Prerequisites Bug Hunting:
1- Network Basic
2- JavaScript
3- SQL Basic
4- Python Programming Language
5- GoLang Programming Language
6- Web Application
7- Linux and Bash
🆔 @BugHuntingPro
1- Network Basic
2- JavaScript
3- SQL Basic
4- Python Programming Language
5- GoLang Programming Language
6- Web Application
7- Linux and Bash
🆔 @BugHuntingPro
❤🔥2👍1
🛜 Network Basic
## Topics
1. OSI Model, TCP/IP, Port
1. Network protocols
2. Connection between two nodes
2. Domain Name System (DNS)
1. DNS protocol
2. Different records
3. Name Server (NS)
3. Hypertext Transfer Protocol (HTTP) and Web Servers
1. Protocol, methods, status codes, headers, body and etc
2. Virtual host
3. Load balancer and reverse proxy
4. Secure Sockets Layer (SSL)
1. Protocol overview and the goal
2. Sniffing and Man in the middle
5. Content Delivery Networks (CDN)
6. TCP/IP utilities,
🆔 @BugHuntingPro
## Topics
1. OSI Model, TCP/IP, Port
1. Network protocols
2. Connection between two nodes
2. Domain Name System (DNS)
1. DNS protocol
2. Different records
3. Name Server (NS)
3. Hypertext Transfer Protocol (HTTP) and Web Servers
1. Protocol, methods, status codes, headers, body and etc
2. Virtual host
3. Load balancer and reverse proxy
4. Secure Sockets Layer (SSL)
1. Protocol overview and the goal
2. Sniffing and Man in the middle
5. Content Delivery Networks (CDN)
6. TCP/IP utilities,
dig, nslookup and etc🆔 @BugHuntingPro
👍2🔥1👏1
❇️ English Resources:
1️⃣ Network Fundamentals
1.1 OSI model + Task
🌐- https://tryhackme.com/r/room/introtonetworking
🌐- https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/
🌐- https://tomnomnom.com/talks/networking.pdf
📕- You can read Chapter 6 from CompTIA Network+ Study Guide Exam N10-007 book. (Optional)
===============================
2️⃣ TCP/IP and Port
2.1What is TCP/IP ?
🌐- https://www.fortinet.com/resources/cyberglossary/tcp-ip
🌐- https://www.javatpoint.com/computer-network-tcp-ip-model
🌐- https://www.cloudflare.com/learning/network-layer/what-is-a-computer-port/
🌐- Video: https://www.youtube.com/watch?v=CsektxtqA8c
📕- Also you can read Chapter 4 from CompTIA Network+ Certification Study Guide book for more information
===============================
3️⃣ Domain Name System (DNS)
3.1 What is DNS and how does it work?
🌐- https://www.cloudflare.com/learning/dns/what-is-dns/
🌐- https://www.telecomhall.net/t/how-dns-works/25232
🌐- https://www.geeksforgeeks.org/domain-name-system-dns-in-application-layer/
3.3 DNS records
🌐- https://www.cloudflare.com/learning/dns/dns-records/
🌐- https://www.presslabs.com/how-to/dns-records/
3.4 Other (Optional)
🌐- https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_domain_name
===============================
4️⃣ Hypertext Transfer Protocol (HTTP) and Web Servers
4-1 What is HTTP?
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
4-2 HTTP Messages
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages
4.3 HTTP Request Methods
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
4.4 Status Codes
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
4.5 What is CRLF?
🌐- https://developer.mozilla.org/en-US/docs/Glossary/CRLF
4.6 What is web server?
🌐- https://www.javatpoint.com/web-servers
4.7 What is virtual host?
🌐- https://www.ibm.com/docs/en/i/7.3?topic=concepts-virtual-hosts
4.8 What is reverse proxy?
🌐- https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/
4.9 What is load balancer?
🌐- https://www.nginx.com/resources/glossary/load-balancing/
4.10 More (Optional)
🌐- https://www.tutorialspoint.com/http/http_quick_guide.htm
===============================
5️⃣ Secure Sockets Layer (SSL)
5.1 Introduction
🌐- https://www.geeksforgeeks.org/secure-socket-layer-ssl/
5.2 How does SSL works?
🌐- https://www.keyfactor.com/blog/what-is-ssl/
🌐- https://www.cloudflare.com/learning/ssl/how-does-ssl-work/
5.3 SSL Handshake
🌐- https://medium.com/@kasunpdh/ssl-handshake-explained-4dabb87cdce
===============================
6️⃣ Content Delivery Networks (CDN)
6.1 What is CDN and how it work?
🌐- https://www.cloudflare.com/learning/cdn/what-is-a-cdn/#
🌐- https://www.imperva.com/learn/performance/what-is-cdn-how-it-works/
===============================
7️⃣ TCP/IP Utilities
7.1 For ipconfig, telnet, netstat, ftp, nslookup/dig, ping you can read from ‘CompTIA Network+ Certification Study Guide’ book and skip sources.
