (https://www.youtube.com/watch?v=9Pzj7Aj25lw)
     65 + 
    56 66  ### Automation
    57  -You are welcome to skip this section if you think youll never need any automation or in depth web application knowledge. However I think learning bash in addition to one the following four languages may help you work smarter rather than harder.
     67 +You may skip this section if you believe you will never need automation or in-depth web application knowledge. However, I believe that learning bash in addition to one of the four languages listed below will allow you to work smarter rather than harder.
     68 + 
    58 69  - Bash
    59 70   - https://www.learnshell.org/
    60 71   - https://explainshell.com/
    skipped 11 lines
    72 83  - PHP
    73 84   - https://php.net
    74 85   
     86 +#### Automation Video Resources
     87 +- [Beginner's Guide to the Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag)
     88 +- [Python for Beginners - Learn Python in 1 Hour] (https://www.youtube.com/watch?v=kqtD5dpn9C8)
     89 + 
     90 + 
    75 91  ### Web Server Basics
    76 92  If you are looking into getting started with Bug Bounties with a focus on web, I highly recommend learning the nuts and bolts of what make a website work.
    77 93   
    skipped 2 lines
    80 96  - [Setting Up Your Ubuntu Box for Pentest and Bug Bounty Automation](https://www.youtube.com/watch?v=YhUiAH5SIqk)
    81 97   
    82 98  After creating your own web server, I highly recommend installing a CMS (like Wordpress or drupal) on your localhost to understand how it all works.
     99 + 
     100 +#### Web Server Basics Videos
     101 +- [Python for Beginners - Learn Python in 1 Hour] (https://www.youtube.com/watch?v=kqtD5dpn9C8)
     102 +- [How to Install XAMPP Server on Windows 10](https://www.youtube.com/watch?v=-f8N4FEQWyY)
    83 103   
    84 104  ### Linux Basics
    85 105  - [Install WSL on Windows 10](https://ubuntu.com/wsl)
    skipped 2 lines
    88 108  - [Loops](https://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-7.html)
    89 109  - [xargs](https://www.cyberciti.biz/faq/linux-unix-bsd-xargs-construct-argument-lists-utility/)
    90 110   
    91  -### Computing Fundamentals
    92  -- [Hopper's Roppers Computing Fundamentals](https://www.hoppersroppers.org/course.html)
    93  - - This free course teaches the absolute basics of Linux, hardware, networking, operating systems, and scripting. Designed to get a complete beginner over the first big learning hurdles and so they can move on to anything else and succeed.
    94  -- [Exeter Q-Step Resources](https://exeter-qstep-resources.github.io/)
    95  - - Here, you will find a range of teaching materials that have been developed by members of the Q-Step Centre. If you have any questions, please contact [email protected] or [email protected]. Details of Q-Step workshops and events can be found at https://socialsciences.exeter.ac.uk/q-step/events.
     111 +#### Linux Basics Videos
     112 +- [How to Install Ubuntu on Windows 10 (WSL)] (https://www.youtube.com/watch?v=X-DHaQLrBi8)
     113 +- [Linux Essentials: Curl Fundamentals](https://www.youtube.com/watch?v=Xy7fDxz39FM)
     114 +- [Xargs Should Be In Your Command Line Toolbag](https://www.youtube.com/watch?v=rp7jLi_kgPg)
     115 +- [Shell Scripting - For Loops](https://www.youtube.com/watch?v=T7hVOiTsSUU)
    96 116   
    97 117  ### Bug Bounty Basics
     118 +- [Hacker101's Getting Started](https://www.hacker101.com/start-here)
    98 119  - [Bug bounty reports that stand out, how to write one?](https://thehackerish.com/bug-bounty-reports-that-stand-out-how-to-write-one/)
    99 120  - [Bug Bounty Report Templates by @ZephrFish](https://github.com/ZephrFish/BugBountyTemplates/blob/master/Blank.md)
    100  -- [Hacker101- Writing Good Reports](https://www.youtube.com/watch?v=z60CFFFyZWE)
    101 121  - [List of Bug Bounty Platforms](https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/bugbountyplatforms.md)
    102 122  - [Bug Bounty Cheatsheet](https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html)
     123 + 
     124 +#### Bug Bounty Basics Videos
    103 125  - [HOW TO GET STARTED IN BUG BOUNTY](https://www.youtube.com/watch?v=CU9Iafc-Igs)
     126 +- [Hacker101- Writing Good Reports](https://www.youtube.com/watch?v=z60CFFFyZWE)
     127 +- [Putting Your Mind to It: Bug Bounties for 12 Months - @zseano] (https://www.youtube.com/watch?v=-PkK9DP5nec)
     128 +- [How to Get Into Bug Bounty by Katie Paxton-Fear @InsiderPhD] (https://www.youtube.com/watch?v=19gIJ7gLbXI)
     129 + 
    104 130   
    105 131  ---
    106 132  back to [Intro Page](/README.md)
    skipped 1 lines
  • ■ ■ ■ ■ ■ ■
    assets/blogposts.md
    1 1  # Resources-for-Beginner-Bug-Bounty-Hunters
    2 2  This page is designated to hosts blog posts on particular vulnerability and techniques that have led to a bounty. If you would like to learn more about specific vulnerability types, please visit [Vulnerability Types](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/vulns.md)!
    3 3   
    4  -## NahamSec's Favorite Blogs & Reading Material
     4 +## NahamSec's Favorite Learning Resources
    5 5  - [HackerOne Hacktivity](https://hackerone.com/hacktivity)
    6 6  - [Bugcrowd Crowdstream](https://bugcrowd.com/crowdstream)
     7 +- [The Daily Swig](https://portswigger.net/daily-swig)
     8 +- [The Unofficial HackerOne Disclosure Timeline.](http://h1.nobbd.de/)
     9 +- [Detectify Blog](https://blog.detectify.com/)
     10 + 
     11 +### Favorite Hacker Blogs
    7 12  - [Alex Champman](https://ajxchapman.github.io/)
    8  -- [The Daily Swig](https://portswigger.net/daily-swig)
    9 13  - [Deesee](https://blog.deesee.xyz/)
    10 14  - [EdOverflow](https://edoverflow.com/)
    11 15  - [Jon Bottarini](https://jonbottarini.com/)
    skipped 1 lines
    13 17  - [Orange Tsai](https://blog.orange.tw/)
    14 18  - [Philippe Harewood](https://philippeharewood.com/)
    15 19  - [Ron Chan](https://ngailong.wordpress.com)
     20 +- [Yassine Aboukir](https://www.yassineaboukir.com/)
    16 21  - [Shubham Shah](https://shubs.io/)
    17 22  - [spaceraccoon](https://spaceraccoon.dev)
    18 23  - [ziot](https://buer.haus/)
    19 24  - [zlz](https://samcurry.net/blog)
    20 25  - [Vickie Li](https://vickieli.medium.com)
     26 +- [rez0](https://rez0.blog/)
     27 +- [MrTuxracer](https://www.rcesecurity.com/blog/)
     28 +- [Pentest Book by six2dez](https://github.com/six2dez/pentest-book/)
     29 +- [Youssef Sammouda](https://ysamm.com/)
    21 30   
    22 31  ### Reddit
    23 32  - [/r/BugBounty](https://reddit.com/r/bugbounty)
    skipped 3 lines
    27 36  - [r/netsecstudents](https://reddit.com/r/netsecstudents)
    28 37   
    29 38   
     39 +### Community Curated Blog Posts & Resource
     40 +- [Awesome Google VRP Writeups](https://github.com/xdavidhu/awesome-google-vrp-writeups)
     41 +- [Top HackerOne Reports](https://github.com/InsiderPhD/hackerone-reports)[By InsiderPhD](https://twitter.com/InsiderPhD)
     42 +- [How To Hunt](https://github.com/KathanP19/HowToHunt)
     43 + 
    30 44  ## Blog posts & Disclosed Reports 📝
    31 45  A collection of Blog Posts ordered by Vulnerability Types
    32  -- [Starting out & Tips](#Starting-Out-&-Questions)
    33 46  - [XSS](#XSS)
    34  - - [DOM XSS](#DOM-XSS)
    35  - - [Stored XSS](#Stored-XSS)
    36 47  - [SSRF](#SSRF)
    37  -- [Token / Authentication](#Token-/-Authentication)
    38 48  - [SQL Injection](#SQL-Injection)
    39 49  - [HTTP Desync](#HTTP-Desync)
    40 50  - [File Upload](#File-Upload)
    skipped 1 lines
    42 52  - [GraphQL](#GraphQL)
    43 53  - [RCE](#RCE)
    44 54  - [Recon](#Recon)
    45  -- [Smart Contracts](#Smart-Contracts)
    46 55  - [API](#API)
    47 56  - [Misc](#Misc)
    48 57  - [Mobile](#Mobile)
    49 58   - [iOS](#iOS)
    50 59   - [Android](#Android)
    51  ----
    52  -## Starting out & Tips
    53  -- [Basic Bug Bounty FAQ](http://blog.oath.ninja/basic-bug-bounty-faq/) - by [@thedawgyg](https://twitter.com/thedawgyg)
    54  -- [Getting started in Cyber Security in 2019 – The Complete Guide](https://www.ceos3c.com/hacking/getting-started-cyber-security-complete-guide/) - by ceos3c
    55  -- [WTF is a Bug Bounty?](https://www.ceos3c.com/hacking/ethical-hacking-diaries-1-wtf-is-a-bug-bounty/) - by ceos3c
    56  -- [How to Set up Certificate-Based SSH for Bug Hunting](https://medium.com/@c0ldbr3w/how-to-set-up-certificate-based-ssh-for-bug-hunting-bonus-ef4af95fca05) - by Mack Staples
    57  -- [XSS in Google Colaboratory + CSP bypass](https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html) by Michał Bentkowski
    58  -- [zseano’s notes on hacking & mentoring](https://blog.intigriti.com/2020/04/29/bug-business-3-zseanos-notes-on-hacking-mentoring/) by Intigriti & Zseano
    59 60   
    60  -## XSS
     61 +### XSS
    61 62  You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
