crash.software
Projects
Pull Requests
Issues
Builds
Resources-for-Beginner-Bug-Bounty-Hunters
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Resources-for-Beginner-Bug-Bounty-Hunters Commits b04fd281
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    assets/basics.md
    skipped 39 lines
    40 40  https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records--cms-24704
    41 41  - Intermediate Security Testing with Kali Linux 2
    42 42  http://www.penguintutor.com/linux/basic-network-reference
     43 +- [Network Fundamentals](https://www.youtube.com/playlist?list=PLDQaRcbiSnqF5U8ffMgZzS7fq1rHUI3Q8), A 19 part Video Series about Networking well explained for Beginners
    43 44   
    44 45   
    45 46  ## Programming Basics
    skipped 12 lines
    58 59  https://www.codecademy.com/learn/learn-sql
    59 60  http://www.sqlcourse.com/
    60 61   
    61  -### Automation
     62 +## Automation
    62 63  You are welcome to skip this section if you think you’ll never need any automation or in depth web application knowledge. However I think learning bash in addition to one the following four languages may help you work smarter rather than harder.
    63 64  - Bash
    64  -https://www.learnshell.org/
     65 + - https://www.learnshell.org/
     66 + - https://explainshell.com/
    65 67  - Ruby
    66  -https://www.learnrubyonline.org/
     68 + - https://www.learnrubyonline.org/
    67 69  - Python
    68  -https://docs.python.org/3/tutorial/
     70 + - https://docs.python.org/3/tutorial/
    69 71  - Additional Resources:
    70 72   - https://www.codecademy.com/learn/paths/web-development
    71 73   - https://docs.python.org/3/tutorial/
    skipped 6 lines
  • ■ ■ ■ ■ ■ ■
    assets/blogposts.md
    skipped 7 lines
    8 8   - [CSP Bypass](#CSP-Bypass)
    9 9  - [SSRF](#SSRF)
    10 10  - [Vulnerability Scanning](#Vulnerability-Scanning)
     11 +- [Token / Authentication](#Token-/-Authentication)
     12 +- [SQL Injection](#SQL-Injection)
     13 +- [Mobile](#Mobile)
     14 + - [iOS](#iOS)
     15 + - [Android](#Android)
     16 +- [HTTP Desync](#HTTP-Desync)
     17 +- [File Upload](#File-Upload)
     18 +- [Automation](#Automation)
     19 +- [Misc](#Misc)
    11 20  ## XSS
    12 21  You can find a ton of awesome XSS reports by searching through the HackerOne Hacktivity Page (https://hackerone.com/hacktivity?querystring=XSS). Here are some more complex and some of my favorite XSS related blog posts:
     22 + 
     23 +- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) - by LiveOverflow
     24 + - [The Fix](https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa)
    13 25   
    14 26  ### DOM XSS
    15 27  - https://hackerone.com/reports/297968
    skipped 13 lines
    29 41  ## SSRF
    30 42  - [DEF CON 27 Conference - Ben Sadeghipour - Owning The Clout Through Server Side Request Forgery](https://www.youtube.com/watch?v=o-tL9ULF0KI)<br>- Nahamsec & daeken | DEFCON 2019
    31 43  - [Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks](https://peertube.opencloud.lu/videos/watch/40f39bfe-6d3c-40f5-bcab-43f20944ca6a)<br>- Alyssa Herrera | Hack.lu 2019
     44 +- [Vimeo upload function SSRF](https://medium.com/@dPhoeniixx/vimeo-upload-function-ssrf-7466d8630437) - by Sayed Abdelhafiz
     45 + 
    32 46   
    33 47  ## Vulnerability Scanning
    34 48  - [NMAP For Vulnerability Discovery](https://www.peerlyst.com/posts/nmap-for-vulnerability-discovery-sachin-wagh) - by Sachin Wagh
     49 + 
     50 +## Token / Authentication
     51 +- [Abusing feature to steal your tokens](https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74) - by Harsh Jaiswal
     52 +- [How I was able to bypass OTP code requirement in Razer [The story of a critical bug]](https://medium.com/bugbountywriteup/how-i-was-able-to-bypass-otp-token-requirement-in-razer-the-story-of-a-critical-bug-fc63a94ad572?) - by Ananda Dhakal
     53 + 
     54 + 
     55 +## SQL Injection
     56 +- [Time-Based Blind SQL Injection In GraphQL](https://medium.com/bugbountywriteup/time-based-blind-sql-injection-in-graphql-39a25a1dfb3c) - Divyanshu Shukla
     57 +- [SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database](https://hackerone.com/reports/531051) - by spaceraccoon
