Aman Mahendra

A blog on web application security.

Search This Blog

Ethical Hacking Resource

October 20, 2017

Book’s:

Tangle Web Security Guide

Web Hacking 101

The Basics of Web Hacking: Tools and Techniques to Attack the Web

Learning Pentesting Android Devices

Android Hacker’s Handbook

Learning IOS Pentesting

Practical IOT Security

Burp Suite Tool Attack Approach

Essential of Burp Suite

Browser Plugin’s :

Chrome : http://resources.infosecinstitute.com/19-extensions-to-turn-google-chrome-into-penetration-testing-tool/
Firefox : http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/

Tool’s:

https://bugbountyforum.com/tools/
https://forum.bugcrowd.com/t/researcher-resources-tools/167

Bug Bounty References:

https://github.com/ngalongc/bug-bounty-reference
https://github.com/Hack-with-Github/Awesome-Hacking

Payload’s:

fuzzdb — https://github.com/fuzzdb-project/fuzzdb
SecLists — https://github.com/danielmiessler/SecLists
NickSanzotta — https://github.com/NickSanzotta/BurpIntruder
shadsidd — https://github.com/shadsidd
shikari1337 — https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/
7ioSecurity — https://github.com/7ioSecurity/XSS-Payloads
xmendez — https://github.com/xmendez/wfuzz
minimaxir — https://github.com/minimaxir/big-list-of-naughty-strings
xsscx — https://github.com/xsscx/Commodity-Injection-Signatures
TheRook — https://github.com/TheRook/subbrute

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Comments

Laura Bush21 December 2020 at 12:52
This information is meaningful and magnificent which you have shared here about the best ethical experts. I am impressed by the details that you have shared in this post and It reveals how nicely you understand this subject. I would like to thanks for sharing this article here.Best Computer Hacking Services
ReplyDelete
Replies
christian bush1 May 2021 at 14:25
This is excellent information which is shared by you. This information is meaningful and magnificent for us to increase our knowledge about it. Keep sharing this kind of information. Thank you. Hire Hacker For Email Password
ReplyDelete
Replies
Weston Parker1 June 2021 at 15:36
Thanks for publishing such great information. You are doing such a great job. This information is very helpful for everyone. Keep it up. Thanks. Hire A Social Media Hacker
ReplyDelete
Replies

Add comment

Getting started with Bug Bounty!

July 03, 2019

Hey, Guys Hope you all are doing well. I started my journey in bug bounties around 1.5 years ago, and I am thankful to all the members of security community who share their knowledge to the community. I have learned a lot of things from them and I am still learning new things daily from fellow hackers, hacking is a continuous process and ultimately reflects a state of mind. I have received a lot of messages from people's asking me how to start, where to start in bug bounties. So I have decided to write a blog which contain as much information which helps for beginners. Quote- "Hacking is a lifelong Journey of Learning " Table of Content Introduction Reading Practicing Connect with community Ask Questions Motivation Certifications Conclusion Introduction What is bug bounty? To get a basic understanding of the role, the name itself is quite self-explanatory. A bug bounty hunter looks for bugs in applications and platforms, which they later

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

3 comments

10 Rules of Bug Bounty

October 20, 2017

1.Targeting the Bug Bounty Program How long you target the program ? If the Answer is Just Few Hour’s or a night, Then That’s where you are doing wrong .Bug Hunting is Matter of Skill’s and Luck .Spending just few hours on program’s could be waste Because those bugs are mostly reported.You May end up getting depressed by duplicates , would suggest to at least choose any program Spend a week on it . Big Bug’s Takes time. Take your time to understand the Functionality of the application. keep writing notes and track of Suspicious endpoint’s. Because you’re not going to earn much for known issue unless you’re very early to report. If you find out about a public program after 10/12 hours of its launching. Don’t waste your time looking for known issues or low hanging fruit .Just take a deep dive into the application. 2. How do you Approach the Target ? If Answer is Just by Signing up at Target , Checking For Vulnerabilities like CSRF, XSS,Subdomain’s etc , Then This Cou

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

How I got access to Fastly account of dev.to

August 31, 2018

Hey Mates, Hope you all are Good, This is my first write-up about how i gain access to a company's( dev.to ) fastly account. One Day I got email that dev.to is going to open source on Github . Previously I've found a critical account takeover bug in dev.to via stored XSS and get rewarded(Write-up later), Since I have account in dev.to that's why I receive this mail. Now Let's get started. Email From dev.to Now I was damn sure that there is something that the developer's missed while making dev.to project open source in Github , first i visited their Github project at https://github.com/thepracticaldev and start searching manually for secret key's, private key's and Api key's, When searching for Api key I encountered with cache_buster.rb which is leaking the fastly Api key like this. with( headers: { " Fastly-Key " => "k 15177t3dctdg27138b03c737688c 84g " }) Dont't waste your t