Skip to content

Instantly share code, notes, and snippets.

@ruevaughn

ruevaughn/Bug Bounty Resources.txt

Last active November 17, 2024 17:11
Show Gist options
  • Save ruevaughn/a6da987379f5593d0ab4a878fe1b6baf to your computer and use it in GitHub Desktop.
Save ruevaughn/a6da987379f5593d0ab4a878fe1b6baf to your computer and use it in GitHub Desktop.
Download ZIP
My Resources and Links over time to various Tools, Notes, Videos, Papers, Articles, Writeups, and more. Will be moving to my own private hosted Wikipedia soon. Ascii Art Font: Calvin S
Raw
Bug Bounty Resources.txt
╔╦╗╦ ╦ ╔╗ ┬ ┬┌─┐ ╔╗ ┌─┐┬ ┬┌┐┌┬┐┬ ┬ ╦═╗┌─┐┌─┐┌─┐┬ ┬┬─┐┌─┐┌─┐┌─┐
║║║╚╦╝ ╠╩╗│ ││ ┬ ╠╩╗│ ││ │││││ └┬┘ ╠╦╝├┤ └─┐│ ││ │├┬┘│ ├┤ └─┐
╩ ╩ ╩ ╚═╝└─┘└─┘ ╚═╝└─┘└─┘┘└┘┴ ┴ ╩╚═└─┘└─┘└─┘└─┘┴└─└─┘└─┘└─┘
//
()==========>>======================================--
\\
2FA Bypass
2fa bypass Mindmap https://www.mindmeister.com/1736437018?t=SEeZOmvt01
2fa Bypass Methods https://workbook.securityboat.in/resources/web-app-pentest/business-logic-vulnerabilities/2fa-bypass
Account Takeovers
https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-2-9abf62de4ca3
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
AdminPanelFinder
adminphpfinder
https://linux
security.expert/tools/admin-page-finder-php/
API Security
https://www.cloudflare.com/learning/security/api/owasp-api-security-top-10/
Shadowe apis https://www.cloudflare.com/learning/access-management/what-is-shadow-it/
Api Keys
https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys
API Hacking
https://github.com/microsoft/restler-fuzzer
https://github.com/hAPI-hacker/Hacking-APIs/fork
Amass
https://securityweekly.com/wp-content/uploads/2021/05/AmassTechSegment-0.pdf
Amass Scripting\
https://github.com/OWASP/Amass/tree/master/resources/scripts
https://github.com/OWASP/Amass/blob/master/doc/scripting.md
amass scripting https://youtu.be/H1wdBgY1rtg?t=4987
Bug Bounty for Beginners Stream#4:AMASS, Subfinder, FFUF https://www.youtube.com/watch?v=27zMfcr2fPE
https://hackbotone.com/blog/amass-osint-reconnaissance-tool/
https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7
https://securityonline.info/amass-subdomain-enumeration/
https://github.com/OWASP/Amass/releases
https://twitter.com/jeff_foley
https://github.com/OWASP/Amass/blob/master/doc/scripting.md
https://github.com/OWASP/Amass
https://gist.github.com/sillydadddy/b1726c8e8ce281d55b82d4e2a1a610e8
https://twitter.com/dokkillo/status/1305566849514471424
https://github.com/PatrikFehrenbach/amass-tools/blob/master/assetfinder.ads
https://github.com/OWASP/Amass#top-mentions
amass enum script command https://youtu.be/H1wdBgY1rtg?t=5408
Example of api key configuration https://www.hahwul.com/2020/09/23/amass-go-deep-in-the-sea-with-free-apis/#chaos
[31:33 / 1:56:06]
[How to Use Amass Efficiently by @jeff_foley #NahamCon2020](https://youtu.be/H1wdBgY1rtg?t=1974)
[OWASP AMass Boot Camp by Jeff Foley (Caffix)](https://www.youtube.com/watch?v=OOurkCPf2-I)
Amass Tutorial https://github.com/OWASP/Amass/blob/master/doc/tutorial.md
https://github.com/vortexau/dnsvalidator
https://twitter.com/owaspamass
Android
https://github.com/dzmitry-savitski/android-pentest-tool
AngularJS
https://github.com/snoopysecurity/Public/blob/master/Old%20Presentations/MWRICON%202018/README.md
Authentication Bypass Vulnerabilities
Ascii
https://github.com/heldersepu/hs-scripts/blob/master/ascii.txt
Asset Monitoring
https://github.com/ruevaughn/assetnote
https://github.com/yeswehack/pwn-machine
https://github.com/robre/jsmon
API Hacking
https://github.com/Excloudx6/31-days-of-API-Security-Tips
https://gist.github.com/ruevaughn/51048bccdc753596443eca95cbf39356
https://apexvicky.medium.com/top-10-api-bugs-where-to-find-them-5dac338b3d73
https://attacker-codeninja.github.io/2021-08-28-Hacking-APIs-notes-from-bug-bounty-bootcamp/
https://dfir.blog/unfurl/
https://www.slideshare.net/programmableweb/why-api-security-is-more-complicated-than-you-think-and-why-its-your-1-priority
Amazon Cognito
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/CommonParameters.html
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html
https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt
Blockchain
https://hash.ai/@b/uniswap
https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b
https://github.com/ruby/webrick/blob/master/lib/webrick/httprequest.rb }9
https://twitter.com/0xAsm0d3us/status/1438149310080712709 cdC
Blogs
https://respectxss.blogspot.com/
Browsers
Save multiple pages as a single html page https://github.com/gildas-lormeau/SingleFile
https://bughacking.com/best-browsers-for-hackers/
https://hackaday.com/2022/01/17/hack-the-web-without-a-browser/
https://woob.tech/
https://github.com/moonD4rk/HackBrowserData
https://resources.infosecinstitute.com/topic/ethical-hacking-top-10-browser-extensions-for-hacking/
https://github.com/Excloudx6/browser-compat-data
https://httpwg.org/specs/rfc7230.html#header.transfer-encoding
https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Length
https://stackoverflow.com/questions/978061/http-get-with-request-body?rq=1
https://datatracker.ietf.org/doc/html/rfc7230
https://groups.yahoo.com/neo/groups/rest-discuss/conversations/messages/9962
https://www.ietf.org/rfc/rfc2119.txt
https://www.elastic.co/guide/en/elasticsearch/guide/current/_empty_search.html
https://www.concise-courses.com/hacking-tools/web-browser-related-tools/
Ethereum Hacking
https://github.com/NafisiAslH/KnowledgeSharing
https://github.com/SecurityInnovation/Smart-Contract-CTF
https://twitter.com/CyberWarship/sta tus/1533710785914056705
https://github.com/heldersepu/hs-scripts/blob/master/NodeJS/web3/VestingERC20.js
Broken Access Control - https://cwe.mitre.org/data/definitions/1345.html
Busines Logic
https://shahmeeramir.com/breaking-the-web-with-logics-ce22e8a9c4e2
Browser Extensions - Chrome
Collusion - https://chrome.google.com/webstore/search/collusion
DotGit - https://chrome.google.com/webstore/detail/dotgit/pampamgoihgcedonnphgehgondkhikel?hl=en
Trufflehog https://chrome.google.com/webstore/detail/trufflehog/bafhdnhjnlcdbjcdcnafhdcphhnfnhjc
Tracy - https://github.com/nccgroup/tracy/wiki/Example-Workflows
Browser Extensions - Firefox
Cookie Editor - https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/
Bulk URL Opener - https://addons.mozilla.org/en-GB/firefox/addon/bulkurlopener/
Hacktoolshttps://addons.mozilla.org/en-US/firefox/addon/hacktools/
Tracy https://github.com/nccgroup/tracy/wiki/Example-Workflows
Bug Bounty Programs
https://blog.bugzero.io/bug-zero-is-going-to-pay-your-security-bill-for-2022-4b6396e2ee48
Bulk Load Programs https://gist.github.com/brevityinmotion/b86f7475d4cd2790003326a4d3a528ba
Google Acquisitions https://opensourcelibs.com/lib/google-acquisitions
https://github.com/The-Art-of-Hacking/h4cker/tree/master/bug-bounties#bug-bounty-platforms
Discovery Header DoD - https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty
King Recon DoD - https://github.com/KingOfBugbounty/KingRecon_DOD
Bentley Bug Bounty Program - https://www.bentley.com/en/products
https://lostsoulofawolf.medium.com/bug-bounty-how-to-get-private-invites-60062a5d0809
https://github.com/Hack-with-Github
Shopify
https://www.hulkapps.com/
BBP (Bug Bounty Programs!)
