I come from a non-technical background and have been slowly getting into the world of bug bounty for the past few months. I have two questions I would like to ask you:
To what extent should I learn JS? Generally I find coding to be really interesting and I enjoy doing it but for some reason I can’t stand JS,it just irritates me, A LOT! Do you think I should struggle to improve my skills with JS or is just understanding the basics enough? Right now I am at a level where I can easily finish the related courses on codecademy ( along with the projects) I realize that is a pretty low level but for the life of me I cannot find the motivation to study any more of it
I have always used various linux distros as my secondary OS so I have some knowledge on that area,should I invest more time into becoming more proficient with linux? I see a lot of people talking about kali but no ‘‘beginner guide’’ even mentions kali or any other linux distro as something you should learn.
Thank you all for taking the time to read this,I appreciate any input.
Kali has no beginner guide because it’s definitely not a beginner distro, however there are several courses and other reading material that is helpful. Kali linux revealed i believe is free, and the are several sort of helpful titles on Amazon kindle. Udemy and several other online courses can help a lot also. Hope this helps!
Hey CynicalBug,
Its good to have you on this fourm and i will try my best to help you with your questions.
You can learn bug hunting and you can find bugs without learning any programming language. Like you can find tons of xss payloads online and you can use them to evade filters and make a pop-up. And if this way gives you satisfaction then why you should learn JS? Well to be a good bug hunter or to be good hacker you need to understand things you need to understand how things works , how different Xss payloads works and for that you need to learn JS. You need to learn JS enough to understand why and how this particular xss payload is working and how to craft a xss payload according to different situations.
If you want to use kali linux just go on and use it . You will struggle a little bit but you will get familiar with it. Hard way is the best way to learn
If you’re totally beginner into bug hunting then I would suggest you to focus on learning different bugs rather than wasting most of time in JS. But if you are familiar with bugs and know how to find em then do learn js.
Many people will probably disagree with this, but honestly Kali Linux is completely unnecessary for bug hunting. Some tools - Gitrob, for example - require UNIX systems, but all you really need for hacking on your typical website/webapp is a browser and a proxy. Don’t get lost in all the free tools available. Your time is way better spent getting familiar with Burp Suite (and extensions).
Time learning a programming language is never time wasted, but in most cases you really don’t need advanced JS skills to pop an XSS PoC alert box.
Hi and thank you for the reply!
I am by no means a beginner when it comes to linux OS’s ( not a power user either though),when I said beginner guide I meant bug bounty beginner guide,on the one hand I see a lot of people using kali/talking about how great kali is but on the other hand to guide/article/course on bug bounty I have seen thus far even mentions it,so I was kind of on the fence as to whether it would be worth it to tinker with that particular distro.
Im not sure there’s anything better, linux distro or otherwise, to use for bug hunting etc. Than kali. Sure you can get a lot of the tools on mint or whatever, but that, parrot or black arch would be my go to.
I agree with what @R29k and @waike said.
From what you tell, I would suggest just start hunting. If you don’t understand something, learn it, if you need to use some new tool or something like that, learn to use it. But don’t waste your time preparing yourself to be a bug hunter, you will never be ready.
Depends what you want to go after in security - if you’re testing web applications, you need to know the details of the stack. Is it a Node back end? That’s javascript. jQuery, Vue, React are common front-end frameworks. Javascript is becoming more and more popular by developers. You don’t need to be a javascript developer, but you should be able to (at a bare minimum):
debug client-side javascript
figure out where your inputs are used
determine if the application fails to handle the input correctly.
I have always used various linux distros as my secondary OS so I have some knowledge on that area,should I invest more time into becoming more proficient with linux? I see a lot of people talking about kali but no ‘‘beginner guide’’ even mentions kali or any other linux distro as something you should learn.
Kali is what you download once and copy a bunch of times. Unless you know EXACTLY what you are doing, don’t use Kali. Almost all of the packages that come bundled with Kali are available to other linux distros. If you’re doing strictly web application security, all you really need is curl.
Otherwise, you’ll learn how to break things by learning how to build things.
Thank you for the reply! Very helpful. Guess it is a good thing I grabbed JavaScript:The good parts when I came across it as a library sale. Any other resources you would recommend for a beginner with JS? As I said, I have no prior experience with JS except the codecademy courses ( I have however coding experience with Python,SQL,C and for some reason Fortran)