A Noobs Guide to Getting Started in Bug Bounty Hunting | Muhammad Khizer Javed, whoami.securitybreached.org | aslicybersecurity.com | Rebyc.io | @KHIZER_JAVED47 Updated: Feb 2021

No one will tell you anything or everything about this field, It’s a long strange path but you have to travel it alone with little help from others.

I am still learning more about Bug Bounty Hunting and writing about this as I am learning, is my way of retaining the knowledge. and sharing what I learned so far and from the internet.

Bug Bounty Hunting is an exciting field to be in today, To define Bug Bounty in simple wording I’ll day “Bug Bounty is a reward paid to an Ethical Hacker for identifying and disclosing a potential security bug found in a participant’s Web, Mobile or System.”. But I hope as you’re here already you know enough about bug bounty hunting that I don’t need to define it to get into the usual basics.

Now, who am I? I already wrote a note like this in 2017 at WHO AM I? And My Experiments with Hacking? It contains some information about me and my experience and a basic guide but it’s all mixed up and not really in details so I decided to write a new one read it if you like to know a bit about me otherwise I’ll be moving the resources I shared there to this note with some details. I hope this blog will be helpful to you guys do let me know in the comments if I missed something and you would like to add something or have any questions. This Blog contains Resources I have collected from all over the internet and adding them here to make a blog that contains 0-100 about getting started in Bug Bounty I’ll try my best to mention each place I managed to get the resources from if somethings missed you know how to write a comment under a blog post. peace.\!

First of all I want you guys to Read The article by Eric Raymond http://www.catb.org/esr/faqs/hacker-howto.html
For Me It has become standard guideline for Starters.
As Mentioned In This Article One of The Most Important Thing You Need to Have If You want Become a Hacker is Attitude!  

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won’t make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won’t let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.If you revere competence, you’ll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

What You Should Know Before Starting to learn about Bug Bounty Hunting?

It’s Actually a Rough Road Ahead… ~Khizer

I’ll be writing this blog in 3 Major Phases were I’ll break down things to be as easy as possible because the major audience in my mind right now is absolute beginners or ones who have already tried learning or working but failed for some reason…

Phase #01

  • Phase 01 is Based on Basics of Networks communication stuff, Programming & Automation.

Well first of all to work on anything you need to know some very basic thing, that includes how a system works and how can you can make changes to it. Now let’s start from very basics…

Web, HTTP & Network Basics:

Web:
Just for the overview, you should give a read to one of these

>https://www.tutorialspoint.com/web_developers_guide/web_basic_concepts.htm
>https://developers.google.com/web/fundamentals/security/
>http://www.alphadevx.com/a/7-The-Basics-of-Web-Technologies
>http://www.cs.kent.edu/~svirdi/Ebook/wdp/ch01.pdf

HTTP:
Communication is the key to success thus in order to learn something works on in our case how an application works and what it’s flow is we need to learn how it communicates with you. and the Most basic thing I can think of is knowing about HTTP. Mentioning a few places you should definitely visit to get an idea about HTTP.

> https://www.w3.org/Protocols/
> https://www.w3schools.com/whatis/whatis_http.asp
> https://www.tutorialspoint.com/http/http_status_codes.htm
> https://www.tutorialspoint.com/http/http_url_encoding.htm
> https://www.tutorialspoint.com/http/http_requests.htm
> https://www.tutorialspoint.com/http/http_responses.htm
> https://www.hacker101.com/sessions/web_in_depth

What You’ll basically learn from these is about HTTP Protocols, HTTP Requests, Response, Status Codes, Encoding/Decoding, and From the last URL you’ll get to learn it under security perspective so you’ll get to learn SOP, Cookie, MIEM & HTML Pharising. These will definitely help you later with Web app testing and stuff.

Networking:
A basic understanding of networking is important for anyone who’s into a computer. So a few resources to learn the basics of Networking.