    62 63  - [Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program](https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/) - [Sam Curry](https://twitter.com/samwcyo)
    63 64  - [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
    64  -- [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - [@Qab](https://twitter.com/qab)
    65 65  - [Reflected XSS in https://blocked.myndr.net](https://hackerone.com/reports/824433) - Thilakesh
    66  -- [Google Bug Bounty Writeup- XSS Vulnerability](https://pethuraj.com/blog/google-bug-bounty-writeup/) - [@itsmepethu](https://twitter.com/itsmepethu)
    67  -- [Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss](https://medium.com/bugbountywriteup/found-stored-cross-site-scripting-whats-next-privilege-escalation-like-a-boss-d-8fb9e606ce60) - by Harsh Bothra
    68  -- [Bypassing WAF to perform XSS](https://medium.com/bugbountywriteup/bypassing-waf-to-perform-xss-2d2f5a4367f3) - by Kleitonx00
    69 66  - [Facebook DOM Based XSS using postMessage](https://ysamm.com/?p=493)
    70  - 
    71  -### DOM XSS
     67 +- [Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities] (https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/)
     68 +- [An XSS on Facebook via PNGs & Wonky Content Types](https://whitton.io/articles/xss-on-facebook-via-png-content-types/)
    72 69  - [Persistent DOM-based XSS in https://help.twitter.com via localStorage](https://hackerone.com/reports/297968) - harisec
    73  -- [DOM based XSS in search functionality](https://hackerone.com/reports/168165) - sameoldstory
    74 70  - [A Tale Of A DOM Based XSS In Paypal](https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html) - Rafay Baloch
    75 71  - [H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing](https://hackerone.com/reports/422043) - filedescriptor
    76  -- [DOM XSS on app.starbucks.com via ReturnUrl](https://hackerone.com/reports/526265) - Gamer7112
    77  -### Stored XSS
    78 72  - [Another XSS in Google Colaboratory](https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html) - Michał Bentkowski
    79 73  - [Google adwords 3133.7$ Stored XSS](https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27) - Emad Shanab
    80 74  - [Stored XSS on Facebook](https://opnsec.com/2018/03/stored-xss-on-facebook/) - Enguerran Gillier
    81 75  - [Yahoo Mail stored XSS](https://klikki.fi/adv/yahoo.html) - Jouko Pynnönen
    82 76  - [Yahoo Mail stored XSS #2](https://klikki.fi/adv/yahoo2.html) - Jouko Pynnönen
    83 77  - [Account Recovery XSS](https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss) - Gábor Molnár
     78 +- [$6000 CRLF to XSS | Microsoft Bug Bounty] (https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922)
    84 79   
    85  -## SSRF
     80 +### SSRF
     81 +- [A Glossary of Blind SSRF Chains](https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/)
     82 +- [A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf)
    86 83  - [Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks](https://peertube.opencloud.lu/videos/watch/40f39bfe-6d3c-40f5-bcab-43f20944ca6a)<br>- Alyssa Herrera | Hack.lu 2019
    87 84  - [Pivoting from blind SSRF to RCE with HashiCorp Consul](https://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html)
    88  -- [Vimeo upload function SSRF](https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437) - Sayed Abdelhafiz
    89 85  - [Piercing the Veal](https://medium.com/@d0nut/piercing-the-veal-short-stories-to-read-with-friends-4aa86d606fc5) - by d0nut
    90 86  - [CVE-2020-13379 - Unauthenticated Full-Read SSRF in Grafana](https://rhynorater.github.io/CVE-2020-13379-Write-Up)
    91 87  - [MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT](https://www.nahamsec.com/posts/my-expense-report-resulted-in-a-server-side-request-forgery-ssrf-on-lyft) - by nahamsec
    92 88  - [How I found SSRF on TheFacebook.com](https://w00troot.blogspot.com/2017/12/how-i-found-ssrf-on-thefacebookcom.html)
    93  -- [How I made $31500 by submitting a bug to Facebook](https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204)
    94  -- [A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf)
     89 +- [SSRF on Zimbra Led to Dump All Credentials in Clear Text] (https://infosecwriteups.com/story-of-a-2-5k-bounty-ssrf-on-zimbra-led-to-dump-all-credentials-in-clear-text-6fe826005ccc)
     90 +- [SSRF in Exchange leads to ROOT access in all instances](https://hackerone.com/reports/341876)
    95 91   
    96  -## Token / Authentication
    97  -- [Abusing feature to steal your tokens](https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74) - Harsh Jaiswal
    98  -- [How I was able to bypass OTP code requirement in Razer [The story of a critical bug]](https://medium.com/bugbountywriteup/how-i-was-able-to-bypass-otp-token-requirement-in-razer-the-story-of-a-critical-bug-fc63a94ad572?) - Ananda Dhakal
    99  -- [Bypassing GitHub's OAuth flow](https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html) - [@not_aardvark](https://twitter.com/not_aardvark)
    100  -- [NMAP For Vulnerability Discovery](https://www.peerlyst.com/posts/nmap-for-vulnerability-discovery-sachin-wagh) - Sachin Wagh
    101  -- [Subdomain Takeover to Authentication bypass](https://hackerone.com/reports/335330) - by geekboy
    102  -- [Ability to know the presence of a person in a private event even if the guest list is hidden.](https://bugreader.com/index.php?pageNav=vivekps143%40193) - by [Vivek PS](https://bugreader.com/vivekps143)
    103  -- [Zero-day in Sign in with Apple](https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/)
    104  - 
    105  - 
    106  -## SQL Injection
     92 +### SQL Injection
    107 93  - [Time-Based Blind SQL Injection In GraphQL](https://medium.com/bugbountywriteup/time-based-blind-sql-injection-in-graphql-39a25a1dfb3c) - Divyanshu Shukla
    108 94  - [SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database](https://hackerone.com/reports/531051) - spaceraccoon
    109 95  - [Finding SQL injections fast with white-box analysis — a recent bug example](https://medium.com/@frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76?) - [@frycos](https://twitter.com/frycos)
    skipped 1 lines
    111 97  - [Blind SQL Injection on windows10.hi-tech.mail.ru](https://hackerone.com/reports/786044) - Просто душка (api_0)
    112 98  - [How to Hack Database Links in SQL Server!](https://blog.netspi.com/how-to-hack-database-links-in-sql-server/) - Antti Rantasaari
    113 99   
    114  -## HTTP Desync
     100 +### HTTP Desync
    115 101  - [HTTP Desync Attacks: Request Smuggling Reborn](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) in combination with this [report](https://hackerone.com/reports/510152) - [James Kettle](https://twitter.com/albinowax)
    116 102  - [HTTP Request Smuggling on vpn.lob.com](https://hackerone.com/reports/694604) - 0X0 (painreigns)
    117 103  - [Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies](https://hackerone.com/reports/737140) - Evan Custodio
    118 104   
    119  -## File Upload
     105 +### File Upload
    120 106  - [Webshell via File Upload on ecjobs.starbucks.com.cn](https://hackerone.com/reports/506646) - johnstone
    121 107  - [Facebook Messenger server random memory exposure through corrupted GIF image ](https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html) - [@xdzmitry](https://twitter.com/xdzmitry)
    122 108  - [A Tale of Exploitation in Spreadsheet File Conversions](https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/) - [@bbuerhaus](https://twitter.com/bbuerhaus)//[@daeken](https://twitter.com/daeken)//[@erbbysam](https://twitter.com/erbbysam)//[@smiegles](https://twitter.com/smiegles)
    123 109  - [External XML Entity via File Upload (SVG)](https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/) - by 0xatul
    124 110   
    125  -## IDOR
     111 +### IDOR
    126 112  - [Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method](https://www.indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html) - [Vijay Kumar ](https://twitter.com/IndoAppSec)
    127 113  - [GraphQL IDOR leads to information disclosure](https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d) - [@R0X4R](https://twitter.com/R0X4R)
    128 114  - [From Multiple IDORs leading to Code Execution on a different Host Container](https://www.rahulr.in/2019/10/idor-to-rce.html?m=1) - [@Rahul_R95](https://twitter.com/Rahul_R95)
    skipped 1 lines
    130 116  - [Another image removal vulnerability on Facebook](https://blog.darabi.me/2020/06/image-removal-vulnerability-on-facebook.html)
    131 117  - [Stealing Your Private YouTube Videos, One Frame at a Time](https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/)
    132 118   
    133  -## GraphQL
     119 +### GraphQL
    134 120  - [Private System Note Disclosure using GraphQL](https://hackerone.com/reports/633001) - Ron Chan
