No one will tell you anything or everything about this field, It's a long strange path but you have to travel it alone with little help from others.

Bug Bounty Hunting is an exciting field to be in today, To define Bug Bounty in simple wording I'll day "Bug Bounty is a reward paid to an Ethical Hacker for identifying and disclosing a potential security bug found in a participant's Web, Mobile or System.". But I hope as you're here already you know enough about bug bounty hunting that I don't need to define it to get into the usual basics.

As Mentioned In This Article One of The Most Important Thing You Need to Have If You want Become a Hacker is Attitude!

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.If you revere competence, you'll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

What You Should Know Before Starting to learn about Bug Bounty Hunting?

I'll be writing this blog in 3 Major Phases were I'll break down things to be as easy as possible because the major audience in my mind right now is absolute beginners or ones who have already tried learning or working but failed for some reason…

Phase #01

• Phase 01 is Based on Basics of Networks communication stuff, Programming & Automation.

Well first of all to work on anything you need to know some very basic thing, that includes how a system works and how can you can make changes to it. Now let's start from very basics…

Web, HTTP & Network Basics:

Web: Just for the overview, you should give a read to one of these

http://www.alphadevx.com/a/7-The-Basics-of-Web-Technologies

http://www.cs.kent.edu/~svirdi/Ebook/wdp/ch01.pdf

HTTP: Communication is the key to success thus in order to learn something works on in our case how an application works and what it's flow is we need to learn how it communicates with you. and the Most basic thing I can think of is knowing about HTTP. Mentioning a few places you should definitely visit to get an idea about HTTP.

hat You'll basically learn from these is about HTTP Protocols, HTTP Requests, Response, Status Codes, Encoding/Decoding, and From the last URL you'll get to learn it under security perspective so you'll get to learn SOP, Cookie, MIEM & HTML Pharising. These will definitely help you later with Web app testing and stuff.

Networking: A basic understanding of networking is important for anyone who's into a computer. So a few resources to learn the basics of Networking.

https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols

Linux Commands:

What You'll learn from these are basics of Networking, TCP/ID, DNS, Network terminologies & Linux commands, etc. These will definitely help you later with Recon Process.

Learn to make it; then break it!

Programming/Coding:

To be a Good Hacker you don't really need to be a Good Programmer but it's always good to cover this before going in Any form of Computer Hacking or Bug Bounty in general. Also Sometimes It increases your chances of successfully identifying and exploiting a vulnerability and also you may need code to escalate a bug with a low/medium severity to high/critical. I personally suffered for two years in bug bounties because in many cases I couldn't really understand what the particular code means, couldn't exploit an issue properly, or couldn't even code in general, and I'm, still trying my best to catch up to speed so I'll suggest you guys not to skip these parts and go directly towards Bug Bounties. Now I'll suggest a few languages that one should properly have basic to medium level knowledge about and keep advancing it.

HTML:

https://htmldog.com/guides/html/advanced/

PHP:

JavaScript:

SQL(Structured Query Language):

C/C++

Java:

What You'll learn from them is not just Programming languages but the proper way of web and systems to communicate that you gonna test, I'm no expert or even a starter I'm just a learner in Programming so sharing the resources I'm currently following. Like you know XSS, HTML injections, PHP Injections, SQLi, etc, and Many other vulnerabilities you can't exploit properly unless you know the code that runs behind and knows exactly how to communicate so that's why is learning them are important to get a good start.

Adding Automation to your work:

"Never send a human to do a machine's job"

Well As you know sometimes you need to do your work faster and more efficiently so the best way I think for it is Automating your work not gonna get too much into depth of it as it's something I myself is just getting familiar about.. so You can read more about Importance of Automation for a Bug Bounty Hunter at https://pentester.land/conference-notes/2018/07/25/bug-bounty-talks-2017-automation-for-bug-hunters.html I'll just share here my notes for what languages I'm following and looking forward to being good at.

Python:

Bash:

Ruby:

Golang:

What you'll learn from these is to code your own tools and understand many other common tools and modify them according to your needs. Ofc one can't learn all these but should try to get grip on one he likes and get to understand others.

So Till Here I'll say you already knew all the basics, was good around PHP, JS & HTML stuff & also was good around Scripting & SQL or maybe learned a bit or these and gave it a good time I'll say a few weeks maybe… Then Congrats you have already gone through Phase #01 This means that You have done 39% Off Learning Work towards being a good Bug Hunter/ Ethical Hacker. Just keep a practicing I myself is still learning this phase because 4 years ago when I started I skipped this part for no reason and then had to see many things differently so I hope you guys won't have an issue if you go through the First Phase easily.

Phase #02

• Phase 02 is Based on Learning about Vulnerabilities, Resources to follow to learn them, Places to practice & Tools etc.

"Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation."

Now let's start with the basic learning about InfoSec the first and really most important step would be to choose a proper initial path that you are going to start learning. Choosing the right path to start in Bug Bounty is very important. It totally depends upon your interest, like some people choose Web Application path first coz it's easy to learn and go through than mobile and others… (Some of the resources are moved here from my old blog that's I'm going to remove but these are updated and properly arranged by my experience)

I'll focus on Web, & Mobile Here coz this is what my interest is.

Before I add anything else I'll suggest You to actually go through

Hacker101 By HackerOne https://www.hacker101.com/ And Bugcrowd University https://www.bugcrowd.com/hackers/bugcrowd-university/

Both of these contain a Huge list of resources and lectures that can help you in even a better way than many of us can't but as you guys are following this as well so I decided to add them here also.

Web App Security:

Before I Suggest you what to Learn first if you follow my suggested path l'll like to tell you some ways you can practice your skills..

CTF(Capture The Flag): Now to practice for Bug Bounties you can participate in CTF challenges. Just like the name suggests "Capture The Flag" there are several challenges for you to solve which deals with real-world vulnerabilities. The more you practice on these challenges the more you will learn about the different technologies required to break into an application or a system.

For Web App, I'll suggest you guys read the following books & guides first

https://www.amazon.com/Tangled-Web-Securing-Modern-Applications-ebook/dp/B006FZ3UNI/

Reading these books you will get good knowledge about Web App Penetration testing & Security testing in general and in-depth.

Reading these books you will get good knowledge about Web App Penetration testing & Security testing in general and in-depth.

In addition to these books, I'll suggest you guys should really give good time reading and understanding OWASP Testing Guide & OWASP Top 10 Vulnerabilities from 2010–2017

OWASP Testing project:

OWASP Top 10 Project:

https://owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

Adding a Few basic Pdfs for you guys to go through and save locally to you can keep it revised and keep learning from them. I'll say they gonna help you almost a hundred percent of the time. So do give these a good time

Kali Linux Revealed https://docs.kali.org/pdf/kali-book-en.pdf

Nmap Cheat Sheet : https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf

Now by this point, I'll say You have done Good enough research and given good time to practice and learn that you can jump into a Bug Bounty Program to test in real-life environment outside CTF, or test environments. So you can happily jump to the pages at

https://bugcrowd.com/programs

https://hackerone.com/directory

PentesterLab There's only one way to properly learn web penetration testing: by getting your hands dirty. PentesterLab teaches how to manually find and exploit vulnerabilities and is a good resource to learn and practice all at once.

Pentester Academy

Another Great resource to practice using online labs and learn, they also provide certifications.

And Select a Program But I'll suggest you read till the end.

Following all of them books, testing guides you might have an idea of vulnerabilities so i'll name a few common ones and try to give good reference to learn them easily.

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

References to read:

Some POCs:

by Hassan Khan

by Yasser Ali

by vijay kumar

by phwd

by @aaditya_purani

• by Ron Chan

by Jack Whitton

Cross-Site Scripting (XSS)

XSS enables attackers to inject client-side scripts into web pages viewed by other users.

References to read:

Some POCs:

• AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2 by geekboy

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) by Marin MoulinierFollow

Insecure Direct Object Reference (IDOR)

In IDOR an application provides direct access to objects based on the user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly.

References to read:

Some POCs:

by Raja Sekar Durairaj

by phwd

Subdomain Takeover

A process of registering a non-existing domain name to gain control over another domain.

References to read:

Server Side Request Forgery (SSRF)

by SSRF the attacker can abuse functionality on the server to read or update internal resources.

References to read:

So these were some common issues that one should get a grip on and learn more and more about Following is a list of some Attacks Topics that You Should do some research and read the Blogs/reports on them.