>https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
> https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
> https://www.slideshare.net/variwalia/basic-to-advanced-networking-tutorials
> https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html
> http://www.penguintutor.com/linux/basic-network-reference
> https://www.utilizewindows.com/list-of-common-network-port-numbers/
> https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records–cms-24704
> https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols

Linux Commands:


>http://linuxcommand.org/


What You’ll learn from these are basics of Networking, TCP/ID, DNS, Network terminologies & Linux commands, etc. These will definitely help you later with Recon Process.

Learn to make it; then break it!

Programming/Coding:

To be a Good Hacker you don’t really need to be a Good Programmer but it’s always good to cover this before going in Any form of Computer Hacking or Bug Bounty in general. Also Sometimes It increases your chances of successfully identifying and exploiting a vulnerability and also you may need code to escalate a bug with a low/medium severity to high/critical.
I personally suffered for two years in bug bounties because in many cases I couldn’t really understand what the particular code means, couldn’t exploit an issue properly, or couldn’t even code in general, and I’m, still trying my best to catch up to speed so I’ll suggest you guys not to skip these parts and go directly towards Bug Bounties.
Now I’ll suggest a few languages that one should properly have basic to medium level knowledge about and keep advancing it.

HTML:
> https://www.w3schools.com/html/
> https://www.codecademy.com/learn/learn-html
> https://learn.shayhowe.com/advanced-html-css/
> https://htmldog.com/guides/html/advanced/

PHP:
> https://www.w3schools.com/php/
> https://stackify.com/learn-php-tutorials/
> https://www.codecademy.com/learn/learn-php
> https://www.guru99.com/php-tutorials.html
> https://www.codecademy.com/learn/paths/web-development

JavaScript:
> https://www.youtube.com/watch?v=PkZNo7MFNFg
> https://www.codecademy.com/learn/introduction-to-javascript
> https://learnjavascript.today/
> https://www.thebalancecareers.com/learn-javascript-online-2071405

SQL(Structured Query Language):
> https://www.youtube.com/watch?v=HXV3zeQKqGY
> https://www.w3schools.com/sql/
> https://www.codecademy.com/learn/learn-sql
> http://www.sqlcourse.com/

C/C++
>https://www.youtube.com/watch?v=vLnPwxZdW4Y
>https://www.learncpp.com/
>https://www.codecademy.com/learn/learn-c-plus-plus
>https://www.sololearn.com/Course/CPlusPlus/
>https://www.learn-c.org/
>https://www.youtube.com/watch?v=KJgsSFOSQv0

Java:
>
https://www.codecademy.com/learn/learn-java
>https://www.geeksforgeeks.org/java-how-to-start-learning-java/
>https://www.learnjavaonline.org/
>https://www.youtube.com/watch?v=grEKMHGYyns

What You’ll learn from them is not just Programming languages but the proper way of web and systems to communicate that you gonna test, I’m no expert or even a starter I’m just a learner in Programming so sharing the resources I’m currently following. Like you know XSS, HTML injections, PHP Injections, SQLi, etc, and Many other vulnerabilities you can’t exploit properly unless you know the code that runs behind and knows exactly how to communicate so that’s why is learning them are important to get a good start.

Adding Automation to your work:

“Never send a human to do a machine’s job”

Well As you know sometimes you need to do your work faster and more efficiently so the best way I think for it is Automating your work not gonna get too much into depth of it as it’s something I myself is just getting familiar about.. so You can read more about Importance of Automation for a Bug Bounty Hunter at
https://pentester.land/conference-notes/2018/07/25/bug-bounty-talks-2017-automation-for-bug-hunters.html
I’ll just share here my notes for what languages I’m following and looking forward to being good at.

