Skip to content

Instantly share code, notes, and snippets.

@Diaa-Hassan

Diaa-Hassan/BBHT - THE HUNT (-) BEGIN(s) AGAIN

Forked from ruevaughn/Bug Bounty Resources.txt
Created June 29, 2022 03:38
Show Gist options
  • Save Diaa-Hassan/9229a1dc804f9d5ede6ef6e31975e377 to your computer and use it in GitHub Desktop.
Save Diaa-Hassan/9229a1dc804f9d5ede6ef6e31975e377 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
BBHT - THE HUNT (-) BEGIN(s) AGAIN
twitter dork: https://mobile.twitter.com/i/events/1417062625997991936
https://twitter.com/nil0x42/status/1533094473067995137
js enum https://www.youtube.com/watch?v=IsSWbVHk11M
https://www.mindmeister.com/1736437018?t=SEeZOmvt01
https://workbook.securityboat.in/resources/web-app-pentest/business-logic-vulnerabilities/2fa-bypass
Blockchain
https://hash.ai/@b/uniswap
https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b
https://github.com/ruby/webrick/blob/master/lib/webrick/httprequest.rb }9
https://stat545.com/character-encoding.html
Crobat
$ go get github.com/cgboal/sonarsearch/cmd/crobat
d
todo
https://twitter.com/BBT_retweet
https://github.com/osmedeus/osmedeus-workflow/blob/main/general/subdomain.yaml
https://discord.com/invite/mtQG2FQsYA
https://docs.osmedeus.org/installation/practical-usage/
https://gist.github.com/defparam/840f7d9e31f77b3c5460c5921e0787ef/revisions
https://bbinfosec.medium.com/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
https://github.com/fardeen-ahmed/Bug-bounty-Writeups
https://github.com/swisskyrepo/GraphQLmap
https://mikekitckchan.medium.com/holy-ffuf-a-beginner-guide-to-fuzz-with-ffuf-4bc6a66b5391
https://thexssrat.medium.com/what-the-fuzz-the-truth-behind-content-discovery-77cd0c0756e7
https://hacktify.in/bugbounty/ REPORT SUBMIT TEMPLATES
https://abhinavprasad47.github.io/bugbounty-starter-notes/
Tobuy
https://order.shareit.com/cart/view
https://tryhackme.com/why-subscribe
https://findomain.app/#Pricing
https://github.com/Excloudx6/InfoSec-Black-Friday
Good Topic/Dorks
https://www.google.com/search?tbm=bks&q=recon-ng
gh dork: https://github.com/topics/one-liners
Metabigor https://twitter.com/j3ssiejjj/status/1528687407587299330/photo/1
Source2url
https://github.com/danielmiessler/Source2URL.git
https://blog.innerht.ml/page/2/
https://www.cleancss.com/join.php
MORE GF TEMPLATES ----> https://github.com/lutfumertceylan/top25-parameter/releases/tag/v1.0.7
reset pass https://docs.google.com/presentation/d/1QzBl3k3n2q44ULyfZgr_gPZexj8nF5vD8JrS5AUJRbs/edit#slide=id.gb5aea10a86_0_167
bug bounty https://docs.google.com/presentation/d/1o7GWUOYwcd3uMwLBRG9UzARYCvfuX3VKUHfoPu38t78/edit
https://twitter.com/ITSecurityguard/status/1519272305729458176
https://www.xmind.net/m/Xy7XEW/
Web status codes https://requests.readthedocs.io/en/latest/api/#status-code-lookup
HAKLUKE RECOMENDS https://securitytrails.com/corp/osint-toolkit?referral_code=LLDAK0F80M
cloud metadata
https://gist.github.com/rudSarkar/39f821249bf0d38093cafbfd23bc33ee
https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/
[HTTP Request Smuggling](https://gist.github.com/ruevaughn/9c76260b412446f33b647c970bbb1001)
https://github.com/Hack-with-Github
https://mywiki.wooledge.org/BashFAQ/048
https://github.com/fardeen-ahmed/Bug-bounty-Writeups
Dom INvader
https://www.youtube.com/watch?v=GeqVMOUugqY
Sqlmap tip - https://youtu.be/rVu0GUjic_g?t=2246
JSON Attacks
JSON https://www.youtube.com/watch?v=oUAeWhW5b8c
JWT
https://gist.github.com/ruevaughn/328067fadf926ddb788f98cd0d2d1a71 Crack JWT
https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0
Security Weekly Unlocked: https://www.youtube.com/playlist?list=PLlPkFwQHxYE7nQtKNzjnsVyoSOu2K4l9e
https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d
https://www.youtube.com/watch?v=muYmiEtPL8U JWT with bbking
xss
https://twitter.com/ofjaaah/status/1504932805431767046
https://portswigger.net/research/new-xss-vectors
https://medium.com/bugbountywriteup/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1
https://github.com/takshal/freq
https://bytemeta.vip/index.php/@takshal
https://github.com/takshal/freq/pull/2/commits/ca176eee65889530b4896d782419edd0e4325713
https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html
What is the best method to use dalfox?? https://attacker-codeninja.github.io/2021-09-09-portswigger-notes-on-host-header-attack/
https://github.sre.pub/topics/xss-scanners
https://medium.com/@skavans_/the-unobvious-about-xss-and-html-encoding-4e0d536a35d9
API Hacking
https://gist.github.com/ruevaughn/51048bccdc753596443eca95cbf39356
https://apexvicky.medium.com/top-10-api-bugs-where-to-find-them-5dac338b3d73
https://attacker-codeninja.github.io/2021-08-28-Hacking-APIs-notes-from-bug-bounty-bootcamp/
https://dfir.blog/unfurl/
Takeovers
https://github.com/musana/mx-takeover
Gists
https://gist.github.com/bbhunter
Cheatsheets
https://securityzines.com/#comics <---- Very Cool Cheatsheets printouts etc. \
Ethereum Hacking
https://twitter.com/CyberWarship/status/1533710785914056705
Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is!
https://github.com/bee-san/pyWhat/fork
Eyeballer
https://github.com/BishopFox/eyeballer <----- TODO BIG IG and [this](https://www.kaggle.com/datasets/altf42600/pentest-screensots)
https://www.akamai.com/blog#HTTP2rs
https://www.jhaddix.com/post/tooltime-2-ssl-certificate-parsers-for-recon
Recon
Notify -bulk - workflow to funnel everything to Notify https://youtu.be/v7FMPU3J3Qw?t=3044
ReconFTW Automation - https://youtu.be/v7FMPU3J3Qw?t=2841
Automation - what to do with all the subdomains endpoints you found! https://youtu.be/v7FMPU3J3Qw?t=1864
Tools
https://book.hacktricks.xyz/todo/more-tools
https://github.com/fardeen-ahmed/Bug-bounty-Writeups#-bug-bounty-tools---
https://github.com/vavkamil/awesome-bugbounty-tools#Recon
Image upload
https://github.com/barrracud4/image-upload-exploits
https://hackbotone.com/blog/essential-recon-tools/
https://github.com/danielthatcher/spydom
https://allciber.com/web-attack-cheat-sheet/
Alias / Snippet / Command Management
https://github.com/nahamsec/recon_profile
https://github.com/hahwul/hack-pet/commit/6405608c856551d241174d8c839c79efdff5153c
https://github.com/hahwul/hack-pet
https://github.com/knqyf263/pet
Wordlists
Wordlists
Stream: Creating Target Specific Wordlist!! https://www.youtube.com/watch?v=AF-zp6DROTs
feeee q
https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af
https://wordlists.assetnote.io/
https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056
https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt
https://gist.github.com/miguelmota/706ebaeb661e246e1b682c400d49d1c9
https://github.com/ghostlulzhacks/wordlist/blob/master/directory-brute-wordlist.txt
to harvest https://youtu.be/YO3ldj4jkJk?t=275
Common Bucket Names https://github.com/buckhacker/buckhacker/blob/master/resources/common-bucket-names.txt
https://portswigger.net/web-security/authentication/auth-lab-passwords
https://portswigger.net/web-security/authentication/auth-lab-usernames
https://github.com/SmeegeSec/SmeegeScrape
make a wl from js https://gist.github.com/seqrity/d67608eb6372cd6f455bfeeefa77b9c2
Who what where when tomnomnom - https://www.youtube.com/watch?v=W4_QCSIujQ4
https://pentestbook.six2dez.com/recon/webs-recon Wordlist Gen
https://github.com/giteshnxtlvl/cook
https://gitlab.com/kalilinux/packages/amass/-/tree/91a5313226ab9ebd4ecbad40622584dd6f3f7cd5/wordlists Wordlists
https://github.com/anshumanbh/brutesubs
Proxy
https://github.com/neex/tcp-over-http
hetty.xyz
Sqli
https://sapt.medium.com/sqli-on-a-bugcrowd-private-program-17858b57ec61
http://sqlninja.sourceforge.net/download.html
https://w3af.org/howtos/find-cross-site-scripting-and-sql-injections
https://www.securedyou.com/how-to-hack-sql-database-password-cracking/
https://www.securedyou.com/download-havij-free-automated-sql-injection-tool/
sqlmap
https://h1pmnh.github.io/post/advanced-sqlmap-case-study-1
cors https://chawdamrunal.medium.com/insecure-cors-configuration-808437d7cfd7
Default C
https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys
https://github.com/SummitRoute/csp_security_mistakes
File Upload
https://sm4rty.medium.com/hunting-for-bugs-in-file-upload-feature-c3b364fb01ba
https://github.com/almandin/fuxploider - File upload vulnerability scanner and exploitation tool.
Default Cred Scanner
https://github.com/Excloudx6/changeme
Monitor Server Status
https://github.com/sudo-jtcsec/server-status-mon
https://github.com/Excloudx6/server-status_PWN
Tmux https://github.com/Excloudx6/clips
# My Bug Bounty Wiki Page
https://github.com/MrM8BRH/SuperLibrary
https://github.com/zeroc00I/ReconNotes
https://gist.github.com/ruevaughn/71c31d7f67b7d105d9f480489e02c906
Scanners
https://github.com/RustScan/RustScan
https://github.com/knassar702/scant3r
http headers
https://www.ibm.com/docs/en/ibm-mq/7.5?topic=headers-content-type-http-entity-header
A-Z Sorting in progress
AwsCli https://aws.plainenglish.io/aws-s3-cli-cheatsheet-9078366fca83
Welcome to my Bug Bounty Wiki page. It's currently not organized or cleaned up at all though that's a WIP. Originally was where I was dumping links and things I needed to rememnber.
News Articles
https://www.bbc.com/news/technology-43581624
ABUH! https://darkrebel.net/metarget-framework-providing-automatic-cons
ctions-of-vulnerable-infrastructures
metarget appv install dvwa
metarget install cve-2021-2312
Deserialisation
Deserialization example <-https://youtu.be/oUAeWhW5b8c?t=1583
Another Deserialization example https://youtu.be/eDfGpu3iE4Q?t=266
https://github.com/GerbenJavado/LinkFinder
https://medium.com/@duhroach/how-png-works-f1174e3cc7b7
https://github.com/beurtschipper/Depix <-- unblur
### A
Amass
https://hackbotone.com/blog/amass-osint-reconnaissance-tool/
https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7
https://securityonline.info/amass-subdomain-enumeration/
https://github.com/OWASP/Amass/releases
Twitter
https://mobile.twitter.com/drunkrhin0/status/1344130730947825664
https://twitter.com/jeff_foley
https://github.com/OWASP/Amass/blob/master/doc/scripting.md
https://github.com/OWASP/Amass
https://gist.github.com/sillydadddy/b1726c8e8ce281d55b82d4e2a1a610e8
https://twitter.com/dokkillo/status/1305566849514471424
https://github.com/PatrikFehrenbach/amass-tools/blob/master/assetfinder.ads
https://github.com/OWASP/Amass#top-mentions
amass enum script command https://youtu.be/H1wdBgY1rtg?t=5408
Example of api key configuration https://www.hahwul.com/2020/09/23/amass-go-deep-in-the-sea-with-free-apis/#chaos
[31:33 / 1:56:06]
[How to Use Amass Efficiently by @jeff_foley #NahamCon2020](https://youtu.be/H1wdBgY1rtg?t=1974)
[OWASP AMass Boot Camp by Jeff Foley (Caffix)](https://www.youtube.com/watch?v=OOurkCPf2-I)
Amass Tutorial https://github.com/OWASP/Amass/blob/master/doc/tutorial.md
https://github.com/vortexau/dnsvalidator
https://twitter.com/owaspamass
https://kathmandupost.com/science-technology/2021/04/06/we-dream-to-be-nepal-s-first-billion-dollar-it-company
https://reconwithme.com/
Amass Scripting\
https://github.com/OWASP/Amass/tree/master/resources/scripts
https://github.com/OWASP/Amass/blob/master/doc/scripting.md
amass scripting https://youtu.be/H1wdBgY1rtg?t=4987
https://jaeles-project.github.io/
APIs
Huge API Resources list! https://dsopas.github.io/MindAPI/references
https://thexssrat.podia.com/view/courses/free-api-testing-and-securing-guide/923506-api-top-10-videos/2699995-owasp-api-top-10-a0-to-a3
