affilares/Bug Bounty payloads.md

Forked from OTaKuHP/Bug Bounty payloads.md

Last active July 30, 2022 07:00

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/affilares/aee674151496c498706c839a96b0bb70.js"></script>
Save affilares/aee674151496c498706c839a96b0bb70 to your computer and use it in GitHub Desktop.

Download ZIP

checklist n payloads

Raw

Bug Bounty payloads.md

Bug Bounty payloads github Repos List:

PayloadsAllTheThings - https://lnkd.in/gjTPbtz

cujanovic - https://lnkd.in/gSTJQN4

Payload Box (cmdi , sqli , xss , lfi , rfi etc) - https://lnkd.in/g6B28dU

SecLists - https://lnkd.in/g6ucAZQ

fuzzdb - https://lnkd.in/gadi-D5

xsuperbug - https://lnkd.in/g4NubfC

NickSanzotta - https://lnkd.in/g5cYXRY

7ioSecurity - https://lnkd.in/gmBW4cs

shadsidd - https://lnkd.in/gxV3GCG

shikari1337 - https://lnkd.in/ggVznU5

xmendez - https://lnkd.in/gRmWvKR

minimaxir - https://lnkd.in/guCfKXX

Bug Bounty Checklist and Cheatsheets

WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf

Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf

Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html

File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf

IDOR-https://notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b

XSS-https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

SQLi-https://portswigger.net/web-security/sql-injection/cheat-sheet

XXE-https://link.medium.com/lprTDcXRYgb

SSRF-https://0xn3va.gitbook.io/cheat-sheets/web-application/server-side-request-forgery

2FA-https://drive.google.com/file/d/11FlzxlVw4GIZ60s5v3I1S5p8kXZHExFT/view

CORS-https://0xn3va.gitbook.io/cheat-sheets/web-application/cors-misconfiguration

Business Logic Flaws-https://link.medium.com/MX5hzfESYgb

CSRF-https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery

Insecure deserialization-https://thehackerish.com/insecure-deserialization-explained-with-examples/

Web Cache Poisoning-https://0xn3va.gitbook.io/cheat-sheets/web-application/web-cache-poisoning

HTTP request smuggling-https://portswigger.net/web-security/request-smuggling/finding

Command Injection-https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection

SAML-https://github.com/e11i0t4lders0n/SAML-SSO

Race Condition-https://pandaonair.com/2020/06/11/race-conditions-exploring-the-possibilities.html

S3 Bucket Misconfiguration-https://medium.com/@janijay007/s3-bucket-misconfiguration-from-basics-to-pawn-6893776d1007

Server-Side Template Injection-https://portswigger.net/research/server-side-template-injection

WebSockets Vulnerabilities-https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages

xsscx - https://lnkd.in/geuHkb3

TheRook - https://lnkd.in/gZdQT9H

danielmiessler - https://lnkd.in/gwWJmpb

FireFart - https://lnkd.in/gKAcMAS

HybrisDisaster - https://lnkd.in/gc5AthF

1N3 - https://lnkd.in/g5DNVrG

lavalamp- - https://lnkd.in/gzK2ez3

arnaudsoullie - https://lnkd.in/gdqcdhf

scadastrangelove - https://lnkd.in/gHKxXZp

jeanphorn - https://lnkd.in/gEMXJzv

j3ers3 - https://lnkd.in/gMeFjjM

nyxxxie - https://lnkd.in/gbFhn8j

foospidy - https://lnkd.in/g_RcagZ

terjanq - https://lnkd.in/gKYhsKb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment