Hands-On Bug Hunting for Penetration Testers
This is the code repository for Hands-On Bug Hunting for Penetration Testers, published by Packt.
A practical guide to help ethical hackers discover web application security flaws
What is this book about?
Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.
This book covers the following exciting features:
- Choose what bug bounty programs to engage in
- Understand how to minimize your legal liability and hunt for bugs ethically
- See how to take notes that will make compiling your submission report easier
- Know how to take an XSS vulnerability from discovery to verification, and report submission
- Automate CSRF PoC generation with Python
- Leverage Burp Suite for CSRF detection
- Use WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applications
- Write your report in a way that will earn you the maximum amount of money
If you feel this book is for you, get your copy today!
Instructions and Navigations
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
import sys, json from tabulate import tabulate data = json.load(sys.stdin) rows = 
Following is what you need for this book: This book is written for developers, hobbyists, pentesters, and anyone with an interest (and maybe a little experience) in web application security and public bug bounty programs. With the following software and hardware list you can run all code files present in the book (Chapter 1-13).
Software and Hardware List
|Chapter||Software required||OS required|
|3, 4, 5, 6, 7, 8, 9,||Burp Suite||Windows, MacOS, Linux|
|3, 5, 11||Homebrew||MacOS|
|8, 9||Docker||Windows, MacOS, Linux|
|7||Vagrant||Windows, MacOS, Linux|
|7||VirtualBox||Windows, MacOS, Linux|
Get to Know the Author
Joseph Marshall is a web application developer and freelance writer with credits from The Atlantic, Kirkus Review, and the SXSW film blog. He also enjoys moonlighting as a freelance security researcher, working with third-party vulnerability marketplaces such as Bugcrowd and HackerOne. His background and education include expertise in development, nonfiction writing, linguistics, and instruction/teaching. He lives in Austin, TX.
Suggestions and Feedback
Click here if you have any feedback or suggestions.