https://www.hahwul.com/2019/07/01/easy-security-testing-with-applications-bridge-in-zap/
https://github.com/PortSwigger
### B
Books https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/BOOKS.md
https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html
https://guidesmiths.github.io/cybersecurity-handbook/resources
https://guidesmiths.github.io/cybersecurity-handbook/tooling
https://github.com/1N3/Sn1per/blob/master/modes/normal_webporthttp.sh
Blogs
https://opsecx.com/index.php/category/blog/
Url FInder
https://www.kitploit.com/2021/08/sigurlfind3r-reconnaissance-tool-it.html
403 Bypasser
https://www.kitploit.com/2021/11/4-zero-3-403401-bypass-methods-bash.html
https://www.kitploit.com/2021/09/403bypasser-automates-techniques-used.html
Oauth
#### Oauth Bug Bounty Cheatheet
https://0xn3va.gitbook.io/cheat-sheets/web-application/oauth-2.0-vulnerabilities
https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d
Email
https://www.ibm.com/docs/en/sqsp/32.0?topic=SSBRUQ_32.0.0/com.ibm.resilient.doc/install/resilient_install_defang s.htm
Nuclei
Nuclei : A Bug Bounty Tool https://www.youtube.com/watch?v=ZcG8ARatgs0
https://www.reddit.com/r/infosec_daily/comments/lrz9bg/nuclei_tool_review/
Finding bugs with Nuclei with PinkDraconian (Robbe Van Roey) https://www.youtube.com/watch?v=ewP0xVPW-Pk
Nuclei templates
https://github.com/xm1k3/cent <-- manage nuclei tempaltes and ibg list of templateseeeeeeeeeeeeeeeeeee
https://github.com/aboul3la/nuclei-templates
https://github.com/projectdiscovery/nuclei-templates/discussions/693
https://nuclei-templates.netlify.app/
cool
https://github.com/nikitastupin/param-miner-doc
rxrdxrhttps://platforms.disclose.io/
https://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022
https://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer
gf patterns
https://github.com/halencarjunior/BugBuntu/wiki/Installing-Gf-Patterns
https://twitter.com/sratarun/status/1361209626478276610
### C
CanaryTokens
https://canarytokens.org/generate
Checklists
https://github.com/security-checklist/php-security-check-list
https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987
Cheatsheet
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/dgtlmoon/changedetection.io
#### CVE
Code Review
https://www.youtube.com/watch?v=q5NqY2RRLj0
https://www.youtube.com/watch?v=bfLQjZmD5jY&feature=youtu.be
POC Videos
https://repo.telematika.org/project/bminossi_allvideopocsfromhackerone/
https://github.com/zeroc00I/AllVideoPocsFromHackerOne
Fuzzing
https://thugcrowd.com/kiosk/ Badass Fuzzing tools / Resources
https://0xn3va.gitbook.io/cheat-sheets/resources/software/fuzzing
Bug Bounty Videos
Mix - webpwnized https://www.youtube.com/watch?v=Y_2JVREtDFk&list=RDCMUCPeJcqbi8v46Adk59plaaXg&start_radio=1
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! - https://www.youtube.com/watch?v=CIhHpkybYsY&t=2s
Videos
https://administraitor.video/edition/Hack.lu/2019
https://portswigger.net/news
Notify - https://youtu.be/rbr7ZmBI9qs?t=278
https://www.youtube.com/watch?v=kbi2KaAzTLg
What after Recon? - Sup Subdomains?!
GF
https://rengine.wiki/usage/tool_conf/
DORK
https://www.google.com/imgres?imgurl=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FEf6ELytWAAAswXx%3Fformat%3Djpg%26name%3D4096x4096&imgrefurl=https%3A%2F%2Fmobile.twitter.com%2Fbugbountyrecon&tbnid=pQu57Q5pha2WIM&vet=12ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ..i&docid=NghhHzdXU7Ey8M&w=2480&h=1302&q=Bug%20bounty%20automation%20GitHub&client=firefox-b-1-d&ved=2ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
Reporting
https://hacktify.in/bugbounty/ <---- lots of resources for reporting
#### Ruby on Rails
https://hackerone.com/reports/904059
https://hackerone.com/reports/1400309
https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md
https://bugbountyforum.com/resources/#ruby-on-rails
Free Shodan key and nmap automatin script to search for big f5 ip acve
https://learn.hacktify.in/courses/take/bug-bounty-hunting-and-penetration-testing/lessons/16862042-assets-resources
https://github.com/shifa123/f5BigIPExploit/blob/master/assets
dnmap
https://github.com/vdjagilev/nmap-formatter
https://www.darknet.org.uk/2016/07/dnmap-distributed-nmap-framework/?utm_source=pocket-ff-recs
https://github.com/alt3kx/CVE-2021-21985_PoC/blob/main/CVE-2021-21985.nse
# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse
# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve2020-3452.nse
aquatone - https://gist.github.com/random-robbie/beae1991e9ad139c6168c385d8a31f7d
https://www.tib.eu/en/publishing-archiving/research-data
https://github.com/erbbysam/Hunting-Certificates-And-Servers/blob/master/Hunting%20Certificates%20%26%20Servers.pdf
Bug Bouty Programs
https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html
https://guidesmiths.github.io/cybersecurity-handbook/resources
https://guidesmiths.github.io/cybersecurity-handbook/tooling
rxrdxrhttps://platforms.disclose.io/
https://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022
https://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer
https://hackerone.com/alipay?type=team
https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html
Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team
* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
https://github.com/detectify/cs-challenge
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c
"Bug Bounty programs|VDP|launch" -> Google News etc
#### Dorks
https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
https://github.com/shifa123/bugbountyDorks/blob/master/bbdorks
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
Dork Tools
https://github.com/m3n0sd0n4ld/uDork
#### J
Javascript
https://portswigger.net/research/dom-based-angularjs-sandbox-escapes
Javascript for hackers https://www.youtube.com/watch?v=FTeE3OrTNoA
https://legallybreaking.com/discussion/88/full-featured-javascript-recon-automation-jsfscan-sh
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/
https://portswigger.net/researcword
h/dom-based-angularjs-sandbox-escapes
https://portswigger.net/research/dom-based-angularjs-sandbox-escapes
#### L
Labs
Linux
https://linuxsecurity.expert/resources/
#### M
Monitoring
https://github.com/dgtlmoon/changedetection.io Monitor Website Changes
### P
#### Podcasts
Links here -> https://blog.intigriti.com/2019/11/12/bug-bytes-44-new-platform-new-programs-and-a-e25k-head-csrf/
SelfHosted Podcast https://selfhosted.show/60?t=777