Python:
> https://realpython.com/
> https://comparite.ch/python-courses (By AIMEE O’DRISCOLL)
> https://docs.python.org/3/tutorial/
>https://drive.google.com/drive/u/0/folders/0ByWO0aO1eI_MT1E1NW91VlJ2TVk?fbclid=IwAR35WNZwBQudINaZ10I5ZA2YDQdtNXSEwRyEiLEK91_csJ7ekN1ut7AQNeQ

Bash:
> https://www.tutorialspoint.com/unix/shell_scripting.htm
> https://www.learnshell.org/
> https://medium.com/quick-code/top-tutorials-to-learn-shell-scripting-on-linux-platform-c250f375e0e5

Ruby:
> https://www.learnrubyonline.org/
> https://www.codecademy.com/learn/learn-ruby

Golang:
> https://tour.golang.org/welcome/1
> https://www.udemy.com/learn-go-the-complete-bootcamp-course-golang/

What you’ll learn from these is to code your own tools and understand many other common tools and modify them according to your needs. Ofc one can’t learn all these but should try to get grip on one he likes and get to understand others.

So Till Here I’ll say you already knew all the basics, was good around PHP, JS & HTML stuff & also was good around Scripting & SQL or maybe learned a bit or these and gave it a good time I’ll say a few weeks maybe… Then Congrats you have already gone through Phase #01 This means that You have done 39% Off Learning Work towards being a good Bug Hunter/ Ethical Hacker. Just keep a practicing I myself is still learning this phase because 4 years ago when I started I skipped this part for no reason and then had to see many things differently so I hope you guys won’t have an issue if you go through the First Phase easily.

Phase #02

  • Phase 02 is Based on Learning about Vulnerabilities, Resources to follow to learn them, Places to practice & Tools etc.

“Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort. The effort takes motivation.”

Now let’s start with the basic learning about InfoSec the first and really most important step would be to choose a proper initial path that you are going to start learning. Choosing the right path to start in Bug Bounty is very important. It totally depends upon your interest, like some people choose Web Application path first coz it’s easy to learn and go through than mobile and others… (Some of the resources are moved here from my old blog that’s I’m going to remove but these are updated and properly arranged by my experience)

I’ll focus on Web, & Mobile Here coz this is what my interest is.

Before I add anything else I’ll suggest You to actually go through

Hacker101 By HackerOne https://www.hacker101.com/
And
Bugcrowd University https://www.bugcrowd.com/hackers/bugcrowd-university/

Both of these contain a Huge list of resources and lectures that can help you in even a better way than many of us can’t but as you guys are following this as well so I decided to add them here also.

Web App Security:

Before I Suggest you what to Learn first if you follow my suggested path l’ll like to tell you some ways you can practice your skills..

CTF(Capture The Flag):
Now to practice for Bug Bounties you can participate in CTF challenges. Just like the name suggests “Capture The Flag” there are several challenges for you to solve which deals with real-world vulnerabilities. The more you practice on these challenges the more you will learn about the different technologies required to break into an application or a system.

For Web App, I’ll suggest you guys read the following books & guides first

>https://www.packtpub.com/networking-and-servers/mastering-modern-web-penetration-testing
>https://www.amazon.com/Hackers-Underground-Handbook-secure-systems/dp/1451550189
>https://leanpub.com/web-hacking-101
>https://www.amazon.com/gp/product/1593275641/
>https://www.amazon.com/gp/product/1512214566/
>https://www.amazon.com/Tangled-Web-Securing-Modern-Applications-ebook/dp/B006FZ3UNI/

Reading these books you will get good knowledge about Web App Penetration testing & Security testing in general and in-depth.

In addition to these books, I’ll suggest you guys should really give good time reading and understanding OWASP Testing Guide & OWASP Top 10 Vulnerabilities from 2010-2017

OWASP Testing project:
>https://www.owasp.org/index.php/OWASP_Testing_Project

OWASP Top 10 Project:
>https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2010
>https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2013
>https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

Adding a Few basic Pdfs for you guys to go through and save locally to you can keep it revised and keep learning from them. I’ll say they gonna help you almost a hundred percent of the time. So do give these a good time

> Kali Linux Revealed https://docs.kali.org/pdf/kali-book-en.pdf
> Nmap Cheat Sheet https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf
> Metasploit Cheat Sheet: https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

Now by this point, I’ll say You have done Good enough research and given good time to practice and learn that you can jump into a Bug Bounty Program to test in real-life environment outside CTF, or test environments.
So you can happily jump to the pages at

https://bugcrowd.com/programs
https://hackerone.com/directory

PentesterLab
There’s only one way to properly learn web penetration testing: by getting your hands dirty. PentesterLab teaches how to manually find and exploit vulnerabilities and is a good resource to learn and practice all at once.

Pentester Academy

Another Great resource to practice using online labs and learn, they also provide certifications.


And Select a Program But I’ll suggest you read till the end.

Following all of them books, testing guides you might have an idea of vulnerabilities so i’ll name a few common ones and try to give good reference to learn them easily.

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

References to read:

>https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/?utm_campaign=Incapsula-moved
>https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
>https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/

Some POCs:

Cross-Site Scripting (XSS)

XSS enables attackers to inject client-side scripts into web pages viewed by other users.

References to read:

>https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
>https://portswigger.net/web-security/cross-site-scripting
>https://excess-xss.com/

Some POCs:

SQL Injection

SQL injection, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.

References to read:

>https://www.owasp.org/index.php/SQL_Injection
>https://portswigger.net/web-security/sql-injection
>https://www.imperva.com/learn/application-security/sql-injection-sqli/
>https://www.w3schools.com/sql/sql_injection.asp

Some POCs:

Remote Code Execution (RCE)

In RCE an attacker’s able to execute arbitrary commands or code on a target machine or in a target Machine.

References to read:

>https://www.netsparker.com/blog/web-security/remote-code-evaluation-execution/
>https://en.wikipedia.org/wiki/Arbitrary_code_execution

Some POCs:

Insecure Direct Object Reference (IDOR)

In IDOR an application provides direct access to objects based on the user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly.

References to read:

>https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards/
>https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_(OTG-AUTHZ-004)
>https://www.secjuice.com/idor-insecure-direct-object-reference-definition/

Some POCs:

Unrestricted File Upload

As in name unrestricted file upload allows user to upload malicious file to a system to further exploit to for Code execution

References to read:

>https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/unrestricted-file-upload/
>https://www.owasp.org/index.php/Unrestricted_File_Upload
>https://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation/

Some POCs:

XML External Entity Attack (XXE)

XXE is an attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

References to read:

>https://portswigger.net/web-security/xxe
>https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet
>https://phonexicum.github.io/infosec/xxe.html

Some POCs:

Local File Inclusion (LFI)

The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.

References to read:

>https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion
>https://www.netsparker.com/blog/web-security/local-file-inclusion-vulnerability/
>https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601

Some POCs:

Subdomain Takeover

A process of registering a non-existing domain name to gain control over another domain.

References to read:

>https://blog.securitybreached.org/2017/10/11/what-is-subdomain-takeover-vulnerability/
>https://0xpatrik.com/subdomain-takeover-basics/
>https://github.com/EdOverflow/can-i-take-over-xyz

Some POCs:

Server Side Request Forgery (SSRF)

by SSRF the attacker can abuse functionality on the server to read or update internal resources.

References to read:

>https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978
>https://www.owasp.org/index.php/Server_Side_Request_Forgery
>https://www.netsparker.com/blog/web-security/server-side-request-forgery-vulnerability-ssrf/
>https://blog.detectify.com/2019/01/10/what-is-server-side-request-forgery-ssrf/

Some POCs:

Some Other Interesting POCs:

A huge collection at https://github.com/djadmin/awesome-bug-bounty

Deserialization

Race Condition

Business Logic Flaw

Authentication Bypass

HTTP Header Injection

Email Related

Money Stealing

Others

Information Disclosure

So these were some common issues that one should get a grip on and learn more and more about Following is a list of some Attacks Topics that You Should do some research and read the Blogs/reports on them.

BLOGS! You should read.

Lets get towards Blogs! There are plenty of blogs Shared by Hackers on daily basis that you can read to learn more and more…

These are some Of the Websites That I like to Visit regularly to b updated and Read Their Articles………. There are Plenty of Other Blogs, Websites That are Missing from This List so be sure to add them In comments.

YouTube Channels! You should follow.

Now Lets get Towards YouTube Channel Links… These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks …

https://www.youtube.com/channel/UCP…
https://www.youtube.com/channel/UCJ…
https://www.youtube.com/channel/UCR…
https://www.youtube.com/channel/UCY…
https://www.youtube.com/channel/UCw…
https://www.youtube.com/channel/UCa…
https://www.youtube.com/channel/UCt…
https://www.youtube.com/channel/UC5…
https://www.youtube.com/channel/UCM…
https://www.youtube.com/channel/UC_…
https://www.youtube.com/channel/UCq…
https://www.youtube.com/channel/UCV…
https://www.youtube.com/channel/UCs…
https://www.youtube.com/channel/UCa…
https://www.youtube.com/channel/UCP…
https://www.youtube.com/channel/UCX…
https://www.youtube.com/channel/UC4…
https://www.youtube.com/channel/UCs…
https://www.youtube.com/channel/UCo…
https://www.youtube.com/channel/UCy…
https://www.youtube.com/channel/UCS…
https://www.youtube.com/channel/UCO…
https://www.youtube.com/channel/UCh…
https://www.youtube.com/channel/UCo…
https://www.youtube.com/channel/UC9…
https://www.youtube.com/channel/UCe…
https://www.youtube.com/channel/UC2…
https://www.youtube.com/channel/UCP…
https://www.youtube.com/channel/UCz…

https://www.youtube.com/channel/UCq9IyPMXiwD8yBFHkxmN8zg

Any Channel Link Missing? Kindly add it in Comments

Another advice…… Regularly follow http://h1.nobbd.de/ to b updated with HackerOne Public Bug reports You can learn alot from them

Alternatively, You can Join Slack Community for Hackers
https://bugbounty-world.slack.com/
https://bugbountyforum.com/

Tools! You should try out.

dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/ Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool

Playing with JSON Web Tokens for Fun and Profit
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass

Any Import Tool Missing Add in comments…

This was as much as I can think about sharing with you guys related to Web app Security in tools and vulns i have added a few things about mobile apps but the following sections contain some references you should definitely go through if you gonna join the mobile app security gang as well.

Mobile Application Security.

So hello to Mobile App Security section now let me clear this first i’m a complete noob at this section so it won’t be as detailed as the web app one.

Now The best and the very first thing I would suggest is to actually learn about the development phase of an app mainly my focus is Android APPs ( doesn’t necessarily mean that you should go for learning to develop an android but at least get to know. For this, You can go through the following Android App development tools. (My suggestion is you should actually give basic time to these)

Android SDK ~ The Android software development kit (SDK) includes a comprehensive set of development tools. These include a debugger, libraries, a handset emulator based on QEMU, documentation, sample code, and tutorials

ADT Bundle ~ The Android Developer Tools(ADT) bundle is a single download that contains everything for developers to start creating Android Application

Root Tools ~ RootTools provides rooted developers with a standardized set of tools for use in the development of rooted applications.

Now if you have gone through them let’s get towards Mobile app security vulnerabilities For this I’ll suggest you first go towards OWASP Mobile Top 10 Giving them a good overview will definitely worth it.

I’ll also Highly suggest these two Books specifically for Android & IOS app testing

The Mobile Application Hacker’s Handbook
iOS Application Security: The Definitive Guide for Hackers and Developers

For Mobile Applications, I’ll share Two of the Best places I’m currently following to learn and I would highly recommend you guys to have a look at them and giving them a proper read will definitely help you

Application Security Wiki:

Application Security Wiki is an initiative to provide all Application security-related resources to Security Researchers and developers in one place.

https://appsecwiki.com/#/

Learn IOS Security:

IOS Security Guide to learn and test by Prateek

http://damnvulnerableiosapp.com/#learn

owasp-workshop-android-pentest:

Learning Penetration Testing of Android Applications

Mobile Application Penetration Testing Cheat Sheets

The Mobile App Pentest cheat sheet

Mobile penetration testing android command cheatsheet

Getting Started in Android Apps Pen-testing

Summing up Phase #02 of this blog I think by following these resources at and giving them good time one can get pretty good at Bug Hunting.

Here are some Websites or Places where you can play CTF Challenges and practice the skills that you have learned.

Other Resources:

I saw a few friends of mine shared some really interesting and important tools, & resources so I decided to add them here as well because I’m giving some good time to them nowadays.

Tools used for Penetration testing / Red Teaming.

List-pentest-tools: A curated list of network penetration testing tools.

Password lists for use in penetration testing situations, broken up by TLD.

Penetration tests cases, resources and guidelines.

Penetration Testing notes, resources and scripts

A collection of hacking / penetration testing resources to make you better!

RedTeam-Pentest-Cheatsheets

Collection of OSCP study material && tools.

Kali Linux Offensive Security Certified Professional Survival Exam Guide

Penetration Testing / OSCP Biggest Reference Bank / Cheatsheet

An archive of everything related to OSCP

GitBook: OSCP RoadMap

OSCP Cheatsheets, Pentesting / Red Teaming Tools and Techniques

How to prepare for OSCP complete guide

OSCP All Tools are Here …!!
Courses at https://academy.tcm-sec.com/

I hope the Path Guide i’m trying to share here clears doubts for many newcomers in Bug Bounty Hunting. Let’s move to Phase #03

Phase #03

  • Phase 03 is All about Selecting a target, getting started to test and after finishing testing writing a good report about the issue you have found.

Hey so Now the Final Phase I have in my mind is for People who have gone through all the good important stuff and now are testing.. so I’ll like to give my advice about a few things and then will sum up this blog.

Selecting and Approaching a Target?

One of the most important things in Bug bounty Hunting is to Select a target that you’re going to test. This basically depends on one’s mood, experience, and skills one can take a look at a target with a huge scope having 4-5 websites will all subdomains in-scope and a few mobile apps and test start testing them or just one domain & one app with a good app having a lot of features to test.

One can go to https://bugcrowd.com/programs or https://hackerone.com/directory and look for a program accordingly or either individual programs like Google, Facebook, or eBay.

Approaching a target to Hunt is an easy task you just need to be careful with what you’re doing it all depends on you.. for me, I usually do recon at first by going through domain history, links, IPs, & Wayback Info of the site. Don’t forget to keep notes of everything you do, now basically after the basic recon process that I used tools and stuff for or somethings have to done manual. I start hunting, I take a particular functionality/workflow in the application and start digging deep into it. I do look for low hanging fruits or surface bugs. There is no point focussing your efforts on those but keeping track of them is really helpful. I Observe this workflow/requests via a proxy tool such as Burp or Zap. Burp is actually the only tool I use for web or android app pentesting I mainly. Create multiple accounts because I want to test the functions being sent from one user to another. If you haven’t been provided multiple accounts, ask for it. To date, I have not been refused a second account whenever I have asked for it. or sometimes create them easily. Just work with the app flow and keep testing look for weird behaviors of the app try changing things in them but remember finding an app working weirdly isn’t necessarily means you have found a bug worth reporting but I would suggest you to keep digging and try to actually find a basic security impact of that… then I usually go for major listed security vulnerabilities I use the methods to achieve them nothing much special just all depends on an app you can’t find a PHP code injection in a static web lol so that’s why I usually give good time on learning the web flow. for this, I go got reading API docs and stuff. After spending a few hours on this stuff, if I can’t get anything on a particular point of the app I usually stop and move on.
Getting hung up on something is the biggest motivation killer but that doesn’t mean I gave up. I do get back to it later if something else comes up. That’s why I always make notes and save them for later use.

That’s basically all I do lol looks basic and easy but for me, it’s hell time spent…

Reporting a Vulnerability?

So I’ll say after all this effort you have put into learning, practicing, & actually successfully finding a vulnerability, writing a report will be one of the most difficult tasks. Because one mistake can make the team reviewing them annoyed or maybe increase their workflow. for me Writing a simple but effective report with proper headings and giving as many details as possible with POC images or videos can actually make your work fun and the teams work easy. to write a report I follow these guides.

WRITING SUCCESSFUL BUG SUBMISSIONS – BUG BOUNTY HUNTER METHODOLOGY

Writing a good and detailed vulnerability report

What does a good report look like?

Well, I guess this is where I’ll end this blog and I hope these resources I’m sharing here help answer the questions I basically get in my DMs about teaching them. I myself is a student right now and learning is a huge part of my life also, I consider myself a beginner, and sharing this is basically a way for me to learn more. As Mentioned before this Guide is basically for people who are absolutely new or are still looking for a proper way about what to learn first and from where.

Ending Note!

Being a security researcher, it is really tough to keep yourself up to date. I’d ask the beginners to focus on self-study and learn things by themselves as everything is possible all you need is the passion of taking a step after that you can achieve anything. Nothing is impossible to achieve. All I achieved was by doing self-study and self-motivation and without any certifications and I’m still learning and trying my best to share what I can so others can also learn something.


You are never a perfect person, but you are still better than the rest of the people.

For a Bug Bounty Hunter & Cybersecurity Researcher, all it takes is the passion to achieve something. I hope this article helped you motivate me to take a positive step in life.   Well, thanks for reading that’s All I Can Share With you Guys For Now I’ll Make sure to Keep this Article Updated for More People to read.

./THANKS
Muhammad Khizer Javed
whoami.securitybreached.org

22 thoughts on “Guide 001 | Getting Started in Bug Bounty Hunting..

  1. Thanks a lot for this brief writing and it is a gold mine for me as I want to start my journey in bugbounty!

  2. Just one thing.
    Your linux commands list contains this:
    “rm -rf / – make computer faster”
    And that really shouldn’t be there

  3. i think you should review the yt channel links section because they are same as the last your whoami post which contained some gaming and terminated channel which is not helpful. thanks

    1. Thanka for that I actually mentioned that some of them are moved from previous post and also have a good new list will update it

  4. wow …. what a post man … !! LONG LIVE … 😍😍 … publish your own PDF and you can get bucks from it man … Go on 😊

  5. brother,,,be honest and don’t mind if i asked it for like, how much time a guy should take if he contribute 2 hours per day….Because I am a university student and most of the time waste in university,,,and got 2 hours of free time everyday,,,,so if i start then can i complete all of these within 1 year?or how much time can it take…the reason i asked because you have that much knowledge ,,,sorry for asking this but please hey help me…

    1. Hey Man! First of all never say sorry for asking questions! If you won’t ask you won’t learn. And about this well an hour a day is enough for you to learn! Give an hour! Than next day do practice related to that thing! Keep doing it 1 year will be good to get a good hands on and start than it all depends on the person Himself and his learning behaviours.

  6. Hey are you still updating this list as of july 2020/. This list is helping me a lot so thanks for that. it would be awesome if you kept this updated too! If it is, then great!

  7. Thanks, Brother. You gave us a clear path to becoming a bug bounty hunter or ethical hacker.

Leave a Reply

Your email address will not be published.