     58 + 
     59 +## Mobile
     60 +### iOS
     61 +- [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - by spaceraccoon
     62 +## Android
     63 +- [A deep dive into reversing Android pre-Installed apps](https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf) and the [BlackHat Talk](https://www.youtube.com/watch?v=U6qTcpCfuFc) - by Maddie Stone
     64 + 
     65 +## HTTP Desync
     66 +- [HTTP Desync Attacks: Request Smuggling Reborn](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) in combination with this [report](https://hackerone.com/reports/510152) - by James Kettle
     67 +- [HTTP Request Smuggling on vpn.lob.com](https://hackerone.com/reports/694604) - by 0X0 (painreigns)
     68 + 
     69 +## File Upload
     70 +- [Webshell via File Upload on ecjobs.starbucks.com.cn](https://hackerone.com/reports/506646) - by johnstone
     71 + 
     72 +## Automation
     73 +- [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a) - by Mohd Shibli
     74 +- [Beginner’s Guide to recon automation](https://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb) - by Ashish Jha
     75 +- [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - by STÖK & Fisher
     76 + 
     77 +## Misc
     78 +- [Writing a Simple Buffer Overflow Exploit](https://www.youtube.com/watch?v=oS2O75H57qU) - by LiveOverflow
     79 + 
    35 80  ---
    36 81  back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■
    assets/mobile.md
    skipped 5 lines
    6 6  ## Getting Started
    7 7  - [The Mobile Application Hacker’s Handbook](http://amzn.to/2cVOIrE)
    8 8  - [iOS Application Security](http://amzn.to/2d9yo7m)
     9 +- [From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13](https://spaceraccoon.dev/from-checkra1n-to-frida-ios-app-pentesting-quickstart-on-ios-13) - by spaceraccoon
    9 10   
    10 11  ## Tools
    11 12  Tools specific for mobile hacking can be found [here](/assets/tools.md#mobile-hacking).
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    assets/setup.md
    skipped 10 lines
    11 11  https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything
    12 12  - Setting up Burp
    13 13  https://www.hacker101.com/playlists/burp_suite
     14 +- Burp Suite Introduction
     15 +https://github.com/bugcrowd/bugcrowd_university/blob/master/An_introduction_to_Burp_Suite/Bugcrowd%20University%20-%20Burp%20Suite%20Introduction.pdf - by Jason Haddix
    14 16  - Previously Disclosed Vulnerabilities
    15 17  https://hackerone.com/hacktivity
    16 18   
    skipped 2 lines
  • ■ ■ ■ ■ ■
    assets/tools.md
    skipped 26 lines
    27 27  |[dirsearch](https://github.com/maurosoria/dirsearch)|dirsearch is a simple command-line tool designed to brute force directories and files in websites.|Python|Mauro Soria|
    28 28  |[Amass](https://github.com/OWASP/Amass)|Uses a variety of different techniques to gather subdomains and can build a network map of the target. Very good export options.|Go|OWASP|
    29 29  |[BuiltWith](https://builtwith.com)|A very handy Browser Extension (for Chrome, Firefox) that checks for more than 18,000 types of internet technologies. Gives you a very quick glance on what a Web Application is built.||BuiltWith®|
    30  -|[hunter.io](https://www.hunter.io)|Email Enumeration for big corps|||
    31  -|[intelx.io](https://intelx.io/)|Swiss army Knife of OSINT|||
    32  -|[Shodan](https://www.shodan.io/)||||
    33  -|[Censys](https://censys.io)||||
     30 +|[findomain](https://github.com/Edu4rdSHL/findomain)|Very fast cross-platform subdomain enumerator|Rust|[Eduard Tolosa](https://github.com/Edu4rdSHL)|
     31 +|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain|Go|[Tom Hudson](https://github.com/tomnomnom)|
     32 +|[meg](https://github.com/tomnomnom/meg)|meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.|Go|[Tom Hudson](https://github.com/tomnomnom)|
     33 +|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working http and https servers.|Go|[Tom Hudson](https://github.com/tomnomnom)|
     34 +|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning|Python|[j3ssie](https://github.com/j3ssie)|
     35 + 
