Mastering Nuclei With Automation For Pentesting & Bug Bounty

Learning with Automation for Penetration Testing and Bug Bounty

What you'll learn

Nuclei

YAML Template Writing

New YAML Templates

Burpsuite

Burpsuite Extensions

Bash Scripting

Automation

Bug Bounty Hunting

Pentesting Tools

CVE

XSS

RCE

Sensitive Data Exposure

Nuclei Workflows

Nuclei - How to publish your first template

Requirements

Basic IT Skills

No Linux, programming or hacking knowledge required.

Computer with a minimum of 4GB ram/memory & Internet Connection

Operating System: Windows / OS X / Linux

Description

Welcome to The Mastering Nuclei with Automation for Pentesting & Bug Bounty course. This course opens the doors to those wanting to be ahead in a penetration testing or bug bounty career. This course will prepare learners to take their information security career journey to next level with exclusive first content to be on the top and avoid duplicates. This course covers web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them.This course is not like other hacking or penetration testing course with outdated manual techniques. This course enables learner to do automation for Bug Bounties and increases the efficiency of the learner by teaching automation and industry oriented techniques.This course is designed in such a way to ensure that the latest content reaches you on time.This course will be full of ready to use private YAML templates , custom automation scripts to help student achieve bounties.You will learn about nuclei tool, How to write your custom templates and access to the templates which are not publicly available.This course is divided into a number of sections, each section covers how to hunt, exploit and mitigate a vulnerability in an ethical manner.––––––––––-Here's a more detailed breakdown of the course content:In all the sections we will start the fundamental principle of How the attack works, Exploitation and How to write a professional report.1. Introduction - This section contains the Introduction about the course, the roadmap and how one can make the best out of the course.2. All About Nuclei - This chapter has the nuclei guide which contains the information from a beginners perspective on limitations of grep and other regex tools and motivation of using nuclei to avoid cumbersome.It will also help one to understand the foundational working of the tool with simple and easy to write templates (patterns) for identifying Vulnerabilities.Student will understand each block of template. Its writing process and will learn how to write his/her own templates in a easy and effective manner3. Nuclei Template Writing : Simple GET based Matcher - This section will teach the student to understand the basic building block of the nuclei template and how to use it with Nuclei Vulnerability Scanner.The student will learn what is a GET Request and how can one create a simple GET based matcher YAML template to match the output using the tool. This will aid the student in writing and understanding simple template which can be modified as per needs to write complex templates for web exploitsThis section contains - How to write template for matching in Body and Headers for the HTTP request and responses. This will help the student to understand how and where to match the output and differentiate between both.4. Nuclei Template Writing : Simple POST based Matcher - This section will teach the student to understand the basic building block of the nuclei template and how to use it with Nuclei Vulnerability Scanner.The student will learn what is a POST Request and how can one create a simple POST based matcher YAML template to match the output using the tool. This will aid the student in writing and understanding simple template which can be modified as per needs to write complex templates for web exploitsThis section contains - How to write template for matching in Body and Headers for the HTTP request and responses. This will help the student to understand how and where to match the output and differentiate between both.5. Nuclei New YAML Templates - This section contains the exclusive nuclei templates which are not available in the community repository of nuclei.These templates will aid the student to hunt Vulnerabilities on programs with fresh templates which aren't available publicly or at least are not in the community repo.There will be a breakdown of each template to understand how a vulnerability is exploited, its internal working, endpoints, and other parameters. So you know about each one instead of blindly scanning templates.This will help the student to avoid duplicates and increase chances to identify and report valid vulnerabilitiesAfter identification of a vulnerability, we will exploit to leverage the maximum severity out of it. We will also learn how to report vulnerabilities which are commonly found on the websites on the internet.In this course, you will also learn How can you start your journey on many famous bug hunting platforms like Bugcrowd, Hackerone and Open Bug Bounty.Along with this, you will be able to hunt and report vulnerabilities to NCIIPC Government of India, also to private companies and to their responsible disclosure programs.With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible.Notes:This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed.Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 How to make the best out of this course

Section 2: All about Nuclei

Lecture 3 Nuclei Guide

Lecture 4 Nuclei Installation

Lecture 5 How to write your own template

Section 3: Setting up Nuclei

Lecture 6 Nuclei Templates Setup

Lecture 7 Nuclei First Run

Section 4: Exploring Nuclei

Lecture 8 Nuclei Debug

Lecture 9 YAML Lint PHP Template

Lecture 10 Nuclei Filters

Lecture 11 Nuclei Rate Limiting Flags

Lecture 12 Nuclei HTTP Traffic Tagging

Lecture 13 Nuclei Excluding Templates

Lecture 14 Nuclei Config File Creation

Section 5: Automation with Nuclei

Lecture 15 Nuclei Input with Subdomains

Lecture 16 Updating Nuclei

Lecture 17 Nuclei Metrics & Stats

Lecture 18 Nuclei Info Block

Lecture 19 Requests & Dynamic Path

Lecture 20 Nuclei & Burpsuite

Section 6: Nuclei Template Writing Teardown

Lecture 21 Nuclei Headers

Lecture 22 Nuclei Body

Lecture 23 Nuclei RAW Requests

Lecture 24 Nuclei Unsafe RAW Requests

Lecture 25 Nuclei GET Matcher Body

Lecture 26 Nuclei GET Matcher Header

Section 7: Nuclei Template Writing : Simple POST based Matcher

Lecture 27 Simple POST based Matcher Body Template

Lecture 28 Simple POST based Matcher Header Template

Section 8: Nuclei Fuzzing

Lecture 29 Fuzzing Clusterbomb

Lecture 30 Fuzzing PitchFork

Lecture 31 Fuzzing Battering ram

Section 9: Nuclei Race Conditions

Lecture 32 Nuclei Race Conditons

Lecture 33 Nuclei Race Conditions Hackerone Report

Section 10: Nuclei File Templates

Lecture 34 File Match

Lecture 35 File Extractor

Section 11: Nuclei Private YAML Templates

Lecture 36 XSS Template

Lecture 37 Pre-Auth RCE

Lecture 38 Wordpress Config Disclosure

Lecture 39 Wordpress Sensitive Data Exposure XML

Lecture 40 Django Debug Sensitive Data Exposure

Lecture 41 Apache SOLR SSRF

Lecture 42 PreAuth RCE (CVE-2021-XXXXX)

Lecture 43 Pre-Auth RCE (*** Firewall)

Lecture 44 Pre-Auth RCE (*** Framework)

Lecture 45 Subdomain Takeover - *** CMS Template

Lecture 46 Pre-Auth RCE - *** Management Template

Lecture 47 Pre-Auth RCE - *** Log Center Template

Lecture 48 Pre-Auth RCE - Git** Template

Lecture 49 SQL Injection (CVE 2021-30***) Template

Lecture 50 LFI (CVE-2021-****) Template

Lecture 51 User Enumeration (CVE-2020-****)

Lecture 52 **** File Read Template

Lecture 53 **** File Read Template

Lecture 54 Pre-Auth RCE (PHP8-dev) Template

Lecture 55 Unauthenticated RCE IceWarp Template

Lecture 56 XSS in Cisco ASA

Lecture 57 Pre-Auth RCE in Laravel phpunit

Lecture 58 IBM QRadar SIEM SSRF Template

Lecture 59 Akamai ARL Misconfiguration

Lecture 60 Omigod RCE

Lecture 61 UnAuthenticated RCE - MovableType

Anybody interested in learning website & web application hacking / penetration testing.,Any Beginner who wants to start with Penetration Testing,Any Beginner who wants to start with Bug Bounty Hunting,Trainer who are willing to start teaching Pentesting,Any Professional who working in Cyber Security and Pentesting,Ethical Hackers who wants to learn How OWASP Works,Beginners in Cyber Security Industry for Analyst Position,SOC person who is working into a corporate environment,Developers who wants to fix vulnerabilities and build secure applications