Programs
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
### R
####
#### Reverse Shells
### Rate Limit
### T
Top 10
------- ACCOUNT TAKEOVERS-----------
https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-2-9abf62de4ca3
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
https://opensourcelibs.com/lib/google-acquisitions
API Security
https://www.cloudflare.com/learning/security/api/owasp-api-security-top-10/
Shadowe apis https://www.cloudflare.com/learning/access-management/what-is-shadow-it/
Cors
https://jakearchibald.com/2021/cors/playground/
DNS Hijacking
https://www.cloudflare.com/en-ca/learning/security/global-dns-hijacking-threat/
https://github.com/mdsecresearch/Publications/blob/master/presentations/Offensive%20Development%20-%20Post-Exploitation%20Tradecraft%20in%20an%20EDR%20World%20-%20x33fcon%202020.pdf
ffuf
How to use ffuf - Hacker Toolbox https://www.youtube.com/watch?v=aN3Nayvd7FU
Fuzzing / FFUF -> 5-30-22 Nehamssec stream covered fuzzing A LOT https://www.twitch.tv/videos/1312499916
Protips ffuf - tips and tricks https://www.youtube.com/watch?v=uwcRBSUl8e4&t=358s
Late to the party, or, in other words massive web enumeration using ffuf. http://0entropy.blogspot.com/2020/05/late-to-party-or-in-other-words-massive.html
https://gowthams.gitbook.io/bughunter-handbook/fuzzing-fuff
https://0xmahmoudjo0.medium.com/how-i-found-multiple-sql-injection-with-ffuf-and-sqlmap-in-a-few-minutes-9c3bb3780e8f
Graphql
https://github.com/KathanP19/HowToHunt/blob/master/GraphQL/GraphQL.md
IDN Homograph
https://www.akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks
Insecure Deserialisation
Insecure Deserialisation https://www.youtube.com/watch?v=SNi7gNkfLSM
#### Protype Pollution
https://www.kitploit.com/2021/09/plution-prototype-pollution-scanner.html
https://github.com/BlackFan/client-side-prototype-pollution
https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/
https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf
#### Prototype polution Tools
https://github.com/msrkp/PPScan
Sensitive Info
https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
SSRF
https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssrf
Subdomain Takeovers
https://0xpatrik.com/subdomain-takeover-ns/
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
https://www.hackerone.com/application-security/guide-subdomain-takeovers
https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75
https://import.cdn.thinkific.com/359809/courses/1386931/locomotivesubdomaintakeover-210608-154821.yamll
https://github.com/buckhacker/SubDomainTakeoverTools
github.com/lukasikic/subzy
-> https://gist.githubusercontent.com/ruevaughn/91d3369fdf0d93b0bdc6662c771cb7ae/raw/79e07b315e465bae1f003ec8fd40fcf5471b223b/fingerprints.json
github.com/mhmdiaa/second-order
SQL INjection
https://www.cloudflare.com/learning/security/threats/sql-injection/
XSS
Al the ways you can alert js -> https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309
https://github.com/wisec/domxsswiki/wiki
https://github.sre.pub/topics/xss-scanners
https://owasp.org/www-community/attacks/xss/
Moving beyond alert()xss https://av.tib.eu/media/49191
https://unescape-room.jobertabma.nl/
https://infosecwriteups.com/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df
Writeups
https://ysamm.com/#
WEbapp security
#### Tools
https://www.xmind.net/m/Xy7XEW/# <-----
https://github.com/Excloudx6/PentestTools#exploitation-tools
https://linuxsecurity.expert/security-tools/top-100/
https://intelx.io/tools
https://github.com/nccgroup/ScoutSuite/tree/master/tools
Clean Ips Script
https://gist.github.com/LuD1161/bd4ac4377de548990b47b0af8d03dc78
### D
Dirb
https://techyrick.com/dirb/
https://github.com/nccgroup/tracy
#### Todo
hetty.xyz
https://www.bugbountyhunting.com/
https://github.com/KingOfBugbounty/KingOfBugBountyTips#scan-log4j-using- -and-log4j-scan
https://medium.com/hacking-info-sec/how-to-install-and-use-bbrf-35f6aa15fbc9
https://github.com/Excloudx6/Guide-to-SSRF
https://github.com/alphaSeclab/sec-daily-2020
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/mindmap.png
https://github.com/topics/bugbounty
https://gist.github.com/R0X4R/bc08d55e368965f22c0b41ee8475ba87
SSRF
https://cheatsheetseries.owasp.org/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Big.pdf
Nmap
https://github.com/killswitch-GUI/PenTesting-Scripts/blob/master/Nmap-Strings
https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology/
https://github.com/SmeegeSec/Security_Headers_Nmap_Parser
ssh bruting
A simple multi-threaded distributed SSH brute-forcing tool written in Python https://github.com/k4yt3x/orbitaldump
https://github.com/d3vilbug/Brutal_SSH
xsshunter
https://github.com/mystech7/xsshunter - duplicate within 15 min check added
https://gosecure.github.io/security-cheat-sheet/
https://twitter.com/e11i0t_4lders0n/status/1489234267687497735
https://snyk.io/log4j-vulnerability-resources/
https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/
TODO
https://github.com/Excloudx6/jsmon
https://github.com/robre/scripthunter
Learn
https://digi.ninja/labs.php
Labs
https://hackxor.net/
https://github.com/Excloudx6/xxe-workshop
https://gosecure.github.io/request-smuggling-workshop/#0
https://gosecure.github.io/template-injection-workshop/#0
Scrips
https://github.com/killswitch-GUI/PenTesting-Scripts
My Urls
securityforeveryone.com/scan-repository
/ AWS
Regexp patterns
https://regexr.com/
Python
https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03?utm_source=pocket-ff-recs
Rails
https://www.cloudbees.com/blog/preproduction-checklist-for-a-rails-app?utm_source=rubyweekly&utm_medium=email
https://youtu.be/CIhHpkybYsY?t=1171
xss - https://threadreaderapp.com/thread/1508406052663934979.html
B
Browsers
https://github.com/Excloudx6/browser-compat-data
https://httpwg.org/specs/rfc7230.html#header.transfer-encoding
https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Length
https://stackoverflow.com/questions/978061/http-get-with-request-body?rq=1
https://datatracker.ietf.org/doc/html/rfc7230
https://groups.yahoo.com/neo/groups/rest-discuss/conversations/messages/9962
https://www.ietf.org/rfc/rfc2119.txt
https://www.elastic.co/guide/en/elasticsearch/guide/current/_empty_search.html
d
sd
HTTP HEader Smuggling
https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html
Request Smuggling
https://github.com/ruevaughn/websocket-connection-smuggler
