ExploitHub
@exploithub
6.35K subscribers
18 photos
1 video
15 files
350 links
Download Telegram
About
Blog
Apps
Platform
Join
ExploitHub
6.35K subscribers
ExploitHub
# Pentesting & Bug Hunting Resources :

[ How to Start ? ] :
0. Do you Want to Know The step-by-step Path to Learn Hacking? = " There is No step-by-step Path To Learn Hacking & it Take Years! ". adapted from [LiveOverflow]
1. Ebrahim Hegazy Guide = http://security4arabs.com/2015/04/03/how-to-start-in-webapps-security/
2. Mohamed Abd El-Baset Guide = https://seekurity.com/blog/discuss/your-start-guide-to-web-application-security-101/
3. Youssef Mohamed Guide = https://generaleg0x01.com/2019/06/27/websec-roadmap/
4. Khaled Hassan Guide = https://www.facebook.com/KhaledAzrail/posts/2366367626805379
5. Mohamed Gamal Posts = https://pastebin.com/cj9FEuEB?fbclid=IwAR28ScEmklgX47XenXrgTcsvEfbA93doEhvLYtOdVeq7rnzRmCnlUT4giWk
6. How to start a career in Cyber Security = https://www.youtube.com/watch?v=PJ_NzML1poU
7. How to Build a Cybersecurity Career = https://danielmiessler.com/blog/build-successful-infosec-career/
8. How to Become a Pentester = https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/
9. Hacker to Security Pro! = https://hackernoon.com/how-to-become-a-hacker-e0530a355cad
10. Getting started in Bug Bounty = https://medium.com/@ehsahil/getting-started-in-bug-bounty-7052da28445a
11. Bug Bounty Hunting (Methodology, Toolkit ,Tips & Tricks) V 1.0 = https://medium.com/bugbountywriteup/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65
12. Bug Bounty Methodology (Tactics,Techniques and Procedures) V 2.0 = https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/
13. How to Become a Bug Bounty Hunter = https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
14. So You Want To Be a Pentester? = https://jhalon.github.io/becoming-a-pentester/
15. Pentesterlab Bootcamp = https://pentesterlab.com/bootcamp
16. So you want to be a web security researcher? = https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher
17. Bug Hunting Guide = https://cybertheta.blogspot.com/2018/08/bug-hunting-guide.html
18. Getting Started in Bug Bounty Hunting = https://whoami.securitybreached.org/2019/06/03/guide-getting-started-in-bug-bounty-hunting/
19. Infosec Newbie = https://www.sneakymonkey.net/2017/04/23/infosec-newbie/
20. How to Learn Penetration Testing: A Beginners Tutorial = https://learningactors.com/how-to-learn-penetration-testing-a-beginners-tutorial/
21. How to Become a Security Specialist = https://www.youtube.com/playlist?list=PLkpG3YKjv6p7vb5suZY3mhBCJDSbflmhT
22. Web Application Penetration Testing Course = https://hackingresources.com/web-application-penetration-testing-course/
23. So you Want to be a Security Engineer?
https://medium.com/@niruragu/so-you-want-to-be-a-security-engineer-d8775976afb7

[ Learning Resources ] :
1. Owasp = https://www.owasp.org/
2. Knowledge Base Entersoft = http://kb.entersoft.co.in
3. Hacker 101 = https://www.hacker101.com
4. Bugcrowd Universty = https://www.bugcrowd.com/hackers/bugcrowd-university
5. Portswigger Academy = https://portswigger.net/web-security
6. Red Teaming Experiments = https://ired.team
7. Hacksplaining = https://www.hacksplaining.com/lessons
8. Security Idiots = http://www.securityidiots.com
9. Web App Security Testing Resources = https://danielmiessler.com/projects/webappsec_testing_resources
10. OWASP Cheat sheet = https://cheatsheetseries.owasp.org
11. Ippsec = https://ippsec.rocks
12. Security Online = https://securityonline.info
13. Phrack Magazine = http://phrack.org/issues/1/1.html
14. AppSecWiki = https://appsecwiki.com
15. Web Application Pentesting Notes =
https://techvomit.net/web-application-penetration-testing-notes
16. Sans Cyber Aces Tutorial = https://tutorials.cyberaces.org/tutorials.html
17. Metasploit Unleashed =
https://www.offensive-security.com/metasploit-unleashed
18. Pentesterland Newsletter = https://pentester.land/newsletter
19. Vincent Red Team Tips = https://vincentyiu.com/
20. ZeroDaySecurity Pentesting Methodology = http://www.0daysecurity.com/pentest.html