https://github.com/Excloudx6/KingRecon_DOD
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
https://jsfiddle.net/ruevaughn/2mnq5vgf/9/
https://github.com/detectify/cs-challenge
https://github.com/projectdiscovery/public-bugbounty-programs
https://app.intigriti.com/programs/redbull/redbull/detailhttps://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138
https://huntr.dev/
https://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138
https://support.google.com/websearch/answer/2466433?hl=en
Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c
https://gist.github.com/haxcited/e684df7f9ec210867d25f7ccac22c1d5
https://github.com/B3nac/Android-Reports-and-Resources
https://hackerone.com/alipay?type=team
https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html
https://github.com/The-Art-of-Hacking/h4cker
Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team
Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
Open Bug Bounty - openbugbounty.com
Burp Collaborator ALternatives
https://github.com/anshumanbh/terraform-burp-collaborator
https://honoki.net/2021/07/11/wilson-cloud-respwnder/
https://github.com/honoki/wilson-cloud-respwnder
Interactsh
https://github.com/4ARMED/interactsh
Blogs
https://www.veracode.com/blog?utm_source=lpFooter&utm_medium=Website
http://10degres.net/posts/
https://www.secureideas.com/blog
Brute Forcing
Brutesubs
https://github.com/anshumanbh/brutesubs
https://github.com/anshumanbh/brutesubs/compare/master...exploitprotocol:brutesubs:master
https://github.com/APTreat/brutesubs
https://github.com/janmasarik/brutesubs
https://github.com/RyanLongVA/brutesubs
Chaining Vulnerabilites
2022-style OAuth account takeover on Facebook - $45,000 bug bounty https://www.youtube.com/watch?v=pk7oYuz4x0Q
Certificate Transparancy
https://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate/
https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12
Attack Surface Management Series - EP1 - Certificate Transparency (In under 10 mins) - https://www.youtube.com/ watch?v=MGQ1GqmixY0
CanaryTokens
https://canarytokens.org/generate
Certiciates
https://github.com/Echocipher/HackeroneSpider
Checklists
Cheatsheet
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/dgtlmoon/changedetection.io
#### CVE
Code Review
https://www.youtube.com/watch?v=q5NqY2RRLj0
https://www.youtube.com/watch?v=bfLQjZmD5jY&feature=youtu.be
Cookie
CSRF Tokens
https://www.veracode.com/security/csrf-token
Cors
csors https://chawdamrunal.medium.com/insecure-cors-configuration-808437d7cfd7
python cors_scan.py -u example.com -p http://127.0.0.1:8080 # To use socks5 proxy, install PySocks with pip install
https://jakearchibald.com/2021/cors/playground/
CSP https://www.keycdn.com/support/content-security-policy
https://www.bloggersideas.com/cspisawesome/
https://content-security-policy.com/
Courses
https://web.stanford.edu/class/cs253/
Nehamsec Udemy Course https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/
Character Encodings
https://stat545.com/character-encoding.html
Charles Proxy
Use Charles Proxy to Reverse Engiener an IOS App https://www.youtube.com/watch?v=cvvPLlP4518&feature=emb_logo
Checklists
https://pentestbook.six2dez.com/others/web-checklist
https://github.com/zactly/handouts/blob/master/generic_checks.md
https://linuxsecurity.expert/checklists/
https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987
https://github.com/zactly/handouts/blob/master/example_template.md
https://github.com/zactly/handouts/blob/master/conferences/locomocosec22/notes.md
https://github.com/AnLoMinus/Bug-Bounty/tree/main/Checklist/Web%20App
https://github.com/security-checklist/php-security-check-list
https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987
Checkout
https://0day.hu/
Cheatsheets
https://pentester.land/cheatsheets
https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html
https://pentester.land/cheatsheets/2019/04/15/recon-resources.html
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html
https://securityzines.com/#comics
https://github.com/EdOverflow/bugbounty-cheatsheet
https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html
Cloud Hacking
https://github.com/janmasarik/generate-bucketnames
https://github.com/janmasarik/GCPBucketBrute
https://github.com/avicoder/notes/tree/master/Cloud
https://github.com/avicoder/notes
Pwned Cloud Society pdf https://www.slideshare.net/BryceKunz/pwned-cloud-society-bsidesslc-2017?from_action=save
Cloud Hacking https://www.youtube.com/watch?v=ITSZ8743MUk
https://www.cloudvulndb.org/
https://github.com/jordanpotti/CloudScraper
https://github.com/appsecco/spaces-finder
Code Review
https://raw.githubusercontent.com/zactly/handouts/master/Practical%20Secure%20Code%20Review%20-%20Whitepaper.pdf
Codeql
Cookies
https://datatracker.ietf.org/doc/html/rfc6265#section-5.3w
https://github.com/jshttp/cookie
Cryptography
http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html#sfmt
CTFs
https://github.com/SecurityInnovation/Smart-Contract-CTF
Stripe ctf https://gist.github.com/evandrix/1901352
CWE
CWE-548: Exposure of Information Through Directory Listing - https://cwe.mitre.org/data/definitions/548.html
Default creds
https://github.com/Viralmaniar/Passhunt
Directory Listing
Konan branch ofDeepsearch https://github.com/rkreddypandu/Konan
deepsearch https://github.com/prosecurity/DeepSearch
Dirb https://techyrick.com/dirb/
http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&attackVectorId=254
http://projects.webappsec.org/w/page/13246922/Directory%20Indexing
Django
https://blog.sonarsource.com/disclosing-information-with-a-side-channel-in-django/?utm_source=twitter&utm_medium=social&utm_campaign=djangodictsort&utm_content=security&utm_term=mofu
dns Rebinding
https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge
Dorks
https://github.com/random-robbie/bugbountydork/fork
Aline - Dork Automator CLI - https://github.com/ferreiraklet/Aline
Brtwitter dork: https://mobile.twitter.com/i/events/1417062625997991936
https://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks
Shifa123 BugBounty Dorks https://github.com/shifa123/bugbountyDorks/blob/master/bbdorks
Goop https://github.com/s0md3v/goop
Go-Dork
https://github.com/dwisiswant0/go-dork
https://github.com/dwisiswant0/go-dork/compare/master...babaloveyou:go-dork:master
https://bxmbn.medium.com/ultimate-tips-and-tricks-to-find-more-cross-site-scripting-vulnerabilities-d2913765e2d5
Open Bug Bounty Targets https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
uDork https://github.com/m3n0sd0n4ld/uDork
ffuf
How to Ffuf https://www.bugcrowd.com/blog/how-to-ffuf-with-codingo/
How to use ffuf - Hacker Toolbox https://www.youtube.com/watch?v=aN3Nayvd7FU
Fuzzing / FFUF -> 5-30-22 Nehamssec stream covered fuzzing A LOT https://www.twitch.tv/videos/1312499916
Protips ffuf - tips and tricks https://www.youtube.com/watch?v=uwcRBSUl8e4&t=358s
Late to the party, or, in other words massive web enumeration using ffuf. http://0entropy.blogspot.com/2020/05/late-to-party-or-in-other-words-massive.html
https://gowthams.gitbook.io/bughunter-handbook/fuzzing-fuff
https://0xmahmoudjo0.medium.com/how-i-found-multiple-sql-injection-with-ffuf-and-sqlmap-in-a-few-minutes-9c3bb3780e8f
Fingerprinting
Fingerpint JS https://github.com/fingerprintjs/fingerprintjs
Whatweb
Wappalyze
Webanalyze
Frameworks
axiom
https://github.com/pry0cc/axiom
https://github.com/pry0cc/axiom/blob/master/images/provisioners/default.json
BBRF Client - https://github.com/honoki/bbrf-client
BugBounty Toolkit - Hackersploit Framework - https://github.com/AlexisAhmed/BugBountyToolkit
Findomain https://github.com/Findomain/Findomain
Hive https://hexway.io/blog/new-update-hive/
Intrigue
https://core.intrigue.io/
https://core.intrigue.io/getting-started/
LazyRecon - https://github.com/nahamsec/lazyrecon
Mandiant - Web GUI Take decisive action with industry-leading intelligence https://www.mandiant.com
MooseDojo - apt2 - Pentesters Framework nmap centered
apt2 https://buaq.net/go-249.html
apt2 MooseDojo/apt2: automated penetration toolkit
Nerve
https://github.com/PaytmLabs/nerve
Osmedeus
https://docs.osmedeus.org/workflow/default-workflow/
https://github.com/j3ssie/osmedeus
https://xploitlab.com/osmedeus-the-most-complete-reconnaissance-tool-and-vulnerability-scanning/
https://docs.osmedeus.org/web-ui/
https://github.com/osmedeus/osmedeus-workflow/blob/main/general/subdomain.yaml
https://discord.com/invite/mtQG2FQsYA
https://docs.osmedeus.org/installation/practical-usage
https://docs.osmedeus.org/workflow/
Pwn Machine https://github.com/yeswehack/pwn-machine
ReconFTW - https://github.com/six2dez/reconftw
Recon NG
https://github.com/anshumanbh/domain
https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py
Github https://github.com/lanmaster53/recon-ng
Welcome to the Recon-ng Marketplace https://github.com/lanmaster53/recon-ng-marketplace
API Key list https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys
Setup script for Regon-ng and altdns https://github.com/jhaddix/domain
Reconness - https://github.com/reconness/reconness
Rengine -
https://github.com/yogeshojha/rengine
https://github.com/yogeshojha/rengine/commit/cf30e98e0440424019cb2cad600892ce405f850e
Default Config Engine Yaml file https://raw.githubusercontent.com/yogeshojha/rengine/master/default_yaml_config.yaml
Sniper - https://github.com/1N3/Sn1per
TIDoS Framework https://github.com/0xInfection/TIDoS-Framework
Trickest https://www.youtube.com/watch?v=fXwWinE0sSg
Vajra - https://github.com/r3curs1v3-pr0xy/vajra
WebhackerWeapons https://github.com/hahwul/WebHackersWeapons
Freq
Removes unnecesary output and only outputs happy (for us) path https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main
Fork by Realgoose. Adds a User-Agent bxss as well as robots.txt sprayer check https://github.com/takshal/freq/compare/main...RealGoose:freq:main
Removed unnecesary output https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main
Fork by kg11102 KaioGomes. Adds User-Agent firefox and Referrer Header check. Changes alert check. Ignored expired SSL Cert (Probably to skip errors) https://github.com/takshal/freq/compare/main...kg1102:freq:main
Gatsby
https://www.gatsbyjs.com/docs/conceptual/security-in-gatsby/#key-security
https://www.gatsbyjs.com/blog/2019-04-06-security-for-modern-web-frameworks/
Git/Source Code Secret Finding
https://github.com/auth0/repo-supervisor
https://blog.gitleaks.io/finding-secrets-with-regular-expressions-d90493bb3784
https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
https://github.com/takshal/Git-Finder
https://tillsongalloway.com/finding-sensitive-information-on-github/
https://secapps.com/tutorials/github-gist-recon
http://10degres.net/github-tools-collection/
https:// docs.github.com/en/rest/search
git-all-secrets
https://github.com/mhmdiaa/git-all-secrets
https://github.com/anshumanbh/git-all-secrets
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
https://github.com/koto/gitpillage
https://github.com/hisxo/gitGraber
https://github.com/gwen001/github-search
https://github.com/darkseed/gitpillage
Tools to Get sensitive info / secrets from https://twitter.com/soaj1664ashar/status/1176769454035939328
https://github.com/trufflesecurity/trufflehog
Why Exposed API Keys and Sensitive Data are Growing Cause for Concern https://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-growing-cause-concern/analysis/2015/01/05
Secret Hunting - Google Dorks, Git Dorks, Employee OSINT, etc
https://gist.github.com/markofu/549fbd287edf08c38e869dacc740e49de
https://github.com/aquasecurity/cloudsploit
Trufflehog https://www.youtube.com/watch?v=aioheMi1Wko
https://sapt.medium.com/perform-information-gathering-using-following-tools-on-the-given-targets-cyber-sapiens-internship-12c858166008
+Github Wiki Auditor https://www.smeegesec.com/2019/03/auditing-github-repo-wikis-for-fun-and.html
https://github.com/SmeegeSec/GitHub-Wiki-Auditor
https://www.kitploit.com/2022/04/gitbleedtools-for-extracting-data-from.html
https://github.com/phlmox/jslinkfinderv2
https://exposingtheinvisible.org/guides/google-dorking/ <---- huge dorking guide!