https://portswigger.net/daily-swig/how-to-perform-an-http-header-smuggling-attack-through-a-reverse-proxy
https://twitter.com/albinowax/status/1263122811683553283
Note: kitploit guys is the hackbogtone guy
https://www.kitploit.com/2021/08/http-request-smuggling-http-request.html
https://hackbotone.com/blog/http-request-smuggling-detection-tool/
https://www.youtube.com/watch?v=mijOcGLneLU&t=303.658823s
https://gist.github.com/sminez/571bd7bafb1b88630b85c85a0cd66e3a - grep through this
try
https://github.com/arjunshibu/gcmd
https://splash.readthedocs.io/en/stable/scripting-tutorial.html#scripting-tutorial
https://github.com/phlmox
Recon
https://www.kitploit.com/2021/10/webdiscover-purpose-of-this-script-is.html
https://www.cobalt.io/blog/scope-based-recon-smart-recon-tactics
Checklists
https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/
https://gist.github.com/pdelteil/ba005609789ae14862f023da4191826d
https://github.com/rails/rails/issues/37620
SUBDOMAIN TAKEOVERS
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
https://www.udemy.com/course/cloud-hacking/learn/lecture/8613164?start=0#overview
https://github.com/indianajson/can-i-take-over-dns
RECON
https://gist.github.com/khanjanny/039d7c7d825a866b9020e3945e04ace9
https://github.com/KathanP19/HowToHunt
https://prettyrecon.com/auth/forgot_password/
Oneliners
https://www.youtube.com/watch?v=ZcG8ARatgs0&t=467s
https://giters.com/okaayfine/oneliner-bugbounty
https://twitter.com/ofjaaah/status/1532581839344394241
https://gist.github.com/cyberheartmi9/c993542044fdc45834837c3f88484a63
https://github.com/trimstray/the-book-of-secret-knowledge
Tweets Dorks
https://twitter.com/hashtag/bugbountytips
https://twitter.com/search?q=%23bugbountytips&cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email
https://twitter.com/ghostlulz1337
https://www.google.com/search?client=firefox-b-1-d&q=site%3Agist.github.com+%22dalfox%22+automate
https://gist.github.com/sec99
https://gist.github.com/Bedrovelsen/starred
https://gist.github.com/tranphuoctien/47c1242c8189b42fb4d268c548db4526
https://gist.github.com/GrahamcOfBorg/601b9608c6010d9c82cf0e9535faac4b
https://gist.github.com/babaloveyou
https://www.google.com/search?client=firefox-b-1-d&q=bug+bountny+automation
https://www.reddit.com/r/bugbounty/comments/nkaz32/automation_for_bug_bounty_recon_framework/
https://github.com/dirsoooo/Recon
https://gowthams.gitbook.io/bughunter-handbook/automation
Writeups
https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups
https://infosecwriteups.com/intro-to-bug-bounty-automation-tool-chaining-with-bash-13e11348016f
https://hacklido.com/u/excloudx
https://twitter.com/home
https://subscription.packtpub.com/book/networking-and-servers/9781788626897/7/ch07lvl1sec47/example
https://subscription.packtpub.com/owned
https://id.bugbountyhub.com/auth/realms/bugbountyhub/login-actions/authenticate?execution=a484e1a7-bc42-472b-a339-15be49996b14&client_id=prod-platform&tab_id=MivkVulj_p8
Crawlers / Crawling
https://github.com/spatie/crawler
http://www.robotstxt.org/
https://github.com/BruceDone/awesome-crawler
https://github.com/tijme/not-your-average-web-crawler
https://github.com/ghostlulzhacks/crawler
https://scotthelme.co.uk/top-1-million-analysis-march-2020/
https://crawler.ninja/
https://scotthelme.co.uk/top-1-million-analysis-march-2020/
FINISH Watching - https://www.youtube.com/watch?v=12gtkYbMGd4&t=362s
HARSHBROTHA - https://www.youtube.com/watch?v=UrdvDCb4Gz8
NOTIFY - https://www.youtube.com/watch?v=rbr7ZmBI9qs
Handle your data carefully https://www.y
outube.com/watch?v=rbr7ZmBI9qs
UserAgents
https://github.com/BbhunterOne/ReconChef/blob/main/recon.sh#L82
Screenshots
https://github.com/spatie/browsershot
# https://github.com/maaaaz/webscreenshot
https://random-robbie.github.io/bugbounty-scans/
https://buaq.net/go-99375.html
https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive?rq=1
cheatsheets
https://0xn3va.gitbook.io/cheat-sheets/
https://0xn3va.gitbook.io/cheat-sheets/web-application/http-request-smuggling
_ _ _ _ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \
( F | R | A | M | E | W | O | R | K | S )
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/
* reconftw -
* Reconness
* BBHT
https://github.com/hahwul/WebHackersWeapons
https://github.com/yeswehack/pwn-machine
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
https://core.intrigue.io/
Reconness
Vajra - https://github.com/r3curs1v3-pr0xy/vajra
Hive https://hexway.io/blog/new-update-hive/
Pwnmachine
axiom
https://www.mandiant.com
https://github.com/AlexisAhmed/BugBountyToolkit
https://github.com/nahamsec/lazyrecon
https://github.com/yogeshojha/rengine/commit/cf30e98e0440424019cb2cad600892ce405f850e
https://github.com/0xInfection/TIDoS-Framework
https://buaq.net/go-249.html MooseDojo/apt2: automated penetration toolkit
_..._
.-'_..._''.
__.....__ .' .' '.\ __.....__ . _..._ .--. _..._
.-'' '. / .' .-'' '. .'| .' '. |__|.' '. .--./)
/ .-''"'-. `. . ' .-,.--. / .-''"'-. `. .| < | . .-. . .| .--. .-. ./.''\\
/ /________\ \| | | .-. / /________\ \ .' |_ | | | ' ' | .' |_ | | ' ' | | | |
_ | || | | | | | |.' | | | .'''-. _ _ | | | | .' || | | | |\`-' /
.' |\ .-------------'. ' | | | \ .-------------'--. .-' | |/.'''. \ | ' / || | | |'--. .-'| | | | |/("'`
. | | '-.____...---. \ '. .| | '- \ '-.____...---. | | | / | | .' | .' || | | | | | | | | | |\ '---.
.'.'| |//`. .' '. `._____.-'/| | `. .' | | | | | | / | / || | | | | | |__| | | | /'""'.\
.'.'.-' / `''-...... -' `-.______ / | | `''-...... -' | '.' | | | | | `'. || | | | | '.' | | | ||| ||
.' \_.' ` |_| | / | '. | '.' .'| '/ | | | | / | | | |\'. __//
`'-' '---' '---'`-' `--''--' '--' `'-' '--' '--' `'---'
Secret Hunting - Google Dorks, Git Dorks, Employee OSINT, etc
https://gist.github.com/markofu/549fbd287edf08c38e869dacc740e49de
https://github.com/aquasecurity/cloudsploit
Trufflehog https://www.youtube.com/watch?v=aioheMi1Wko
+ --- +
|Tools|
https://sapt.medium.com/perform-information-gathering-using-following-tools-on-the-given-targets-cyber-sapiens-internship-12c858166008
+Github Wiki Auditor
https://www.smeegesec.com/2019/03/auditing-github-repo-wikis-for-fun-and.html
https://github.com/SmeegeSec/GitHub-Wiki-Auditor
https://www.kitploit.com/2022/04/gitbleedtools-for-extracting-data-from.html
https://github.com/phlmox/jslinkfinderv2
https://exposingtheinvisible.org/guides/google-dorking/ <---- huge dorking guide!