[ Books ] :
1. Breaking into Information Security = Andy Gill
Seekurity
١٠١ - دليلك فى البرمجة ومجال امن وحماية واختبار اختراق تطبيقات الويب
"101 دليلك فى البرمجة ومجال امن وحماية واختبار اختراق تطبيقات الويب"
"ازاى ابدأ فى مجال اختبار اختراق تطبيقات...
6.49K viewsedited  
ExploitHub
2. Web Application Hacker's Handbook 2 = Dafydd Stuttard and Marcus Pinto
3. Mastering Modern Web Penetration Testing = Prakhar Prasad
4. Real World Bug Hunting = Peter Yaworski
5. The Tangled Web = Michał Zalewski
6. The Hacker Playbook (1,2,3) = Peter Kim
7. OWASP Testing Guide 4
8. OWASP Top 10 (2010 - 2013 - 2017)
9. Hacking Exposed Web Application (1,2,3)
10. Web Hacking 101 = Peter Yaworski
11. Bug Bounty Hunting Essentials = Lozano and Amir
12. Bug Bounty Hunting For Web Security = Sanjib Sinha
13. Hands-On Bug Hunting For Pentesters = Joseph Marshall
14. The Basics of Hacking and Penetration Testing by Patrick Engebreston
15. Ethical Hacking and Penetration Test by Rafy Baloch
16. Hacking Exposed 7 Network Security
17. The Browser Hacker’s Handbook
18. Metasploit The Penetration Tester's Guide = David Kennedy
19. Penetration Testing: A Hands-On Introduction to Hacking = Georgia Weidman
20. Red Team Field Manual
21. Black Hat Python = Justin Seitz
22. Violent Python = TJ O'Connor
23. Hacking The Art of Exploitation = Jon Erickson
24. Google Hacking for Penetration Testers 3
25. Reversing: Secrets to reverse Engineering = Eldad Eilam
26. Bug Hunter's Diary = Tobias Klein
27. Gray Hat Hacking 5
28. Burp Suite Cookbook = Sunny Wear
29. Kali Linux Revealed
30. Nmap Essentials = David Shaw

[ Youtube Channels ] :
1. Nahamsec = https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw/videos
2. Ebrahim Hegazy =
https://www.youtube.com/user/Zigoo0/playlists
3. Ben Grewell =
https://www.youtube.com/channel/UC2Xz7OF80Ae3SU6uk4ERjZQ/playlists
4. Bugcrowd =
https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww/playlists
5. HackerOne = https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw
6. GynvaelEN =
https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg
7. HackerSploit =
https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
8. IppSec =
https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
9. John Hammond =
https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw
10. LiveOverflow =
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
11. Murmus CTF =
https://www.youtube.com/channel/UCUB9vOGEUpw7IKJRoR4PK-A
12. STÖK =
https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg
13. Null Byte =
https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g
14. Grant Collins = https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA
15. zseano =
https://www.youtube.com/channel/UCCUFgj-52_ryvpQUacylRpg/videos
16. Peter Yaworski =
https://www.youtube.com/user/yaworsk1/videos
17. Injection = https://www.youtube.com/channel/UC31jVeFdiPWsxMRqhXapRGQ/featured
18. Cyber Defenders =
https://www.youtube.com/channel/UCI6UPRiq8G0svT8NyrknNnA/playlists
19. Nakerah Network =
https://www.youtube.com/channel/UCvgMmTPBM7xRyxU07-cBpbg/playlists
20. SANS Pentest Training =
https://www.youtube.com/channel/UCP28F4uf9s2V1_SQwnJST_A/videos
21. Security Scope = https://www.youtube.com/watch?v=SP5MYNb4f38&list=PLVBPh7Xyv8CBNsrFNVTwSyBa3wx34C2k5
22. PwnFunction = https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
23. Ammon Henderson = https://www.youtube.com/channel/UCdrzJS1bfg9_utyJFQ_T35Q/playlists
24. Motasem Hamdan = https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/playlists
25. John Haddix = https://www.youtube.com/channel/UCk0f0svao7AKeK3RfiWxXEA/videos

[ Reconnaissance ] :
1. How To Do Your Reconnaissance = https://medium.com/bugbountywriteup/guide-to-basic-recon-bug-bounties-recon-728c5242a115
2. My Guide to Basic Recon = https://blog.securitybreached.org/2017/11/25/guide-to-basic-recon-for-bugbounty/
3. Shankar Bug Hunting Methodology (part 1) =
https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066
4. Shankar Bug Hunting Methodology (part 2) =
https://blog.usejournal.com/bug-hunting-methodology-part-2-5579dac06150
5. Recon — my way = https://medium.com/@ehsahil/recon-my-way-82b7e5f62e21
6. Holdswarth Penetration Testing Methodology (part 1) =
https://medium.com/dvlpr/penetration-testing-methodology-part-1-6-recon-9296c4d07c8a
7. Holdswarth Penetration Testing Methodology (part 2) =
YouTube
NahamSec
HACK THE PLANET!!

