Skip to content

ManasHarsh/Bug-bounty-methodology

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Bug-bounty-methodology

					        Part 1. 30 days(3 hrs average)

Learn it in a sequece:-

Watch this video first:- How to shot web by jason haddix

Study these vulns first:-

  1. IDOR
  2. XSS
  3. SQLi
  4. Directory traversals
  5. Broken web authentications

Tools to learn:-

  1. Sublist3r
  2. Burp(In-depth)
  3. NMap

Videos & Youtube:-

  1. Hackersploit
  2. Nahamsec(Even if you feel it boring you need to stick with it)

YOU CAN DO YOUR RESEARCH AS WELL BUT DON'T LOOK MUCH DEEPER

					Part 2- 30 days(3 hours average)

Study these vulns now, only when you have cleared the previous part.

  1. XXE
  2. RCE
  3. CSRF
  4. SSRF
  5. Race conditions
  6. Subdomain takeover

Tools to learn:-

  1. Burp advance(pro)
  2. Knockpy or subbrute
  3. Google dorks

Videos:-

  1. Bugcrowd university(all videos)

  2. HAcker101 videos

  3. Insider PHP(youtube)

  4. Stok

  5. DC cybersec

  6. Bug hunting methodology 2 & 3

  7. Nahamsec :- Its just the little things.

     					PRACTICALS

  8. Portswigger labs

  9. Bwapp

  10. HACKER101 CTFs

  11. Hackthebox in last

     					Writeups

*Pentester.land *BUgcrowd writeups *Netsec on reddit(stay active there) *Hackerone POC reports

						Guides

OWASP TOP 10 2017 SANS TOP 25 SSRF BIBLE Cheatsheet XSS cheatsheet portswigger XXE cheatsheet

						Books:-
  • Web application hacker's handbook
  • Hackers palybook 2
  • Tangled web
  • Mastering moderb web pentesting
  • Web hacking 101

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

26 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published