https://github.com/phlmox/bingdork
https://github.com/awslabs/git-secrets
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
https://techvomit.net/aws-security/
https://github.com/gwen001/s3-bucketsdfinder.git
https://github.com/phlmox/gdork
https://github.com/lc/secretz
https://github.com/kevthehermit/PasteHunter
+ ------ +
|Articles|
+ ------ +
* E.crack jwt - https://github.com/brendan-rius/c-jwt-cracker
Neo4j vs postgres (graphdb)
https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
Automation script
https://www.benteveo.kiwi/blog/automating-bug-bounties
https://github.com/AlexisAhmed/BugBountyToolkit <-- docker
https://gowthams.gitbook.io/bughunter-handbook/automation
Secret
https://www.directdefense.com/csrf-in-the-age-of-json/
https://buaq.net/go-249.html
Intentionally Vulnerable Github repo
https://github.com/shifa123/githubleak
https://wiki.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contentsfff
https://pentestbook.six2dez.com/
https://github.com/m4ll0k
https://github.com/six2dez
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
https://github.com/shifa123
https://www.udemy.com/course/web-application-ethical-hacking/learn/lecture/3305350?start=0#overview
Writeups
POC
https://githudddddddddqqqqqwwwddddddddxsssssssssssssssssssssssssssssb.com/RootUp/PersonalStuff
VPS
https://gist.github.com/Rajchowdhury420/24fa500ebc4edbb2018860f85f93b8cf
https://hackingblogs.com/bug-bounty-builder-project-tool-use/
Beats - Lightweight shippers for Elasticsearch & Logstash
https://github.com/nicolargo/glances
https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29
https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/learn/lecture/5878090?start=0#overview
Pt a website onlne https://www.youtube.com/watch?v=NQP89ish9t8
https://www.trenchesofit.com/2021/06/14/bug-bounty-vps-build/
https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29
https://github.com/AlexisAhmed/BugBountyToolkit <-- docker
### To Deploy your own
https://demo.ezxss.com/manage/dashboard
https://github.com/ssl/ezXSS/wiki/Installation
## BugBounty Programs
---
https://huntr.dev/
https://www.zerodayinitiative.com/
https://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5
https://opensourcelibs.com/lib/google-acquisitions
https://opensourcelibs.com/libs/bugbounty
List of .gov
Tatget crypto https://arlolra.github.io/otr/
https://github.com/cisagov/dotgov-data
[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.
[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.
[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)
[Security Ninja Files List](https://crawler.ninja/files/)
https://allabouttesting.org/
Todo:
https://boards.greenhouse.io/cobaltio/jobs/4141074002 <--- solve challenge
CheatSheets
https://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md
Automated Scanners
* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)
* [Dalfox](https://github.com/hahwul/dalfox)
* [XSSTrike](https://github.com/s0md3v/XSStrike)
* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)
[SSTI-XSS-Finder](https://github.com/darklotuskdb/SSTI-XSS-Finder)
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
* https://twitter.com/0xJin/status/1470748925963513863
* https://twitter.com/0xJin/status/1470748925963513863/photo/1
XXE
https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity
https://app.intigriti.com/programs/dpgm/libelle/detail
https://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html
https://twitter.com/infosec_au/status/1340785029899698181?lang=en
https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html
Understanding DTD-< https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html
## Writeups
https://prashantbhatkal2000.medium.com/svg-based-stored-xss-ee6e9b240dee
## Owasp Top 10
---
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WhatsNew.html
### Clickjacking
https://lcamtuf.blogspot.com/2011/12/x-frame-options-or-solving-wrong.html
https://blog.innerht.ml/page/2/
https://hackerone.com/reports/8724
### CSRF
* https://hackerone.com/reports/44146
- 7-19-16
* [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&t=5s)
* https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/
- 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))
### XSS
Paid Services
https://findomain.app/#Pricing
## Resources
---
Params
Config override using non-validated query parameter allows at least reflected XSS by injecting configuration into state
https://hackerone.com/reports/1082847
Fuzzcon & fuzzung
https://twitter.com/hashtag/hacklu?src=hashtag_click
https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Fuzzing.md
Recoon
eiIaaefwaaa m
k
- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
[PrettyRecon](https://prettyrecon.com/auth/signup)
### Dorks
https://ask.fm/tags/bounty
### Lists
https://github.com/payloadbox/xss-payload-list
Protips and Trips
Most of the sites use AWS nowadays...
AWS localhost is 169.254.169.254 so don't use 127.0.0.1 there!
https://sniferl4bs.com/2017/02/wallpaper-penetration-testing-and-exploit-dev-cheatsheet/
https://githubhelp.com/topic/bugbountytips
https://github.com/Excloudx6/open-redirect-payload-list
https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/
### Githubs
---
- [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)
- [Disclose/diodb](https://github.com/disclose/diodb)
-
### Streams
[Nehamsec Twitch](https://www.twitch.tv/nahamsec)
### Twitter Tweetin'
https://twitter.com/0xMstar/status/1464658472981565444{{
https://twitter.com/0xJin/status/1470748925963513863
podcasts
https://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q
### Data
---
Bugcrowd Subdomain Enumeration https://www.youtube.com/watch?v=La3iWKRX-tE
CVE-2019-11510 Detail
/dana-na
## CVE/CVD
---
CVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx
- https://vuls.cert.org/confluence/display/CVD/Executive+Summary
- https://vuls.cert.org/confluence/display/CVD/Sightings
https://github.com/detectify/cs-challenge
https://github.com/r3curs1v3-pr0xy
https://notsosecure.com/resources
https://reconshell.com/bug-bounty-tips/
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md
[Insecure Deserialization Part 1](https://www.youtube.com/watch?v=SNi7gNkfLSM)
[Insecure Deserialization part 3](https://www.youtube.com/watch?v=icAKHE-iKOs)
https://secoceans.com/blog-2/
https://portswigger.net/research
https://portswigger.net/blog
https://portswigger.net/news
https://portswigger.net/daily-swig
courses
https://www.udemy.com/course/penetration-testing-bug-bounty-hunting-level-2-hacktify/
https://spongebhav.medium.com/facebook-group-members-disclosure-e53eb83df39e
https://github.com/six2dez/talks/blob/main/Gotta_ENG.pdf
packets
https://www.kitploit.com/2018/08/polymorph-real-time-network-packet.html
Automation
https://gowthams.gitbook.io/bughunter-handbook/automation
[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)
https://pentestbook.six2dez.com/
https://github.com/m4ll0k
https://github.com/six2dez
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
https://github.com/shifa123
Writeups
## BugBounty Programs
---
https://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5
https://opensourcelibs.com/lib/google-acquisitions
https://opensourcelibs.com/libs/bugbounty
List of .gov
https://github.com/cisagov/dotgov-data
[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.
[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.
[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)
[Security Ninja Files List](https://crawler.ninja/files/)
https://allabouttesting.org/
CheatSheets
https://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md
### Z
Zap
https://github.com/sepehrdaddev/zap-scripts/fork
https://www.zaproxy.org/authors/thorin/
https://github.com/zaproxy/zap-extensions
Frameworks
https://core.intrigue.io/
Reconness
Pwnmachine
axiom
https://www.mandiant.com/
https://trickest.com/
(https://github.com/Findomain/Findomain/releases)
* [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)
* https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring
Automated Scanners
* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)
* [Dalfox](https://github.com/hahwul/dalfox)
* [XSSTrike](https://github.com/s0md3v/XSStrike)
* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)
[SSTI-XSS-Finder](https://github.com/darklotuskdb/SSTI-XSS-Finder)
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
* https://twitter.com/0xJin/status/1470748925963513863
* https://twitter.com/0xJin/status/1470748925963513863/photo/1
## Writeups
https://prashantbhatkal2000.medium.com/svg-based-stored-xss-ee6e9b240dee
## Owasp Top 10
---
### Clickjacking
https://hackerone.com/reports/8724
### CSRF
* https://hackerone.com/reports/44146
- 7-19-16
* [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&t=5s)
* https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/
- 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))
### XSS
Paid Services
https://findomain.app/#Pricing
## Resources
---
[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)
How to view someones IP address and connection speed! https://www.youtube.com/watch?v=SXmv8quf_xM
Recoon
eiIaaefwaaa m
k
- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
[PrettyRecon](https://prettyrecon.com/auth/signup)
### Dorks
https://ask.fm/tags/bounty
### Lists
https://github.com/payloadbox/xss-payload-list
### Githubs
---
- [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)
- [Disclose/diodb](https://github.com/disclose/diodb)
-
Active Directory
Penttesting Active Directory https://www.xmind.net/m/5dypm8/a
https://adsecurity.org/
### Streams
[Nehamsec Twitch](https://www.twitch.tv/nahamsec)
Live Bug Bounty Hunting Speedbiker https://www.youtube.com/watch?v=9W94AKLc5g8
### Twitter Tweetin'
https://twitter.com/samwcyo/status/1529888063576584202
https://twitter.com/sshell_
https://mobile.twitter.com/TechnoTimLive Devops tweets
https://mobile.twitter.com/drunkrhin0/status/1344130729320435712
https://twitter.com/0xMstar/status/1464658472981565444{{
https://twitter.com/0xJin/status/1470748925963513863
podcasts
https://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q
### Data
---
* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
CVE-2019-11510 Detail
/dana-na
## CVE/CVD
---
CVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx
- https://vuls.cert.org/confluence/display/CVD/Executive+Summary
- https://vuls.cert.org/confluence/display/CVD/Sightings
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
https://opensourcelibs.com/lib/google-acquisitions
Reverse shells
https://github.com/wwkenwong/Pentest-note
https://github.com/tehryanx?tab=repositories
https://github.com/sawzeeyy/Sanitiz3r
https://buaq.net/go-249.html
s
(https://github.com/Findomain/Findomain/releases)
* [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)
* https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring
https://github.com/D35m0nd142/LFISuite
https://hub.docker.com/u/secsi
tips
adminphpfinder
https://linux
security.expert/tools/admin-page-finder-php/
Wig
https://linuxsecurity.expert/tools/wig/
xxxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzxΩxxxxxxxxxxx≈≈
BlindElephant
https://linuxsecurity.expert/tools/blindelephant/alternatives/
Writeups
https://github.com/phlmox/public-reports/blob/main/hackerone-one-million-reports
https://twitter.com/omespino/status/1489310300708900868/photo/
https://github.com/phlmox/public-reports
https://footstep.ninja/posts/
https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/
https://ronak-9889.medium.com/denial-of-service-using-cookie-bombing-55c2d0ef808c
https://discord.com/channels/772850979955671103/772854181433573398/895230570366402590 Hacking Articles
IOT
https://www.youtube.com/watch?v=AKoyZLibIeo
Raw
BBP
https://www.bentley.com/en/products
BBP (Bug Bounty Programs!)
https://github.com/Excloudx6/KingRecon_DOD
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
Geico
https://jsfiddle.net/ruevaughn/2mnq5vgf/9/
https://github.com/detectify/cs-challenge
'https://github.com/projectdiscovery/public-bugbounty-programs
https://app.intigriti.com/programs/redbull/redbull/detailhttps://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138
https://huntr.dev/
https://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138
https://support.google.com/websearch/answer/2466433?hl=en
Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c
https://gist.github.com/haxcited/e684df7f9ec210867d25f7ccac22c1d5
https://github.com/B3nac/Android-Reports-and-Resources
https://hackerone.com/alipay?type=team
https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html
https://github.com/The-Art-of-Hacking/h4cker
Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team
* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
Raw
Burp
Send any traffic through burp.