Hi! I'm NahamSec. I think everyone can be a hacker and I'm on a mission to prove that!
6.35K viewsedited  
ExploitHub
8. Wired = https://www.wired.com/category/threatlevel
9. Zdnet = https://www.zdnet.com/blog/security
10. Brain Kerbs = https://krebsonsecurity.com
11. Bruce Schneier = https://www.schneier.com
[ Conferences ] :
1. Black Hat = https://www.youtube.com/user/BlackHatOfficialYT
2. DEFCON = https://www.youtube.com/user/DEFCONConference
3. Adrian Crenshaw = https://www.youtube.com/user/irongeek
4. infocon (Hacking Conference Archive) = https://infocon.org/cons/

[ Github Repositories ] :
1. Book of Secret Knowledge = https://github.com/trimstray/the-book-of-secret-knowledge
2. Awesome Hacking = https://github.com/Hack-with-Github/Awesome-Hacking
3. Awesome Bug Bounty = https://github.com/djadmin/awesome-bug-bounty
4. Awesome Penetration Testing = https://github.com/wtsxDev/Penetration-Testing
5. Awesome Web Hacking = https://github.com/infoslack/awesome-web-hacking
6. Awesome Hacking Resources = https://github.com/vitalysim/Awesome-Hacking-Resources
7. Awesome Pentest = https://github.com/enaqx/awesome-pentest
8. Awesome Red Teaming = https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
9. Awesome Web Security = https://github.com/qazbnm456/awesome-web-security
10. Penetration Test Guide based on OWASP = https://github.com/Voorivex/pentest-guide
11. Pentest Compilation = https://github.com/adon90/pentest_compilation
12. Infosec Reference = https://github.com/rmusser01/Infosec_Reference

[ Cheat Sheets ] :
1. Pentest Cheat Sheets = https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
2. Linux Commands Cheat Sheet = https://highon.coffee/blog/linux-commands-cheat-sheet/
3. Nmap Cheat Sheet = https://medium.com/@infosecsanyam/nmap-cheat-sheet-nmap-scanning-types-scanning-commands-nse-scripts-868a7bd7f692
5.35K viewsedited  
ExploitHub
2. OWASP WebGoat Project = https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
3. OWASP Juice Shop Project = https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
4. Vulnhub = https://www.vulnhub.com
5. bWAAP = http://www.itsecgames.com
6. Metasploitable 2 = https://metasploit.help.rapid7.com/docs/metasploitable-2
7. HackTheBox = https://www.hackthebox.eu
8. AttackDefence = https://attackdefense.com
9. HackThisSite= https://www.hackthissite.org
10. Rootme = https://www.root-me.org/?lang=en
11. Enigmagroup Challenges = https://www.enigmagroup.org/pages/challenges
12. Hackxor = https://hackxor.net
13. Natas = http://overthewire.org/wargames/natas/
14. HackMe = https://hack.me/explore/

[ Talks (Bug Bounty) ] :
1. Bug Bounty Field Manual (Adam Bacchus) =
https://www.youtube.com/watch?v=aNyK1yVLLRI
2. Tales of a Bug Bounty Hunter (Arne Swinnen) =
https://www.youtube.com/watch?v=Ehq6ofUbslI
3. Doing Recon Like a Boss (Ben Sadeghipour) : https://www.youtube.com/watch?v=1Kg0_53ZEq8
4. Bug Bounty Hunters Lessons From Darth Vader = https://www.youtube.com/watch?v=DB42tvvJhHw
5. Attacking Modern Web Technologies (Frans Rosén) = https://www.youtube.com/watch?v=vRqcUS4CPFs
6. How to Win Over Security Teams and Gain Influence (Frans Rosén) = https://www.youtube.com/watch?v=Uyjkgsu-mrU
7. Bug Bounty Hunting Methodology V3 (Jason Haddix) = https://www.youtube.com/watch?v=Qw1nNPiH_Go
8. Bug Bounty Hunting Methodology V2 (Jason Haddix) =
https://www.youtube.com/watch?v=C4ZHAdI8o1w
9. How to Shot Web V2 (Jason Haddix) = https://www.youtube.com/watch?v=-FAjxUOKbdI
10. How to Differentiate Yourself as a Bug Hunter (Mathias Karlsson) = https://www.youtube.com/watch?v=WTH6f0R7uzo
11. Screw Becoming A Pentester I Want To Be A Bug Bounty Hunter! = https://www.youtube.com/watch?v=ceJG4k27dcQ
12. Hunting for Top Bounties (Nicolas Grégoire) = https://www.youtube.com/watch?v=mQjTgDuLsp4

[ Twitter ] :
1. # Tag's you should Follow :
#bugbounty #bugbountytip #bugbountytips #infosec
#togetherwehitharder
2. Security Researches List (Bugcrowd) = https://twitter.com/bugcrowd/lists/security-researchers
3. 5 Tips to Make the Most of Twitter as a Pentester or Bug Hunter = https://pentester.land/tips-n-tricks/2018/10/23/5-tips-to-make-the-most-of-twitter-as-a-pentester-or-bug-bounty-hunter.html

[ Courses/Certifications ($) ] :
1. SANS = https://www.sans.org/courses
2. Offensive Security = https://www.offensive-security.com/information-security-certifications/
3. ElearnSecurity = https://www.elearnsecurity.com/course/
4. Pentester Academy = https://www.pentesteracademy.com/topics
5. Hakin9 = https://hakin9.org/online-courses-2/

[ Linux Distributions ] :
1. Kali Linux = https://www.kali.org
2. Parrot = https://www.parrotsec.org
3. Blackarch = https://blackarch.org

[ Tools ] :
1. Research Tools (Bugcrowd) = https://forum.bugcrowd.com/t/researcher-resources-tools/167
2. Red Teaming Toolkit = https://github.com/infosecn1nja/Red-Teaming-Toolkit
3. 40 Best Penetration Testing Tools = https://www.guru99.com/top-5-penetration-testing-tools.html
4. Penetration Testing Tools Cheat Sheet = https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
5. A Good Pentesting Tools List = https://www.reddit.com/r/Pentesting/comments/9ondj5/a_good_pentesting_tools_list/
6. Awesome Hacking Tools = https://github.com/m4ll0k/Awesome-Hacking-Tools
7. Bugbountyforum Suggested tools= https://bugbountyforum.com/tools/
8. Web Penetration Testing Arsenal = https://pastebin.com/5mBudvMt
[ Bug Bounty Platforms ] :
1. Hacker1 = https://www.hackerone.com
2. Bugcrowd = https://www.bugcrowd.com
3. Synack = https://www.synack.com
4. Cobalt = https://cobalt.io
5. intigriti = https://www.intigriti.com

[ News Sites] :
1. The Hacker News = https://thehackernews.com
2. HackRead = https://www.hackread.com
3. Naked Security = https://nakedsecurity.sophos.com
4. bleepingcomputer = https://www.bleepingcomputer.com
5. CSO = https://www.csoonline.com
6. Threat Post = https://threatpost.com
7. Dark Reading = https://www.darkreading.com
Vulnhub
Vulnerable By Design ~ VulnHub
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
7.86K viewsedited  
ExploitHub
http://ghostlulz.com/api-hacking-graphql/
4.5K views
ExploitHub
https://hipotermia.pw/bb/http-desync-idor
hipotermia.pw
hipotermia - HTTP Request Smuggling + IDOR
A bug chain of HTTP Request Smuggling and an IDOR which allows to retrieve user sensitive data
4.96K views
ExploitHub
https://www.youtube.com/watch?v=Lus7aNf2xDg&feature=youtu.be
YouTube
How To Learn Hacking With CTFs
In this video I just want to explain how to approach CTFs for learning. It's not about solving challenges and not about winning.

CTFtime: https://ctftime.org/
What is CTF? An introduction to security Capture The Flag competitions: https://www.youtube.co…
3.76K views
ExploitHub
https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html
www.noob.ninja
Spilling Local Files via XXE When HTTP OOB Fails
REDIRECTING TO THE NEW BLOG ... Hello Everyone, Today I will be sharing a very interesting technique of exploiting an XXE which was d...
3.75K views
ExploitHub
HTTP Request Smuggling in one Screenshot.
3.94K views
ExploitHub
https://blog.zeddyu.info/2019/12/08/HTTP-Smuggling-en/
4.08K views
ExploitHub
Web Application Penetration Testing Course:

https://docs.google.com/document/d/101EsKlu41ICdeE7mEv189SS8wMtcdXfRtua0ClYjP1M/mobilebasic
5.35K views
ExploitHub
https://medium.com/@mohameddaher/how-i-paid-2-for-1054-xss-bug-20-chars-blind-xss-payloads-12d32760897b
Medium
How I paid 2$ for 1054$ XSS bug + 20 chars blind XSS payloads
Hey there :)
4.08K views
ExploitHub
Forwarded from ExploitHub [VIP]
WannaCry.EXE
3.4 MB
1.14K views
ExploitHub
Forwarded from ExploitHub [VIP]
How to bypass SMS verification of any website / service

