Share This
Scroll Down
Back to Resources
//Bug Hunting
Bug Hunting

Basic Terminologies

Bug Bounty : A reward given for reporting a security vulnerability.

Bug Bounty Program : Companies or individuals that reward security researchers for reporting security vulnerabilities in their products. This term is commonly abbreviated to "BBP".

Bug Bounty Hunter : An individual that hunts for security issues on bug bounty programs.

Duplicate : A report describing the same issue as a previously submitted report is referred to as a "duplicate". Bug bounty platforms usually allow programs to set the status of a duplicate report to "duplicate" to inform the hunter that the issue has been submitted previously.

Exploit : Exploit is a code that takes advantage of a software vulnerability or security flaw to gain system access.

Full disclosure : When the entire report is publicly disclosed. Bug bounty hunters will usually request public disclosure of their report once the issue has been resolved or a certain number of days have gone by since the initial report.

Payload : Payloads are simple code or scripts that the hunter use to identify vulnerability.

PoC : Abbreviation for proof of concept, a detailed demonstration of a security vulnerability.

Scope : Outlines the rules of engagement for a bounty program. This includes a clearly defined testing parameter to inform researchers what they can and cannot test, as well as the payout range for accepted vulnerabilities.

Target : A target is the thing (web or mobile application, hardware, API) that the crowd test for vulnerabilities.

Vulnerability : A security flaw or weakness found in software or in an operating system (OS) that can lead to security concerns.

Bug Bounty Platforms

AntiHACK
Bountysource
Bugbountyjp
Bugcrowd
CESPPA
Cobalt
Detectify
FOSS Factory
HackenProof
HackerOne
Hacktrophy
intigriti
Safehats
Synack
YesWeHack
Yogosha
Zerocopter

Bug Bounty List - All Active Programs in 2020 by Bugcrowd

How Bug Bounties Work?

Things You Should Know Before Starting Bug Hunting

What is Web?

Web - Basic Concepts

Programming Languages :

Bash
HTML
JavaScript
PHP
Python
SQL

Networking :

Networking Resource

Basic Linux Commands :

Basic Linux Commands

Learning Resources

Books :

Android Hacker's Handbook
Automating Bug Bounty
Bug Bounty Hunting Essentials
Burp Suite Cookbook
Burp Suite Essentials
Mastering Modern Web Penetration Testing
OWASP Testing Guide
OWASP Mobile Security Testing Guide
OWASP Web Security Testing Guide
Real-World Bug Hunting: A Field Guide to Web Hacking
The Mobile Application Hacker's Handbook
The Web Application Hacker's Handbook
Web Hacking 101

Courses :

Hacker101 Course
Bug Bounty Hunting - Offensive Approach to Hunt Bugs
Offensive Bug Bounty - Hunter 2.0
Bug Bounty Courses

YouTube Channels :

Black Hat
Bug Bounty Hunting Methodology v2
Bug Bounty Hunting Methodology v3
HackerSploit
Nahamsec
OA Cyber Security Labs
STÖK

Other Resources :

Bug Bounties 101
Bug Bounty Cheat Sheet
Bug Bounty Guide
Bugcrowd University
Bug Hunter's Methodology (TBHM)
Getting Started - Bug Bounty Hunter Methodology
How to Become a Successful Bug Bounty Hunter
OWASP Top Ten
Researcher Resources - How to become a Bug Bounty Hunter
Researcher Resources - Tutorials
Resources for Beginner Bug Bounty Hunters by Nahamsec
The life of a bug bounty hunter

Practice Labs/Platforms

Acunetix Art
Altoro Mutual
bWAPP
Damn Vulnerable iOS App (DVIA)
Damn Vulnerable Web App (DVWA)
Hacker101
Hacksplaining
HackTheBox
Mutillidae
OpenDNS Security Ninjas
OWASP Juicy Shop
Penetration Testing Practice Labs
SQL Injection Practice
TryHackMe
Vulnerable GraphQL API
Vulnhub
WebGoat
WPScan Vulnerable Wordpress
Web Security Academy by PortSwigger

Local PentestLab Management Script - Bash script to manage web apps using docker and hosts aliases. Made for Kali linux, but should work fine with pretty much any linux distro.

Tools

100 Hacking Tools and Resources - HackerOne
Researcher Resources Tools - Bugcrowd

Burp Suite :

Burp Suite is the world's most widely used web application security testing software.