https://github.com/jrmdev/mitm_relay
https://github.com/fuzz-security
https://www.kitploit.com/2022/06/mitmintercept-little-bit-less-hackish.html
https://youtu.be/cqM-MdPkaWo?t=412 <--- Burp Find and Replace rule to do vhost hopping
https://github.com/w0ot-net/ParamScraper
todo
https://www.youtube.com/watch?v=sNtxbv7nxJA&t=32s
https://burpbounty.net/burp-bounty-ekoparty-2020/
https://hakin9.org/blind-xss-in-practice-advanced-bug-hunting-with-burp-suite-tutorial-free-course-content/
https://www.youtube.com/watch?v=KoaSRi3tmck
https://www.youtube.com/watch?v=35jw4dJtRz0&t=230s
#Eko2020 Bounty Hunters | Eduardo Garcia Melia: Burp Bounty - Scan Check Builder https://www.youtube.com/watch?v=t4caslqATi8
https://tryhackme.com/room/burpsuitebasics
https://mrxn.net/?tag=burpsuite
https://github.com/topics/burp-extensions
https://www.youtube.com/watch?time_continue=11&v=35jw4dJtRz0&feature=emb_logo
https://https://www.youtube.com/watch?time_continue=11&v=35jw4dJtRz0&feature=emb_logogithub.com/Mr-xn/BurpSuite-collections
https://github.com/volkandindar/agartha
https://twitter.com/Pethuraj/status/1530773159355379712?cxt=HBwWgMCjsf-Es74qAAAA&cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email
https://github.com/BurpsuiteExtensions
https://github.com/Team-Firebugs/Burp-LFI-tests
https://github.com/1N3/IntruderPayloads
2018 Burp Hacks for Bounty Hunters - James Kettle shares his setup - https://www.youtube.com/watch?v=boHIjDHGmIo
BUG BOUNTY :- Burp Suite Bug Bounty Web Hacking learn from Scratch :- Complete Burp Suite Tutorial https://www.youtube.com/watch?v=AH1UcYwxKak
https://www.secureideas.com/blog/2015/08/introducing-burp-correlator.html\
https://github.com/redhuntlabs/BurpSuite-Asset_Discover
https://github.com/m4ll0k/SecretFinder/tree/master/BurpSuite-SecretFinder
https://www.secureideas.com/blog/2015/05/tip-running-burpsuite-on-mac.html
https://osxdaily.com/2013/06/04/change-icon-mac/
https://github.com/elkokc/reflector
https://github.com/snoopysecurity/awesome-burp-extensions
https://portwswigger.net/burp/documentation/desktop/functions/generate-csrf-poc
Jamies Kettle burp
https://youtu.be/boHIjDHGmIo?t=204
[http pippelining in burp](https://youtu.be/boHIjDHGmIo?t=204)
[Wordlists in burp](https://youtu.be/boHIjDHGmIo?t=378)
[Grep Extract w intruder](https://youtu.be/boHIjDHGmIo?t=427)
[Adding your own active scan check](https://youtu.be/boHIjDHGmIo?t=543)
https://import.cdn.thinkific.com/359809/BurpsuiteResourcePDF-201107-173314.pdf
https://portswigger.net/burp/pro/video-tutorials?utm_source=burp_suite_professional&utm_medium=embedded_browser&utm_campaign=burp_support
Burp
https://portswigger.net/blog/burp-suite-professional-feature-roundup
https://portswigger.net/news
https://youtu.be/rbr7ZmBI9qs?t=278
https://www.hahwul.com/2019/12/29/run-other-application-on-burp-suiteburp/
https://github.com/PortSwigger
Burp api Tip https://youtu.be/5qSq1S2sRC8?t=731
[Burp Active Scan by Jason Haddix]
He runs an [Active Scan using burp suite](https://youtu.be/uKWu6yhnhbQ?t=4370). He toggles 50 threads, see link for more.
Burp
https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-http-request-smuggling-2c0b5321f06d
burp etc https://www.youtube.com/playlist?list=PL8j1j35M7wtI4IvNS7ItrM8dTYXx2nYfX
echo "Burp Extensions" && echo "Burp Extension Basic Auth Decoder Bypass: https://learn.hacktify.in/courses/take/hacktify-special-chapter-1/downloads/25003636-burpsuite-decode-basic-auth-extension" >> $README
curl https://import.cdn.thinkific.com/359809/courses/1386931/firstextension-210608-160308.py -o $HOME/basic-auth-decoder.py
Burp Extensions
https://github.com/CoreyD97?tab=repositorwies
https://github.com/xnl-h4ck3r/burp-extensions/fork
https://github.com/xnl-h4ck3r/burp-extensions
https://www.kitploit.com/2019/08/iprotate-extension-for-burp-suite-which.html
https://github.com/InitRoot/BurpJSLinkFinder
https://bugbountyforum.com/tools/proxy-plugins/ Burp
https://github.com/arbazkiraak/BurpBLH Burp
https://github.com/0xDexter0us/Scavenger
https://github.com/danielthatcher/spydom <--- the postmessage alerts that burp is always complaining about, use this to view them.
Building an extension resources
*---> https://github.com/w0ot-net/ParamScraper/blob/master/ParamScraper.py
#### Burp
Burp Cheat Sheet https://www.sans.org/posters/burp-suite-cheat-sheet/
https://www.hackingarticles.in/burp-suite-for-pentester-burps-project-management/
https://github.com/Net-hunter121/API-Wordlist#usage <----- hack apis with burp
[Autorize](https://youtu.be/5qSq1S2sRC8?t=852)
https://www.kitploit.com/2022/05/graphql-threat-matrix-graphql-threat.html
inQL graphql Burp Extension for burp [here](https://youtu.be/5qSq1S2sRC8?t=753)
Extender
https://www.trenchesofit.com/2022/01/16/burp-suite-custom-parameter-handler/
Burp
https://github.com/nccgroup/BurpSuiteHTTPSmuggler
https://portswigger.net/burp/documentation/collaborator/deploying
https://import.cdn.thinkific.com/359809/BurpsuiteResourcePDF-201107-173314.pdf
https://portswigger.net/blog/burp-suite-professional-feature-roundup
My Burp Extensions
https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646
https://github.com/nccgroup/WCFDSer-ng
https://github.com/GoSecure/csp-auditor
https://github.com/SmeegeSec/Burp-Importer
Flow by Marcin Woloszyn
https://www.hackingarticles.in/burp-suite-for-pentester-burps-project-management/
https://kalilinuxtutorials.com/nuclei-burp-plugin/
oast testin g
https://portswigger.net/burp/application-security-testing/oast
https://www.udemy.com/course/web-application-ethical-hacking/learn/lecture/3305350?start=0#overview
https://portswigger.net/blog/a-modern-elastic-design-for-burp-collaborator-server
https://portswigger.net/blog/burp-suite-roadmap-for-2022
https://portswigger.net/blog/burp-suite-certification-prices-hacked-for-black-friday
https://portswigger.net/blog/the-mystery-of-the-missing-mac-release
Burp Documentation https://portswigger.net/burp/documentation/desktop/functions/generate-csrf-poc
#### [Burp](https://gist.github.com/ruevaughn/a6da987379f5593d0ab4a878fe1b6baf/575fd3933296ea1eb734fe4e69bd99a01c6d425e#file-burp-L2)
**https://apps.burpsuite.guide/**
**https://securityzines.com/flyers/burp.html**
Burp api Tip https://youtu.be/5qSq1S2sRC8?t=731
https://github.com/InitRoot/BurpJSLinkFinder
https://github.com/tristanlatr/burpa
https://github.com/mdsecresearch/BurpSuiteSharpener
Raw
ZAP and other proxies
Zap videos By Hawhul
https://www.youtube.com/watch?v=GK46fsCL7kk
python cors_scan.py -u example.com -p http://127.0.0.1:8080 # To use socks5 proxy, install PySocks with pip install PySocks
Zap Website
https://www.zaproxy.org/docs/docker/about/
Zap Scripts
https://github.com/sepehrdaddev/zap-scripts
https://www.kitploit.com/2022/06/mitmintercept-little-bit-less-hackish.html
http://tinyproxy.github.io/
https://unix.stackexchange.com/questions/36627/how-to-telnet-via-proxy-authentication
https://mitmproxy.org/
https://github.com/abhinavsingh/proxy.py
https://blog.intigriti.com/2021/05/05/bug-bytes-121-free-burp-collaborator-alternative-hacking-chrome-extensions-28k-facebook-oauth-account-takeover/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment