All In One Bug Bounty Resources
Hello Everyone,
Why I gave the title “All In One” is because I will be covering bug bounty platforms, books, list of practice and training programs, methodologies, tools, and wordlist so that beginners should get to know from where and how to start there bug hunting journey !!
I wish very good luck to you while entering into bug hunting journey but remember as you are getting into it don’t give up because it will definitely take some time, maybe you won't get any bugs in starting maybe you will get duplicate but remember that duplicate is a valid submission and you are on right track to move but one day your smart work will definitely give you a reward.
“Set your heart upon your work but never on its reward — LORD KRISHNA”
Bug Bounty Platforms
Here you will find bug bounty platforms to start with your journey where you will have a list of programs to carry out your penetration testing, submitting bugs, and getting rewarded for the same !!
Bug Bounty Books
Everyone needs guidance and a great resource to start to get good results, here I am giving Web Application and Mobile Application Security related books and the good thing is you don't have to buy any of them I have given PDF so that you can download and access it anytime !!
Web Application Hacker’s Handbook
Web Hacking 101
Penetration Testing: A Hands-On Introduction to Hacking
The Hacker Playbook 2: Practical Guide To Penetration Testing
The Tangled Web: A Guide to Securing Modern Web Applications
Ethical Hacking and Penetration Testing Guide
Learning Pentesting for Android Devices
Android Mobile Application Pentesting
Mobile Application Security
Security Practice & Training
What after if you have gained enough knowledge? Now you have to practice it somewhere to test your skills, so here you will have a list of platforms which are deliberately insecure web applications designed to teach web application security lessons. These programs are demonstration of common application flaws where you have exercises that are intended to be used by people to learn about application security and penetration testing techniques !!
OWASP Juice Shop
Hacker 101
Hacksplaining
bWapp
WebGoat
Bug Bounty Methodology
You will definitely need some sort of methodologies to tackle the situation when you have stuck while bug hunting, here are some methodologies which will help you while bug hunting and getting a valid submission !!
The Bug Hunters Methodology
Bug Bounty Tools
Here are some tools that will help you while hunting bugs, these tools will automate your hunting so that it becomes easy for you to scan and exploit bugs.
An integrated platform for performing security testing of web applications
An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
The Zed Attack Proxy (ZAP) By OWASP
Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing.
Useful to convert dex files into the jar to decompile the application.
Reverse engineering Android apk files
Mobile Security Framework (MobSF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Fast subdomains enumeration tool for penetration testers.
Web path scanner
Google Dork
Google Dork is also named as “Google Hacking” and this is a technique to find security holes in a website through Google search.
Bug Bounty Wordlist
These are the best Wordlist which I personally use while bug hunting, this will really help you a lot as it has everything like usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
I hope it will help you to start your bug hunting journey. If you find any difficulty feel free to contact me, below is my Youtube Channel where you can find Bug Bounty POC videos and lot of learning stuff please do like, share, and subscribe. You can connect me via,
./Keep_Hacking