https://github.com/phlmox/bingdork
Git-Secrets
Adds supports for scanning aws, gcp, ads a gf regex pattern, https://github.com/awslabs/git-secrets/compare/master...deshpandetanmay:git-secrets:master
Adds support for scaning entire drive, concept of install.uninstall, a global config file and a regex patterns file (nice!) https://github.com/awslabs/git-secrets/compare/master...dbrs:git-secrets:master
He adds one pattern to replace all the previous ones, and it adds a curl request. Other various changes. https://github.com/awslabs/git-secrets/compare/master...konakonall:git-secrets:master
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
https://techvomit.net/aws-security/
https://github.com/gwen001/s3-bucketsdfinder.git
https://github.com/janmasarik/bucketsperm
https://github.com/phlmox/gdork
https://github.com/lc/secretz
https://github.com/kevthehermit/PasteHunter
gitdump (TODO Take Notes and Implement from John Hammon Stream)
https://github.com/topics/crawl?o=desc&s=updated
Graphql
https://github.com/IvanGoncharov/graphql-voyager
https://github.com/Escape-Technologies/graphinder
https://github.com/gsmith257-cyber/GraphCrawler
Learn Graphql https://www.gatsbyjs.com/docs/conceptual/graphql-concepts/
That single GraphQL issue that you keep missing https://blog.doyensec.com/2021/05/20/graphql-csrf.html
https://blog.assetnote.io/2021/08/29/exploiting-graphql/
https://twitter.com/holybugx/status/1441460070387261440?s=21
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection
https://www.programmableweb.com/news/what-graphql-and-how-did-it-evolve-rest-and-other-api-technologies/analysis/2019/07/31
https://github.com/KathanP19/HowToHunt/blob/master/GraphQL/GraphQL.md
https://swizec.com/blog/reverse-engineer-a-graphql-api-to-automate-love-notes-codewithswiz-24/
https://www.youtube.com/watch?v=cvvPLlP4518&feature=emb_logo
Graphwoof https://github.com/dolevf/graphw00f
Graphql Voyager https://ivangoncharov.github.io/graphql-voyager/
inQL graphql Burp Extension for burp [here](https://youtu.be/5qSq1S2sRC8?t=753)
Githubs
https://github.com/bbhunter
Handson / Demos
https://github.com/yandex/securitygym
aws test challenge http://flaws.cloud/
ABUH! https://darkrebel.net/metarget-framework-providing-automatic-consctions-of-vulnerable-infrastructures | metarget appv install dvwa | metarget install cve-2021-2312
xss jigsaw - https://blog.innerht.ml/page/2/
https://google-gruyere.appspot.com/
https://hackxor.net/
https://github.com/takshal/FOR-FUN
Vulnrable Task Manger app https://github.com/redpointsec/vtm
Hacking Tools
https://reqbin.com
https://gist.github.com/bgoonz/524b4ea887b216b810d16429265a34a3
HTTP
HTTP Pipelining in burp https://youtu.be/boHIjDHGmIo?t=204)
HTTP Parameer Pollution
HPP https://www.youtube.com/watch?v=QVZBl8yxVX0&t=13s
HTTP Request Smuggling
HTTP Security Headers https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/
HTTP HEader Smuggling https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html
http headers https://www.ibm.com/docs/en/ibm-mq/7.5?topic=headers-content-type-http-entity-header
Request Smuggling
https://github.com/ruevaughn/websocket-connection-smuggler
https://portswigger.net/daily-swig/how-to-perform-an-http-header-smuggling-attack-through-a-reverse-proxy
https://twitter.com/albinowax/status/1263122811683553283
Note: kitploit guys is the hackbogtone guy
https://www.kitploit.com/2021/08/http-request-smuggling-http-request.html
https://hackbotone.com/blog/http-request-smuggling-detection-tool/
https://www.youtube.com/watch?v=mijOcGLneLU&t=303.658823s
Defparam Variant - https://gist.github.com/defparam/840f7d9e31f77b3c5460c5921e0787ef/revisions
bbhunter mutations - https://gist.github.com/bbhunter
HTTP Request Smuggling - https://gist.github.com/ruevaughn/9c76260b412446f33b647c970bbb1001)
HTTP Request Smuggling Tools
https://github.com/Sh1Yo/request_smuggler
IDOR
https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21
ISS=
iis https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
Ios
https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21
https://havoc.app/package/crane
Insecure Deserialisation
Insecure Deserialisation https://www.youtube.com/watch?v=SNi7gNkfLSM
IP (INternet Protocol) https://youtu.be/C7CpfL1p6y0?t=320
Javascript
🕵️ Pinkerton is an JavaScript file crawler and secret finder developed in Python https://github.com/oppsec/Pinkerton
Looking through javascript files live hacking https://youtu.be/xx5fF7i-dCQ?t=2582
https://www.bugbountyhunter.com/guides/?type=javascript_files
JAVASCRIPTRECON.md https://gist.github.com/m4ll0k/31ce0505270e0a022410a50c8b6311ff
https://portswigger.net/research/dom-based-angularjs-sandbox-escapes
Javascript for hackers https://www.youtube.com/watch?v=FTeE3OrTNoA
https://legallybreaking.com/discussion/88/full-featured-javascript-recon-automation-jsfscan-sh
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/
Javascript Enumeration https://www.youtube.com/watch?v=IsSWbVHk11M
https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html
unminifier http://dean.edwards.name/my/
https://github.com/robre/scripthunter
JSON Attacks - JSON https://www.youtube.com/watch?v=oUAeWhW5b8c
JWT
https://gist.github.com/ruevaughn/328067fadf926ddb788f98cd0d2d1a71 Crack JWT
https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0
Security Weekly Unlocked: https://www.youtube.com/playlist?list=PLlPkFwQHxYE7nQtKNzjnsVyoSOu2K4l9e
https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d
https://www.youtube.com/watch?v=muYmiEtPL8U JWT with bbking
JWT Traversal https://github.com/MoisesTapia/JwtTransversal
Md5
https://github.com/juuso/BozoCrack
Meg
https://github.com/blackhatethicalhacking/meg/compare/master...tomnomnom:meg:master
https://github.com/tomnomnom/meg/compare/master...3lpsy:megurl:master
https://github.com/tomnomnom/meg/compare/master...Cgboal:meg:master
https://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master
https://github.com/tomnomnom/meg/compare/master...GwynHannay:meg:master
Methodologies (Hackers)
Cyberheartmi Methodology https://gist.github.com/cyberheartmi9/1ac77d171d9b9dc9a5be45fa4f4c8dcb
Bug Bounty Mini Course:Automated Recon https://www.youtube.com/watch?v=0VOWgM4klpM&list=WL&index=19&t=53s
Zseanos Methodology https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf
Mime Type Sniffing
https://www.keycdn.com/support/what-is-mime-sniffing
Mindmaps
List of Attack Vectors http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp
Huge Mind Map. Lots of resources. Has All Exploits and a lot of good info. https://www.xmind.net/m/Xy7XEW/
Collaborative Mindmaps - Collaborative Mind Mapping
Mobile
https://github.com/skateforever/pentest-scripts/tree/main/mobile
https://www.veracode.com/blog/2010/12/mobile-app-top-10-list
Mootools
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md
mootools 1.4.5 vuln
https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31812/summary
Vulnerable Line https://github.com/vsviridov/mootools-node/commit/0fcc500aa1be356bc8745b322e8182f38ec8f0a0#diff-c4d2ea9c35bf14dd01cf28b174dba68fca9d2d9a2ae4b63d48ee496d7e9deedbR360-R367
poc https://snyk.io/test/npm/mootools/1.4.5
Nmap
https://tecadmin.net/scanning-open-ports-with-nmap/inif
nmap pwn https://gist.github.com/BU9D4DDY/3e31890ae407e7c41a00f3715d00c5d7
Nodejs hacking
https://github.com/zactly/handouts/blob/master/node_js_generic_checks.md
Oneliners
automate prototype polution https://twitter.com/R0X4R/status/1402906185301323776
https://github.com/D4Vinci/One-Lin3rt
https://github.com/Excloudx6/Elsfa7110-Oneliner-bughunting
https://hackingblogs.com/bug-bounty-builder-project-tool-use/#ONE-LINERRECONfor_FUZZ_XSS
https://github.com/KingOfBugbounty/KingOfBugBountyTips/compare/master...halencarjunior:KingOfBugBountyTips:master
https://www.youtube.com/watch?v=ZcG8ARatgs0&t=467s
https://giters.com/okaayfine/oneliner-bugbounty
https://twitter.com/ofjaaah/status/1532581839344394241
https://gist.github.com/cyberheartmi9/c993542044fdc45834837c3f88484a63
https://github.com/trimstray/the-book-of-secret-knowledge
Open Redirects
https://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master
https://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks
http://www.thespanner.co.uk/2014/03/21/rpo/
https://nostarch.com/download/samples/RealWorldBugHunting_Ch02_Sample.pdf
https://i.blackhat.com/asia-19/Fri-March-29/bh-asia-Wang-Make-Redirection-Evil-Again-wp.pdf
https://devcraft.io/2020/10/19/github-gist-account-takeover.html
https://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-an-open-redirecthttps://blog.intigriti.com/hackademy/open-redirect/
http request smugglin open redorect defparam https://www.youtube.com/watch?v=3tpnuzFLU8g
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/understanding-and-discovering-open-redirect-vulnerabilities/
https://corneacristian.medium.com/top-25-open-redirect-bug-bounty-reports-5ffe11788794
https://www.youtube.com/watch?v=4Jk_I-cw4WE
https://www.youtube.com/watch?v=grkMW56WX2E
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/open_redirect_wwwist.txt
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/openredirects.txt
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/Open-Redirect-payloads.txt
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html
https://github.com/AnLoMinus/Bug-Bounty/blob/2d654a0a62c1194564aa841745c171c4b1374252/Checklist/Web%20App/Upload%20Function.md
https://github.com/Excloudx6/open-redirect-payload-list
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect
https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt
https://giters.com/okaayfine/oneliner-bugbounty#open-redirect
https://infosecwriteups.com/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941
Tnom and ori https://youtu.be/SYExiynPEKM?t=2630
Owasp Top 10 (2021) https://cwe.mitre.org/data/definitions/1344.html
Params
More Silent wheb running https://github.com/0xecho/parameth
Normal Branch https://github.com/maK-/parameth
Docker support https://github.com/Shaked/parameth
Parameter Tampering -
http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&attackVectorId=57
Payloads / POCs
https://github.com/knownsec/pocsuite3
https://github.com/pranav77/XSS-using-SVG-file
https://github.com/Excloudx6/Public/tree/master/payloads
https://github.com/sh377c0d3/Payloads/fork
https://github.com/RootUp/PersonalStuff
https://github.com/swisskyrepo/PayloadsAllTheThings
https://portswigger.net/research/top-10-web-hacking-techniques-of-2019-nominations-open
https://portswigger.net/research/top-10-web-hacking-techniques-of-2019
https://portswigger.net/research/top-10-web-hacking-techniques-of-2020-nominations-open
https://portswigger.net/research/top-10-web-hacking-techniques-of-2020
https://portswigger.net/research/top-10-web-hacking-techniques-of-2021-nominations-open
https://portswigger.net/research/top-10-web-hacking-techniques-of-2021
https://portswigger.net/research/top-10-web-hacking-techniques
https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge
POC Videos
https://repo.telematika.org/project/bminossi_allvideopocsfromhackerone/
https://github.com/zeroc00I/AllVideoPocsFromHackerOne
Password Cracking
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf
People
tnom interview https://gist.github.com/ruevaughn/00638360841b2bec94149080c4f04f28
Ashar Jahvid https://twitter.com/soaj1664ashar
Products / Services
Tobuy https://order.shareit.com/cart/view | https://tryhackme.com/why-subscribe | https://findomain.app/#Pricing | https://github.com/Excloudx6/InfoSec-Black-Friday | HAKLUKE RECOMENDS https://securitytrails.com/corp/osint-toolkit?referral_code=LLDAK0F80M
Protype Pollution
automate https://twitter.com/R0X4R/status/1402906185301323776
https://www.kitploit.com/2021/09/plution-prototype-pollution-scanner.html
https://github.com/dwisiswant0/ppfuzz?tag=v1.0.0
https://github.com/kosmosec/proto-find
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution
https://github.com/BlackFan/client-side-prototype-pollution
https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/
https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf
https://www.youtube.com/watch?v=Gv1nK6Wj8qM&t=1558s
ppmap
https://blog.intigriti.com/2021/07/14/bug-bytes-131-credential-stuffing-in-bug-bounty-hijacking-shortlinks-hacker-shows/
https://www.geeksforgeeks.org/ppmap-a-scanner-or-exploitation-tool-written-in-go/
https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution
Prototype polution Tools
https://github.com/msrkp/PPScan
Python
https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03?utm_source=pocket-ff-recs
Rails
https://github.com/zactly/handouts/blob/master/oss_apps.md
https://github.com/zactly/handouts/blob/master/materials.md
https://github.com/gramantin/awesome-rails#apps-made-with-rails
Mass Assignment https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html
https://code.tutsplus.com/tutorials/mass-assignment-rails-and-you--net-31695
https://www.cloudbees.com/blog/preproduction-checklist-for-a-rails-app?utm_source=rubyweekly&utm_medium=email
https://youtu.be/CIhHpkybYsY?t=1171
https://github.com/zactly/handouts/find/master
https://github.com/zactly/handouts/blob/master/conferences/virtual-appsecday-2020/skea_rails_routes.md
Recon
https://github.com/003random/003Recon
https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py
Reconmap GUI Website SaaS https://demo.reconmap.com/login
https://github.com/0xbharath/assets-from-spf
https://mavericknerd.github.io/knowledgebase/BugBountyRecon/
https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf
https://ulir.ul.ie/bitstream/handle/10344/8278/Nuseibeh_2019_Text.pdf?sequence=2
https://github.com/janmasarik/resolvers
https://github.com/janmasarik/resolvers/pull/31/files
Resolvers
https://github.com/janmasarik/resolvers/pull/31/files
https://github.com/janmasarik/resolvers
Reporting
https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html
Reflected File Downloads
Reflected File Download - A New Web Attack Vector https://www.youtube.com/watch?v=dl1BJUNk8V4
https://blog.davidvassallo.me/2014/11/02/practical-reflected-file-download-and-jsonp/
https://drive.google.com/file/d/0B0KLoHg_gR_XQnV4RVhlNl96MHM/view?resourcekey=0-NV7cTUTB48bltMEddlULLg
https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
https://www.davidsopas.com/reflected-file-download-cheat-sheet/
Regexp
Regexp Basics https://www.youtube.com/watch?v=KJG1dETacLI
https://regexr.com/
Resources
https://portswigger.net/research/web-cache-entanglement
https://github.com/AnLoMinus/Bug-Bounty
https://github.com/ngalongc/bug-bounty-reference
https://www.youtube.com/c/krypt0muxbugbounty
https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Getting_Started_with_Bug_Bounty.pdf
https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Hacking_101.pdf
https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Adela_Hanikova_All_roads_lead_to_domain_admin.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
Really good bug bounty playlist https://www.youtube.com/watch?v=FeXloh12Mnw&list=PLlrnAg4kKF3r26OIyfoYQQ-YqySE3fyE_&index=2
When looking for something ot hack https://web.archive.org/web/20210420062735/https://help.intrigue.io/reference/intrigue-core-api-endpoints
The 5 Hacking NewsLetter 107 - https://pentester.land/newsletter/2020/05/27/the-5-hacking-newsletter-107.html
Cloud Metadata - https://gist.github.com/rudSarkar/39f821249bf0d38093cafbfd23bc33ee | https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb
Megathread https://twitter.com/ITSecurityguard/status/1519272305729458176
Reset Passwprd https://docs.google.com/presentation/d/1QzBl3k3n2q44ULyfZgr_gPZexj8nF5vD8JrS5AUJRbs/edit#slide=id.gb5aea10a86_0_167
Bug Bounty Google Doc https://docs.google.com/presentation/d/1o7GWUOYwcd3uMwLBRG9UzARYCvfuX3VKUHfoPu38t78/edit
Bug Bounty Udemy Courses Tip https://twitter.com/ITSecurityguard/status/1519272305729458176
https://github.com/carlospolop/PEASS-ng
Saturday Night Bug Bounty Bytes w/ Ch1-R0n1n https://www.youtube.com/watch?v=xx5fF7i-dCQ
Nicolas Grégoire - Hunting for Top Bounties https://www.youtube.com/watch?v=mQjTgDuLsp4
Hacktify Playlist to learn hacking https://www.youtube.com/watch?v=NBCrlRqX2AY&list=RDCMUCS82DNnKOhXHcGKxGzQvNSQ&start_radio=1&rv=NBCrlRqX2AY&t=0
RNG http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html
RPO (Relative Path overide) Gadgets
https://blog.innerht.ml/rpo-gadgets/
https://www2018.thewebconf.org/proceedings/
https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/
https://www.nds.rub.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf
https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities
inurl:/.well-known/security ext:txt -hackerone -bugcrowd -synack -openbugbount
SAML
https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf
https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/
Scanners
2020_3452
https://www.zoomeye.org/
https://searchcode.com/
https://fullhunt.io/
https://github.com/RustScan/RustScan
https://github.com/knassar702/scant3r
S3 buckets
https://github.com/sa7mon/S3Scanner
Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations https://www.youtube.com/watch?v=ITSZ8743MUk
https://support.cloudflare.com/hc/en-us/articles/360037983412-Configuring-an-Amazon-Web-Services-static-site-to-use-Cloudflare
Second Order Takeovers
Shubbs Talking about it in his 5 years of hacking talk. Good. https://youtu.be/iG7-c0YbhbM?t=1472
Self Hosting
https://honoki.net/2021/07/11/wilson-cloud-respwnder/
Shodan like nmap results parser (https://github.com/shivammehta007/ScanX) PBNJ(http://pbnj.sourceforge.net/) (A suite of tools to monitor change in a network over time) store NMAP Results in a database to monitor changes on a network over time and then conducts historical analysis to identify new hosts -
Scripts
LFI https://web.archive.org/web/20100228162410/http://pastie.org/840199
https://github.com/killswitch-GUI/PenTesting-Scripts
Session Poisoning - https://en.wikipedia.org/wiki/Session_poisoning
https://github.com/t1m4/ptl_lab
Setup
Bug Bounty Tools Setup - https://github.com/oliveira-andre/bug_bounty_tools
Redherd - https://redherd.readthedocs.io/en/latest/ | https://www.youtube.com/channel/UCYSM51oldVsryhZxGdB3hXA
Shells
https://github.com/tennc/webshell/blob/master/README_EN.md
Smart Contracts
https://github.com/SecurityInnovation/Smart-Contract-CTF
SSRF
SSRF HTTP Bypass List https://pastebin.com/YbsKrMpf
SSRF - Practical by Hacktify https://www.youtube.com/watch?v=NBCrlRqX2AY
https://reconshell.com/jira-mobile-ssrf-exploit/
https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssrf
Subdomain Takeovers
https://github.com/mhmdiaa/tko-subs
https://github.com/mhmdiaa/second-order
https://0xpatrik.com/subdomain-takeover-ns/
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
https://www.hackerone.com/application-security/guide-subdomain-takeovers
https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75
https://import.cdn.thinkific.com/359809/courses/1386931/locomotivesubdomaintakeover-210608-154821.yamll
https://github.com/buckhacker/SubDomainTakeoverTools
github.com/lukasikic/subzy
-> https://gist.githubusercontent.com/ruevaughn/91d3369fdf0d93b0bdc6662c771cb7ae/raw/79e07b315e465bae1f003ec8fd40fcf5471b223b/fingerprints.json
github.com/mhmdiaa/second-order
Submitting a report
https://about.gitlab.com/blog/2020/09/28/top-tips-for-better-bug-bounty-reports-and-a-hacker-contest/
SQL INjection
https://www.cloudflare.com/learning/security/threats/sql-injection/
Shodan
Awesome Shodan Queries https://github.com/jakejarvis/awesome-shodan-queries
Shodan Dorks https://twitter.com/0xhunster/status/1548382647759491074/photo/1
Shodan CVE Dorks Kathan https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
https://carbon.now.sh/6nEp25xrtuu53L6aquU4
https://twitter.com/kotylevskiy/status/1551926067908182018/photo/1
Status Codes
Web status codes https://requests.readthedocs.io/en/latest/api/#status-code-lookup
SQL Injection
https://github.com/ladecruze/Exploits/blob/master/sqlexploit.js
https://book.hacktricks.xyz/pentesting-web/sql-injection
(at the bottom of the page, the image and text for 2 sqli x-forwarded-for tips) https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21
https://github.com/0xEval/sql2shell
Source Code Analysis
https://twitter.com/dhakal_ananda/status/1544574015779606529
Takeovers
https://github.com/musana/mx-takeover
Timing Attacks
Time Attacks http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp?antiCsrfToken=null&filterCategory=9
Tips
Parse Github URls https://github.com/ruevaughn/git-url-parse
Randomize IPs https://gist.github.com/yehgdotnet/27114d4bb5b28ec093e6dd36e329c389
Find IP Address behind CDN
https://github.com/mandatoryprogrammer/cloudflare_enum
https://infosecwriteups.com/finding-the-origin-ip-behind-cdns-37cd18d5275
https://zdresearch.com/finding-the-origin-ip-behind-cdns/
https://twitter.com/HolyBugx/status/1343156549162852352?s=20
Test Shodan Queries https://app.netlas.io/responses/
https://bbinfosec.medium.com/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/bugbountytips.md
King of Bug Bounty Tips - https://github.com/KingOfBugbounty/KingOfBugBountyTips
https://abhinavprasad47.github.io/bugbounty-starter-notes/
https://www.google.com/search?tbm=bks&q=recon-ng
gh dork: https://github.com/topics/one-liners
Sqlmap tip - https://youtu.be/rVu0GUjic_g?t=2246
Eval command and security issues https://mywiki.wooledge.org/BashFAQ/048
🌟 Find company's owned domains (company.*) with these #googledorks: | https://twitter.com/nil0x42/status/1533094473067995137
https://redhuntlabs.com/nvadr
Todo
read https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
https://tillsongalloway.com/finding-sensitive-information-on-github/
TODO: Make a worldist from these Amazon Cognito API actions GetUser etc https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html
Tools
https://github.com/ladecruze/Subdorker/fork
Brute Force Tomcat https://github.com/Excloudx6/tomcter
Code Snippets
https://carbon.now.sh/snippets
HTML Tools (CSV To HTML, Regexpal, 50+ tools)
https://www.cleancss.com/join.php
Arjun
https://github.com/s0md3v/Arjun/wiki/Usage#scan-a-single-url
crobat
https://www.onsecurity.io/blog/how-i-made-rapid7s-project-sonar-searchable/
Dom Invader
https://www.youtube.com/watch?v=GeqVMOUugqY
ffuf
https://mikekitckchan.medium.com/holy-ffuf-a-beginner-guide-to-fuzz-with-ffuf-4bc6a66b5391 | https://thexssrat.medium.com/what-the-fuzz-the-truth-behind-content-discovery-77cd0c0756e7
gf
Automate GF and gau https://gist.github.com/BU9D4DDY/eea5f7580577d9bf5d009ce923bac4fe
https://rengine.wiki/usage/tool_conf/
https://github.com/1ndianl33t/Gf-Patterns
https://github.com/halencarjunior/BugBuntu/wiki/Installing-Gf-Patterns
https://github.com/NitinYadav00/gf-patterns/fork
https://twitter.com/sratarun/status/1361209626478276610
MORE GF TEMPLATES https://github.com/lutfumertceylan/top25-parameter/releases/tag/v1.0.7
https://github.com/tomnomnom/gf/compare/master...pry0cc:jf:master |
https://github.com/ResistanceIsUseless/gf |
https://github.com/tomnomnom/gf/compare/master...medbsq:gf:master |
https://github.com/mrofisr/gf-patterns
gee
Similar to Tee. More Functionality. https://github.com/hahwul/gee
Gee Tips https://twitter.com/hahwul/status/1360495560843689989
FFMPEG-AVI-m3u-xbin - https://github.com/Excloudx6/ffmpeg-avi-m3u-xbin
metabigor v2 - Metabigor https://twitter.com/j3ssiejjj/status/1528687407587299330/photo/1
pywhat -- Identify anything. pyWhat easily lets you identify PI from pcap files
https://github.com/bee-san/pyWhat/fork
recon-ng https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py
SimpleApachePathTraversal - https://github.com/MrCl0wnLab/SimplesApachePathTraversal
Source2Url -
Tmux
tmux or screen https://youtu.be/a8LaNydbJyA?t=6406
Tracy
https://newsroom.nccgroup.com/
https://github.com/nccgroup/tracy/blob/master/src/js/database-worker.js
https://github.com/nccgroup/tracy
UrlEncode/Decode
https://www.w3schools.com/tags/ref_urlencode.ASP
https://network-tools.com/url-encode/
https://www.url-encode-decode.com/
Vulnerable Things
https://github.com/kiwicom/xssable
https://github.com/janmasarik/dumb-password-rules
