Resources-for-Beginner-Bug-Bounty-Hunters
Changelog 📬
Updates to this repo will be pushed monthly. You can read about the latest changes below.
Update 2020.04
Added
- New in Basics
- Added Stanford CS 253 Web Security
- New Category: Hardware & IoT
- Added Exploitee.rs Wiki
- New Category: Coding & Scripting
- Added Bash Scripting Full Course 3 Hours
- Added ShellCheck
- Added Explainshell
- Added Discovering the Terminal
- Added Text Processing in the Shell
- New Podcasts:
- Darknet Diaries Episode 60 with dawgyg
- The Bug Bounty Podscast Episode 3 with nahamsec
- New in Tools:
- crithit
- objection - A new Mobile tool
- CyberChef
- RMS - Runtime Mobile Security
- New Category: Notes & Organization
- Reconness to Notes & Organization
- Updog to Notes & Organization
- New Category: Burp Extensions
- Logger++ to Burp Extensions
- AuthMatrix to Burp Extensions
- Autorize to Burp Extensions
- Auto Repeater to Burp Extensions
- Progress Tracker to Burp Extensions
- Flow to Burp Extensions
- New in Labs:
- TryHackMe & Videos
- New in Media:
- @codingo_ now in Twitter-List
- New Streamers:
- New in BlogPosts:
- New Category: API
- Added 31 Days of API Security Tips- Misc
- Added Blind SQL Injection on windows10.hi-tech.mail.ru - SQLInjection
- Added DOM XSS on app.starbucks.com via ReturnUrl - DOMXSS
- Added Email address of any user can be queried on Report Invitation GraphQL type when username is known - GraphQL
- Added External XML Entity via File Upload (SVG) - File Upload
- Added Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies - HTTP Desync
- Added gitGraber: A tool to monitor GitHub in real-time to find sensitive data - by @adrien_jeanneau & @R_Marot
- Added 2 Cases of Path Traversal by @leonishan_
- Added Google Bug Bounty Writeup- XSS Vulnerability - by @itsmepethu
- Added Top 10 web hacking techniques of 2019 by James Kettle
- Added Recon: Create a methodology and start your subdomain enumeration - by FailedNuke
- Added Understanding Search Syntax on Github - by Github
- New in Mobile:
- New in Vulnerabilities:
- New Video: Cross-Site Scripting (XSS) Explained -by PwnFunction
- New in Setup:
- Added Docker Tutorial for Beginners - A Full DevOps Course on How to Run Applications in Containers
Changed
Fixed
Update 2020.03
Added
- New: Smart Contracts (special thanks to @0xatul)
- New White-/yellowpapers in Smart Contracts: Bitcoin whitepaper & Ethereum yellowpaper
- New How to Audit a Smart Contract
- New Smart Contracts Category under Blogposts and added two Writeups
- New in Blogposts:
- 10 Recon Tools for Bug Bounty
- New in Setup:
- Finding your First Bug and getting a Bounty with InsiderPhD
- Introduction to Docker for CTFs
- New in Vulnerabilities:
- Finding your first Bug - CSRF
- CSRF-Basics
- New in Tools:
- Knockpy
- New in Labs:
- 0l4bs for XSS
- New in Mobile:
- Q&A with Android Hacker bagipro
- Introduction to Android Hacking
- Mobile Hacking Cheat Sheet
- Android Pentesting Github Repo by Riddhi Shree
Changed
- Nothing
Fixed
Update 2020.02
Added
- New XSS Lab: XSS Labs from PwnFunction
- New Recon & OSINT Tool: Reconness
- New IDOR Blogspost: Automating BURP to find IDORs
- New Misc Blogpost: How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN
- New Blogspost Category: RCE
- New RCE Blogpost: My First RCE (Stressed Employee gets me 2x bounty)
- New Blogpost Cetegory: Recon
- New Recon Blogpost/Guide: Subdomain Recon Using Certificate Search Technique
- New Vulnerabilities Post: The 7 main XSS cases everyone should know
- Added Jason Haddix to Media (contributed by securibee)
Changed
Fixed
Update 2020.01
Added
- New changelog page
- New content in Blogposts
- Designated section to get started with Burp Suite
- Link from the Burp Tool section to the setup guide
- Recon Pi to Tools
Changed
- Updated the Twitter Descriptions in media.md
- Cleaned up Setup Page
- Cleaned up Blogposts Page
back to Intro Page