Skip to content
Hands-On Bug Bounty for Penetration Testers, published by Packt
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
Chapter01 Code files added Sep 10, 2018
Chapter03 Code files added Sep 10, 2018
Chapter05 Code files added Sep 10, 2018
Chapter09 Code files added Sep 10, 2018
.gitignore Add .gitignore Jul 22, 2018
LICENSE Update Sep 10, 2018

Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

This is the code repository for Hands-On Bug Hunting for Penetration Testers, published by Packt.

A practical guide to help ethical hackers discover web application security flaws

What is this book about?

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.

This book covers the following exciting features:

  • Choose what bug bounty programs to engage in
  • Understand how to minimize your legal liability and hunt for bugs ethically
  • See how to take notes that will make compiling your submission report easier
  • Know how to take an XSS vulnerability from discovery to verification, and report submission
  • Automate CSRF PoC generation with Python
  • Leverage Burp Suite for CSRF detection
  • Use WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applications
  • Write your report in a way that will earn you the maximum amount of money

If you feel this book is for you, get your copy today!

Instructions and Navigations

All of the code is organized into folders. For example, Chapter02.

The code will look like the following:

import sys, json
from tabulate import tabulate
data = json.load(sys.stdin)
rows = []

Following is what you need for this book: This book is written for developers, hobbyists, pentesters, and anyone with an interest (and maybe a little experience) in web application security and public bug bounty programs. With the following software and hardware list you can run all code files present in the book (Chapter 1-13).

Software and Hardware List

Chapter Software required OS required
3, 4, 5, 6, 7, 8, 9, Burp Suite Windows, MacOS, Linux
3, 5, 11 Homebrew MacOS
8, 9 Docker Windows, MacOS, Linux
7 Vagrant Windows, MacOS, Linux
7 VirtualBox Windows, MacOS, Linux

Related products

Get to Know the Author

Joseph Marshall is a web application developer and freelance writer with credits from The Atlantic, Kirkus Review, and the SXSW film blog. He also enjoys moonlighting as a freelance security researcher, working with third-party vulnerability marketplaces such as Bugcrowd and HackerOne. His background and education include expertise in development, nonfiction writing, linguistics, and instruction/teaching. He lives in Austin, TX.

Suggestions and Feedback

Click here if you have any feedback or suggestions.

You can’t perform that action at this time.