    135 121  - [Graphql Abuse to Steal Anyone’s Address](https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417) - pratik yadav
    136 122   - [Email address of any user can be queried on Report Invitation GraphQL type when username is known](https://hackerone.com/reports/792927) - msdian7
    137 123   
    138  -## RCE
     124 +### RCE
    139 125  - [My First RCE (Stressed Employee gets me 2x bounty)](https://medium.com/@abhishake100/my-first-rce-stressed-employee-gets-me-2x-bounty-c4879c277e37) - [Abhishek Yadav](https://medium.com/@abhishake100)
    140 126  - [How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber](https://medium.com/@andrewaeva_55205/how-dangerous-is-request-splitting-a-vulnerability-in-golang-or-how-we-found-the-rce-in-portainer-7339ba24c871) - by Andrewaeva
    141 127   
    142  -## Automation & Recon
     128 +### Automation & Recon
    143 129  - [How to: Recon & Content Discovery](https://www.hackerone.com/blog/how-to-recon-and-content-discovery)
    144 130  - [Subdomain Recon Using Certificate Search Technique](https://www.r00tpgp.com/2020/01/subdomain-recon-using-certificate.html?m=0)
    145 131  - [Notes about NahamSec's Recon Sessions](https://mavericknerd.github.io/knowledgebase/nahamsec/recon_session_1/) - [maverickNerd](https://github.com/maverickNerd)
    skipped 4 lines
    150 136  - [Beginner’s Guide to recon automation](https://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb) - Ashish Jha
    151 137  - [gitGraber: A tool to monitor GitHub in real-time to find sensitive data](https://blog.yeswehack.com/2019/10/08/gitgraber-a-tool-to-monitor-github-in-real-time-to-find-sensitive-data/) - by [@adrien_jeanneau](https://twitter.com/adrien_jeanneau) & [@R_Marot](https://twitter.com/R_marot)
    152 138   
    153  -## Smart Contracts
    154  -- [Steal collateral during `end` process, by earning DSR interest after `flow](https://hackerone.com/reports/672664)(Listed as Business Logic Error)
    155  -- [Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`](https://hackerone.com/reports/684152)(Listed as Improper Input Validation)
    156 139   
    157  -## API
     140 +### API
    158 141  - [31 Days of API Security Tips](https://github.com/smodnix/31-days-of-API-Security-Tips) - [smodnix](https://github.com/smodnix)
    159 142  - [Exploiting Application-Level Profile Semantics (APLS)](https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/)
    160 143   
    161  -## Misc
     144 +### Misc
     145 +- [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610)
     146 +- [Abusing feature to steal your tokens](https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74) - Harsh Jaiswal
     147 +- [Zero-day in Sign in with Apple](https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/)
     148 +- [Account hijacking using "dirty dancing" in sign-in OAuth-flows](https://labs.detectify.com/2022/07/06/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/) By Frans Rosen
    162 149  - [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/)
    163 150  - [Abusing autoresponders and email bounces](https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2) - securinti
    164 151  - [Abusing HTTP hop-by-hop request headers](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) - [@nj_dav](https://twitter.com/nj_dav)
    165  -- [Cracking reCAPTCHA, Turbo Intruder style](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style) - James Kettle
    166 152  - [Abusing ImageMagick to obtain RCE](https://strynx.org/imagemagick-rce/) - [strynx](https://strynx.org/)
    167 153  - [How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN](https://blog.detectify.com/2019/09/19/alyssa-herrera-pulse-corporate-networks-ssl-vpn/) - [Alyssa Herrera](https://twitter.com/Alyssa_Herrera_)
    168 154  - [Top 10 web hacking techniques of 2019](https://portswigger.net/research/top-10-web-hacking-techniques-of-2019) by [James Kettle](https://twitter.com/albinowax)
    skipped 2 lines
    171 157  - [Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts](https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/) by Sam Curry
    172 158  - [The Secret sauce of bug bounty](https://medium.com/bugbountywriteup/the-secret-sauce-of-bug-bounty-bdcc2e2d45af) by Mohamed Slamat
    173 159  - [Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty](https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/) - [Sam Curry](https://twitter.com/samwcyo)
    174  -## Mobile
    175  -### iOS
     160 +- [TJnull’s Preparation Guide for PWK/OSCP](https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html)
     161 + 
     162 + 
     163 +### Mobile
     164 +#### iOS
    176 165  - [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - spaceraccoon
    177  -### Android
     166 +#### Android
    178 167  - [A deep dive into reversing Android pre-Installed apps](https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf) and the
     168 + 
    179 169   
    180 170   
    181 171  ---
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    assets/books.md
     1 +# Resources-for-Beginner-Bug-Bounty-Hunters
     2 + 
     3 +## Books 📚
     4 +This Section is dedicated to all books related to Hacking, Web Hacking, & Bug Bounty Hunting
     5 + 
     6 +### NahamSec's Must Read Picks
     7 +- [RTFM: Red Team Field Manual v2](https://amzn.to/3IZXVj2) by Ben Clark, Nick Downer
     8 +- [The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws](https://amzn.to/3F5H9xT) by Dafydd Stuttard, and Marcus Pinto
     9 +- [The Hacker Playbook 3: Practical Guide To Penetration Testing](https://amzn.to/3mwdDLt) by Peter Kim
     10 +- [Bug Bounty Bootcamp](https://amzn.to/3l1a8fn) by Vickie Li
     11 +- [Black Hat Python](https://amzn.to/3T3a4Zd) by Justin Seitz and Tim Arnold
     12 + 
     13 + 
     14 +### Fundamental Books
     15 +- [Ethical Hacking](https://amzn.to/41TLu12) by Daniel G. Graham
     16 +- [Foundations of Information Security](https://amzn.to/41VOPga) by Jason Andress
     17 +- [Penetration Testing](https://amzn.to/3mweg7N) by Georgia Weidman
     18 +- [Metasploit](https://amzn.to/3Zq362M) by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni
     19 +- [The Tangled Web: A Guide to Securing Modern Web Applications](https://amzn.to/3yhgv14) by Michal Zalewski
     20 + 
     21 +### Web Hacking & Bug Bounty
     22 +- [Hacking APIs](https://amzn.to/3F3M1Dw) by Corey Ball
     23 +- [Real-World Bug Hunting](https://amzn.to/3ZLqc3F) by Peter Yaworski
     24 + 
     25 +### Coding for Hacking
     26 +- [Automate the Boring Stuff with Python, 2nd Edition](https://amzn.to/3L5q76S) by Al Sweigart
     27 +- [Python One-Liners](https://amzn.to/3JgSnC9) by Christian Mayer
     28 +- [Black Hat GraphQL](https://amzn.to/3YpeOJH) by Dolev Farhi, Nick Aleks
     29 +- [Black Hat Go](https://amzn.to/3mvzh2f) by Tom Steele, Chris Patten, and Dan Kottmann
     30 +- [JavaScript for hackers - Learn to think like a hacker](https://amzn.to/3ZudIxA) by Gareth Heyes
     31 + 
     32 +### Misc
     33 +- [Practical Malware Analysis](https://amzn.to/3Zsi2O1) by Michael Sikorski and Andrew Honig
     34 +- [Practical Social Engineering](https://amzn.to/3kPhItI) by Joe Gray
     35 +- [The Ghidra Book](https://amzn.to/3yh0KHN) by Chris Eagle and Kara Nance
     36 +- [Operator Handbook: Red Team + OSINT + Blue Team Reference](https://amzn.to/3F4MqG9) by Joshua Picolet
     37 + 
     38 + 
     39 +---
     40 +back to [Intro Page](/README.md)
     41 + 
  • ■ ■ ■ ■ ■ ■
    assets/certs.md
    1  -# Resources-for-Beginner-Bug-Bounty-Hunters
    2  - 
    3  -## Certifications 📜
    4  - 
    5  -Quite a lot of beginners ask about certifications and if they can help in Bug Bounty. Similar to Coding itself it is a nice thing to have but not a necessity to be successful.<br>
    6  -Due to the fact that a lot more Hunters are trying to get better in different fields, and are curious about the certifications, I wanted to add some Info and Notes about some of them.
    7  -### OSCP
    8  -- OSCP Videos from John Hammond:
    9  - - [OSCP - Taking Notes & Resources](https://www.youtube.com/watch?v=MQGozZzHUwQ)
    10  - - [100% OSCP: Offensive Security Certified Professional](https://www.youtube.com/watch?v=kdobdnQ2sGw)
    11  - - [ALL NEW OSCP - REVAMPED 2020](https://www.youtube.com/watch?v=wjTt-5mfyhY)
    12  -- [OSCP Preparation](https://github.com/superhero1/OSCP-Prep) by sup3rhero1
    13  -- [TJnull’s Preparation Guide for PWK/OSCP](https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html)
    14  -- [hax](https://github.com/unmeg/hax) by unmeg (Useful scripts for OSCP boxes and other Certs)
    15  - 
    16  ----
    17  -back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/changelog.md
    1  -# Resources-for-Beginner-Bug-Bounty-Hunters
    2  - 
    3  -## Changelog 📬
    4  - 
    5  -This page is no longer maintained. If you are interested in the changelog please check out the commit.
