Bug Bounty_Roadmap
βββ /Reconnaissance
β βββ Passive_Recon
β β βββ Google_Dorking
β β βββ WHOIS_Lookups
β β βββ Subdomain_Enumeration
β β βββ OSINT_Tools
β βββ Active_Recon
β βββ Port_Scanning
β βββ Service_Enumeration
β βββ Banner_Grabbing
β βββ Directory_Bruteforcing
β
βββ /Web_Application_Testing
β βββ /OWASP_Top_10
β β βββ Injection
β β βββ Broken_Authentication
β β βββ Sensitive_Data_Exposure
β β βββ XML_External_Entities
β β βββ Broken_Access_Control
β β βββ Security_Misconfiguration
β β βββ Cross_Site_Scripting
β β βββ Insecure_Deserialization
β β βββ Using_Components_with_Known_Vulnerabilities
β β βββ Insufficient_Logging_and_Monitoring
β βββ SQL_Injection
β β βββ Overview
β β βββ Union_Based
β β βββ Error_Based
β β βββ Blind_SQLi
β βββ Cross_Site_Scripting
β β βββ Overview
β β βββ Stored_XSS
β β βββ Reflected_XSS
β β βββ DOM_Based_XSS
β βββ Cross_Site_Request_Forgery
β βββ Remote_Code_Execution
β βββ File_Inclusion
β β βββ LFI
β β βββ RFI
β βββ Business_Logic_Flaws
β βββ IDOR
β βββ API_Security
β
βββ /Mobile_Application_Testing
β βββ Android_Testing
β β βββ Static_Analysis
β β βββ Dynamic_Analysis
β β βββ Reverse_Engineering
β β βββ Common_Vulnerabilities
β βββ iOS_Testing
β βββ Static_Analysis
β βββ Dynamic_Analysis
β βββ Reverse_Engineering
β βββ Common_Vulnerabilities
β
βββ /Network_Security_Testing
β βββ Network_Scanning
β βββ Vulnerability_Scanning
β βββ Exploitation
β βββ Post_Exploitation
β
βββ /Cloud_Security_Testing
β βββ AWS_Security
β βββ Azure_Security
β βββ GCP_Security
β βββ Common_Vulnerabilities
β
βββ /Tools_and_Techniques
β βββ Burp_Suite
β β βββ Configuration
β β βββ Extensions
β β βββ Common_Use_Cases
β βββ Nmap
β βββ Metasploit
β βββ Nikto
β βββ Gobuster
β βββ Sublist3r
β βββ ReconNG
β βββ Other_Tools
β
βββ /Report_Writing
β βββ Report_Template
β βββ Vulnerability_Description
β βββ Impact_Assessment
β βββ Proof_of_Concept
β βββ Remediation_Advice
β βββ Sample_Reports
β
βββ /Learning_Resources
βββ Books
βββ Blogs
βββ Courses
βββ Conferences
βββ CTF_Platforms