SQL Injection Attack Hibernate Query Language Injection Direct OS Code Injection XML Entity Injection Broken Authentication and Session Management Cross-Site Scripting (XSS) Insecure Direct Object References Missing Function Level Access Control Cross-Site Request Forgery (CSRF) Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards ClickJacking Attacks DNS Cache Poisoning Symlinking Remote Code Execution Attacks Remote File inclusion Local file inclusion Denial oF Service Attack PHPwn NAT Pinning XSHM HTTP Parameter Pollution Tabnabbing LDAP injection Log Injection Path Traversal Reflected DOM Injection Repudiation Attack Resource Injection Server-Side Includes (SSI) Injection Session fixation Session hijacking attack Session Prediction Setting Manipulation Special Element Injection SMTP injection Traffic flood XPATH Injection

BLOGS! You should read. Lets get towards Blogs! There are plenty of blogs Shared by Hackers on daily basis that you can read to learn more and more…

https://blog.it-securityguard.com/ https://blog.innerht.ml/ http://brutelogic.com.br/blog/ https://klikki.fi/ http://philippeharewood.com/ https://seanmelia.wordpress.com/ https://respectxss.blogspot.com/ https://www.gracefulsecurity.com/ https://whitton.io/ https://tisiphone.net/ http://archive.nahamsec.com/ https://www.hackerscreed.org/ http://danlec.com/blog https://wehackpeople.tumblr.com/ https://bitquark.co.uk/blog/ https://www.arneswinnen.net/ http://bugbountypoc.com/ https://medium.com/@arbazhussain/ http://www.shawarkhan.com/ https://blog.detectify.com/ http://www.rafayhackingarticles.net/… https://forum.bugcrowd.com/ https://securitywall.co/ https://www.hackerone.com/blog http://www.securitytube.net/ https://hackasia.org/ http://www.gangte.net/ https://mukarramkhalid.com/ https://securitytraning.com/ https://jubaeralnaziwhitehat.wordpress.com/… http://hackaday.com/ http://www.securityfocus.com/ https://packetstormsecurity.com/ http://www.blackhat.com/ https://www.metasploit.com/ http://sectools.org/ https://labs.detectify.com/ https://blog.rubidus.com/ http://www.securityidiots.com/ https://hackernoon.com/ https://sqli-basic.blogspot.com/ https://bugbaba.blogspot.in/ https://vulnerability-lab.com/ https://medium.com/@know.0nix/ https://medium.com/@codingkarma/

These are some Of the Websites That I like to Visit regularly to b updated and Read Their Articles………. There are Plenty of Other Blogs, Websites That are Missing from This List so be sure to add them In comments.

Tools! You should try out. dnscan https://github.com/rbsec/dnscan Knockpy https://github.com/guelfoweb/knock Sublist3r https://github.com/aboul3la/Sublist3r massdns https://github.com/blechschmidt/massdns nmap https://nmap.org masscan https://github.com/robertdavidgraham/masscan EyeWitness https://github.com/ChrisTruncer/EyeWitness DirBuster https://sourceforge.net/projects/dirbuster/ dirsearch https://github.com/maurosoria/dirsearch Gitrob https://github.com/michenriksen/gitrob git-secrets https://github.com/awslabs/git-secrets sandcastle https://github.com/yasinS/sandcastle bucket_finder https://digi.ninja/projects/bucket_finder.php GoogD0rker https://github.com/ZephrFish/GoogD0rker/ Wayback Machine https://web.archive.org waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/ XRay https://github.com/evilsocket/xray wfuzz https://github.com/xmendez/wfuzz/ patator https://github.com/lanjelot/patator datasploit https://github.com/DataSploit/datasploit hydra https://github.com/vanhauser-thc/thc-hydra changeme https://github.com/ztgrace/changeme MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/ Apktool https://github.com/iBotPeaches/Apktool dex2jar https://sourceforge.net/projects/dex2jar/ sqlmap http://sqlmap.org/ oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ XXE Injector https://github.com/enjoiz/XXEinjector The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool

Playing with JSON Web Tokens for Fun and Profit ground-control https://github.com/jobertabma/ground-control ssrfDetector https://github.com/JacobReynolds/ssrfDetector LFISuit https://github.com/D35m0nd142/LFISuite GitTools https://github.com/internetwache/GitTools dvcs-ripper https://github.com/kost/dvcs-ripper tko-subs https://github.com/anshumanbh/tko-subs HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web ysoserial https://github.com/GoSecure/ysoserial PHPGGC https://github.com/ambionics/phpggc CORStest https://github.com/RUB-NDS/CORStest retire-js https://github.com/RetireJS/retire.js getsploit https://github.com/vulnersCom/getsploit Findsploit https://github.com/1N3/Findsploit bfac https://github.com/mazen160/bfac WPScan https://wpscan.org/ CMSMap https://github.com/Dionach/CMSmap Amass https://github.com/OWASP/Amass

Any Import Tool Missing Add in comments…

This was as much as I can think about sharing with you guys related to Web app Security in tools and vulns i have added a few things about mobile apps but the following sections contain some references you should definitely go through if you gonna join the mobile app security gang as well.