🌐- ping: https://www.colocationamerica.com/how-does-ping-work
🌐- ifconfig: https://www.tecmint.com/ifconfig-command-examples/
🌐- ipconfig: https://lazyadmin.nl/it/ipconfig-command/
🌐- nslookup: https://www.linode.com/docs/guides/how-to-use-nslookup-command/
🌐- dig: https://www.geeksforgeeks.org/dig-command-in-linux-with-examples/
🌐- telnet: https://www.javatpoint.com/linux-telnet-command
🌐- netstat: https://www.ionos.com/digitalguide/server/tools/introduction-to-netstat/
🌐- ftp: https://www.cs.colostate.edu/helpdocs/ftp.html
Source 2: https://linuxize.com/post/how-to-use-linux-ftp-command-to-transfer-files/
Source 3: https://www.javatpoint.com/computer-network-ftp
===============================
🆔 @BugHuntingPro
🔰 #network #networking #ccna
1️⃣ Network Fundamentals
1.1 OSI model + Task
🌐- https://tryhackme.com/r/room/introtonetworking
🌐- https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/
🌐- https://tomnomnom.com/talks/networking.pdf
📕- You can read Chapter 6 from CompTIA Network+ Study Guide Exam N10-007 book. (Optional)
===============================
2️⃣ TCP/IP and Port
2.1What is TCP/IP ?
🌐- https://www.fortinet.com/resources/cyberglossary/tcp-ip
🌐- https://www.javatpoint.com/computer-network-tcp-ip-model
🌐- https://www.cloudflare.com/learning/network-layer/what-is-a-computer-port/
🌐- Video: https://www.youtube.com/watch?v=CsektxtqA8c
📕- Also you can read Chapter 4 from CompTIA Network+ Certification Study Guide book for more information
===============================
3️⃣ Domain Name System (DNS)
3.1 What is DNS and how does it work?
🌐- https://www.cloudflare.com/learning/dns/what-is-dns/
🌐- https://www.telecomhall.net/t/how-dns-works/25232
🌐- https://www.geeksforgeeks.org/domain-name-system-dns-in-application-layer/
3.3 DNS records
🌐- https://www.cloudflare.com/learning/dns/dns-records/
🌐- https://www.presslabs.com/how-to/dns-records/
3.4 Other (Optional)
🌐- https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_domain_name
===============================
4️⃣ Hypertext Transfer Protocol (HTTP) and Web Servers
4-1 What is HTTP?
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview
4-2 HTTP Messages
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages
4.3 HTTP Request Methods
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
4.4 Status Codes
🌐- https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
4.5 What is CRLF?
🌐- https://developer.mozilla.org/en-US/docs/Glossary/CRLF
4.6 What is web server?
🌐- https://www.javatpoint.com/web-servers
4.7 What is virtual host?
🌐- https://www.ibm.com/docs/en/i/7.3?topic=concepts-virtual-hosts
4.8 What is reverse proxy?
🌐- https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/
4.9 What is load balancer?
🌐- https://www.nginx.com/resources/glossary/load-balancing/
4.10 More (Optional)
🌐- https://www.tutorialspoint.com/http/http_quick_guide.htm
===============================
5️⃣ Secure Sockets Layer (SSL)
5.1 Introduction
🌐- https://www.geeksforgeeks.org/secure-socket-layer-ssl/
5.2 How does SSL works?
🌐- https://www.keyfactor.com/blog/what-is-ssl/
🌐- https://www.cloudflare.com/learning/ssl/how-does-ssl-work/
5.3 SSL Handshake
🌐- https://medium.com/@kasunpdh/ssl-handshake-explained-4dabb87cdce
===============================
6️⃣ Content Delivery Networks (CDN)
6.1 What is CDN and how it work?
🌐- https://www.cloudflare.com/learning/cdn/what-is-a-cdn/#
🌐- https://www.imperva.com/learn/performance/what-is-cdn-how-it-works/
===============================
7️⃣ TCP/IP Utilities
7.1 For ipconfig, telnet, netstat, ftp, nslookup/dig, ping you can read from ‘CompTIA Network+ Certification Study Guide’ book and skip sources.
