This is the code repository for Hands-On Bug Hunting for Penetration Testers, published by Packt.
A practical guide to help ethical hackers discover web application security flaws
Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.
This book covers the following exciting features:
- Choose what bug bounty programs to engage in
- Understand how to minimize your legal liability and hunt for bugs ethically
- See how to take notes that will make compiling your submission report easier
- Know how to take an XSS vulnerability from discovery to verification, and report submission
- Automate CSRF PoC generation with Python
- Leverage Burp Suite for CSRF detection
- Use WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applications
- Write your report in a way that will earn you the maximum amount of money
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
import sys, json
from tabulate import tabulate
data = json.load(sys.stdin)
rows = []
Following is what you need for this book: This book is written for developers, hobbyists, pentesters, and anyone with an interest (and maybe a little experience) in web application security and public bug bounty programs. With the following software and hardware list you can run all code files present in the book (Chapter 1-13).
| Chapter | Software required | OS required |
|---|---|---|
| 3, 4, 5, 6, 7, 8, 9, | Burp Suite | Windows, MacOS, Linux |
| 3, 5, 11 | Homebrew | MacOS |
| 8, 9 | Docker | Windows, MacOS, Linux |
| 7 | Vagrant | Windows, MacOS, Linux |
| 7 | VirtualBox | Windows, MacOS, Linux |
Joseph Marshall is a web application developer and freelance writer with credits from The Atlantic, Kirkus Review, and the SXSW film blog. He also enjoys moonlighting as a freelance security researcher, working with third-party vulnerability marketplaces such as Bugcrowd and HackerOne. His background and education include expertise in development, nonfiction writing, linguistics, and instruction/teaching. He lives in Austin, TX.
Click here if you have any feedback or suggestions.
If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to claim your free PDF.