https://github.com/duffn/dumb-password-rules/fork
WhatWeb - https://github.com/urbanadventurer/WhatWeb
WFUZZ - https://book.hacktricks.xyz/pentesting-web/web-tool-wfuzz
wwwwwww
ahttps://useragent.me/
Wordlists
https://gist.github.com/random-robbie/0f9d24a7b3c7268ee0c1ecdbe280611b
http://web.mit.edu/~mkgray/jik/src/Attic/kerberos_password_hacker/allwords
https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt
https://github.com/mhmdiaa/chronos
https://github.com/d4rckh/gorilla
https://github.com/jim3ma/crunch
https://github.com/the-xentropy/samlists/fork
https://github.com/AyProductions-Team/NEXTdependencydownloader/blob/588fa54b77743f808feec88070a4a0c76ac7c993/bin/Debug/net6.0-windows/DependencyDownloader.exe.WebView2/EBWebView/ZxcvbnData/3.0.0.0/passwords.txt
https://gist.github.com/random-robbie/c9671939d029848df38e06c5383e6395
Common Config Files by Tomnomnom https://github.com/tomnomnom/meg/blob/master/lists/configfiles
Short Wordlist by Tomnomnom https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
https://github.com/giteshnxtlvl/cook
https://imgur.com/user/silverblack1111/New%20Folder
https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056
https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt
https://github.com/koaj/aws-s3-bucket-wordlist
https://github.com/Karanxa/Bug-Bounty-Wordlists
FUZZ.txt good -https://gist.github.com/m4ll0k/50efec5f04179b107c9d7597eec7d23c
https://gist.github.com/m4ll0k/https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d
Stream: Creating Target Specific Wordlist!! https://www.youtube.com/watch?v=AF-zp6DROTs
API Endpoints https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d
https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af
https://wordlists.assetnote.io/
https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056
https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt
https://gist.github.com/miguelmota/706ebaeb661e246e1b682c400d49d1c9
https://github.com/ghostlulzhacks/wordlist/blob/master/directory-brute-wordlist.txt
to harvest https://youtu.be/YO3ldj4jkJk?t=275
Common Bucket Names https://github.com/buckhacker/buckhacker/blob/master/resources/common-bucket-names.txt
https://portswigger.net/web-security/authentication/auth-lab-passwords
https://portswigger.net/web-security/authentication/auth-lab-usernames
https://github.com/SmeegeSec/SmeegeScrape
make a wl from js https://gist.github.com/seqrity/d67608eb6372cd6f455bfeeefa77b9c2
Who what where when tomnomnom - https://www.youtube.com/watch?v=W4_QCSIujQ4
https://pentestbook.six2dez.com/recon/webs-recon Wordlist Gen
https://github.com/giteshnxtlvl/cook
https://gitlab.com/kalilinux/packages/amass/-/tree/91a5313226ab9ebd4ecbad40622584dd6f3f7cd5/wordlists Wordlists
Writeups
https://github.com/kh4sh3i/bug-bounty-writeups
securityforeveryone.com/scan-repository
2022-07-15 Exploiting Arbitrary Object Instantiations in PHP without Custom Classes https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/
https://github.com/fardeen-ahmed/Bug-bounty-Writeups
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://twitter.com/ITSecurityguard/status/1519272305729458176
https://github.com/ngalongc/bug-bounty-reference
https://github.com/djadmin/awesome-bug-bounty
https://ysamm.com/#
https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/
https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups
https://infosecwriteups.com/intro-to-bug-bounty-automation-tool-chaining-with-bash-13e11348016f
https://hacklido.com/u/excloudx
https://subscription.packtpub.com/book/ssnetworking-and-servers/9781788626897/7/ch07lvl1sec47/example
https://subscription.packtpub.com/owned
https://id.bugbountyhub.com/auth/realms/bugbountyhub/login-actions/authenticate?execution=a484e1a7-bc42-472b-a339-15be49996b14&client_id=prod-platform&tab_id=MivkVulj_p8
https://prashantbhatkal2000.medium.com/svg-based-stored-xss-ee6e9b240dee
https://github.com/phlmox/public-reports/blob/main/hackerone-one-million-reports
https://footstep.ninja/posts/
https://twitter.com/omespino/status/1489310300708900868/photo/
https://github.com/phlmox/public-reports
https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/
https://discord.com/channels/772850979955671103/772854181433573398/895230570366402590 Hacking Articles
Vhosts
https://github.com/Shaked/vhost-finder
Vhost Discovery https://github.com/projectdiscovery/tlsx#sancn-probe
VPS
https://github.com/bbhunter/pentest-scripts/blob/main/useful/get-tools.sh
https://github.com/crawlab-team/crawlab
https://github.com/righettod/toolbox-pentest-web
google cloud official repos https://github.com/googleapis/google-cloud-ruby
google cloud repos https://github.com/orgs/4ARMED/repositories
Certifcate install https://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate
https://github.com/orgs/4ARMED/repositories
Teraform Burp Colab server https://github.com/anshumanbh/terraform-burp-collaborator
Setup script for Regon-ng and altdns https://github.com/jhaddix/domain
https://github.com/AntSwordProject/antSword
https://github.com/janmasarik/resolvers/blob/master/.github/workflows/main.yml
https://github.com/pry0cc/axiom/tree/master/images/provisioners
https://github.com/janmasarik/resolvers
Assetnote Setup and Installation https://gist.github.com/sz3n/1fdf2f871a10d4e9180757afc8fd80e2
https://demo.ezxss.com/manage/dashboard
https://github.com/ssl/ezXSS/wiki/Installation
https://honoki.net/2021/07/11/wilson-cloud-respwnder/
https://github.com/ruevaughn/assetnote
https://github.com/robre/jsmon
Host and Deploy Assetnote https://gist.github.com/BU9D4DDY/9e023d0fae3314273302ae895ae7c5ed
vps_install.sh by Rajchowdhury420 https://gist.github.com/Rajchowdhury420/24fa500ebc4edbb2018860f85f93b8cf
https://hackingblogs.com/bug-bounty-builder-project-tool-use/
Beats - Lightweight shippers for Elasticsearch & Logstash
https://github.com/nicolargo/glances
https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29
https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/learn/lecture/5878090?start=0#overview
Pt a website onlne https://www.youtube.com/watch?v=NQP89ish9t8
https://www.trenchesofit.com/2021/06/14/bug-bounty-vps-build/
https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29
https://github.com/AlexisAhmed/BugBountyToolkit <-- docker
Whitepapers
https://github.com/zactly/handouts/tree/master/conferences
xss
https://github.com/kiwicom/xssable
https://twitter.com/soaj1664ashar
https://github.com/pranav77/XSS-using-SVG-file
https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/
xss - https://threadreaderapp.com/thread/1508406052663934979.html
https://google-gruyere.appspot.com/
https://0x1.gitlab.io/web-security/Weaponised-XSS-Payloads/
https://infosecwriteups.com/weaponizing-reflected-xss-to-account-takeover-ae8aeea7aca3
https://hakluke.medium.com/upgrade-xss-from-medium-to-critical-cb96597b6cc4
https://github.com/hakluke/weaponised-XSS-payloads
https://medium.com/redteam/weaponising-angularjs-bypasses-4e59790a730a
https://github.com/dwisiswant0/findom-xss
https://www.secureideas.com/blog/2018/12/twelve-days-of-xssmas.html
https://www.geeksforgeeks.org/findom-xss-fast-dom-based-xss-vulnerability-scanner/?ref=rp
https://thexssrat.podia.com/free-labs
https://github.com/topics/xss
https://twitter.com/ofjaaah/status/1504932805431767046
https://portswigger.net/research/new-xss-vectors
https://medium.com/bugbountywriteup/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1
https://github.com/takshal/freq
https://bytemeta.vip/index.php/@takshal
https://github.com/takshal/freq/pull/2/commits/ca176eee65889530b4896d782419edd0e4325713
https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html
What is the best method to use dalfox?? https://attacker-codeninja.github.io/2021-09-09-portswigger-notes-on-host-header-attack/
https://github.sre.pub/topics/xss-scanners
https://medium.com/@skavans_/the-unobvious-about-xss-and-html-encoding-4e0d536a35d9
Al the ways you can alert js -> https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309
https://github.com/wisec/domxsswiki/wiki
https://github.sre.pub/topics/xss-scanners
https://owasp.org/www-community/attacks/xss/
Moving beyond alert()xss https://av.tib.eu/media/49191
https://unescape-room.jobertabma.nl/
https://infosecwriteups.com/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df
https://github.com/danielthatcher/Cookieless-Session-Scanner session is for identifying xss as described here https://blog.isec.pl/all-is-xss-that-comes-to-the-net/
XSS Labs
https://google-gruyere.appspot.com/
Screenshots
https://github.com/detectify/page-fetch/fork
Eyeballer
https://github.com/BishopFox/eyeballer <----- TODO BIG IG and [this](https://www.kaggle.com/datasets/altf42600/pentest-screensots)
https://www.akamai.com/blog#HTTP2rs
https://www.jhaddix.com/post/tooltime-2-ssl-certificate-parsers-for-recon
Recon
Notify -bulk - workflow to funnel everything to Notify https://youtu.be/v7FMPU3J3Qw?t=3044
ReconFTW Automation - https://youtu.be/v7FMPU3J3Qw?t=2841
Automation - what to do with all the subdomains endpoints you found! https://youtu.be/v7FMPU3J3Qw?t=1864
Tools
https://reconshell.com/awesome-bug-bounty-tools/
https://reconshell.com/mobile-hackers-weapons/
https://book.hacktricks.xyz/todo/more-tools
https://github.com/fardeen-ahmed/Bug-bounty-Writeups#-bug-bounty-tools---
https://github.com/vavkamil/awesome-bugbounty-tools#Recon
Image upload
https://github.com/barrracud4/image-upload-exploits
https://hackbotone.com/blog/essential-recon-tools/
https://github.com/danielthatcher/spydom
https://allciber.com/web-attack-cheat-sheet/
Alias / Snippet / Command Management
https://github.com/nahamsec/recon_profile
https://github.com/hahwul/hack-pet/commit/6405608c856551d241174d8c839c79efdff5153c
https://github.com/hahwul/hack-pet
https://github.com/knqyf263/pet
https://github.com/anshumanbh/brutesubs
https://github.com/VainlyStrain/Vailyn
RECON
https://gist.github.com/khanjanny/039d7c7d825a866b9020e3945e04ace9
https://github.com/KathanP19/HowToHunt
https://prettyrecon.com/auth/forgot_password/
Tweets Dorks
https://twitter.com/hashtag/bugbountytips
https://twitter.com/search?q=%23bugbountytips&cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email
https://twitter.com/ghostlulz1337
https://www.google.com/search?client=firefox-b-1-d&q=site%3Agist.github.com+%22dalfox%22+automate
https://gist.github.com/sec99
https://gist.github.com/Bedrovelsen/starred
https://gist.github.com/tranphuoctien/47c1242c8189b42fb4d268c548db4526
https://gist.github.com/GrahamcOfBorg/601b9608c6010d9c82cf0e9535faac4b
https://gist.github.com/babaloveyou
https://www.google.com/search?client=firefox-b-1-d&q=bug+bountny+automation
https://www.reddit.com/r/bugbounty/comments/nkaz32/automation_for_bug_bounty_recon_framework/
https://github.com/dirsoooo/Recon
https://gowthams.gitbook.io/bughunter-handbook/automation
Crawlers / Crawling
https://github.com/Echocipher/HackeroneSpider
xnLinkFinde
https://github.com/spatie/crawler
http://www.robotstxt.org/
https://github.com/BruceDone/awesome-crawler
https://github.com/tijme/not-your-average-web-crawler
https://github.com/ghostlulzhacks/crawler
https://scotthelme.co.uk/top-1-million-analysis-march-2020/
https://crawler.ninja/
Sqli
https://sapt.medium.com/sqli-on-a-bugcrowd-private-program-17858b57ec61
http://sqlninja.sourceforge.net/download.html
https://w3af.org/howtos/find-cross-site-scripting-and-sql-injections
https://www.securedyou.com/how-to-hack-sql-database-password-cracking/
https://www.securedyou.com/download-havij-free-automated-sql-injection-tool/
sqlmap
https://h1pmnh.github.io/post/advanced-sqlmap-case-study-1
Default Credentials
https://github.com/Excloudx6/WebCrack
The Open Cloud Vulnerability & Security Issue Database https://www.cloudvulndb.org/
https://github.com/SummitRoute/csp_security_mistakes
Default Cred Scanner https://github.com/ztgrace/changeme
File Upload
https://sm4rty.medium.com/hunting-for-bugs-in-file-upload-feature-c3b364fb01ba
https://github.com/almandin/fuxploider - File upload vulnerability scanner and exploitation tool.
