Resources for Beginner Bug-Bounty Hunters By NahamSec

1 min read

Resources-for-Beginner-Bug-Bounty-Hunters

Intro

There are number of new hackers joining the community on regular basis and this raises the question of “How do I get started and what are some good resources?” and we hope to help with those questions using this repository.
As a hacker, there a ton of techniques, terminologies, and topics you need to familiarize yourself with to understand how an application works. Cody Brocious (@daeken) and I put these resources together in order to help new hackers with resources to learn basics of Web Application Security.

We understand that there are more resources other than the ones we have listed and we hope to cover more resources in the near future!

Web basics

  • All in one resource
    https://www.hacker101.com/sessions/web_in_depth
  • Headers
    https://www.tutorialspoint.com/http/http_header_fields.htm
  • Request form
    https://www.tutorialspoint.com/http/http_requests.htm
  • Response form
    https://www.tutorialspoint.com/http/http_responses.htm
  • Response codes
    https://www.tutorialspoint.com/http/http_status_codes.htm
  • URL Encoding
    https://www.tutorialspoint.com/http/http_url_encoding.htm
  • Methods
    https://www.tutorialspoint.com/http/http_status_codes.htm

Networking basics

  • All in one resource
    https://www.amazon.com/Networking-All-One-Dummies-Doug/dp/1119154723/
  • Terminology
    https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols
  • What is an IP?
    https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
  • What are ports?
    https://www.utilizewindows.com/list-of-common-network-port-numbers/
  • What is DNS?
    https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records–cms-24704
  • Intermediate Security Testing with Kali Linux 2
    http://www.penguintutor.com/linux/basic-network-reference

Programming Basics

  • HTML
    https://www.w3schools.com/html/
  • JavaScript
    https://javascript.info/
  • SQL
    http://www.sqlcourse.com/
  • Python
    https://docs.python.org/3/tutorial/
  • Bash
    https://www.learnshell.org/
  • Additional Resources:
    • https://www.codecademy.com/learn/paths/web-development
    • https://docs.python.org/3/tutorial/
    • http://www.sqlcourse.com/
    • https://javascript.info/
    • https://en.wikibooks.org/wiki/Programming_Fundamentals/Advanced_Flowcharting
    • https://sqlbolt.com/

Misc

  • Setting up your own web server on a VPS
    https://www.linux.com/learn/easy-lamp-server-installation
  • Setting up virtualbox + linux
    https://linuxconfig.org/how-to-install-kali-linux-on-virtualbox
  • Basics of UNIX
    https://lifehacker.com/5633909/who-needs-a-mouse-learn-to-use-the-command-line-for-almost-anything
  • Setting up Burp
    https://www.hacker101.com/playlists/burp_suite
  • Previously Disclosed Vulnerabilities
    https://hackerone.com/hacktivity

XSS

As we start to build this repository, we’ll be adding more vulnerability types and resources for each one. XSS is a great place to start as it’s one of the most popular and easiest vulnerabilities to find in a web application.

  • Hacker101
    https://www.hacker101.com/sessions/xss
  • OWASP
    https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
  • A comprehensive tutorial on cross-site scripting
    https://excess-xss.com
  • Google Application Security (XSS Guide)
    https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/

XSS Labs

  • XSS-Game
    https://xss-game.appspot.com

Labs

  • Hacker101
    https://hacker101.com
  • PentesterLab
    https://pentesterlab.com
  • HackEdu
    https://hackedu.io
  • DWVA
    http://www.dvwa.co.uk
  • Google Gruyere
    https://google-gruyere.appspot.com/

One Reply to “Resources for Beginner Bug-Bounty Hunters By NahamSec”

Leave a Reply

Your email address will not be published. Required fields are marked *