Burp Suite - Application Security Testing Software : https://portswigger.net/burp

Books :
Burp Suite Cookbook
Burp Suite Essentials

Bug Bounty Forum Tool list :

A huge list of tools that can help you with bug bounty researching. (Recon, Exploiting & Scanning, Fuzzing & bruteforcing, Fingerprinting, Decompilers, Proxy plugins, Monitoring, JS Parsing and Mobile Testing)

https://bugbountyforum.com/tools/

BugHunter - Tools for Bug Hunting :

Information Gathering, Mapping, Discovery and Exploitation Tools for Bug Hunting

https://github.com/thehackingsage/bughunter

Installation in Linux :

github.com/thehackingsage/bughunter

git clone https://github.com/thehackingsage/bughunter.git
cd bughunter
chmod +x bughunter.py
sudo cp bughunter.py /usr/bin/bughunter

bughunter


Reconnaissance & Enumeration

▸ Get Subdomains and IPs and filter them
▸ Find Directories or Files (Fuzzing)
▸ Webpage and Server Information
▸ Open Ports and Services
▸ URL and Parameter
▸ Use Google, Github, Shodan, Censys, Spyse and Other Search Engines.

Let's Recon (PDF)

Passive Reconnaissance :

BuiltWith
Censys
Shodan
Spyse
OSINT Framework

Enumeration Tools :

Subfinder - Subdomain discovery tool
amass - In-depth Attack Surface Mapping and Asset Discovery
assetfinder - Find domains and subdomains related to a given domain
GetAllUrls - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl
Hosthunter - Recon tool for discovering hostnames using OSINT techniques
Altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
DNSGen - Generates combination of domain names from the provided input
massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance
httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
subjack - Subdomain Takeover tool written in Go
GoSpider - Fast web spider
Arjun - HTTP parameter discovery suite
qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
gf - A wrapper around grep, to help you grep for things
Linkfinder - A python script that finds endpoints in JavaScript files
ffuf - Fast web fuzzer
gobustter - Directory/File, DNS and VHost busting tool
CeWL - Custom Word List Generator

Some Useful Links for Reconnaissance & Enumeration :

● CentralOps : http://centralops.net/co/
● DNS Stuff : http://www.dnsstuff.com
● DomainCrawler : http://www.domaincrawler.com
● DomainSearch : http://domainsearch.com
● DomainTools : http://whois.domaintools.com
● Geographic Location : http://tejji.com/ip/
● Geo IP Tool : http://geoiptool.com
● Hurricane Electric : http://bgp.he.net
● Internet Domain Survey : http://www.isc.org/index.pl?/ops/ds/
● Internet Traffic Report : http://www.internettrafficreport.com/europe.htm
● Internet Wide Scan Data : http://Repositoryscans.io
● InterNIC : http://www.internic.net/whois.html
● IP-Address : http://www.ip-adress.com
● IPinfo Security Portal : http://ipinfo.info/index.php
● NerdLabs : http://www.nerdlabs.org/tools
● Netcraft : https://www.netcraft.com
● Netinfo : http://www.netinfo.org.ua
● NetQuery : http://www.ipaddress123.com/nquser.php
● Network Tools : http://www.network-tools.com
● Network Tools : http://home.planet.nl/~houwe135/wbnt1/
● Reverse IP domain check : https://www.yougetsignal.com/tools/web-sites-on-web-server
● RobTex SwissArmyKnife : https://www.robtex.com
● Visual Traceroute : http://en.dnstools.ch/port-scan.html
● W3DT : https://w3dt.net
● Wayback Machine : https://web.archive.org
● Wayback Robots : https://gist.github.com/mhmdiaa/2742c5e147d49a804b408bfed3d32d07
● Wayback URLs : https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
● WebTic DNS scan : http://tools.webtic.nl/dnsscan
● Who.IS : http://www.who.is
● Whois.net : http://www.whois.net

Web Vulnerabilities

OWASP Top Ten
OWASP List of Vulnerabilities
Web Application Vulnerabilities Index (Netsparker)

ALL VULNERABILITY RELATED RESOURCE WILL BE UPDATED SOON !!!

Vulnerability Scanners

Acunetix
Arachni
Burp Suite
Joomscan
Nessus
Netsparker
Nexpose
Nikto
OpenVAS
Sn1per
Vega
WPScan
Wapiti
Zed Attack Proxy
W3AF

Payload / Wordlist

PayloadsAllTheThings
XSS Payloads
SecLists
Probable Wordlists - Version 2.0
fuzzdb
All wordlists from every dns enumeration
A masterlist of content discovery URLs and files
Commonspeak2-wordlists

Reporting

Hacker101- Writing Good Reports

Tools :

EyeWitness
HttpScreenshot

POCs (Proof of Concepts) and Write-ups

Awesome Bug Bounty Write Ups
BugBounty POC Archives - Security Breached Blog
Bug Bounty World
Researcher Resources - Bounty Bug Write-ups
Netsec on Reddit
PentesterLand Bug Bounty Writeups
The Unofficial HackerOne Disclosure
XSSes - Bug Bounty POC Collection DB

More Resources :

More Bug Hunting Resources will be updated soon

>_ Terminal
Updating....

Want To Ask Anythink ?

© Hacktronian / All Rights Reserved / Policy
Get in Touch
Close