Monitor Server Status
https://github.com/sudo-jtcsec/server-status-mon
https://github.com/Excloudx6/server-status_PWN
Tmux https://github.com/Excloudx6/clips
# My Bug Bounty Wiki Page
https://github.com/MrM8BRH/SuperLibrary
https://github.com/zeroc00I/ReconNotes
https://gist.github.com/ruevaughn/71c31d7f67b7d105d9f480489e02c906
A-Z Sorting in progress
AwsCli https://aws.plainenglish.io/aws-s3-cli-cheatsheet-9078366fca83
Welcome to my Bug Bounty Wiki page. It's currently not organized or cleaned up at all though that's a WIP. Originally was where I was dumping links and things I needed to rememnber.
News Articles
https://www.bbc.com/news/technology-43581624
https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
Deserialisation
Deserialization example <-https://youtu.be/oUAeWhW5b8c?t=1583
Another Deserialization example https://youtu.be/eDfGpu3iE4Q?t=266
https://github.com/GerbenJavado/LinkFinder
https://medium.com/@duhroach/how-png-works-f1174e3cc7b7
https://github.com/beurtschipper/Depix <-- unblur
### A
Twitter
https://mobile.twitter.com/drunkrhin0/status/1344130730947825664
https://kathmandupost.com/science-technology/2021/04/06/we-dream-to-be-nepal-s-first-billion-dollar-it-company
https://reconwithme.com/
https://jaeles-project.github.io/
APIs
Huge API Resources list! https://dsopas.github.io/MindAPI/references
https://thexssrat.podia.com/view/courses/free-api-testing-and-securing-guide/923506-api-top-10-videos/2699995-owasp-api-top-10-a0-to-a3
https://www.hahwul.com/2019/07/01/easy-security-testing-with-applications-bridge-in-zap/
https://github.com/PortSwigger
### B
Books https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/BOOKS.md
https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html
https://guidesmiths.github.io/cybersecurity-handbook/resources
https://guidesmiths.github.io/cybersecurity-handbook/tooling
https://github.com/1N3/Sn1per/blob/master/modes/normal_webporthttp.sh
Blogs
https://opsecx.com/index.php/category/blog/
Url FInder
https://www.kitploit.com/2021/08/sigurlfind3r-reconnaissance-tool-it.html
403 Bypasser
https://www.kitploit.com/2021/11/4-zero-3-403401-bypass-methods-bash.html
https://www.kitploit.com/2021/09/403bypasser-automates-techniques-used.html
Oauth
#### Oauth Bug Bounty Cheatheet
https://0xn3va.gitbook.io/cheat-sheets/web-application/oauth-2.0-vulnerabilities
https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d
Email
https://www.ibm.com/docs/en/sqsp/32.0?topic=SSBRUQ_32.0.0/com.ibm.resilient.doc/install/resilient_install_defang s.htm
Nuclei
Nuclei : A Bug Bounty Tool https://www.youtube.com/watch?v=ZcG8ARatgs0
https://www.reddit.com/r/infosec_daily/comments/lrz9bg/nuclei_tool_review/
Finding bugs with Nuclei with PinkDraconian (Robbe Van Roey) https://www.youtube.com/watch?v=ewP0xVPW-Pk
Nuclei templates
https://github.com/xm1k3/cent <-- manage nuclei tempaltes and ibg list of templateseeeeeeeeeeeeeeeeeee
https://github.com/aboul3la/nuclei-templates
https://github.com/projectdiscovery/nuclei-templates/compare/master...s4e-labs:nuclei-templates:master
https://github.com/projectdiscovery/nuclei-templates/discussions/693
https://nuclei-templates.netlify.app/
cool
https://github.com/nikitastupin/param-miner-doc
rxrdxrhttps://platforms.disclose.io/
https://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022
https://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer
### C
Fuzzing
https://thugcrowd.com/kiosk/ Badass Fuzzing tools / Resources
https://0xn3va.gitbook.io/cheat-sheets/resources/software/fuzzing
Bug Bounty Videos
Mix - webpwnized https://www.youtube.com/watch?v=Y_2JVREtDFk&list=RDCMUCPeJcqbi8v46Adk59plaaXg&start_radio=1
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! - https://www.youtube.com/watch?v=CIhHpkybYsY&t=2s
Videos
HackTube5 Youtube https://www.youtube.com/channel/UCiiEXWVI8XDV_SbIOYVuKog
GynvaelEN https://www.youtube.com/user/GynvaelEN
Hacktify https://www.youtube.com/channel/UCS82DNnKOhXHcGKxGzQvNSQ
Hack the Box Youtube https://www.youtube.com/channel/UCi67lRCd5qpaHwSXNJisuRQ
Hackerone https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw
Hackersploit https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
Hacking Simplified https://www.youtube.com/channel/UCARsgS1stRbRgh99E63Q3ng
Hacking Simplifed (smaller channel) https://www.youtube.com/channel/UCTIHXPYJ4gT7PBQK9tUmFJA
https://administraitor.video/edition/Hack.lu/2019
https://portswigger.net/news
Notify - https://youtu.be/rbr7ZmBI9qs?t=278
https://www.youtube.com/watch?v=kbi2KaAzTLg
What after Recon? - Sup Subdomains?!
DORK
https://exposingtheinvisible.org/guides/google-dorking/
https://www.google.com/imgres?imgurl=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FEf6ELytWAAAswXx%3Fformat%3Djpg%26name%3D4096x4096&imgrefurl=https%3A%2F%2Fmobile.twitter.com%2Fbugbountyrecon&tbnid=pQu57Q5pha2WIM&vet=12ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ..i&docid=NghhHzdXU7Ey8M&w=2480&h=1302&q=Bug%20bounty%20automation%20GitHub&client=firefox-b-1-d&ved=2ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
Reporting
https://hacktify.in/bugbounty/ <---- lots of resources for reporting
#### Ruby on Rails
https://hackerone.com/reports/904059
https://hackerone.com/reports/1400309
https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md
https://bugbountyforum.com/resources/#ruby-on-rails
Free Shodan key and nmap automatin script to search for big f5 ip acve
https://learn.hacktify.in/courses/take/bug-bounty-hunting-and-penetration-testing/lessons/16862042-assets-resources
https://github.com/shifa123/f5BigIPExploit/blob/master/assets
dnmap
https://github.com/vdjagilev/nmap-formatter
https://www.darknet.org.uk/2016/07/dnmap-distributed-nmap-framework/?utm_source=pocket-ff-recs
https://github.com/alt3kx/CVE-2021-21985_PoC/blob/main/CVE-2021-21985.nse
# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse
# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve2020-3452.nse
aquatone - https://gist.github.com/random-robbie/beae1991e9ad139c6168c385d8a31f7d
https://www.tib.eu/en/publishing-archiving/research-data
https://github.com/erbbysam/Hunting-Certificates-And-Servers/blob/master/Hunting%20Certificates%20%26%20Servers.pdf
Bug Bouty Programs
https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html
https://guidesmiths.github.io/cybersecurity-handbook/resources
https://guidesmiths.github.io/cybersecurity-handbook/tooling
rxrdxrhttps://platforms.disclose.io/
https://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022
https://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer
https://hackerone.com/alipay?type=team
https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html
Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team
* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
https://github.com/detectify/cs-challenge
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
VDP
Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c
https://www.justice.gov/criminal-ccips/page/file/983996/download
"Bug Bounty programs|VDP|launch" -> Google News etc
#### J
#### L
Labs
Linux
https://linuxsecurity.expert/resources/
#### M
Monitoring
https://github.com/dgtlmoon/changedetection.io Monitor Website Changes
### P
#### Podcasts
Links here -> https://blog.intigriti.com/2019/11/12/bug-bytes-44-new-platform-new-programs-and-a-e25k-head-csrf/
SelfHosted Podcast https://selfhosted.show/60?t=777
Programs
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
### R
####
#### Reverse Shells
### Rate Limit
### T
Top 10
DNS Hijacking
https://www.cloudflare.com/en-ca/learning/security/global-dns-hijacking-threat/
https://github.com/mdsecresearch/Publications/blob/master/presentations/Offensive%20Development%20-%20Post-Exploitation%20Tradecraft%20in%20an%20EDR%20World%20-%20x33fcon%202020.pdf
IDN Homograph
https://www.akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks
#### Tools
https://www.xmind.net/m/Xy7XEW/# <-----
https://github.com/Excloudx6/PentestTools#exploitation-tools
https://linuxsecurity.expert/security-tools/top-100/
https://intelx.io/tools
https://github.com/nccgroup/ScoutSuite/tree/master/tools
Clean Ips Script
https://gist.github.com/LuD1161/bd4ac4377de548990b47b0af8d03dc78
### D
https://github.com/nccgroup/tracy
#### Todo
hetty.xyz
https://www.bugbountyhunting.com/
https://github.com/KingOfBugbounty/KingOfBugBountyTips#scan-log4j-using- -and-log4j-scan
https://medium.com/hacking-info-sec/how-to-install-and-use-bbrf-35f6aa15fbc9
https://github.com/Excloudx6/Guide-to-SSRF
https://github.com/alphaSeclab/sec-daily-2020
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/mindmap.png
https://github.com/topics/bugbounty
https://gist.github.com/R0X4R/bc08d55e368965f22c0b41ee8475ba87
SSRF
https://cheatsheetseries.owasp.org/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Big.pdf
Nmap
https://github.com/killswitch-GUI/PenTesting-Scripts/blob/master/Nmap-Strings
https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology/
https://github.com/SmeegeSec/Security_Headers_Nmap_Parser
ssh bruting
A simple multi-threaded distributed SSH brute-forcing tool written in Python https://github.com/k4yt3x/orbitaldump
https://github.com/d3vilbug/Brutal_SSH
xsshunter
https://github.com/mystech7/xsshunter - duplicate within 15 min check added
https://gosecure.github.io/security-cheat-sheet/
https://twitter.com/e11i0t_4lders0n/status/1489234267687497735
https://snyk.io/log4j-vulnerability-resources/
https://gist.github.com/sminez/571bd7bafb1b88630b85c85a0cd66e3a - grep through this
try
https://github.com/arjunshibu/gcmd
https://splash.readthedocs.io/en/stable/scripting-tutorial.html#scripting-tutorial
https://github.com/phlmox
Recon
https://github.com/Viralmaniar/BigBountyRecon
https://www.kitploit.com/2021/10/webdiscover-purpose-of-this-script-is.html
https://www.cobalt.io/blog/scope-based-recon-smart-recon-tactics
Checklists
https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/
https://gist.github.com/pdelteil/ba005609789ae14862f023da4191826d
https://github.com/rails/rails/issues/37620
SUBDOMAIN TAKEOVERS
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
https://www.udemy.com/course/cloud-hacking/learn/lecture/8613164?start=0#overview
https://github.com/indianajson/can-i-take-over-dns
https://scotthelme.co.uk/top-1-million-analysis-march-2020/
FINISH Watching - https://www.youtube.com/watch?v=12gtkYbMGd4&t=362s
HARSHBROTHA - https://www.youtube.com/watch?v=UrdvDCb4Gz8
NOTIFY - https://www.youtube.com/watch?v=rbr7ZmBI9qs
Handle your data carefully https://www.y
outube.com/watch?v=rbr7ZmBI9qs
UserAgents
https://github.com/Shaked/user-agents
https://github.com/BbhunterOne/ReconChef/blob/main/recon.sh#L82
Screenshots
https://github.com/spatie/browsershot
# https://github.com/maaaaz/webscreenshot
https://random-robbie.github.io/bugbounty-scans/
https://buaq.net/go-99375.html
https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive?rq=1
cheatsheets
https://0xn3va.gitbook.io/cheat-sheets/
https://0xn3va.gitbook.io/cheat-sheets/web-application/http-request-smuggling
_ _ _ _ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \
( F | R | A | M | E | W | O | R | K | S )
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/
+ ------ +
|Articles|
+ ------ +
* E.crack jwt - https://github.com/brendan-rius/c-jwt-cracker
https://github.com/SecureAuthCorp/impacket
Neo4j vs postgres (graphdb)
https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
Automation script
https://www.benteveo.kiwi/blog/automating-bug-bounties
https://github.com/AlexisAhmed/BugBountyToolkit <-- docker
https://gowthams.gitbook.io/bughunter-handbook/automation
Secret
https://www.directdefense.com/csrf-in-the-age-of-json/
https://buaq.net/go-249.html
Intentionally Vulnerable Github repo
https://github.com/shifa123/githubleak
https://wiki.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contentsfff
https://pentestbook.six2dez.com/
https://github.com/m4ll0k
https://github.com/six2dez
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
https://github.com/shifa123
https://www.udemy.com/course/web-application-ethical-hacking/learn/lecture/3305350?start=0#overview
## BugBounty Programs
---
https://huntr.dev/
https://www.zerodayinitiative.com/
https://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5
https://opensourcelibs.com/lib/google-acquisitions
https://opensourcelibs.com/libs/bugbounty
List of .gov
Tatget crypto https://arlolra.github.io/otr/
https://github.com/cisagov/dotgov-data
[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.
[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.
[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)
[Security Ninja Files List](https://crawler.ninja/files/)
https://allabouttesting.org/
Todo:
https://boards.greenhouse.io/cobaltio/jobs/4141074002 <--- solve challenge
CheatSheets
https://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md
Automated Scanners
* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)
* [Dalfox](https://github.com/hahwul/dalfox)
* [XSSTrike](https://github.com/s0md3v/XSStrike)
* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)
[SSTI-XSS-Finder](https://github.com/darklotuskdb/SSTI-XSS-Finder)
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
* https://twitter.com/0xJin/status/1470748925963513863
* https://twitter.com/0xJin/status/1470748925963513863/photo/1
XXE
https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity
https://app.intigriti.com/programs/dpgm/libelle/detail
https://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html
https://twitter.com/infosec_au/status/1340785029899698181?lang=en
https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html
Understanding DTD-< https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html
## Owasp Top 10
---
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WhatsNew.html
### Clickjacking
https://lcamtuf.blogspot.com/2011/12/x-frame-options-or-solving-wrong.html
https://blog.innerht.ml/page/2/
https://hackerone.com/reports/8724
### CSRF
* https://hackerone.com/reports/44146
- 7-19-16
* [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&t=5s)
* https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/
- 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))
### XSS
Paid Services
https://findomain.app/#Pricing
## Resources
---
Params
Config override using non-validated query parameter allows at least reflected XSS by injecting configuration into state
https://hackerone.com/reports/1082847
Fuzzcon & fuzzung
https://twitter.com/hashtag/hacklu?src=hashtag_click
https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Fuzzing.md
Recoon
eiIaaefwaaa m
k
- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
[PrettyRecon](https://prettyrecon.com/auth/signup)
### Dorks
https://ask.fm/tags/bounty
### Lists
https://github.com/payloadbox/xss-payload-list
Protips and Trips
Most of the sites use AWS nowadays...
AWS localhost is 169.254.169.2qqqd eede 4bs.com/2017/02/wallpaper-penetration-testing-and-exploit-dev-cheatsheet/
https://githubhelp.com/topic/bugbountytips
Githubs
https://github.com/kleiton0x00?tab=stars
https://github.com/fuzz-security
---
- [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)
- [Disclose/diodb](https://github.com/disclose/diodb)
-
### Streams
[Nehamsec Twitch](https://www.twitch.tv/nahamsec)
### Twitter Tweetin'
https://twitter.com/0xMstar/status/1464658472981565444{{
https://twitter.com/0xJin/status/1470748925963513863
podcasts
https://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q
### Data
---
Bugcrowd Subdomain Enumeration https://www.youtube.com/watch?v=La3iWKRX-tE
CVE-2019-11510 Detail
/dana-na
## CVE/CVD
---
CVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx
- https://vuls.cert.org/confluence/display/CVD/Executive+Summary
- https://vuls.cert.org/confluence/display/CVD/Sightings
https://github.com/detectify/cs-challenge
https://github.com/r3curs1v3-pr0xy
https://notsosecure.com/resources
https://reconshell.com/bug-bounty-tips/
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md
[Insecure Deserialization Part 1](https://www.youtube.com/watch?v=SNi7gNkfLSM)
[Insecure Deserialization part 3](https://www.youtube.com/watch?v=icAKHE-iKOs)
https://secoceans.com/blog-2/
https://portswigger.net/research
https://portswigger.net/blog
https://portswigger.net/news
https://portswigger.net/daily-swig
courses
https://www.udemy.com/course/penetration-testing-bug-bounty-hunting-level-2-hacktify/
https://spongebhav.medium.com/facebook-group-members-disclosure-e53eb83df39e
https://github.com/six2dez/talks/blob/main/Gotta_ENG.pdf
packets
https://www.kitploit.com/2018/08/polymorph-real-time-network-packet.html
Automation
https://gowthams.gitbook.io/bughunter-handbook/automation
[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)
https://pentestbook.six2dez.com/
https://github.com/m4ll0k
https://github.com/six2dez
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
https://github.com/shifa123
Writeups
## BugBounty Programs
---
https://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5
https://opensourcelibs.com/lib/google-acquisitions
https://opensourcelibs.com/libs/bugbounty
List of .gov
https://github.com/cisagov/dotgov-data
[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.
[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.