    6  - 
    7  ----
    8  -## ___Update 2020.08___
    9  -### Added
    10  -- [Tools](/assets/tools.md):
    11  - - **threader3000** in the Scanner section<br>
    12  - - **subfinder** in the Recon, OSINT & Discovery Section<br>
    13  - - **SUBway** in the Recon, OSINT & Discovery Section<br>
    14  - - **PenTest.ws** in the Notetaking Section<br>
    15  -- [Blogposts & Disclosed Reports](/assets/blogposts.md):
    16  - - **Ability to know the presence of a person in a private event even if the guest list is hidden.** - by Vivek PS<br>
    17  - - **Another image removal vulnerability on Facebook** - by Pouya<br>
    18  -- [Cheat Sheets](/assets/cheat.md):
    19  - - **CloudPentestCheatsheets**
    20  - - **HackTricks**
    21  - - **Everything curl**
    22  - - **GTFObins**
    23  - - **Finding ENdpoints in JS Files**
    24  - - **The Bug Hunter's Methodology v.4.01**
    25  -- [Certifications](/assets/certs.md):
    26  - - **hax**
    27  -- [Setup](/assets/setup.md):
    28  - - **Technical Project Ideas Towards Learning Cyber Security**
    29  - - **Getting Starting With Tmux Isn't That Scary**
    30  -- [Media](/assets/media.md):
    31  - - **The Linux Command Line**
    32  - - **The Mayor** in the Streamer Section
    33  - - Added **Nahamsec,Hacker101,TryHackMe,HTB,TCM,AshF0x,TheMayor,Sup3rhero1 6 Ceos3c** to Discord Servers
    34  - - Added **@PhillipWylie** on the Twitter-list
    35  -- [Health](/assets/health.md):
    36  - - **BSidesSF 2020 - Panel: Mental Health for Hackers (Chloé M • Ryan L • Susan P)**
    37  -### Changes
    38  -- Added a new section called [Cheat Sheets, Slides & More](/assets/cheat.md)
    39  -- Added a new subcategory in [Setup](/assets/setup.md) for Tools
    40  -- Added a sub category called [One Liners](/assets/cheat.md#One-Liners)
    41  -- Added a sub category called [Slides](/assets/cheat.md#Slides)
    42  -- Renamed "Media" to ["Media & Communities"](/assets/media.md)
    43  -- Added a new section called [Discord Servers](/assets/media.md#Discord-Servers) in "Media & Communities"
    44  -### Fixes
    45  -- fixed Notion Link
    46  -- fixed typo in Labs
    47  - 
    48  ----
    49  -## ___Update 2020.06___
    50  -### Added
    51  -- [Blogposts & Disclosed Reports](/assets/blogposts.md):
    52  - - **THEY SEE ME SCANNIN’, THEY HATIN’: A BEGINNER’S GUIDE TO NMAP** - by Sophia
    53  - - **How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber** - by Andrewaeva
    54  - - **Found Stored Cross-Site Scripting — What’s Next? — Privilege Escalation like a Boss** - by Harsh Bothra
    55  - - **How to Hack Database Links in SQL Server!** - by Antti Rantasaari
    56  - - **The Secret sauce of bug bounty** - by Mohamed Slamat
    57  - - **MY EXPENSE REPORT RESULTED IN A SERVER-SIDE REQUEST FORGERY (SSRF) ON LYFT** - by nahamsec
    58  - - **MY BUG BOUNTY JOURNEY!** - by Farah Hawa
    59  - - **Bypassing WAF to perform XSS** - by Kleitonx00
    60  -- [Labs](/assets/labs.md):
    61  - - **Will it CORS?**
    62  -- [Coding](/assets/coding.md):
    63  - - **Linux Beginner Boost**
    64  -- [Media](/assets/media.md):
    65  - - **rwxrob** as a streamer
    66  - - **ChaosComputerClub Germany Media Resources** under Misc
    67  - - **@ZephrFish** in Twitter List
    68  - - **@CalumBoal** in Twitter List
    69  - - **@_superhero1** in Twitter List
    70  - - **CRE** in Podcasts
    71  - - **Phrack** in Misc
    72  - - **CCC Luxembourg Podcast** in Podcasts
    73  -- [Tools](/assets/tools.md):
    74  - - **KeyHacks** in the Scanner section<br>
    75  - - **Notion** in the Notes section<br>
    76  - - **Joplin** in the Notes section<br>
    77  - - **Xmind** in the Notes section<br>
    78  - - **SpiderFoot** in the Recon section
    79  - - **Axiom** in the Notes section
    80  - - **webhook** in Misc
    81  - - **requestcatcher** in Misc
    82  - - **canarytokens** in Misc
    83  - - **Nmap command helper** in Scanner
    84  -- [Mindset & Mental Health](/assets/health.md):
    85  - - **Happy Hacking**
    86  -- [Basics](/assets/basics.md)
    87  - - **Computing Fundamentals**
    88  - - **Exeter Q-Step Resources**
    89  - 
    90  - - **Setup bugbounty hunting env on termux** - by @hahwul
    91  -### Changes
    92  - 
    93  -### Fixes
    94  - 
    95  ----
    96  -## ___Update 2020.05___
    97  -### Added
    98  -- [Media](/assets/media.md):
    99  - - New curated **Bug Bounty List** (Twitter)
    100  - - **Curated List of YT Channels** by TCM
    101  -- [Labs](/assets/labs.md):
    102  - - **Kontra Application Security Training**
    103  - - **Cyberseclabs**
    104  -- [Coding](/assets/coding.md):
    105  - - **Exercism**
    106  - - **CodeCademy**
    107  - - **Khan Academy**
    108  - - **Learn Python the Hard Way**
    109  - - **Udacity**
    110  - - **Bug Bounty with Bash**
    111  -- [Setup](/assets/setup.md):
    112  - - New Video by nahamsec: **Creating Wordlists for Pentesting & Bug Bounty**
    113  -- [Blogposts & Disclosed Reports](/assets/blogposts.md):
    114  - - **Piercing the Veal** by d0nut
    115  - - **Basic Bug Bounty FAQ** by dawgyg
    116  - - **How to Set up Certificate-Based SSH for Bug Hunting** by Mack Staples
    117  - - **Getting started in Cyber Security in 2019 – The Complete Guide** by ceos3c
    118  - - **WTF is a Bug Bounty?** by ceos3c
    119  - - **How to solve the INTIGRITI Easter XSS challenge using only Chrome Devtools** by STÖK
    120  - - **URL link spoofing (Slack)** by Akaki Tsunoda (akaki)
    121  - - **Subdomain Takeover to Authentication bypass** by geekboy
    122  - - **Zseano’s notes on hacking & mentoring** by Intigriti & Zseano
    123  - - **Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts** by Sam Curry
    124  -- [Mobile](/assets/mobile):
    125  - - **Android App Reverse Engineering 101** by Maddie Stone
    126  -- [Tools](/assets/tools.md):
    127  - - **Ghidra** -> Mobile
    128  - - **jadx** -> Mobile
    129  - - **nuclei** -> Recon & OSINT
    130  -- New Category: [Certifications](/assets/certs.md)
    131  - - Fot the moment one Cert: **OSCP**
    132  -- New Category: [Mindset & Mental Health](/assets/health.md)
    133  -### Changes
    134  -- Changed the formating of the Changelog starting this month to make it cleaner
    135  -- Removed the links for every new addition to its article.<br>
    136  -The headers for every category now links to their page instead.
    137  -- Changed the formatting of the **HTTP** Section in the **Basics** Category
    138  -- Changed **Blogposts** to -> **Blogposts & Disclosed Reports**
    139  -- Changed some of the formatting in the XSS Blogposts, cleaner now
    140  -### Fixes
    141  -- Fixed some layout errors
    142  -- Added missing Header in **Basics** Category
    143  -- Fixed Typos
    144  ----
    145  -## ___Update 2020.04___
    146  -### Added
    147  -- New in [Basics](/assets/basics.md)
    148  - - Added **Stanford CS 253 Web Security**
    149  -- New Category: [Hardware & IoT](/assets/hardware.md)
    150  - - Added **Exploitee.rs Wiki**
    151  -- New Category: [Coding & Scripting](/assets/coding.md)
    152  - - Added **Bash Scripting Full Course 3 Hours**
    153  - - Added **ShellCheck**
    154  - - Added **Explainshell**
    155  - - Added **Discovering the Terminal**
    156  - - Added **Text Processing in the Shell**
    157  -- New [Podcasts](/assets/media.md#Podcasts):
    158  - - **Darknet Diaries Episode 60** with dawgyg
    159  - - **The Bug Bounty Podscast Episode 3** with nahamsec
    160  -- New in [Tools](/assets/tools.md):
    161  - - **crithit**
    162  - - **objection - A new Mobile tool**
    163  - - **CyberChef**
    164  - - **RMS - Runtime Mobile Security**
    165  - - New Category: [Notes & Organization](/assets/tools.md#Notes-&-Organization)
    166  - - **Reconness** to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
    167  - - **Updog** to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
    168  - - New Category: [Burp Extensions](/assets/tools.md#Burp-Extensions)
    169  - - **Logger++** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
    170  - - **AuthMatrix** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
    171  - - **Autorize** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
    172  - - **Auto Repeater** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
    173  - - **Progress Tracker** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
    174  - - **Flow** to [Burp Extensions](/assets/tools.md#Burp-Extensions)
    175  -- New in [Labs](/assets/labs.md):
    176  - - **TryHackMe & Videos**
    177  -- New in Media:
    178  - - **@codingo_** now in Twitter-List
    179  -- New [Streamers](/assets/media.md#Streamers):
    180  - - [sup3rhero1](https://www.twitch.tv/sup3rhero1)
    181  - - [STÖK](https://www.twitch.tv/stokfredrik)
    182  -- New in [BlogPosts](/assets/blogposts.md):
    183  - - New Category: [API](/assets/blogposts.md#API)
    184  - - Added **31 Days of API Security Tips**- Misc
    185  - - Added **Blind SQL Injection on windows10.hi-tech.mail.ru** - SQLInjection
    186  - - Added **DOM XSS on app.starbucks.com via ReturnUrl** - DOMXSS
    187  - - Added **Email address of any user can be queried on Report Invitation GraphQL type when username is known** - GraphQL
    188  - - Added **External XML Entity via File Upload (SVG)** - File Upload
    189  - - Added **Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies** - HTTP Desync
    190  - - Added **gitGraber: A tool to monitor GitHub in real-time to find sensitive data** - by [@adrien_jeanneau](https://twitter.com/adrien_jeanneau) & [@R_Marot](https://twitter.com/R_marot)
    191  - - Added **2 Cases of Path Traversal** by [@leonishan_](https://twitter.com/leonishan_)
    192  - - Added **Google Bug Bounty Writeup- XSS Vulnerability** - by [@itsmepethu](https://twitter.com/itsmepethu)
