Awesome Bug Bounty Roadmap

Hi Friends, This is CodeNinja a.k.a Aakash Choudhary.

This blog contains complete Roadmap for Beginners or even Intermediate to become a successful Bug Hunters or even more

Without wasting time, following are the Roadmaps =>

  • First steps Persistance + Patience + Proper Time Management + Proper Planning + Eagerness
  • 2nd Step is to make your basics strong whatever it is Like =>
    • DNS,Networking, HTTP/HTTPS,Zone Transfer,HTTP Headers, HTTP Methods, HTTP Status Codes, Request/Response, URL Schemes
    • WAF, DNS Rebinding,CDN Services, VHOST
    • Microservices, APIs,REST APIs,Graphql Attack & Defense,OWASP Top 10[must]
    • Knowledge about basic programming concepts[OOPs,Routing,Structures,Loops etc]
    • Linux Basics + Regex
    • HTML,JS,DOM,AJAX [for HTML Injection + basic building blocks of Website or many things related to mention things ]
    • Today’s Architecture of web and old one too - Like how web evolved from past - Like how web worked in past and their security + defensive things
    • How browser works and their TABS works ? How they interact with each other
    • Basic uses of hacking tools - Like how they work and how efficiently we can work with tools smartly
    • Cloud Concepts
    • Automation Knowledge [Python,Bash,Golang,Rust] [whatever we choose]
    • OSINT
    • How cache works
    • Cookies/Sessions/Authentication/Authorization/Cache/CORS/SOP/2FA/MFA
    • Cryptography,encoding/decoding,encipher,decipher,encryption,decryption i.e Encoding Mechansim
    • Learn to use => 1. Burpsuite 2. ZAP 3. Nuceli 4. Jaeles
      • That is work on your creativity to use above tools

  • Now time for make your concepts solid by reading following books
    • The tangled Web: a guide to securing modern Web applications
    • breaking into information security
    • Bug bounty bootcamp
    • Bug Bounty Playbook 1 & 2
    • Hacking APIs
    • WAHH -> Bible -> Always helpful as a reference
    • Web hacking 101 OR Real world bug hunting

NOTE : Its not necessary to complete every books [Though it will help a lot for beginners even experts in some part]

  • Time for Practical knowledge learning
    • For this I will advice you to start by CTFs related to web
      • HTB,Pentesterlab,Pentester Academy, rootme , THM,PortSwigger, Hacker101, and like that many other ctfs
    • It will build your skills to high level
    • blog.intigriti => have a section of CTFs + challenges => just keep an eye on it and grab all those and start practising

  • Time to build RECON Knowledge
    • Watch nahamsec videos and note down every important part and do things at the same time while learning
    • Jhaddix have a great methodology on recon

Beside this here is my advice =>

  • Learn Programming for Automation for make your tasks easier and it will make your logic strong
  • Learn Programming like PHP,JS etc => to understand things more clearly and to go the mind of developer ;)
  • Read lots of writeups and Reports and practical practice it
  • Keep an eye on Important Tweets who posted about their Journey on 100daysofhacking or 100daysofbugbounty etc
  • Make your learning and practical testing strategy
  • Most important -> Take break and keep good health

Hope it helps to beginners