Phase #03

Phase 03 is All about Selecting a target, getting started to test and after finishing testing writing a good report about the issue you have found.

Hey so Now the Final Phase I have in my mind is for People who have gone through all the good important stuff and now are testing.. so I'll like to give my advice about a few things and then will sum up this blog.

Selecting and Approaching a Target?

One of the most important things in Bug bounty Hunting is to Select a target that you're going to test. This basically depends on one's mood, experience, and skills one can take a look at a target with a huge scope having 4–5 websites will all subdomains in-scope and a few mobile apps and test start testing them or just one domain & one app with a good app having a lot of features to test.

One can go to https://bugcrowd.com/programs or https://hackerone.com/directory and look for a program accordingly or either individual programs like Google, Facebook, or eBay.

Approaching a target to Hunt is an easy task you just need to be careful with what you're doing it all depends on you.. for me, I usually do recon at first by going through domain history, links, IPs, & Wayback Info of the site. Don't forget to keep notes of everything you do, now basically after the basic recon process that I used tools and stuff for or somethings have to done manual. I start hunting, I take a particular functionality/workflow in the application and start digging deep into it. I do look for low hanging fruits or surface bugs. There is no point focussing your efforts on those but keeping track of them is really helpful. I Observe this workflow/requests via a proxy tool such as Burp or Zap. Burp is actually the only tool I use for web or android app pentesting I mainly. Create multiple accounts because I want to test the functions being sent from one user to another. If you haven't been provided multiple accounts, ask for it. To date, I have not been refused a second account whenever I have asked for it. or sometimes create them easily. Just work with the app flow and keep testing look for weird behaviors of the app try changing things in them but remember finding an app working weirdly isn't necessarily means you have found a bug worth reporting but I would suggest you to keep digging and try to actually find a basic security impact of that… then I usually go for major listed security vulnerabilities I use the methods to achieve them nothing much special just all depends on an app you can't find a PHP code injection in a static web lol so that's why I usually give good time on learning the web flow. for this, I go got reading API docs and stuff. After spending a few hours on this stuff, if I can't get anything on a particular point of the app I usually stop and move on. Getting hung up on something is the biggest motivation killer but that doesn't mean I gave up. I do get back to it later if something else comes up. That's why I always make notes and save them for later use.

That's basically all I do lol looks basic and easy but for me, it's hell time spent…

Reporting a Vulnerability?

So I'll say after all this effort you have put into learning, practicing, & actually successfully finding a vulnerability, writing a report will be one of the most difficult tasks. Because one mistake can make the team reviewing them annoyed or maybe increase their workflow. for me Writing a simple but effective report with proper headings and giving as many details as possible with POC images or videos can actually make your work fun and the teams work easy. to write a report I follow these guides.

WRITING SUCCESSFUL BUG SUBMISSIONS — BUG BOUNTY HUNTER METHODOLOGY

Writing a good and detailed vulnerability report

Well, I guess this is where I'll end this blog and I hope these resources I'm sharing here help answer the questions I basically get in my DMs about teaching them. I myself is a student right now and learning is a huge part of my life also, I consider myself a beginner, and sharing this is basically a way for me to learn more. As Mentioned before this Guide is basically for people who are absolutely new or are still looking for a proper way about what to learn first and from where.

Ending Note!

Being a security researcher, it is really tough to keep yourself up to date. I'd ask the beginners to focus on self-study and learn things by themselves as everything is possible all you need is the passion of taking a step after that you can achieve anything. Nothing is impossible to achieve. All I achieved was by doing self-study and self-motivation and without any certifications and I'm still learning and trying my best to share what I can so others can also learn something.

You are never a perfect person, but you are still better than the rest of the people.

For a Bug Bounty Hunter & Cybersecurity Researcher, all it takes is the passion to achieve something. I hope this article helped you motivate me to take a positive step in life. Well, thanks for reading that's All I Can Share With you Guys For Now I'll Make sure to Keep this Article Updated for More People to read.