1
Watch
1
Star
1
Fork
0
Issue

List of resources for hacking and bug bounties

1
nullsc
nullsc
pushedAt 1 month ago

nullsc/Hacking-List

Hacking Tutorials

https://www.bugcrowd.com/hackers/bugcrowd-university/

https://www.hacker101.com/videos

https://securitylab.github.com/research/fuzzing-sockets-FTP

https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/

Kali Linux

https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf

https://0x00sec.org/t/how-to-become-a-hacker-from-scratch-full-guide/13278

https://www.cybrary.it/

http://www.fuzzysecurity.com/tutorials.html

Web Security

XSS

XSS Tutorial - https://excess-xss.com/

Angular Vectors - https://www.openbugbounty.org/blog/miguelsantareno/cross-site-script-angular-payloads/

XSS Vector List - https://github.com/nullsc/Hacking-List/blob/master/XSS/Vectors

SQL Injection

https://www.owasp.org/index.php/SQL_Injection

https://www.owasp.org/index.php/Blind_SQL_Injection

https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF

https://www.owasp.org/index.php/Reviewing_Code_for_SQL_Injection

https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html

https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html

https://github.com/payloadbox/sql-injection-payload-list

https://www.acunetix.com/blog/articles/exploiting-sql-injection-example

General

OWASP Pentesting checklist - https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Web_Application_Penetration_Checklist_v1_1.pdf

Videos

Ethical Hacking Full Course - Learn Ethical Hacking in 10 Hours - https://www.youtube.com/watch?v=dz7Ntp7KQGA

Kali Linux Tutorial - https://www.youtube.com/watch?v=lZAoFs75_cs

Linux Tutorials - http://linux-training.be/

Full Ethical Hacking Course - Network Penetration Testing for Beginners - https://www.youtube.com/watch?v=3Kq1MIfTWCE

CEHv10 Complete Video Course - https://www.youtube.com/watch?v=jHKcX6hUKOs

Web Application Hacking - https://www.youtube.com/watch?v=X4eRbHgRawI

Youtube Channels

LiveOverflow - https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w

STOK - https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg

Bugcrowd - https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww

Nahamsec - https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw

IppSec - https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

Mobile Hacking

Android Kernel Exploitation - https://cloudfuzz.github.io/android-kernel-exploitation/

Reverse Engineering

https://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf

System Administration

https://devblogs.microsoft.com/scripting/table-of-basic-powershell-commands/

Networking

Comptia Network+ Guide https://docs.google.com/document/d/19_ym7Q3eFi0IDOf-3WOG1fQ0HyDRS8pDQ28J1q35daI/edit

Blue Team

Wireshark - https://www.malware-traffic-analysis.net/

Practise

Sites (CTF)

https://hackthebox.eu

http://vulnhub.com/

https://www.hackthissite.org/

http://crackme.cenzic.com/kelev/view/home.php

http://demo.testfire.net/

http://zero.webappsecurity.com/

https://www.vulnerablewebapps.org/

http://www.itsecgames.com/

http://hackyourselffirst.troyhunt.com/

https://public-firing-range.appspot.com/

https://tryhackme.com/

https://www.pentestit.ru/

https://picoctf.org/

Applications

https://github.com/stephenbradshaw/vulnserver

Simple vulnerable server - https://github.com/ins1gn1a/VulnServer-Linux

SSRF - https://github.com/incredibleindishell/SSRF_Vulnerable_Lab

SSTI - https://github.com/DiogoMRSilva/websitesVulnerableToSSTI

XXE - https://github.com/TheTwitchy/vulnd_xxe

DVWA - http://www.dvwa.co.uk/

https://github.com/s4n7h0/xvwa

https://github.com/webpwnized/mutillidae

Free Books and Learning Resources

Security

https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-857-network-and-computer-security-spring-2014/

Programming

https://www.w3schools.com

https://www.learncpp.com

http://www.cplusplus.com/doc/tutorial/

https://www.tutorialspoint.com/python/index.htm

Misc collection - https://books.goalkicker.com

https://teachyourselfcs.com/

Data Science

https://docs.google.com/document/d/12l0qN5XnhRfGipICMqdc3pIPZRS-r5dQjpl1VnI-L1I/edit

Web Application Security Tools

https://github.com/EnableSecurity/wafw00f

Domain Enumerator - https://github.com/aboul3la/Sublist3r

File Uploader - https://github.com/almandin/fuxploider

Fuzzers

https://github.com/google/AFL

https://github.com/google/clusterfuzz

Fuzzer - https://github.com/1N3/BlackWidow

https://github.com/googleprojectzero/domato

https://github.com/xmendez/wfuzz

XSS Tools

https://github.com/menkrep1337/XSSCon

Dorks

Google boolean guide - https://ahrefs.com/blog/google-advanced-search-operators/

XSS - https://github.com/nu11secur1ty/nu11secur1ty/blob/master/XSS%20Dorks/XSS%20Dorks.md

Dork scanner - https://github.com/m3n0sd0n4ld/uDork

Bug bounty Platforms

http://openbugbounty.org/

https://bugcrowd.com/

https://www.hackerone.com/

https://www.yeswehack.com/

https://www.intigriti.com/

Exploit Sites

https://www.exploit-db.com/

https://www.vulnerability-lab.com/

Programming & Web Dev

General - https://www.tutorialspoint.com/

Powershell - https://mva.microsoft.com/

Misc

Report writing - https://blog.cobalt.io/how-to-write-a-great-vulnerability-report-ab8654c6290c

Misc - https://packetstormsecurity.com/

http://www.securitytube.net/

SSH Client - https://www.chiark.greenend.org.uk/~sgtatham/putty/

Bug Bounty Writeups - https://paper.seebug.org/802/

https://github.com/trimstray/the-book-of-secret-knowledge

#hacking #security #pentesting #redteam #bugbounty #hack #awesomehacking #cyber

ucloud ads