🚀 Learning Resources 📚✨

Before exploring resources, take a look at this image to understand how to approach learning:

View Image

🔍 Learn Vulnerabilities

• https://exploit-notes.hdks.org/
• https://www.bugbountyhunting.com/
• https://github.com/imran-parray/Mind-Maps (🔍Mindmap)
• https://cqr.company/?s=idor
• https://dsopas.github.io/MindAPI/references/
• https://dsopas.github.io/MindAPI/play/
• https://notes.defendergb.org/web-sec/vuln/
• https://github.com/coderahsan/HowToHunt
• https://www.acunetix.com/vulnerabilities/web/
• https://github.com/Az0x7/vulnerability-Checklist
• https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/red-offensive/web-app-hacking
• https://0xffsec.com/handbook/web-applications/
• https://gist.github.com/ruevaughn/a6da987379f5593d0ab4a878fe1b6baf
• https://github.com/devanshbatham/Awesome-Bugbounty-Writeups/tree/master
• https://kathan19.gitbook.io/howtohunt/
• https://gabb4r.gitbook.io/oscp-notes/web-http/automated-scanners
• https://www.ired.team/
• https://github.com/HolyBugx/HolyTips/tree/main/Resources
• https://gist.github.com/ruevaughn/a883544145eed08241328f86d901ab98
• https://github.com/qazbnm456/awesome-web-security
• https://bitvijays.github.io/LFC-VulnerableMachines.html
• https://hacktricks.boitatech.com.br/pentesting-web/web-vulnerabilities-methodology
• https://highon.coffee/blog/lfi-cheat-sheet/
• https://notes.defendergb.org/web-sec/vuln/
• https://github.com/swisskyrepo/PayloadsAllTheThings/
• https://book.hacktricks.xyz/pentesting-web/web-vulnerabilities-methodology
• https://www.network-sec.de/
• https://practicalbugbounty.com
• https://offsec.tools/
• https://blog.detectify.com/
• https://workbook.securityboat.in/resources/web-app-pentest/
• https://0xn3va.gitbook.io/projects/ (cheat sheet)
• https://salmonsec.com/cheatsheethome (cheet sheet)
• https://apps.burpsuite.guide/ (FOR : burp extention)
• https://github.com/snoopysecurity/awesome-burp-extensions (collection of burp ext)
• https://github.com/00xtrace/BugBounty (Books , cheetsheet , private programs , checklist )

📝 Writeups

• https://github.com/devanshbatham/Awesome-Bugbounty-Writeups/tree/master
• https://pentester.land/writeups/
• https://blog.detectify.com/ (awesome blog)
• https://cqr.company/?s=idor

🔎 Recon

• https://www.youtube.com/watch?v=p4JgIu1mceI
• https://www.youtube.com/watch?v=SYExiynPEKM
• https://www.youtube.com/watch?v=IbdEoocfEmE
• https://docs.google.com/presentation/d/1AA0gX2-SI_9ErTkBhtW0b-5BH70-1B1X/edit#slide=id.p9

🛠️ The Bug Hunter’s Methodology

• https://www.youtube.com/watch?v=HmDY7w8AbR4
• https://github.com/imran-parray/Mind-Maps (Mindmap for each vulnerability)
• https://github.com/0xmaximus/Galaxy-Bugbounty-Checklist
• https://gist.github.com/OTaKuHP/b7748a04caa8145f6795b498302cec4e
• https://github.com/Ignitetechnologies/Mindmap/tree/main
• https://xmind.app/m/cKAVyk/

🏋️ Practice

• https://ringzer0ctf.com/ FREE With elite hacker certificate (must try this 🔥)
• https://www.root-me.org/?lang=en FREE (Web)
• https://www.offsec.com/labs/individual/ FREE (Web)
• https://portswigger.net/ FREE (Web)
• https://www.vulnhub.com/ FREE (Web)
• https://overthewire.org/wargames/ FREE (Web)
• https://labs.hackxpert.com/ FREE (Web)
• https://app.letsdefend.io/training FREE (Web)
• https://echoctf.red/ FREE (Web)
• https://authlab.digi.ninja/ FREE (Web)
• https://promptriddle.com/ FREE (Web)
• https://247ctf.com/dashboard FREE (Web)
• https://ctflearn.com/challenge/1/browse FREE (Web)
• https://w3challs.com/challenges/list/web FREE (Web)
• https://crackmes.one/ FREE (for reverse engineering )
• https://cryptohack.org/challenges/ FREE (for Cryptography )
• https://www.hacker101.com/ FREE (Web)
• https://www.hackthissite.org/ FREE (Web)
• https://picoctf.org/ FREE (Web)
• https://pwnable.xyz/challenges/ FREE (Web)
• https://www.hackinghub.io/ FREE (web)
• https://www.bugbountyhunter.com/ (WEB)
• https://github.com/CSPF-Founder/JavaVulnerableLab (java vulnearable lab )
• https://github.com/CSPF-Founder/JavaSecurityCourse (java security free course for web realted vuln like : xss , idor , injection , bac , csrf)
• https://webhacking.kr/chall.php FREE
• http://websec.fr/ FREE
• http://suninatas.com/challenges/web FREE
• https://promptriddle.com/ FREE (Fun prompt based riddle)
• https://pwn.xmcve.com/ FREE (binary exploitaion )
• http://reversing.kr/index.php FREE (reverse eng)
• https://www.vulnhub.com/ FREE (vm based pentesting platform )
• https://pwn.tn/ FREE
• https://hbh.sh/authentication FREE
• https://enigmes-a-thematiques.fr/front/categorie/7
• https://www.hackthebox.com/ PAID
• https://tryhackme.com/login PAID

🔍 Want to use VPS for bug bounty? Use my referral link for $200 credit on Digital Ocean VPS! 🚀

👇👇👇👇