Receive an SMS: https://receive-a-sms.com
SMS Receive free: https://smsreceivefree.com
Online SMS: https://sms-online.co
Receive SMS online: https://smsreceiveonline.com
Get a free SMS number: https://getfreesmsnumber.com
Receive SMS: http://sms-receive.net
Receive SMS Online.NET: https://www.receivesmsonline.net
Free SMS checks: www.freesmsverifications.com
7 SIM.NET: http://7sim.net
HS3X: http://hs3x.com
Receive free SMS: http://receivefreesms.com
Receive free SMS.NET: http://receivefreesms.net
Receive SMS Online.IN: http://receivesmsonline.in
Receive SMS online: https://receive-sms-online.com
See SMS: https://www.smsver.com
Groovl: https://www.groovl.com
SMS.SELLAITE: http://sms.sellaite.com
Send SMS now: http://www.sendsmsnow.com
Receive SMS online.EU: http://receivesmsonline.eu
Proovl: https://www.proovl.com/numbers
Anon SMS: https://anon-sms.com
Hide my numbers: http://hidemynumbers.com
Pinger: https://www.pinger.com
Free online phone: https://www.freeonlinephone.org
5SIM: https://5sim.net
SkyCallbd free virtual number: http://www.freevirtu...r.skycallbd.com
Capture SMS: https://catchsms.com
SMS Get: http://smsget.net
1S2U: https://1s2u.com
Receive SMS: http://getsms.org
Vritty: https://virtty.com
Text anywhere: http://www.textanywhere.net
Receive SMS online.ME: http://receivesmsonline.me
Temporary emails: https://www.temp-mails.com
Purchase virtual number: http://www.virtualnumberbuy.com
Free Receive SMS online: http://freereceivesmsonline.com
NDTAN SMS: https://sms.ndtan.net
SMS Listen: https://smslisten.com
Free virtual SMS number: https://freevirtualsmsnumber.com
SMS Tibo: https://smstibo.com
Receive SMS number: https://receivesmsnumber.com
Free SMS code: https://freesmscode.com
Online SMS numbers: https://smsnumbersonline.com
SMS reception: https://smsreceiving.com
Trash Mobile https://es.mytrashmobile.com/numeros
Receiveasms
Receive SMS Online
* { margin: 0; padding: 0; } ul { margin: 0 auto; text-align: center; list-style-type: none; } .li { display: inline-block; vertical-align: top; margin: 10...
1.09K views
ExploitHub
http://ghostlulz.com/api-hacking-graphql
4.13K viewsedited  
ExploitHub
https://medium.com/@5rvl0c4lr00t/the-experience-of-hackquest-iv-6f5d2ce29d3
Medium
The experience of TCS HackQuest 4.0
I learned a lot with this TCS HackQuest Contest. I wish to recommend my juniors to join the upcoming #TCSHackQuestV. You feel a really…
4.52K views
ExploitHub
https://medium.com/@pflash0x0punk/ssrf-via-ffmpeg-hls-processing-a04e0288a8c5
Medium
SSRF via FFmpeg HLS processing
What is FFmpeg ?
4.71K views
ExploitHub
https://medium.com/@onehackman/cross-site-request-forgery-techniques-19270174ea4
Medium
Cross Site Request Forgery: Techniques
In my last post on CSRF I discussed the basics of the attack and offered, what I think is, a great analogy for anyone who has a tough time…
5.25K views
ExploitHub
https://medium.com/bug-bounty-hunting/beginner-tips-to-own-boxes-at-hackthebox-9ae3fec92a96
Medium
Beginner Tips to Own Boxes at HacktheBox !
Hack The Box tips and tricks for absolute beginners .
5.21K views
ExploitHub
https://medium.com/cyberverse/automating-burp-to-find-idors-2b3dbe9fa0b8
Medium
Automating BURP to find IDORs
Hello hunters, In this blog, I will help you setup-up Autozie and Autorepeater to find IDORs with the help of Burp Suite.
4.38K views