    193  - - Added **Top 10 web hacking techniques of 2019** by [James Kettle](https://twitter.com/albinowax)
    194  - - Added **Recon: Create a methodology and start your subdomain enumeration** - by FailedNuke
    195  - - Added **Understanding Search Syntax on Github** - by Github
    196  -- New in [Mobile](/assets/mobile.md):
    197  - - [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources)
    198  -- New in [Vulnerabilities](/assets/vulns.md):
    199  - - New Video: **Cross-Site Scripting (XSS) Explained** -by PwnFunction
    200  -- New in [Setup](/assets/setup.md):
    201  - - Added **Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers**
    202  -### Changed
    203  -### Fixed
    204  - 
    205  - 
    206  ----
    207  -## ___Update 2020.03___
    208  -### Added
    209  -- New: [Smart Contracts](/assets/smartcon.md) (special thanks to [@0xatul](https://twitter.com/0xatul))
    210  - - New White-/yellowpapers in [Smart Contracts](/assets/smartcon.md):
    211  - **Bitcoin whitepaper & Ethereum yellowpaper**
    212  - - New **How to Audit a Smart Contract**
    213  -- New Smart Contracts Category under [Blogposts](/assets/blogposts.md#Smart-Contracts) and added two Writeups
    214  -- New in [Blogposts](/assets/blogposts.md):
    215  - - **10 Recon Tools for Bug Bounty**
    216  -- New in [Setup](/assets/setup.md):
    217  - - **Finding your First Bug and getting a Bounty with InsiderPhD**
    218  - - **Introduction to Docker for CTFs**
    219  -- New in [Vulnerabilities](/assets/vulns.md):
    220  - - **Finding your first Bug - CSRF**
    221  - - **CSRF-Basics**
    222  -- New in [Tools](/assets/tools.md):
    223  - - **Knockpy**
    224  -- New in [Labs](/assets/labs.md):
    225  - - **0l4bs for XSS**
    226  -- New in [Mobile](/assets/mobile.md):
    227  - - **Q&A with Android Hacker bagipro**
    228  - - **Introduction to Android Hacking**
    229  - - **Mobile Hacking Cheat Sheet**
    230  - - **Android Pentesting Github Repo by [Riddhi Shree](https://github.com/riddhi-shree)**
    231  - 
    232  -### Changed
    233  -- Nothing
    234  -### Fixed
    235  -- Format Issue in [Changelog](/assets/changelog.md)
    236  -- Changed Format in [README](/assets/README.md)
    237  - 
    238  ----
    239  -## ___Update 2020.02___
    240  -### Added
    241  -- New XSS Lab: **XSS Labs from PwnFunction**
    242  -- New Recon & OSINT Tool: **Reconness**
    243  -- New [IDOR Blogspost](/assets/blogposts.md#IDOR): **Automating BURP to find IDORs**
    244  -- New [Misc Blogpost](/assets/blogposts.md#Misc): **How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN**
    245  -- New Blogspost Category: [RCE](/assets/blogposts.md#RCE)
    246  - - New RCE Blogpost: **My First RCE (Stressed Employee gets me 2x bounty)**
    247  -- New Blogpost Cetegory: [Recon](/assets/blogposts.md#Recon)
    248  - - New Recon Blogpost/Guide: **Subdomain Recon Using Certificate Search Technique**
    249  -- New Vulnerabilities Post: **The 7 main XSS cases everyone should know**
    250  -- Added Jason Haddix to [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee))
    251  - 
    252  -### Changed
    253  -- Moved **Notes about Nahamsecs Recon Sessions** from [Misc](/assets/blogposts.md#Misc) to [Recon](/assets/blogposts.md#Recon)
    254  - 
    255  -### Fixed
    256  -- Typos in [Media](/assets/media.md) (contributed by [securibee](https://github.com/securibee))
    257  ----
    258  - 
    259  -## ___Update 2020.01___
    260  -### Added
    261  -- New changelog page
    262  -- New content in [Blogposts](/assets/blogposts.md)
    263  -- Designated section to get started with [Burp Suite](/assets/setup.md#setup)
    264  -- Link from the Burp Tool section to the setup guide
    265  -- Recon Pi to [Tools](/assets/tools.md#others)
    266  - 
    267  -### Changed
    268  -- Updated the Twitter Descriptions in [media.md](/assets/media.md)
    269  -- Cleaned up [Setup Page](/assets/setup.md)
    270  -- Cleaned up [Blogposts Page](/assets/blogposts.md)
    271  ----
    272  -back to [Intro Page](/README.md)
    273  - 
  • ■ ■ ■ ■ ■
    assets/coding.md
    skipped 7 lines
    8 8  But as often discussed on @nahamsec Twitch Channel, it is a good tool to have in General. Coding can help you a lot with understanding stuff that you will encounter on your Hacking Sessions, but it is also generally a good skill to have in the current times. You can automate your Tools with Python for example, or write completely new ones if you have a specific task for it in mind. We will add a lot more in here over the next updates and also reorganize the Resources by Languages and so on.
    9 9   
    10 10  TL,DR: ___Python___ and ___Bash___ are really good skills to have and start out with.
     11 + 
    11 12  ### Resources
    12 13  - [Bash Scripting Full Course 3 Hours](https://www.youtube.com/watch?v=e7BufAVwDiM)
    13 14  - [Explainshell](https://explainshell.com/)
    skipped 14 lines
  • ■ ■ ■ ■ ■ ■
    assets/hardware.md
    1  -# Resources-for-Beginner-Bug-Bounty-Hunters
    2  - 
    3  -## Hardware & IoT ⚙️
    4  - 
    5  -### Resources
    6  -- [Exploitee.rs Wiki](https://www.exploitee.rs/index.php/Main_Page) - IoT Wiki Page with a bunch of Info when getting into Hardware (provided by @securibee 🐝)
    7  ----
    8  -back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/labs.md
    1 1  # Resources-for-Beginner-Bug-Bounty-Hunters
    2 2   
    3 3  ## Labs & Testing Environments 🧪
     4 +- [NahamSec's Free Bug Bounty Learning Lab](https://tryhackme.com/room/nahamstore)
    4 5   
    5 6  ### Web Hacking Fundamentals
     7 + 
     8 +### Downloadables
     9 +- [NahamSec.Training](https://github.com/nahamsec/nahamsec.training/)
     10 +- [OWASP Juiceshop](https://owasp.org/www-project-juice-shop/)
     11 +- [Google Gruyere](https://google-gruyere.appspot.com/)
     12 +- [DVWA](http://www.dvwa.co.uk)
     13 +- [Metasploitable 3](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities)
     14 +- [Multidae](https://sourceforge.net/projects/mutillidae/)
     15 +- [Badstore](https://www.vulnhub.com/entry/badstore-123,41/)
    6 16   
    7 17  #### Free
    8 18  - [Hacker101](https://www.hacker101.com/) | Good Exercises for Beginners, can earn you private Invites on HackerOne
    9  -- [HackEdu](https://hackedu.io)
    10 19  - [Web Security Academy](https://portswigger.net/web-security)
    11 20  - [HackThisSite](https://hackthissite.org/)
    12 21  - [CTFChallenge](https://ctfchallenge.co.uk) | Web CTF based on real vulnerabilities
    13  -- [XSS-Game](https://xss-game.appspot.com/) | Learning Platform for XSS
    14 22  - [Hacksplaining](https://www.hacksplaining.com/)
    15 23   
    16 24   
    skipped 7 lines
    24 32  - [XSS Labs from PwnFunction](https://xss.pwnfunction.com/) Great Labs in a beautiful layout
    25 33   
    26 34  ### Vulnerable Apps
    27  -- [Google Gruyere](https://google-gruyere.appspot.com/)
    28  -- [DVWA](http://www.dvwa.co.uk)
    29  -- [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
    30  -- [Metasploitable 3](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities)
    31  -- [Multidae](https://sourceforge.net/projects/mutillidae/)
    32  -- [Badstore](https://www.vulnhub.com/entry/badstore-123,41/)
    33 35  - [https://application.security/ - SSRF](https://application.security/free-application-security-training/server-side-request-forgery-in-capital-one)
    34 36   
    35 37  #### XSS
    skipped 12 lines
    48 50   
    49 51  #### Premium
    50 52  - [TryHackMe](https://tryhackme.com/signup?referrer=nahamsec) | Cool Hacking & Pentesting Labs with Web Challenges
    51  - - Videos: [TryHackMe! Basic Penetration Testing](https://www.youtube.com/watch?v=xl2Xx5YOKcI) // [TryHackMe! EternalBlue/MS17-010 in Metasploit](https://www.youtube.com/watch?v=s6rwS7UuMt8) // [TryHackMe! OhSINT - METADATA & Research](https://www.youtube.com/watch?v=oF0TQQmFu4w)
    52 53  - [HackTheBox](https://www.hackthebox.eu/) | provides Testing Labs, some Web Application Challenges
    53 54  - [Cyberseclabs](https://www.cyberseclabs.co.uk/)
    54  -- [Kontra Application Security Training](https://application.security/free-application-security-training)
    55 55   
    56 56  ---
    57 57  back to [Intro Page](/README.md)
    skipped 1 lines
  • ■ ■ ■ ■ ■ ■
    assets/media.md
    skipped 7 lines
    8 8  - [YouTube Channels](#Youtube-Channels)
    9 9  - [Streamers](#Streamers)
    10 10  - [Podcasts](#Podcasts)
    11  -- [Books](#Books)
    12 11  - [Twitter](#Twitter)
    13 12  - [Misc](#Misc)
    14 13   
    skipped 5 lines
    20 19  - [TryHackMe](https://discord.gg/KsAEejZ)
    21 20  - [HackTheBox](https://discord.gg/FrRJ3Z8)
    22 21  - [TheCyberMentor](https://discord.gg/)
    23  -- [AshF0x - The F0xbox](https://discord.gg/RCTy5zS)
    24  -- [The Mayor](https://discord.gg/EN2ya9h)
    25  -- [Ceos3c](https://discord.gg/SBK3hkR)
    26 22  - [InsiderPhD](https://discord.gg/rdQcSk7a)
    27 23   
    28  -## Youtube Channels
     24 + 
     25 +## Cyber Security Content Creators
    29 26  - [Curated List of YT Channels](https://threader.app/thread/1248351836672872456) by TCM
    30 27  - [Nahamsec](https://www.youtube.com/nahamsec) - Educational Videos and VODs of his Stream, Vlogs
    31 28  - [STÖK](https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg) - Videos About Hacking, Live Events, Bug Bounty Tips & Vlogs
     29 +- [Bug Bounty Reports Explained](https://www.youtube.com/c/bugbountyreportsexplained/)
    32 30  - [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) - Educational Videos about CTFs, Hacking in General
    33  -- [TomNomNom](https://www.youtube.com/user/TomNomNomDotCom)- Educational Videos about Hacking, Scripting, Bug Bounty, Writing your own Tools
    34  -- [The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw) - Educational Videos about InfoSec, Penetration Testing, Web Security, Scripting, etc.
