Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hands-On Bug Hunting for Penetration Testers
  • Table Of Contents Toc
  • Feedback & Rating feedback
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

By : Himanshu Sharma, Joe Marshall
4 (2)
Buy this Book
close
close
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

4 (2)
By: Himanshu Sharma, Joe Marshall
Buy this Book

Overview of this book

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs. You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You’ll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it’s found), and how to create the tools for automated pentesting work?ows. Then, you’ll format all of this information within the context of a bug report that will have the greatest chance of earning you cash. With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.
Table of Contents (16 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Free Chapter
1
Joining the Hunt
Icon
Joining the Hunt
Icon
Technical Requirements
Icon
The Benefits of Bug Bounty Programs
Icon
What You Should Already Know – Pentesting Background
Icon
Setting Up Your Environment – Tools To Know
Icon
What You Will Learn – Next Steps
Icon
How (Not) To Use This Book – A Warning
Icon
Summary
Icon
Questions
Icon
Further Reading
2
Choosing Your Hunting Ground
Icon
Choosing Your Hunting Ground
Icon
Technical Requirements
Icon
An Overview of Bug Bounty Communities – Where to Start Your Search
Icon
The Vulnerability of Web Applications – What You Should Target
Icon
Evaluating Rules of Engagement – How to Protect Yourself
Icon
Summary
Icon
Questions
Icon
Further Reading
3
Preparing for an Engagement
Icon
Preparing for an Engagement
Icon
Technical Requirements
Icon
Attack Surface Reconnaisance – Strategies and the Value of Standardization
Icon
Summary
Icon
Questions
Icon
Further Reading
4
Unsanitized Data – An XSS Case Study
Icon
Unsanitized Data – An XSS Case Study
Icon
Technical Requirements
Icon
A Quick Overview of XSS – The Many Varieties of XSS
Icon
Testing for XSS – Where to Find It, How to Verify It
Icon
XSS – An End-To-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
5
SQL, Code Injection, and Scanners
chevron up
Icon
SQL, Code Injection, and Scanners
Icon
Technical Requirements
Icon
SQLi and Other Code Injection Attacks – Accepting Unvalidated Data
Icon
Testing for SQLi With Sqlmap – Where to Find It and How to Verify It
Icon
Trawling for Bugs – Using Google Dorks and Python for SQLi Discovery
Icon
Scanning for SQLi With Arachni
Icon
NoSQL Injection – Injecting Malformed MongoDB Queries
Icon
SQLi – An End-to-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
6
CSRF and Insecure Session Authentication
Icon
CSRF and Insecure Session Authentication
Icon
Technical Requirements
Icon
Building and Using CSRF PoCs
Icon
CSRF – An End-to-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
7
Detecting XML External Entities
Icon
Detecting XML External Entities
Icon
Technical requirements
Icon
A simple XXE example
Icon
XML injection vectors
Icon
XML injection and XXE – stronger together
Icon
Testing for XXE – where to find it, and how to verify it
Icon
XXE – an end-to-end example
Icon
Summary
Icon
Questions
Icon
Further reading
8
Access Control and Security Through Obscurity
Icon
Access Control and Security Through Obscurity
Icon
Technical Requirements
Icon
Security by Obscurity – The Siren Song
Icon
Data Leaks – What Information Matters?
Icon
Low Value Data – What Doesn’t Matter
Icon
Data Leak Vectors
Icon
Unmasking Hidden Content – How to Pull the Curtains Back
Icon
Data Leakage – An End-to-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
9
Framework and Application-Specific Vulnerabilities
Icon
Framework and Application-Specific Vulnerabilities
Icon
Technical Requirements
Icon
Known Component Vulnerabilities and CVEs – A Quick Refresher
Icon
WordPress – Using WPScan
Icon
Ruby on Rails – Rubysec Tools and Tricks
Icon
Django – Strategies for the Python App
Icon
Summary
Icon
Questions
Icon
Further Reading
10
Formatting Your Report
Icon
Formatting Your Report
Icon
Technical Requirements
Icon
Reproducing the Bug – How Your Submission Is Vetted
Icon
Critical Information – What Your Report Needs
Icon
Maximizing Your Award – The Features That Pay
Icon
Example Submission Reports – Where to Look
Icon
Hackerone Hacktivity
Icon
Vulnerability Lab Archive
Icon
GitHub
Icon
Summary
Icon
Questions
Icon
Further Reading
11
Other Tools
Icon
Other Tools
Icon
Technical Requirements
Icon
Evaluating New Tools – What to Look For
Icon
Paid Versus Free Editions – What Makes a Tool Worth It?
Icon
A Quick Overview of Other Options – Nikto, Kali, Burp Extensions, and More
Icon
Summary
Icon
Questions
Icon
Further Reading
12
Other (Out of Scope) Vulnerabilities
Icon
Other (Out of Scope) Vulnerabilities
Icon
Technical Requirements
Icon
DoS/DDoS – The Denial-of-Service Problem
Icon
Sandboxed and Self-XSS – Low-Threat XSS Varieties
Icon
Non-Critical Data Leaks – What Companies Don’t Care About
Icon
Other Common No-Payout Vulnerabilities
Icon
Summary
Icon
Questions
Icon
Further Reading
13
Going Further
Icon
Going Further
Icon
Blogs
Icon
Courses
Icon
Summary
Icon
Questions
Icon
Further Reading
14
Assessment
Icon
Assessment
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

SQLi – An End-to-End Example

Returning to arachni, let's point it at webscantest.com/datastore and see what we find, kicking it off with a scan: https://webscantest.com/datastore.

After running the scan (which will take a while), arachni will print out the results to the console and generate an AFR file. The AFRextension stands for Arachni Framework Report and is what arachni uses to store scan results. That AFR file can then be converted to HTML, JSON, XML, or another document format:

We can immediately see there's a vulnerability to explore in greater detail here. This is a good opportunity to use the HTML version of the report, which takes advantage of the browser to visualize the entire scan results.

When you want to analyze the results of your scan, you can generate a zipped HTML file using the arachni_reporter executable:

arachni_reporter some_report.afr...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 8
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY