└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Bug Bounty Free Resources 2 | Introduction 3 | 4 | What is a bug? 5 | 6 | Security bug or vulnerability is β€œa weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability. 7 | What is Bug Bounty? 8 | 9 | A bug bounty or bug bounty program is IT jargon for a reward or bounty program given for finding and reporting a bug in a particular software product. Many IT companies offer bug bounties to drive product improvement and get more interaction from end users or clients. Companies that operate bug bounty programs may get hundreds of bug reports, including security bugs and security vulnerabilities, and many who report those bugs stand to receive awards. 10 | 11 | What is the Reward? 12 | 13 | There are all types of rewards based on the severity of the issue and the cost to fix. They may range from real money (most prevalent) to premium subscriptions (Prime/Netflix), discount coupons (for e commerce of shopping sites), gift vouchers, swags (apparels, badges, customized stationery, etc.). Money may range from 50$ to 50,000$ and even more. 14 | What to learn? 15 | 16 | Technical 17 | 18 | Computer Fundamentals 19 | 20 | https://www.comptia.org/training/by-certification/a 21 | 22 | https://www.tutorialspoint.com/computer_fundamentals/index.htm 23 | 24 | https://onlinecourses.swayam2.ac.in/cec19_cs06/preview 25 | 26 | https://www.udemy.com/course/complete-computer-basics-course/ 27 | 28 | https://www.coursera.org/courses?query=computer%20fundamentals 29 | 30 | Computer Networking 31 | 32 | https://www.udacity.com/course/computer-networking--ud436 33 | 34 | https://www.coursera.org/professional-certificates/google-it-support 35 | 36 | https://www.udemy.com/course/introduction-to-computer-networks/ 37 | 38 | Operating Systems 39 | 40 | https://www.coursera.org/learn/os-power-user 41 | 42 | https://www.udacity.com/course/introduction-to-operating-systems--ud923 43 | 44 | https://www.udemy.com/course/linux-command-line-volume1/ 45 | 46 | 47 | Programming C 48 | 49 | https://www.programiz.com/c-programming 50 | 51 | Where to learn from? 52 | 53 | 54 | Blogs and Articles 55 | 56 | Hacking Articles: https://www.hackingarticles.in/ 57 | 58 | Vickie Li Blogs: https://vickieli.dev/ 59 | 60 | Bugcrowd Blogs: https://www.bugcrowd.com/blog/ 61 | 62 | Intigriti Blogs: https://blog.intigriti.com/ 63 | 64 | Portswigger Blogs: https://portswigger.net/blog 65 | 66 | Forums 67 | 68 | Reddit: https://www.reddit.com/r/websecurity/ 69 | 70 | Reddit: https://www.reddit.com/r/netsec/ 71 | 72 | Official Websites 73 | 74 | OWASP: https://owasp.org/ 75 | 76 | PortSwigger: https://portswigger.net/ 77 | 78 | Cloudflare: https://www.cloudflare.com/ 79 | 80 | YouTube Channels 81 | https://www.youtube.com/@penetestersquad 82 | 83 | 84 | PRACTICE! PRACTICE! and PRACTICE! 85 | CTF 86 | 87 | Hacker 101: https://www.hackerone.com/hackers/hacker101 88 | 89 | PicoCTF: https://picoctf.org/ 90 | 91 | TryHackMe: https://tryhackme.com/ (premium/free) 92 | 93 | HackTheBox: https://www.hackthebox.com/ (premium) 94 | 95 | VulnHub: https://www.vulnhub.com/ 96 | 97 | HackThisSite: https://hackthissite.org/ 98 | 99 | CTFChallenge: https://ctfchallenge.co.uk/ 100 | 101 | PentesterLab: https://pentesterlab.com/ (premium) 102 | 103 | Online Labs 104 | 105 | 106 | PortSwigger Web Security Academy: https://portswigger.net/web-security 107 | 108 | OWASP Juice Shop: https://owasp.org/www-project-juice-shop/ 109 | 110 | XSSGame: https://xss-game.appspot.com/ 111 | 112 | BugBountyHunter: https://www.bugbountyhunter.com/ (premium) 113 | 114 | W3Challs : https://w3challs.com/ 115 | 116 | Offline Labs 117 | 118 | DVWA: https://dvwa.co.uk/ 119 | 120 | bWAPP: http://www.itsecgames.com/ 121 | 122 | Metasploitable2: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/ 123 | 124 | BugBountyHunter: https://www.bugbountyhunter.com/ (premium) 125 | 126 | W3Challs : https://w3challs.com/ 127 | 128 | More Tools and Services To use 129 | Servers 130 | 131 | Shodan - Search Engine for the Internet of Everything 132 | 133 | Censys Search - Search Engine for every server on the Internet to reduce exposure and improve security 134 | 135 | Onyphe.io - Cyber Defense Search Engine for open-source and cyber threat intelligence data 136 | 137 | ZoomEye - Global cyberspace mapping 138 | 139 | GreyNoise - The source for understanding internet noise 140 | 141 | Natlas - Scaling Network Scanning 142 | 143 | Netlas.io - Discover, Research and Monitor any Assets Available Online 144 | 145 | FOFA - Cyberspace mapping 146 | 147 | Quake - Cyberspace surveying and mapping system 148 | 149 | Hunter - Internet Search Engines For Security Researchers 150 | 151 | Vulnerabilities 152 | 153 | NIST NVD - US National Vulnerability Database 154 | 155 | MITRE CVE - Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities 156 | 157 | GitHub Advisory Database - Security vulnerability database inclusive of CVEs and GitHub originated security advisories 158 | 159 | cloudvulndb.org - The Open Cloud Vulnerability & Security Issue Database 160 | 161 | osv.dev - Open Source Vulnerabilities 162 | 163 | Vulners.com - Your Search Engine for Security Intelligence 164 | 165 | opencve.io - Easiest way to track CVE updates and be alerted about new vulnerabilities 166 | 167 | security.snyk.io - Open Source Vulnerability Database 168 | 169 | Mend Vulnerability Database - The largest open source vulnerability DB 170 | 171 | Rapid7 - DB - Vulnerability & Exploit Database 172 | 173 | CVEDetails - The ultimate security vulnerability datasource 174 | 175 | VulnIQ - Vulnerability intelligence and management solution 176 | 177 | SynapsInt - The unified OSINT research tool 178 | 179 | Aqua Vulnerability Database - Vulnerabilities and weaknesses in open source applications and cloud native infrastructure 180 | 181 | Vulmon - Vulnerability and exploit search engine 182 | 183 | VulDB - Number one vulnerability database 184 | 185 | ScanFactory - Realtime Security Monitoring 186 | 187 | Trend Micro Zero Day Initiative - Publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers 188 | 189 | Google Project Zero - Vulnerabilities including Zero Days 190 | 191 | Trickest CVE Repository - Gather and update all available and newest CVEs with their PoC 192 | 193 | cnvd.org.cn - Chinese National Vulnerability Database 194 | 195 | InTheWild.io - Check CVEs in our free, open source feed of exploited vulnerabilities 196 | 197 | Vulnerability Lab - Vulnerability research, bug bounties and vulnerability assessments 198 | 199 | Red Hat Security Advisories - Information about security flaws that affect Red Hat products and services in the form of security advisories 200 | 201 | Cisco Security Advisories - Security advisories and vulnerability information for Cisco products, including network equipment and software 202 | 203 | Microsoft Security Response Center - Reports of security vulnerabilities affecting Microsoft products and services 204 | 205 | VARIoT - VARIoT IoT Vulnerabilities Database 206 | 207 | Exploits 208 | 209 | Exploit-DB - Exploit Database 210 | 211 | Sploitus - Convenient central place for identifying the newest exploits 212 | 213 | Rapid7 - DB - Vulnerability & Exploit Database 214 | 215 | Vulmon - Vulnerability and exploit search engine 216 | 217 | packetstormsecurity.com - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers 218 | 219 | 0day.today - Ultimate database of exploits and vulnerabilities 220 | 221 | LOLBAS - Living Off The Land Binaries, Scripts and Libraries 222 | 223 | GTFOBins - Curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems 224 | 225 | Payloads All The Things - A list of useful payloads and bypasses for Web Application Security 226 | 227 | XSS Payloads - The wonderland of JavaScript unexpected usages, and more 228 | 229 | exploitalert.com - Database of Exploits 230 | 231 | Reverse Shell generator - Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode 232 | 233 | HackerOne hacktivity - See the latest hacker activity on HackerOne 234 | 235 | Bugcrowd Crowdstream - Showcase of accepted and disclosed submissions on Bugcrowd programs 236 | 237 | GTFOArgs - Curated list of Unix binaries that can be manipulated for argument injection 238 | 239 | shell-storm.org/shellcode - Shellcodes database for study cases 240 | 241 | Hacking the Cloud - Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure 242 | 243 | LOLDrivers - Open-source project that brings together vulnerable, malicious, and known malicious Windows drivers 244 | 245 | PwnWiki - Collection of TTPs (tools, tactics, and procedures) for what to do after access has been gained 246 | 247 | CVExploits Search - Your