    35  -- [InsiderPhD](https://www.youtube.com/channel/UCPiN9NPjIer8Do9gUFxKv7A) - An excellent Introduction series for beginners to help them find their first bug.
    36  -- [PwnFunction](https://www.youtube.com/PwnFunction) explanatory videos about Web App vulnerabilities
    37  -- [DEFCONConference](https://www.youtube.com/user/DEFCONConference/videos) - Tons of Talks from Defcon.
     31 +- [John Hammond](https://www.youtube.com/@_JohnHammond)
     32 +- [The Cyber Mentor](https://www.youtube.com/TheCyberMentor) - Educational Videos about InfoSec, Penetration Testing, Web Security, Scripting, etc.
     33 +- [InsiderPhD](https://www.youtube.com/insiderphd) - An excellent Introduction series for beginners to help them find their first bug.
     34 +- [PwnFunction](https://www.youtube.com/PwnFunction)- Explanatory videos about Web App vulnerabilities
     35 +- [ippsec](https://www.youtube.com/ippsec)
    38 36  - [Jason Haddix](https://www.youtube.com/channel/UCk0f0svao7AKeK3RfiWxXEA) - VODs of his Stream
    39  -- [rwxrob](https://www.twitch.tv/rwxrob) - Linux God
    40  -- [bug Bounty Reports Explained](https://www.youtube.com/c/bugbountyreportsexplained/)
     37 +- [Farah Hawa](https://www.youtube.com/c/farahhawa)
     38 +- [Rana Khalil](https://www.youtube.com/@RanaKhalil101)
     39 +- [David Bombal](https://www.youtube.com/@davidbombal)
     40 +- [NetworkChuck](https://www.youtube.com/NetworkChuck)
     41 +- [PhD Security](https://www.youtube.com/@phd_security)
     42 +- [HackerSploit](https://www.youtube.com/HackerSploit)
    41 43   
    42 44  ## Streamers
    43  -- [Nahamsec](https://www.twitch.com/nahamsec) on Twitch
    44  -- [d0nutptr](https://www.twitch.tv/d0nutptr/) on Twitch
    45  -- [TheCyberMentor](https://twitch.tv/thecybermentor) on Twitch
    46  -- [TheBlindHacker](https://twitch.tv/theblindhacker) on Twitch
    47  -- [TheMayor](https://www.twitch.tv/themayor11) on Twitch
    48  -- [Ash_F0x](https://www.twitch.tv/ash_f0x)
    49  -- [mbcrump](https://www.twitch.tv/mbcrump)
     45 +- [Nahamsec](https://www.twitch.com/nahamsec)
     46 +- [0xtib3rius](https://www.twitch.tv/0xtib3rius)
     47 +- [alh4zr3d](https://www.twitch.tv/alh4zr3d)
     48 +- [d0nutptr](https://www.twitch.tv/d0nutptr/)
     49 +- [TheCyberMentor](https://twitch.tv/thecybermentor)
    50 50  - [thealtf4stream](https://www.twitch.tv/thealtf4stream)
    51  -- [dowright](https://www.twitch.tv/dowright)
     51 + 
     52 +## Conferences
    52 53  - [The Red Team Village](https://www.twitch.tv/redteamvillage)
     54 +- [NahamCon](https://www.youtube.com/@NahamSec)
     55 +- [Bsides Ahmedabad](https://www.youtube.com/@BSidesAhmedabad/videos)
    53 56   
    54 57  ## Podcasts
    55 58  - [Darknet Diaries](https://darknetdiaries.com/) by [Jack Rhysider](https://twitter.com/jackrhysider)
    56 59   - [Episode 60 with dawgyg](https://darknetdiaries.com/episode/60/)
    57  -- [The Bug Bounty Podcast](https://open.spotify.com/show/3yTTlfXH1avrI3FsXZyCpv) by Fisher
    58  - - [Episode 3 with nahamsec](https://anchor.fm/bugbountypodcast/episodes/Episode-3-ft--NahamSec-ebl392)
    59  -- [Bug Hunter Podcast](https://anchor.fm/bughunter)
    60  -- [CRE](https://cre.fm/) German Podcast - CRE ist ein unregelmäßig erscheinender Interview-Podcast mit Tim Pritlove zu Themen aus den Bereichen Technik, Kultur und Gesellschaft.
    61  - - [CRE197 IPv6](https://cre.fm/cre197-ipv6) Episode revolving around IPv6
    62 60  - [CCC Luxembourg Podcast](http://wiki.c3l.lu/doku.php?id=projects:entr0py_encore) Luxembourgish Podcast from CCC Lux.
    63  - 
    64  -## Books
    65  -- [Real-World Bug Hunting](https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616) by [Peter Yaworski](https://twitter.com/yaworsk)
    66  -- [The Web Application Hacker's Handbook](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/) by Dafydd Stuttard & Marcus Pinto
    67  -- [The Tangled Web: A Guide to Securing Modern Web Applications](https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886) by
    68  -Michal Zalewski
    69  -- [Web Hacking 101: How to Make Money Hacking Ethically](https://leanpub.com/web-hacking-101) by [Peter Yaworski](https://twitter.com/yaworsk)
    70  -- [Black Hat Go](https://nostarch.com/blackhatgo) by Tom Steele, Chris Patten, and Dan Kottmann
    71  -- [Black Hat Python](https://nostarch.com/blackhatpython) by Justin Seitz
    72  -- [The Linux Command Line](https://nostarch.com/tlcl2) by William Shotts
    73  - 
    74  -In general ["no starch press"](https://nostarch.com/catalog/security) offers great books in the hacking category. [Humble Bundle](https://www.humblebundle.com) sometimes offers great book deals for an awesome price, so have a eye out for those.
     61 +- [Critical Thinking: A Bug Bounty Podcast](https://open.spotify.com/show/4GiJnv8f4a4ZR6Jc6TQJ3k)
    75 62   
    76 63  ## Twitter
    77 64   
    skipped 196 lines
  • ■ ■ ■ ■ ■ ■
    assets/smartcon.md
    1  -# Resources-for-Beginner-Bug-Bounty-Hunters
    2  - 
    3  -## Smart Contracts 📜
    4  - 
    5  -### Bitcoin whitepaper & Ethereum yellowpaper - cruicial to undestand how those work:
    6  -- [Bitcoin whitepaper](https://bitcoin.org/bitcoin.pdf)
    7  -- [Ethereum yellowpaper](https://ethereum.github.io/yellowpaper/paper.pdf)
    8  -- [How to Audit a Smart Contract](https://blockgeeks.com/guides/audit-smart-contract/) - Blockgeeks
    9  ----
    10  -back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/tools.md
    skipped 17 lines
    18 18  | Name | Description | Written in | Created by |
    19 19  |------ |------------- |------------ |------------- |
    20 20  |[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free & paid version). [Here](/assets/setup.md#setup) you can find Tips & Tricks to get started with Burp.|Java|Port Swigger|
    21  -|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP|
     21 +|[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP
     22 +|[Caido](https://caido.io/)|A lightweight web security auditing toolkit.|Web|Caido|
    22 23  |[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.|C, C++|The Wireshark team|
    23 24   
    24 25  ### Burp Extension
    25 26  | Name | Description | Written in |
    26 27  |------ |------------- |------------ |
    27 28  |[Logger++](https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81)|"This extension can be used to log the requests and responses made by all Burp tools, and display them in a sortable table. It can also save the logged data in CSV format."|Java|
    28  -|[Flow](https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d)|"This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools."|Java|
    29 29  |[AuthMatrix](https://portswigger.net/bappstore/30d8ee9f40c041b0bfec67441aad158e)|"AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are displayed through the UI in a similar format to that of an access control matrix commonly built in various threat modeling methodologies."|Python (Needs Jython version 2.7.0 or later)|
    30 30  |[Autorize](https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f)|"Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities..."|Python (Needs Jython)|
    31  -|[Auto Repeater](https://portswigger.net/bappstore/f89f2837c22c4ab4b772f31522647ed8)|"This extension automatically repeats requests, with replacement rules and response diffing. It provides a general-purpose solution for streamlining authorization testing within web applications."|Java|
    32  -|[Progress Tracker](https://portswigger.net/bappstore/17544cadcec64dcf8ed68df8518592e4)|"Burp Suite extension to track vulnerability assessment progress"|Python|
     31 +|[Autorize](https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f)|"Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities..."|Python (Needs Jython)|
     32 +|[Burp Bounty](https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a)|"Burp Bounty helps Burp Suite Professional users to quickly and easily build their own scan checks for use with Burp Scanner"||
     33 +|[Param Miner](https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943)|"Built to identify hidden, unlinked parameters, Param Miner is very useful when hunting for web cache poisoning vulnerabilities"||
     34 + 
     35 +### Asset Discovery
     36 +| Name | Description
     37 +|------ |-------------
     38 +|[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|
     39 +|[BuiltWith](https://builtwith.com)|A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built.|
     40 +|[subfinder](https://github.com/projectdiscovery/subfinder)|subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.|
     41 +|[dnsgen]()|generates a combination of domain names from the provided input.|
     42 + 
     43 +### Fuzzing
     44 +| Name | Description |
     45 +|------ |------------- |
     46 +|[FFuF](https://github.com/ffuf/ffuf)|A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable.|
     47 +|[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites|
     48 +|[FeroxBuster](https://github.com/epi052/feroxbuster)|A simple, fast, recursive content discovery tool written in Rust|
    33 49   
    34  -### Recon, OSINT & Discovery
    35  -| Name | Description | Written in | Created by |
    36  -|------ |------------- | ------------ |------------- |
    37  -|[FFuF](https://github.com/ffuf/ffuf)|A very fast Fuzzing Tool to brute force directories or other parameters. Highly configurable.|Go||
