README.md

Conquering the process of Bug Bounty

Making this repository for beginners in bug bounty. Aim is to master reconnaissance techniques and gain intermediate-level experience as a Client-Side vulnerabilities' Bounty Hunter.
Started: 1st Aug 2024

Pre-requisite: Make sure you've good understanding of JS. You can also refer my path

Key:
✔️ : Completed
❌ : Incomplete
⭕ : In progress

Week 1 (Cross Site Scripting Basics):

Day 1:

• [✔️] Learn Basics

Day 2:

• [✔️] Learn the details of Reflected XSS

Day 3:

• [✔️] Completed the labs of Reflected XSS

Day 4:

• [✔️] Started Stored XSS

Day 5:

• [✔️] Continued Stored XSS

Day 6:

• [✔️] Started DOM Based XSS

Day 7:

• [✔️] Completed DOM Based XSS

Week 2 (Javascript Basics):

Day 8:

• [✔️] Started Revising all XSS concepts including some Labs.

Day 9:

• [✔️] Completed Revision.

Day 10:

• [✔️] Learn JS through tutorial 1

Day 11 and 12:

• [✔️] JS introduction and Fundamentals

Day 13:

• [✔️] JS Code Quality

Day 14:

• [✔️] Started JS Browser: Document

Week 3 (Javascript Basics 2 and started learning Recon. Basics):

Day 15:

• [✔️] Continued JS Browser: Document

Day 16:

• [✔️] Continued JS Browser: Document

Day 17:

• [✔️] Started Attributes and Properties

Note:

Now that we are done with JS basics. We will move back to XSS.

Day 18:

• [✔️] Watched some Dom-based XSS tutorials on Youtube.

Day 19 and 20:

• [✔️] Started Beyond XSS
• [✔️] Browser Security Model
• [✔️] Enumeration Day 1

Day 21:

• [✔️] Started JS: pseudo protocol
• [✔️] Enumeration Day 2

Week 4 ():

Day 22:

• [✔️] Completed Chapter 1 and started Chapter 2.
• [✔️] Enumeration Day 3

Day 23:

• [✔️] Started CSP
• [✔️] Enumeration Day 4

Days 24 and 25:

• [✔️] Completed Chapter 2
• [✔️] Enumeration Day 5

Day 26 to 28:

• [✔️] Learnt to use Google Developer Tools
• [✔️] Enumeration Days 6 to 9

Week 5 (XSS real-world scenarios):

Days 29 to 35:

• [✔️] Read multiple Reports on Medium and infosec Writeups regarding various types of reported XSS vulnerabilities
• [✔️] Watched multiple XSS POCs on Youtube
• [✔️] Learnt to Used Chrome Dev Tools to find DOM Based XSS
• [✔️] Revised Portswigger Labs on DOM Based XSS
• [✔️] Mobile Application Research Days 1 to 5

Week 6 (Strengthened XSS concepts for real-world scenarios):

Days 36 to 38:

• [✔️] Worked on finding DOM based XSS sinks on Github along with Client-Side debugging

Day 39 to 42:

• [✔️] Revised Portswigger Labs on DOM Based XSS and searched for potential sinks in real-world applications.
• [✔️] Enumeration Day 10

Week 7 (Mastering XSS - Escaping Characters):

Days 43 to 49:

• [✔️] Completed Remaining DOM Based XSS Labs on Portswigger
• [✔️] Started XSS Challenges
• [✔️] Researched for tools to perform Automated XSS

Week 8 (Mastering XSS - Breaking Logic):

Days 50 to 56:

• [✔️] Completed XSS Challenges upto Level 10.
• [✔️] Enumeration Day 10
• [✔️] Started Intigriti's XSS Challenges

Week 9 (Client-Side Vulnerabilities and Reconnaissance):

Days 57 to 61:

• [✔️] Completed Intigriti's December 2022 Challenge
• [✔️] Enumeration Day 11 and 12
• [✔️] Started Practicing JS on Leetcode.
• [✔️] Completed Leetcode module until Day 3.

Days 62 and 63:

• [✔️] Started Intigriti's November 2022 Challenge
• [✔️] Researched on Client Side Vulnerabilities mentioned in Day 5

Week 10 (Client-Side Vulnerabilities and Reconnaissance):

Days 64 to 70:

• [✔️] Enumeration Day 13
• [✔️] Enumeration Day 14
• [⭕]

Week 11 (Client-Side Vulnerabilities and Reconnaissance):

Days 71 to 77:

• [⭕]

Week 12 (Client-Side Vulnerabilities and Reconnaissance):

Days 78 to 84:

• [⭕]