Based on Learning about Vulnerabilities
“Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort. The effort takes motivation.”
Last updated
“Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort. The effort takes motivation.”
Last updated
Now let’s start with the basic learning about InfoSec the first and really most important step would be to choose a proper initial path that you are going to start learning. Choosing the right path to start in Bug Bounty is very important. It totally depends upon your interest, like some people choose Web Application path first coz it’s easy to learn and go through than mobile and others… (Some of the resources are moved here from my old blog that’s I’m going to remove but these are updated and properly arranged by my experience) I’ll focus on Web, & Mobile Here coz this is what my interest is.
Before I add anything else I’ll suggest You to actually go through Hacker101 By And University Both of these contain a Huge list of resources and lectures that can help you in even a better way than many of us can’t but as you guys are following this as well so I decided to add them here also.
Before I Suggest you what to Learn first if you follow my suggested path l’ll like to tell you some ways you can practice your skills..
CTF(Capture The Flag): Now to practice for Bug Bounties you can participate in CTF challenges. Just like the name suggests “Capture The Flag” there are several challenges for you to solve which deals with real-world vulnerabilities. The more you practice on these challenges the more you will learn about the different technologies required to break into an application or a system.
PentesterLab There’s only one way to properly learn web penetration testing: by getting your hands dirty. PentesterLab teaches how to manually find and exploit vulnerabilities and is a good resource to learn and practice all at once.
Pentester Academy
Another Great resource to practice using online labs and learn, they also provide certifications.
And Select a Program But I’ll suggest you read till the end.
Following all of them books, testing guides you might have an idea of vulnerabilities so i’ll name a few common ones and try to give good reference to learn them easily.
XSS enables attackers to inject client-side scripts into web pages viewed by other users.
he is able to make stored XSS from a irrelevant domain to main facebook domain
SQL injection, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.
Some POCs:
In RCE an attacker’s able to execute arbitrary commands or code on a target machine or in a target Machine.
Some POCs:
Alert, God-like Write-up, make sure you know what is ROP before clicking, which I don’t =(
In IDOR an application provides direct access to objects based on the user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly.
Some POCs:
It’s Google Vulnerability, so it’s worth reading, as generally it is more difficult to find Google vulnerability
As in name unrestricted file upload allows user to upload malicious file to a system to further exploit to for Code execution
Some POCs:
XXE is an attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
Some POCs:
The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.
Some POCs:
A process of registering a non-existing domain name to gain control over another domain.
Some POCs:
by SSRF the attacker can abuse functionality on the server to read or update internal resources.
Some POCs:
Deserialization
So these were some common issues that one should get a grip on and learn more and more about Following is a list of some Attacks Topics that You Should do some research and read the Blogs/reports on them.
Lets get towards Blogs! There are plenty of blogs Shared by Hackers on daily basis that you can read to learn more and more…
These are some Of the Websites That I like to Visit regularly to b updated and Read Their Articles………. There are Plenty of Other Blogs, Websites That are Missing from This List so be sure to add them In comments.
This was as much as I can think about sharing with you guys related to Web app Security in tools and vulns i have added a few things about mobile apps but the following sections contain some references you should definitely go through if you gonna join the mobile app security gang as well.
So hello to Mobile App Security section now let me clear this first i’m a complete noob at this section so it won’t be as detailed as the web app one.
For Mobile Applications, I’ll share Two of the Best places I’m currently following to learn and I would highly recommend you guys to have a look at them and giving them a proper read will definitely help you
Application Security Wiki:
Learn IOS Security:
owasp-workshop-android-pentest:
Mobile Application Penetration Testing Cheat Sheets
Summing up Phase #02 of this blog I think by following these resources at and giving them good time one can get pretty good at Bug Hunting. Here are some Websites or Places where you can play CTF Challenges and practice the skills that you have learned.
I saw a few friends of mine shared some really interesting and important tools, & resources so I decided to add them here as well because I’m giving some good time to them nowadays.
For Web App, I’ll suggest you guys read the following books & guides first > > > > > >
Reading these books you will get good knowledge about Web App Penetration testing & Security testing in general and in-depth. In addition to these books, I’ll suggest you guys should really give good time reading and understanding OWASP Testing Guide & OWASP Top 10 Vulnerabilities from 2010-2017 OWASP Testing project: >
OWASP Top 10 Project: > > >
Adding a Few basic Pdfs for you guys to go through and save locally to you can keep it revised and keep learning from them. I’ll say they gonna help you almost a hundred percent of the time. So do give these a good time > Kali Linux Revealed > Nmap Cheat Sheet > Metasploit Cheat Sheet:
Now by this point, I’ll say You have done Good enough research and given good time to practice and learn that you can jump into a Bug Bounty Program to test in real-life environment outside CTF, or test environments. So you can happily jump to the pages at
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. References to read: > > > Some POCs:
by Hassan Khan
by Yasser Ali
by vijay kumar
by phwd
by @aaditya_purani
by Florian Courtial
by Vulnerables
by Ron Chan
by Jack Whitton
References to read: > > > Some POCs:
by geekboy
by Marin MoulinierFollow
by Brett
by zhchbin
by frans
by Jelmer de Hen
by Sergey Bobrov
– by frans
– by Olivier Beg
by Klikki Oy
by securityguard
by securityguard
by Patrik Fehrenbach
by filedescriptor
in Uber by Jack Whitton
by Nirgoldshlager
by Frans Rosen
by Jack Whitton
by Jack Whitton
by Ramzes
by secgeek
by Venkat S
by PAULOS YIBELO
by Harry M Gertos
by James Kettle (albinowax)
by Klikki Oy
by Masato Kinugawa
by fransrosen
– by Krzysztof Kotowicz
– by detectify
References to read: > > > >
by Muhammad Khizer Javed
by Brett Buerhaus
by Abood Nour (syndr0me)
by Orange
by glc
by Orange Tsai
References to read: > >
by Ruslan Habalov
by secgeek
by Cure53 (cure53)
by 93c08539 (93c08539)
by Raz0r (ru_raz0r)
by Bitquark
by 5haked
by Michael Stepankin
by @alberto__segura
by buerRCE
by Orange Tsai
by @nahamsec
by Milan A Solanki
by Reginaldo Silva
by Orange Tsai
by Orange Tsai
by Orange Tsai
by Orange Tsai (in Chinese)
by Ezequiel Pereira
by NaHamSec
by c666a323be94d57
by Florian Courtial
By Muhammad Khizer Javed
References to read: > > >
by Raja Sekar Durairaj
by phwd
by ?, be honest, thanks to this article, I have found quite a few bugs because of using his method, respect to the author!