     36 +#### OSINT Webpages
     37 +| Name | Description | Created by |
     38 +|------ |------------- |------------- |
     39 +|[hunter.io](https://www.hunter.io)|Email Enumeration for big corps|[Hunter Team](https://hunter.io/about)|
     40 +|[intelx.io](https://intelx.io/)|Swiss army Knife of OSINT|[Intelligence X](https://twitter.com/_IntelligenceX)|
     41 +|[Shodan](https://www.shodan.io/)|Search engine that lets you find systems connected to the internet with a variety of filters|John Matherly|
     42 +|[Censys](https://censys.io)|"Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet."|[Censys](https://censys.io/company)|
     43 +|[Lookyloo](https://lookyloo.circl.lu/scrape)|Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other. [Github Page of the Project](https://github.com/CIRCL/lookyloo) |[CIRCL](https://circl.lu/)|
     44 +|[Spyse.com](https://spyse.com/)|New Search Engine made for pentesters and cyber security specialists|[Spyse Team](https://spyse.com/about)|
     45 +|[crt.sh](https://crt.sh)|SSL certificate search tool|[Sectigo](https://sectigo.com/)|
     46 +|[Virus Total](https://www.virustotal.com)|WHOIS, DNS, and subdomain recon|[Virus Total Team](https://support.virustotal.com/hc/en-us/categories/360000160117-About-us)|
    34 47  ### Exploitation
    35 48  | Name | Description | Written in | Created by |
    36 49  |------ |------------- | ------------ |------------- |
    skipped 8 lines
    45 58  |------ |------------- | ------------ |------------- |
    46 59  |Frida||||
    47 60  |[dex2jar](https://github.com/pxb1988/dex2jar)|Useful to convert dex files into jar to decompile the application.|Java, Smali|Bob Pan|
     61 +|[andriller](https://github.com/den4uk/andriller)|Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. [andriller.com](https://www.andriller.com/)|Python|[Denis Sazonov](https://github.com/den4uk)|
    48 62   
    49 63  ### Others
    50 64  | Name | Description | Written in | Created by |
    skipped 5 lines
  • ■ ■ ■ ■ ■ ■
    assets/vulns.md
    skipped 4 lines
    5 5  ### Online Resources
    6 6  - [Owasp Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)
    7 7  - [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
     8 +- [Bug Bounty Cheat Sheets](https://github.com/EdOverflow/bugbounty-cheatsheet) - by EdOverflow
    8 9  ---
    9  -## Cross-Site Scripting XSS
     10 +## Cross-Site Scripting (XSS)
    10 11  As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.
    11 12   
    12 13  - [Hacker101](https://www.hacker101.com/sessions/xss)
    13 14  - [OWASP XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
    14 15  - [A comprehensive tutorial on cross-site scripting](https://excess-xss.com)
    15 16  - [Google Application Security (XSS Guide)](https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/)
     17 + - [What is PHP and why is XSS so common there?](https://www.youtube.com/watch?v=Q2mGcbkX550) - by LiveOverflow
    16 18   
     19 +## Cross-Site Request Forgery (CSRF)
     20 +- [Cross-Site Request Forgery Attack](https://www.youtube.com/watch?v=eWEgUcHPle0) - by PwnFunction
     21 + 
     22 +## XML External Entities (XXE)
     23 +- [XML External Entities ft. JohnHammond](https://www.youtube.com/watch?v=gjm6VHZa_8s) - by PwnFunction
     24 +## Isecure Direct Object Reference (IDOR)
     25 +- [Insecure Direct Object Reference Vulnerability](https://www.youtube.com/watch?v=rloqMGcPMkI) - by PwnFunction
     26 +- [Finding Your First Bug: Manual IDOR Hunting](https://www.youtube.com/watch?v=gINAtzdccts) - by Insider PhD
     27 +- [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - by STÖK & Fisher
     28 +## Open Redirect
     29 +- [Open Redirect Vulnerability](https://www.youtube.com/watch?v=4Jk_I-cw4WE) - by PwnFunction
     30 +## HTTP Parameter Pollution
     31 +- [HTTP Parameter Pollution Attacks](https://www.youtube.com/watch?v=QVZBl8yxVX0) - by PwnFunction
     32 +## Logic Errors
     33 +- [Finding Your First Bug: Business Logic Errors](https://www.youtube.com/watch?v=RobCqW2KwGs) - by InsiderPhD
    17 34  ---
    18 35  back to [Intro Page](/README.md)
Please wait...
Page is in error, reload to recover