comprehensive database for CVE exploits from across the internet 248 | 249 | VARIoT - VARIoT IoT exploits database 250 | 251 | LOOBins - Detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes 252 | 253 | Coalition Exploit Scoring System - Model that dynamically scores new and existing vulnerabilities to reflect their exploit likelihood 254 | 255 | WADComs - Interactive cheat sheet containing a curated list of offensive security tools and their respective commands to be used against Windows/AD environments 256 | 257 | LOLAPPS - Compendium of applications that can be used to carry out day-to-day exploitation 258 | 259 | Living off the Hardware - Resource collection that provides guidance on identifying and utilizing malicious hardware and malicious devices 260 | 261 | Living Off the Pipeline - How development tools commonly used in CI/CD pipelines can be used to achieve arbitrary code execution 262 | 263 | 264 | Bug Bounty Platforms 265 | Crowdsourcing 266 | 267 | Bugcrowd: https://www.bugcrowd.com/ 268 | 269 | Hackerone: https://www.hackerone.com/ 270 | 271 | Intigriti: https://www.intigriti.com/ 272 | 273 | YesWeHack: https://www.yeswehack.com/ 274 | 275 | OpenBugBounty: https://www.openbugbounty.org/ 276 | 277 | Individual Programs 278 | 279 | Meta: https://www.facebook.com/whitehat 280 | 281 | Google: https://about.google/appsecurity/ 282 | 283 | Bug Bounty Report Format 284 | Title 285 | 286 | The first impression is the last impression, the security engineer looks at the title first and he should be able to identify the issue. 287 | Write about what kind of functionality you can able to abuse or what kind of protection you can bypass. Write in just one line. 288 | Include the Impact of the issue in the title if possible. 289 | Description 290 | 291 | This component provides details of the vulnerability, you can explain the vulnerability here, write about the paths, endpoints, error messages you got while testing. You can also attach HTTP requests, vulnerable source code. 292 | Steps to Reproduce 293 | 294 | Write the stepwise process to recreate the bug. It is important for an app owner to be able to verify what you've found and understand the scenario. 295 | You must write each step clearly in-order to demonstrate the issue. that helps security engineers to triage fast. 296 | Proof of Concept 297 | 298 | This component is the visual of the whole work. You can record a demonstration video or attach screenshots. 299 | Impact 300 | 301 | Write about the real-life impact, How an attacker can take advantage if he/she successfully exploits the vulnerability. 302 | What type of possible damages could be done? (avoid writing about the theoretical impact) 303 | Should align with the business objective of the organization 304 | 305 | ## πŸ” Learn Vulnerabilities 306 | - [Exploit Notes](https://exploit-notes.hdks.org/) 307 | - [Bug Bounty Hunting](https://www.bugbountyhunting.com/) 308 | - [Mind Maps](https://github.com/imran-parray/Mind-Maps) 309 | - [CQR Company - IDOR](https://cqr.company/?s=idor) 310 | - [MindAPI References](https://dsopas.github.io/MindAPI/references/) 311 | - [MindAPI Play](https://dsopas.github.io/MindAPI/play/) 312 | - [Web Security Vulnerabilities](https://notes.defendergb.org/web-sec/vuln/) 313 | - [How To Hunt](https://github.com/coderahsan/HowToHunt) 314 | - [Acunetix Web Vulnerabilities](https://www.acunetix.com/vulnerabilities/web/) 315 | - [Vulnerability Checklist](https://github.com/Az0x7/vulnerability-Checklist) 316 | - [Web App Hacking](https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/red-offensive/web-app-hacking) 317 | - [Handbook for Web Applications](https://0xffsec.com/handbook/web-applications/) 318 | - [Awesome Bug Bounty Writeups](https://github.com/devanshbatham/Awesome-Bugbounty-Writeups/tree/master) 319 | - [HowToHunt](https://kathan19.gitbook.io/howtohunt/) 320 | - [Automated Scanners](https://gabb4r.gitbook.io/oscp-notes/web-http/automated-scanners) 321 | - [Ired Team](https://www.ired.team/) 322 | - [HolyTips](https://github.com/HolyBugx/HolyTips/tree/main/Resources) 323 | - [Awesome Web Security](https://github.com/qazbnm456/awesome-web-security) 324 | - [Vulnerable Machines](https://bitvijays.github.io/LFC-VulnerableMachines.html) 325 | - [Web Vulnerabilities Methodology](https://hacktricks.boitatech.com.br/pentesting-web/web-vulnerabilities-methodology) 326 | - [LFI Cheat Sheet](https://highon.coffee/blog/lfi-cheat-sheet/) 327 | - [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/) 328 | - [Web Vulnerabilities Methodology](https://book.hacktricks.xyz/pentesting-web/web-vulnerabilities-methodology) 329 | - [Network Security](https://www.network-sec.de/) 330 | - [Practical Bug Bounty](https://practicalbugbounty.com) 331 | - [OffSec Tools](https://offsec.tools/) 332 | - [Detectify Blog](https://blog.detectify.com/) 333 | - [Web App Pentest](https://workbook.securityboat.in/resources/web-app-pentest/) 334 | - [Projects Cheat Sheet](https://0xn3va.gitbook.io/projects/) 335 | - [SalmonSec Cheat Sheet](https://salmonsec.com/cheatsheethome) 336 | - [Burp Suite Extensions](https://apps.burpsuite.guide/) 337 | - [Awesome Burp Extensions](https://github.com/snoopysecurity/awesome-burp-extensions) 338 | - [BugBounty](https://github.com/00xtrace/BugBounty) 339 | 340 | ## πŸ“ Writeups 341 | - [Awesome Bug Bounty Writeups](https://github.com/devanshbatham/Awesome-Bugbounty-Writeups/tree/master) 342 | - [Pentester Land Writeups](https://pentester.land/writeups/) 343 | - [Detectify Blog](https://blog.detectify.com/) 344 | - Writeups 345 | 346 | Medium: https://medium.com/analytics-vidhya/a-beginners-guide-to-cyber-security-3d0f7891c93a 347 | 348 | Infosec Writeups: https://infosecwriteups.com/?gi=3149891cc73d 349 | 350 | Hackerone Hacktivity: https://hackerone.com/hacktivity 351 | 352 | Google VRP Writeups: https://github.com/xdavidhu/awesome-google-vrp-writeups 353 | 354 | ## πŸ”Ž Recon 355 | - [YouTube Video 1](https://www.youtube.com/watch?v=p4JgIu1mceI) 356 | - [YouTube Video 2](https://www.youtube.com/watch?v=SYExiynPEKM) 357 | - [YouTube Video 3](https://www.youtube.com/watch?v=IbdEoocfEmE) 358 | - [Google Presentation](https://docs.google.com/presentation/d/1AA0gX2-SI_9ErTkBhtW0b-5BH70-1B1X/edit#slide=id.p9) 359 | 360 | ## πŸ› οΈ The Bug Hunter’s Methodology 361 | - [YouTube Video](https://www.youtube.com/watch?v=HmDY7w8AbR4) 362 | - [Mind Maps](https://github.com/imran-parray/Mind-Maps) 363 | - [Galaxy Bug Bounty Checklist](https://github.com/0xmaximus/Galaxy-Bugbounty-Checklist) 364 | - [Bug Bounty Mindmap](https://github.com/Ignitetechnologies/Mindmap/tree/main) 365 | - [Bug Bounty Methodology](https://xmind.app/m/cKAVyk/) 366 | 367 | ## πŸ‹οΈ Practice 368 | - [RingZer0 CTF](https://ringzer0ctf.com/) 369 | - [Root Me](https://www.root-me.org/?lang=en) 370 | - [Offensive Security Labs](https://www.offsec.com/labs/individual/) 371 | - [PortSwigger](https://portswigger.net/) 372 | - [VulnHub](https://www.vulnhub.com/) 373 | - [OverTheWire](https://overthewire.org/wargames/) 374 | - [HackXpert Labs](https://labs.hackxpert.com/) 375 | - [Let's Defend](https://app.letsdefend.io/training) 376 | - [EchoCTF](https://echoctf.red/) 377 | - [AuthLab](https://authlab.digi.ninja/) 378 | - [Prompt Riddle](https://promptriddle.com/) 379 | - [247CTF](https://247ctf.com/dashboard) 380 | - [CTFLearn](https://ctflearn.com/challenge/1/browse) 381 | - [W3Challs](https://w3challs.com/challenges/list/web) 382 | - [CrackMes](https://crackmes.one/) 383 | - [CryptoHack](https://cryptohack.org/challenges/) 384 | - [Hacker101](https://www.hacker101.com/) 385 | - [Hack This Site](https://www.hackthissite.org/) 386 | - [PicoCTF](https://picoctf.org/) 387 | - [Pwnable.xyz](https://pwnable.xyz/challenges/) 388 | - [Hacking Hub](https://www.hackinghub.io/) 389 | - [Bug Bounty Hunter](https://www.bugbountyhunter.com/) 390 | - [Java Vulnerable Lab](https://github.com/CSPF-Founder/JavaVulnerableLab) 391 | - [Java Security Course](https://github.com/CSPF-Founder/JavaSecurityCourse) 392 | - [Web Hacking KR](https://webhacking.kr/chall.php) 393 | - [WebSec FR](http://websec.fr/) 394 | - [Suninatas](http://suninatas.com/challenges/web) 395 | - [Promptriddle](https://promptriddle.com/) 396 | - [PwnTN](https://pwn.tn/) 397 | - [HBH Authentication](https://hbh.sh/authentication) 398 | - [Thematic Enigmas](https://enigmes-a-thematiques.fr/front/categorie/7) 399 | 400 | 401 | You can explore these resources to learn and practice various aspects of cybersecurity, including vulnerability assessment, bug hunting, and penetration testing. 402 | --------------------------------------------------------------------------------