by Edgar Boda-Majer (eboda)
by Matthew Temmy (temmyscript)
by Stephen Sclafani
by Stephen Sclafani
by arunsureshkumar
by kedrisec
by sean
by Florian Courtial
by Florian Courtial
by mongo
by secgeek
by secgeek
by secgeek
by Yaaser Ali
by Yaaser Ali
by Duo Labs
by Anand Prakash
by Enguerran Gillier (opnsec)
by Jobert Abma (jobert)
by Gazza (gazza)
by Severus (severus)
by Roy Castillo
References to read: > > >
by vijay kumar
by secgeek
by vijay kumar (vijay_kumar1110)
by Muhammad Khizer Javed
References to read: > > >
by detectify
by Raghav Bisht
References to read: > > >
References to read: > > >
by geekboy
– by David Vieira-Kurz
by Arne Swinnen
by Muhammad Khizer Javed
by Muhammad Khizer Javed
by Muhammad khizer Javed
References to read: > > > >
by Brett Buerhaus
by Brett BUERHAUS
Some Other Interesting POCs: A huge collection at
by Michael Stepankin
by Wesley Wineberg
by Michiel Prins (michiel)
by meals
by Josip Franjković
by Fábio Pires (shmoo)
by Ashish Padelkar
by Arne Swinnen
by POUYA DARABI
by anand praka
by
by Jouko Pynnönen (jouko)
by henryhoggard
[ Panel Access) by c0rni3sm
by mishre
by Muhammad Khizer Javed
by filedescriptor
by filedescriptor
by Ezequiel Pereira
by Inti De Ceukelaire
by 4lemon
by phwd
by websecurify
by cirw
by websecrify
by w3af
by sirdarckcat
By Muhammad Khizer Javed
By Muhammad Khizer Javed
By Muhammad Khizer Javed
By Muhammad Khizer Javed
By zseano
By Tensecure Systems
You’ll find a lot more write-ups at
Now Lets get Towards YouTube Channel Links… These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks …
Any Channel Link Missing? Kindly add it in Comments
Another advice…… Regularly follow to b updated with Public Bug reports You can learn alot from them
Alternatively, You can Join Slack Community for Hackers
dnscan Knockpy Sublist3r massdns nmap masscan EyeWitness DirBuster dirsearch Gitrob git-secrets sandcastle bucket_finder GoogD0rker Wayback Machine waybackurls Sn1per XRay wfuzz patator datasploit hydra changeme MobSF Apktool dex2jar sqlmap oxml_xxe XXE Injector The JSON Web Token Toolkit
ground-control ssrfDetector LFISuit GitTools dvcs-ripper tko-subs HostileSubBruteforcer Race the Web ysoserial PHPGGC CORStest retire-js getsploit Findsploit bfac WPScan CMSMap Amass Any Import Tool Missing Add in comments…
Now The best and the very first thing I would suggest is to actually learn about the development phase of an app mainly my focus is Android APPs ( doesn’t necessarily mean that you should go for learning to develop an android but at least get to know. For this, You can go through the following Android App development tools. (My suggestion is you should actually give basic time to these) ~ The Android software development kit (SDK) includes a comprehensive set of development tools. These include a debugger, libraries, a handset emulator based on QEMU, documentation, sample code, and tutorials ~ The Android Developer Tools(ADT) bundle is a single download that contains everything for developers to start creating Android Application Root Tools ~ RootTools provides rooted developers with a standardized set of tools for use in the development of rooted applications.
Now if you have gone through them let’s get towards Mobile app security vulnerabilities For this I’ll suggest you first go towards Giving them a good overview will definitely worth it. I’ll also Highly suggest these two Books specifically for Android & IOS app testing
Application Security Wiki is an initiative to provide all Application security-related resources to Security Researchers and developers in one place.
IOS Security Guide to learn and test by
Hacker 101
Hack the box
OvertheWire wargames
Pwnable.tw
Vulnhub
Troy Hunt “Hack Yourself First”
Hack.Me
Hacksplaining
Penetration Testing Practice Labs
Bug Bounty Hunter
Courses at