    38  -|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.|Python|Ahmed Aboul-Ela|
    39  -|[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites.|Python|Mauro Soria|
    40  -|[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|Go|OWASP|
    41  -|[BuiltWith](https://builtwith.com)|A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built.||BuiltWith®|
    42  -|[findomain](https://github.com/Edu4rdSHL/findomain)|Very fast cross-platform subdomain enumerator|Rust|[Eduard Tolosa](https://github.com/Edu4rdSHL)|
    43  -|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain|Go|[Tom Hudson](https://github.com/tomnomnom)|
    44  -|[meg](https://github.com/tomnomnom/meg)|meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.|Go|[Tom Hudson](https://github.com/tomnomnom)|
    45  -|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working http and https servers.|Go|[Tom Hudson](https://github.com/tomnomnom)|
    46  -|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning|Python|[j3ssie](https://github.com/j3ssie)|
    47  -|[hakrawler](https://github.com/hakluke/hakrawler)|hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover Forms, Endpoints, Subdomains, Related documents and JS Files|Go|[@hakluke](https://twitter.com/hakluke)|
    48  -|[Reconness](https://github.com/reconness)|A Web App Tool to Run and Keep all your #recon in the same place.|C#|[@reconness](https://twitter.com/reconness)|
    49  -|[Knockpy](https://github.com/guelfoweb/knock)|A python tool designed to enumerate subdomains on a target domain through a wordlist|Python|[@guelforweb](http://twitter.com/guelfoweb)|
    50  -|[crithit](https://github.com/codingo/crithit)|Takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.|C++|[codingo](https://github.com/codingo)|
    51  -|[nuclei](https://github.com/projectdiscovery/nuclei)|"Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use."|Go|[ProjectDiscovery](https://github.com/projectdiscovery)|
    52  -|[SpiderFoot](https://github.com/smicallef/spiderfoot)|SpiderFoot is an OSINT automation tool that queries over 100 data sources to build up a complete profile of your target, from host enumeration, to breached e-mail addresses and more.|Python|[SpiderFoot](http://twitter.com/spiderfoot)|
    53  -|[subfinder](https://github.com/projectdiscovery/subfinder)|subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.|Go|[ProjectDiscovery](https://github.com/projectdiscovery)|
    54  -|[SUBway](https://github.com/Sam-Lane/subway)|Enumerate subdomains by either using DNS lookup or by virtual hosting HTTP requests, useful for things like Hack The Box or Try Hack Me. SUBway requires a wordlist to use for subdomain discovery, SecLists is the recomended pairing for use with this tool.|Go|[Sam Lane](https://github.com/Sam-Lane)|
     50 + 
     51 +### Content Discovery
     52 +| Name | Description |
     53 +|------ |------------- |
     54 +|[meg](https://github.com/tomnomnom/meg)|meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.|
     55 +|[httpx](https://github.com/projectdiscovery/httpx)|A fast and multi-purpose HTTP toolkit that allows running multiple probes.|
     56 +|[hakrawler](https://github.com/hakluke/hakrawler)|hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover Forms, Endpoints, Subdomains, Related documents and JS Files|
     57 +|[nuclei](https://github.com/projectdiscovery/nuclei)|"Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use."|
     58 +|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain|
    55 59   
     60 +### Recon Framework
     61 +| Name | Description |
     62 +|------ |------------- |
     63 +|[meg](https://github.com/six2dez/reconftw)| Automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.|
     64 +|[sn1per](https://github.com/1N3/Sn1per)|Discover hidden assets and vulnerabilities in your environment.|
     65 +|[Spiderfoot](https://github.com/smicallef/spiderfoot)| An open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.|
     66 +|[reNgine](https://github.com/yogeshojha/rengine)| reNgine is a web application reconnaissance suite with a focus on a highly configurable streamlined recon process.|
     67 +|[AutoRecon](https://github.com/Tib3rius/AutoRecon)| AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP).|
     68 +|[Osmedeus](https://github.com/j3ssie/osmedeus)| A Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.|
    56 69   
    57  -#### OSINT Webpages
     70 +#### OSINT Search Engines
    58 71  | Name | Description | Created by |
    59 72  |------ |------------- |------------- |
    60  -|[Recon.Dev](https://www.recon.dev)|Recon Data specifically created for bug bounty hunters|[NahamSec & StaticFlow](https://www.recon.dev)|
    61 73  |[hunter.io](https://www.hunter.io)|Email Enumeration for big corps|[Hunter Team](https://hunter.io/about)|
    62 74  |[intelx.io](https://intelx.io/)|Swiss army Knife of OSINT|[Intelligence X](https://twitter.com/_IntelligenceX)|
    63 75  |[Shodan](https://www.shodan.io/)|Search engine that lets you find systems connected to the internet with a variety of filters|John Matherly|
    64 76  |[Censys](https://censys.io)|"Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet."|[Censys](https://censys.io/company)|
    65  -|[Lookyloo](https://lookyloo.circl.lu/scrape)|Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. [Github Page of the Project](https://github.com/CIRCL/lookyloo) |[CIRCL](https://circl.lu/)|
    66  -|[Spyse.com](https://spyse.com/)|New Search Engine made for pentesters and cyber security specialists|[Spyse Team](https://spyse.com/about)|
    67 77  |[crt.sh](https://crt.sh)|SSL certificate search tool|[Sectigo](https://sectigo.com/)|
    68 78  |[Virus Total](https://www.virustotal.com)|WHOIS, DNS, and subdomain recon|[Virus Total Team](https://support.virustotal.com/hc/en-us/categories/360000160117-About-us)|
    69 79  |[ZoomEye](https://www.zoomeye.org/)|Search engine for specific network components|[Team from Knownsec](https://www.knownsec.com/)|
    70 80  |[NerdyData](https://nerdydata.com/)|Search Engine for Source Code|[NerdyData](https://www.crunchbase.com/organization/nerdydata)|
    71 81  |[Crunchbase](https://www.crunchbase.com/)|For finding Information about Businesses and their acquisitions|[TechCrunch](https://techcrunch.com)|
    72 82  |[Searchcode](https://searchcode.com/)|Helping you find real world examples of functions, API's and libraries over 90 languages across multiple sources|[searchcode](https://searchcode.com/about/#team)|
    73  - 
    74 83   
    75 84   
    76  - 
    77 85  ### Exploitation
    78 86  | Name | Description | Written in | Created by |
    79 87  |------ |------------- | ------------ |------------- |
    skipped 5 lines
    85 93  |[Masscan](https://github.com/robertdavidgraham/masscan)|This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.|C|Robert David Graham|
    86 94  |[KeyHacks](https://github.com/streaak/keyhacks)|Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.|/|streaak|
    87 95  |[Nmap command helper](https://competent-goldberg-e5eefe.netlify.app/)|A tool that helps you with nmap commands. Has a build in training feature to help memorizing them.||0x0n0x|
    88  -|[threader3000](https://github.com/dievus/threader3000)|Threader3000 is a script written in Python3 that allows multi-threaded port scanning. The program is interactive and simply requires you to run it to begin. Once started, you will be asked to input an IP address or a FQDN as Threader3000 does resolve hostnames. A full port scan should take less than 1 minute 30 seconds depending on your internet connection.|Python|[Joe Helle](https://github.com/dievus),[Tittimus](https://github.com/Sam-Lane),[plasticuproject](https://github.com/plasticuproject)|
     96 + 
    89 97  ### Mobile Hacking
    90 98  | Name | Description | Written in | Created by |
    91 99  |------ |------------- | ------------ |------------- |
    skipped 21 lines
    113 121  | Name | Description | Written in | Created by |
    114 122  |------ |------------- | ------------ |------------- |
    115 123  |[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.||Daniel Miessler|
     124 +|[AssetNote's Wordlists](https://wordlists.assetnote.io/)| Collection of wordlists created by AssetNote.|AssetNote.io|
    116 125  |[Recon Pi](https://github.com/x1mdev/ReconPi)|A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.||[@x1m_martijn](https://twitter.com/x1m_martijn)|
    117 126  |[CyberChef](https://gchq.github.io/CyberChef/)|Awesome Tool for de-/encoding stuff. Try it out!|JavaScript|[gchq](https://github.com/gchq)|
    118 127  |[webhook.site](https://webhook.site)|Webhook.site allows you to easily test, inspect, forward and create Custom Actions for any incoming HTTP request or e-mail.||[fredsted](https://github.com/fredsted)|
    skipped 6 lines
  • ■ ■ ■ ■ ■
    assets/vulns.md
    1 1  # Resources-for-Beginner-Bug-Bounty-Hunters
    2 2   
    3 3  ## Vulnerabilities 💉
    4  -This page is created to help hackers understand a specific vulnerability type in details. If you would like to read blog posts and see example vulnerability, please read the [blog posts](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/blogsposts.md) page
     4 +This page is created to help hackers understand a specific vulnerability type in details.
    5 5   
    6  -### Online Resources
     6 +- If you would like to get some hands on experience by hacking more in detailed labs, please read the [labs](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/labs.md) page
     7 +- If you would like to read blog posts and see example vulnerability, please read the [blog posts](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/assets/blogsposts.md) page
     8 + 
     9 +### Online Resources & Frameworks
    7 10  - [Owasp Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)
     11 + - [TryHackMe's OWASP Top 10 Room](https://tryhackme.com/room/owasptop10)
     12 + - [OWASP top 10 by Snyk](https://learn.snyk.io/learning-paths/owasp-top-10/javascript/)
    8 13  - [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
    9 14  - [Bug Bounty Cheat Sheets](https://github.com/EdOverflow/bugbounty-cheatsheet) - by EdOverflow
     15 +- [WebSecurity Academy by PortSwigger](https://portswigger.net/web-security/)
    10 16  ---
     17 + 
     18 +As we start to build this repository, we'll be adding more vulnerability types and resources for each one.
    11 19   
    12 20  ## Cross-Site Scripting (XSS)
    13  -As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.
    14  - 
    15  -- [Hacker101](https://www.hacker101.com/sessions/xss)
     21 +XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.
     22 +### Reading Material
     23 +- [WebSec Academy - Cross-Site Scripting](https://portswigger.net/web-security/cross-site-scripting)
    16 24  - [OWASP XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
     25 +- [XSS Filter Evasion Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html)
     26 +- [Cross-site scripting - Executing untrusted JavaScript in a trusted context](https://learn.snyk.io/lessons/xss/javascript/)
    17 27  - [A comprehensive tutorial on cross-site scripting](https://excess-xss.com)
    18  -- [Google Application Security (XSS Guide)](https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/)
    19  -- [What is PHP and why is XSS so common there?](https://www.youtube.com/watch?v=Q2mGcbkX550) - by LiveOverflow
    20  -- [Finding Your First Bug: Cross Site Scripting (XSS)](https://www.youtube.com/watch?v=IWbmP0Z-yQg) - by InsiderPhD
    21 28  - [The 7 main XSS cases everyone should know](https://brutelogic.com.br/blog/the-7-main-xss-cases-everyone-should-know/) - [brutelogic](https://brutelogic.com.br/blog/about/)
     29 +### Video Content
    22 30  - [Cross-Site Scripting (XSS) Explained](https://www.youtube.com/watch?v=EoaDgUgS6QA) - by PwnFunction
     31 +- [Finding Your First Bug: Cross Site Scripting (XSS)](https://www.youtube.com/watch?v=IWbmP0Z-yQg) - by InsiderPhD
     32 +### Labs
     33 +- [WebSec Academy - Labs](https://portswigger.net/web-security/all-labs#cross-site-scripting)
     34 +- [xssLABS](https://www.xsslabs.com/)
     35 +- [Codelatte](https://codelatte.id/labs/xss/)
     36 +- [Google XSS Game](https://xss-game.appspot.com/)
     37 +- [Pwnfunction XSS](https://xss.pwnfunction.com/)
    23 38   
    24 39  ## Cross-Site Request Forgery (CSRF)
     40 +### Reading Material
     41 +- [WebSec Academy - CSRF](https://portswigger.net/web-security/csrf)
     42 +- [CSRF-Basics](https://princetechhavenz.wordpress.com/2019/12/11/csrf-basics/) - by Princethilak
     43 +- [Cross Site Request Forgery (CSRF) by Snyk](https://snyk.io/learn/csrf-cross-site-request-forgery/)
     44 +### Videos
    25 45  - [Cross-Site Request Forgery Attack](https://www.youtube.com/watch?v=eWEgUcHPle0) - by PwnFunction
    26  -- [CSRF-Basics](https://princetechhavenz.wordpress.com/2019/12/11/csrf-basics/) - by Princethilak
    27 46  - [Finding Your First Bug: Cross-Site Request Forgery](https://www.youtube.com/watch?v=ULvf6N8AL2A) - by Insider PhD
    28  - 
    29  -## XML External Entities (XXE)
    30  -- [XML External Entities ft. JohnHammond](https://www.youtube.com/watch?v=gjm6VHZa_8s) - by PwnFunction
     47 +- [Cross Site Request Forgery - Computerphile](https://www.youtube.com/watch?v=vRBihr41JTo)
     48 +### Labs
     49 +- [WebSec Academy - CSRF Labs]https://portswigger.net/web-security/all-labs)
    31 50   
    32 51  ## Insecure Direct Object Reference (IDOR)
     52 +### Reading Material
     53 +- [WebSec Academy - Insecure direct object references (IDOR) By PortSwigger](https://portswigger.net/web-security/access-control/idor)
     54 +- [Insecure Direct Object Reference (IDOR) by Intigriti](https://blog.intigriti.com/hackademy/idor/)
     55 +- [IDOR tutorial hands-on – OWASP Top 10 training](https://thehackerish.com/idor-tutorial-hands-on-owasp-top-10-training/)
     56 +### Videos
    33 57  - [Insecure Direct Object Reference Vulnerability](https://www.youtube.com/watch?v=rloqMGcPMkI) - by PwnFunction
    34 58  - [Finding Your First Bug: Manual IDOR Hunting](https://www.youtube.com/watch?v=gINAtzdccts) - by Insider PhD
    35 59  - [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - by STÖK & Fisher
     60 +### Labs
     61 +- (WebSec Academy - IDOR Lab)[https://portswigger.net/web-security/access-control/lab-insecure-direct-object-references]
     62 +- (IDOR on TryHackMe)[https://tryhackme.com/room/idor]
     63 +- (Corridor on TryHackMe)[https://tryhackme.com/room/corridor]
    36 64   
    37  -## Open Redirect
    38  -- [Open Redirect Vulnerability](https://www.youtube.com/watch?v=4Jk_I-cw4WE) - by PwnFunction
     65 +## Server-Side Request Forgery
     66 +### Reading Material
     67 +- [WebSec Academy - Server-Side Request Forgery](https://portswigger.net/web-security/ssrf)
     68 +- [SSRF by OWASP](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)
     69 +- [What is server-side request forgery (SSRF)?](https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/)
     70 +- [Server-side request forgery - Unintended access to internal resources via exploited serve](https://learn.snyk.io/lessons/ssrf-server-side-request-forgery/javascript/)
     71 +- [SSRF vulnerabilities and where to find them](https://labs.detectify.com/2022/09/23/ssrf-vulns-and-where-to-find-them/)
     72 +### Videos
     73 +- (Find and Exploit Server-Side Request Forgery (SSRF))[https://www.youtube.com/watch?v=eVI0Ny5cZ2c]
     74 +- (Server-Side Request Forgery (SSRF) | Complete Guide)[https://www.youtube.com/watch?v=ih5R_c16bKc&t=1s]
     75 +- [SSRF in 100 seconds](https://www.youtube.com/watch?v=3dKavgfL2pA)
     76 +- [How To Search For SSRF!](https://www.youtube.com/watch?v=Ku6CK3Aes8Y)
     77 +- [How to exploit a blind SSRF?](https://www.youtube.com/watch?v=o6AJH9PFEd4)
    39 78   
    40  -## HTTP Parameter Pollution
    41  -- [HTTP Parameter Pollution Attacks](https://www.youtube.com/watch?v=QVZBl8yxVX0) - by PwnFunction
    42  - 
    43  -## Logic Errors
    44  -- [Finding Your First Bug: Business Logic Errors](https://www.youtube.com/watch?v=RobCqW2KwGs) - by InsiderPhD
     79 +### Labs
     80 +- [WebSec Academy - Server-Side Request Forgery Labs](https://portswigger.net/web-security/all-labs#server-side-request-forgery-ssrf)
     81 +- [WebSec Academy - Blind SSRF vulnerabilities](https://portswigger.net/web-security/ssrf/blind)
     82 +- [Server-Side Request Forgery (SSRF) vulnerable Lab](https://github.com/incredibleindishell/SSRF_Vulnerable_Lab)
     83 +- [Server-Side Request Forgery on TryHackMe](https://tryhackme.com/room/seasurfer)
     84 +## XML External Entities (XXE)
     85 +### Reading Material
     86 +- [WebSec Academy - XML External Entity (XXE) injection](https://portswigger.net/web-security/xxe)
     87 +- [XML External Entity (XXE) Processing by OWASP](https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing)
     88 +- [How to Find XXE Bugs: Severe, Missed and Misunderstood by Luke Stephens](https://www.bugcrowd.com/blog/how-to-find-xxe-bugs/)
     89 +### Videos
     90 +- [XML External Entities ft. JohnHammond](https://www.youtube.com/watch?v=gjm6VHZa_8s) - by PwnFunction
     91 +- [How to search for XXE!](https://www.youtube.com/watch?v=0DQnWalxYb4)
     92 +- [How to run an XXE injection via an SVG Image Upload!](https://www.youtube.com/watch?v=lbLV0jISMjY)
     93 +### Labs
     94 +- [WebSec Academy - XML External Entity (XXE) Labs](https://portswigger.net/web-security/all-labs#xml-external-entity-xxe-injection)
     95 +- [XXE Lab (On GitHub)](https://github.com/jbarone/xxelab)
    45 96   
    46  -## Remote Code Execution
    47  -- [Finding Your First Bug: Goal Setting / Remote Code Execution (RCE)](https://www.youtube.com/watch?v=5BTvTE3gEq8) - by InsiderPhD
    48 97  ---
    49 98  back to [Intro Page](/README.md)
    50 99   
Please wait...
Page is in error, reload to recover