🌐- ping: https://www.colocationamerica.com/how-does-ping-work
🌐- ifconfig: https://www.tecmint.com/ifconfig-command-examples/
🌐- ipconfig: https://lazyadmin.nl/it/ipconfig-command/
🌐- nslookup: https://www.linode.com/docs/guides/how-to-use-nslookup-command/
🌐- dig: https://www.geeksforgeeks.org/dig-command-in-linux-with-examples/
🌐- telnet: https://www.javatpoint.com/linux-telnet-command
🌐- netstat: https://www.ionos.com/digitalguide/server/tools/introduction-to-netstat/
🌐- ftp: https://www.cs.colostate.edu/helpdocs/ftp.html
Source 2: https://linuxize.com/post/how-to-use-linux-ftp-command-to-transfer-files/
Source 3: https://www.javatpoint.com/computer-network-ftp
===============================
🆔 @BugHuntingPro
🔰 #network #networking #ccna
👍7
✅ JavaScript
## Topics
You should know about the following bullets
1- The basic of JavaScript
1. Code Structure, variables and etc
2. Functions
3. Objects
4. Data types
2- Browser: Document and Events
1. DOM
2. Events
3. Storage
4. Debug with browser
5. Frames and tabs
3- JavaScript libraries and frameworks
1. jQuery
2. React
3. VueJS
4- JavaScript in network
1. XMLHttpRequest
2. Same Origin Policy (SOP)
3. WebSocket
4. Post message
5. JavaScript integration with REST API
5- Challenges to solve
1. Authentication 1 - https://www.root-me.org/en/Challenges/Web-Client/Javascript-Authentication
2. Authentication 2 - https://www.root-me.org/en/Challenges/Web-Client/Javascript-Authentication-2
3. JavaScript - http://challenge01.root-me.org/web-client/ch1/
===============================
🆔 @BugHuntingPro
🔰 #javascript #bugbounty #bugbountytips
## Topics
You should know about the following bullets
1- The basic of JavaScript
1. Code Structure, variables and etc
2. Functions
3. Objects
4. Data types
2- Browser: Document and Events
1. DOM
2. Events
3. Storage
4. Debug with browser
5. Frames and tabs
3- JavaScript libraries and frameworks
1. jQuery
2. React
3. VueJS
4- JavaScript in network
1. XMLHttpRequest
2. Same Origin Policy (SOP)
3. WebSocket
4. Post message
5. JavaScript integration with REST API
5- Challenges to solve
1. Authentication 1 - https://www.root-me.org/en/Challenges/Web-Client/Javascript-Authentication
2. Authentication 2 - https://www.root-me.org/en/Challenges/Web-Client/Javascript-Authentication-2
3. JavaScript - http://challenge01.root-me.org/web-client/ch1/
===============================
🆔 @BugHuntingPro
🔰 #javascript #bugbounty #bugbountytips
👍5❤🔥1
🚨LazyEgg - Hunting JS Files - JS Recon🚨
LazyEgg is a powerful tool for extracting various types of data from a target URL. It can extract links, images, cookies, forms, JavaScript URLs, localStorage, Host, IP, and leaked credentials. Additionally, it includes a Chrome extension to log real-time JavaScript files as they are loaded.
💥Command:
🔗Download: https://github.com/schooldropout1337/lazyegg
🆔 @BugHuntingPro
LazyEgg is a powerful tool for extracting various types of data from a target URL. It can extract links, images, cookies, forms, JavaScript URLs, localStorage, Host, IP, and leaked credentials. Additionally, it includes a Chrome extension to log real-time JavaScript files as they are loaded.
💥Command:
cat jsurls.txt | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg.py "{}" --js_urls --domains --ips --leaked_creds'🔗Download: https://github.com/schooldropout1337/lazyegg
🆔 @BugHuntingPro
👏3
✅ Reflector
🚨Detect XSS Reflector automatically
Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as:
Highlighting of reflection in the response tab.
Test which symbols is allowed in this reflection.
Analyze of reflection context.
Content-Type whitelist.
🔗Download: https://github.com/elkokc/reflector
🆔 @BugHuntingPro
🚨Detect XSS Reflector automatically
Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as:
Highlighting of reflection in the response tab.
Test which symbols is allowed in this reflection.
Analyze of reflection context.
Content-Type whitelist.
🔗Download: https://github.com/elkokc/reflector
🆔 @BugHuntingPro
👍4🥰1
✅ JS Recon - A Javascript treasure hunt By
@0x2458
## Topics
🔹What is “Javascript” and how do application use it?
🔹What is “JS Recon”?
🔹How to do JS Recon and how “I” do it?
🔹Methods
🔹etc ...
🌐 https://hacklido.com/blog/823-js-recon-a-javascript-treasure-hunt
🆔 @BugHuntingPro
🔰 #bugbounty #bugbountytips #recon #javascript
@0x2458
## Topics
🔹What is “Javascript” and how do application use it?
🔹What is “JS Recon”?
🔹How to do JS Recon and how “I” do it?
🔹Methods
🔹etc ...
🌐 https://hacklido.com/blog/823-js-recon-a-javascript-treasure-hunt
🆔 @BugHuntingPro
🔰 #bugbounty #bugbountytips #recon #javascript
👍3