[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)
[Security Ninja Files List](https://crawler.ninja/files/)
https://allabouttesting.org/
CheatSheets
https://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md
### Z
Zap
https://github.com/sepehrdaddev/zap-scripts/fork
https://www.zaproxy.org/authors/thorin/
https://github.com/zaproxy/zap-extensions
Frameworks
https://core.intrigue.io/
Reconness
Pwnmachine
axiom
https://www.mandiant.com/
https://trickest.com/
(https://github.com/Findomain/Findomain/releases)
* [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)
* https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring
Automated Scanners
* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)
* [Dalfox](https://github.com/hahwul/dalfox)
* [XSSTrike](https://github.com/s0md3v/XSStrike)
* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)
https://github.com/darklotuskdb/SSTI-XSS-Finder
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass Op enRed irects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
* https://twitter.com/0xJin/status/1470748925963513863
* https://twitter.com/0xJin/status/1470748925963513863/photo/1
## Owasp Top 10
---
### Clickjacking
https://hackerone.com/reports/8724
### CSRF
* https://hackerone.com/reports/44146
- 7-19-16
* [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&t=5s)
* https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/
- 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))
### XSS
Paid Services
https://findomain.app/#Pricing
## Resources
---
[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)
How to view someones IP address and connection speed! https://www.youtube.com/watch?v=SXmv8quf_xM
Recoon
eiIaaefwaaa m
k
- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
[PrettyRecon](https://prettyrecon.com/auth/signup)
### Dorks
https://ask.fm/tags/bounty
### Lists
https://github.com/payloadbox/xss-payload-list
### Githubs
---
- [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)
- [Disclose/diodb](https://github.com/disclose/diodb)
-
Active Directory
Penttesting Active Directory https://www.xmind.net/m/5dypm8/a
https://adsecurity.org/
### Streams
[Nehamsec Twitch](https://www.twitch.tv/nahamsec)
Live Bug Bounty Hunting Speedbiker https://www.youtube.com/watch?v=9W94AKLc5g8
Watch Live [Current] https://www.youtube.com/c/Ch1R0n1n
### Twitter Tweetin'
https://twitter.com/samwcyo/status/1529888063576584202
https://twitter.com/sshell_
https://mobile.twitter.com/TechnoTimLive Devops tweets
https://mobile.twitter.com/drunkrhin0/status/1344130729320435712
https://twitter.com/0xMstar/status/1464658472981565444{{
https://twitter.com/0xJin/status/1470748925963513863
podcasts
https://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q
### Data
---
* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
CVE-2019-11510 Detail
/dana-na
## CVE/CVD
---
CVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx
- https://vuls.cert.org/confluence/display/CVD/Executive+Summary
- https://vuls.cert.org/confluence/display/CVD/Sightings
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
https://opensourcelibs.com/lib/google-acquisitions
Reverse shells
https://github.com/wwkenwong/Pentest-note
https://github.com/tehryanx?tab=repositories
https://github.com/sawzeeyy/Sanitiz3r
https://buaq.net/go-249.html
s
(https://github.com/Findomain/Findomain/releases)
* [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)
* https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring
https://github.com/D35m0nd142/LFISuite
https://hub.docker.com/u/secsi
tips
Wig
https://linuxsecurity.expert/tools/wig/
xxxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzxΩxxxxxxxxxxx≈≈
BlindElephant
https://linuxsecurity.expert/tools/blindelephant/alternatives/
https://ronak-9889.medium.com/denial-of-service-using-cookie-bombing-55c2d0ef808c
IOT
https://www.youtube.com/watch?v=AKoyZLibIeo
Raw
Merge - Burp
AutoRepeater Burp Plugin
https://github.com/nccgroup/AutoRepeater/compare/master...moloch--:AutoRepeater:master
https://github.com/nccgroup/AutoRepeater/compare/master...PortSwigger:auto-repeater:master
Authmattrix
https://www.whiteoaksecurity.com/blog/authorization-testing-authmatrix-part-1/
https://github.com/Excloudx6/AuthMatrix#basic-usage
Authmattix https://youtu.be/4IJ_85tG43I?t=1865
https://github.com/SecurityInnovation/AuthMatrix/blob/master/images/img4.png
https://github.com/SecurityInnovation/AuthMatrix/compare/master...Charles94jp:AuthMatrix:master
https://zuxsecurity.blogspot.com/2018/01/authmatrix-08.html
https://github.com/SecurityInnovation/AuthMatrix/compare/master...PortSwigger:auth-matrix:master
Burp Molly Pack
https://github.com/yandex/burp-molly-pack/commit/dada164c556f0e7b283917bf9c553700a66f4528
Burp molly scanner
https://github.com/yandex/burp-molly-scanner#burp-molly-scanner
burp script hackve
Burp molly scanner'
https://github.com/yandex/burp-molly-scanner#burp-molly-scanner
rtor to bypass proxy ip restricstions
Burp Hotkeys ekyboard shortcuts recommendations GOOD https://twitter.com/ptswarm/status/1544686537794797576/photo/1
Configuring Burp
An Adventure in Dealing with Burp Proxy in an Extension https://parsiya.net/blog/2019-04-06-hiding-options-an-adventure-in-dealing-with-burp-proxy-in-an-extension/
https://pentestbook.six2dez.com/others/burp
Create Extensions
Python Utility to help create your extension https://github.com/parsiya/burputils/
Ruby Example https://github.com/4ARMED/burp_plugins/blob/master/json_beautifier.rb
Documentation
Proxy Options https://yw9381.github.io/Burp_Suite_Doc_en_us/burp/documentation/desktop/tools/proxy/options/index.html
Extensions
Admin Panel Finder https://github.com/moeinfatehi/Admin-Panel_Finder
Autorize
https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21
https://github.com/Quitten/Autorize
https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f
Autorize https://youtu.be/5qSq1S2sRC8?t=852
https://trustfoundry.net/the-top-8-burp-suite-extensions-that-i-use-to-hack-web-sites/
BurpJSLinkFinder https://github.com/PortSwigger/js-link-finder
Dr Watson https://github.com/prodigysml/Dr.-Watson
Inql graphql Burp Extension for burp [here](https://youtu.be/5qSq1S2sRC8?t=753)
Sharpener - Burp Extension https://portswigger.net/bappstore/3c5025b0e19d419a8f339ee0c30391dd
Extension Lists
Awesome Burp Extensions https://github.com/fuzz-security/awesome-burp-extensions
Extensions By Hannah https://github.com/Hannah-PortSwigger?tab=repositories
Github Burp Extensions Filter https://github.com/topics/burp-extensions
Filter out noise in burp
Filter out noise in burp tip #10 https://www.infosecmatter.com/bug-bounty-tips-1/
Filter out noise in burp https://twitter.com/sw33tLie/status/1275537548539027457
Howtos
Send any traffic through burp. https://github.com/jrmdev/mitm_relay
https://trustfoundry.net/the-top-8-burp-suite-extensions-that-i-use-to-hack-web-sites/
Pro tip (Burp)
Move extensions to the bottom of the list on the Extender Tab // List of loaded Extensions. Extensions are used in the order they appear on that list and Flow may not log a particular extension if it is above that extension on the list.
Resources
Fuzz Security / Burp Resources
Awesome Burp Extensions by Fuzz Security https://github.com/fuzz-security/awesome-burp-extensions
Asesome Burp by Fuzz Security https://github.com/fuzz-security/awesome-burp-suite
Scanners
https://github.com/PortSwigger/example-scanner-checks
https://youtu.be/cqM-MdPkaWo?t=412 <--- Burp Find and Replace rule to do vhost hopping
https://github.com/w0ot-net/ParamScraper
https://stackoverflow.com/questions/tagged/burp?tab=Votes
https://github.com/Static-Flow/BurpSuite-Team-Extension
https://github.com/Static-Flow/BurpSuiteAutoCompletion
https://twitter.com/_StaticFlow_/status/1367304795342721024
Burp todos
https://www.youtube.com/watch?v=sNtxbv7nxJA&t=32s
https://github.com/mdsecresearch/BurpSuiteSharpener
https://burpbounty.net/burp-bounty-ekoparty-2020/
https://parsiya.net/blog/2019-04-06-hiding-options-an-adventure-in-dealing-with-burp-proxy-in-an-extension/
https://hakin9.org/blind-xss-in-practice-advanced-bug-hunting-with-burp-suite-tutorial-free-course-content/
https://www.youtube.com/watch?v=KoaSRi3tmck
https://www.youtube.com/watch?v=35jw4dJtRz0&t=230s
#Eko2020 Bounty Hunters | Eduardo Garcia Melia: Burp Bounty - Scan Check Builder https://www.youtube.com/watch?v=t4caslqATi8
https://tryhackme.com/room/burpsuitebasics
https://mrxn.net/?tag=burpsuite
https://github.com/topics/burp-extensions
https://www.youtube.com/watch?time_continue=11&v=35jw4dJtRz0&feature=emb_logo
https://https://www.youtube.com/watch?time_continue=11&v=35jw4dJtRz0&feature=emb_logogithub.com/Mr-xn/BurpSuite-collections
https://github.com/volkandindar/agartha
https://twitter.com/Pethuraj/status/1530773159355379712?cxt=HBwWgMCjsf-Es74qAAAA&cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email
https://github.com/BurpsuiteExtensions
hqqewwqqttps://github.com/Team-Firebugs/Burp-LFI-tests
h211ttps://github.com/1N3/IntruderPayloads
2018 Burp Hacks for Bounty Hunters - James Kettle shares his setup - https://www.youtube.com/watch?v=boHIjDHGmIo
BUG BOUNTY :- Burp Suite Bug Bounty Web Hacking learn from Scratch :- Complete Burp Suite Tutorial https://www.youtube.com/watch?v=AH1UcYwxKak
https://www.secureideas.com/blog/2015/08/introducing-burp-correlator.html\
https://github.com/redhuntlabs/BurpSuite-Asset_Discover
https://github.com/m4ll0k/SecretFinder/tree/master/BurpSuite-SecretFinder
https://portswigger.net/web-security/certification
https://github.com/rs-loves-bugs/burp-browser-profiles
https://www.secureideas.com/blog/2015/05/tip-running-burpsuite-on-mac.html
Change Burp Icon https://osxdaily.com/2013/06/04/change-icon-mac/
https://github.com/elkokc/reflector
https://github.com/snoopysecurity/awesome-burp-extensions
https://portwswigger.net/burp/documentation/desktop/functions/generate-csrf-poc
James Kettle burp Setup https://youtu.be/boHIjDHGmIo?t=204
[Wordlists in burp](https://youtu.be/boHIjDHGmIo?t=378)
[Grep Extract w intruder](https://youtu.be/boHIjDHGmIo?t=427)
[Adding your own active scan check](https://youtu.be/boHIjDHGmIo?t=543)
https://import.cdn.thinkific.com/359809/BurpsuiteResourcePDF-201107-173314.pdf
https://portswigger.net/burp/pro/video-tutorials?utm_source=burp_suite_professional&utm_medium=embedded_browser&utm_campaign=burp_support
https://portswigger.net/blog/burp-suite-professional-feature-roundup
https://portswigger.net/news
https://youtu.be/rbr7ZmBI9qs?t=278
https://www.hahwul.com/2019/12/29/run-other-application-on-burp-suiteburp/
https://github.com/PortSwigger
Burp api Tip https://youtu.be/5qSq1S2sRC8?t=731
[Burp Active Scan by Jason Haddix]
He runs an [Active Scan using burp suite](https://youtu.be/uKWu6yhnhbQ?t=4370). He toggles 50 threads, see link for more.
https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-http-request-smuggling-2c0b5321f06d
burp etc https://www.youtube.com/playlist?list=PL8j1j35M7wtI4IvNS7ItrM8dTYXx2nYfX
echo "Burp Extensions" && echo "Burp Extension Basic Auth Decoder Bypass: https://learn.hacktify.in/courses/take/hacktify-special-chapter-1/downloads/25003636-burpsuite-decode-basic-auth-extension" >> $README
curl https://import.cdn.thinkific.com/359809/courses/1386931/firstextension-210608-160308.py -o $HOME/basic-auth-decoder.py
Burp Extensions
https://github.com/CoreyD97?tab=repositorwies
https://github.com/xnl-h4ck3r/burp-extensions/fork
https://github.com/xnl-h4ck3r/burp-extensions
https://www.kitploit.com/2019/08/iprotate-extension-for-burp-suite-which.html
https://github.com/InitRoot/BurpJSLinkFinder
https://bugbountyforum.com/tools/proxy-plugins/ Burp
https://github.com/arbazkiraak/BurpBLH Burp
https://github.com/0xDexter0us/Scavenger
https://github.com/danielthatcher/spydom <--- the postmessage alerts that burp is always complaining about, use this to view them.
Building an extension resources *---> https://github.com/w0ot-net/ParamScraper/blob/master/ParamScraper.py
Burp Cheat Sheet https://www.sans.org/posters/burp-suite-cheat-sheet/
https://www.hackingarticles.in/burp-suite-for-pentester-burps-project-management/
https://github.com/Net-hunter121/API-Wordlist#usage <----- hack apis with burp
[Autorize](https://youtu.be/5qSq1S2sRC8?t=852)
https://www.kitploit.com/2022/05/graphql-threat-matrix-graphql-threat.html
inQL graphql Burp Extension for burp [here](https://youtu.be/5qSq1S2sRC8?t=753)
Extender
https://www.trenchesofit.com/2022/01/16/burp-suite-custom-parameter-handler/
Browser Extensions Burp Collabertator https://blog.intigriti.com/2021/05/05/bug-bytes-121-free-burp-collaborator-alternative-hacking-chrome-extensions-28k-facebook-oauth-account-takeover/
Burp
https://github.com/nccgroup/BurpSuiteHTTPSmuggler
https://portswigger.net/burp/documentation/collaborator/deploying
https://import.cdn.thinkific.com/359809/BurpsuiteResourcePDF-201107-173314.pdf
https://portswigger.net/blog/burp-suite-professional-feature-roundup
My Burp Extensions
https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646
https://github.com/nccgroup/WCFDSer-ng
https://github.com/GoSecure/csp-auditor
https://github.com/SmeegeSec/Burp-Importer
Flow by Marcin Woloszyn
https://www.hackingarticles.in/burp-suite-for-pentester-burps-project-management/
https://kalilinuxtutorials.com/nuclei-burp-plugin/
oast testin g
https://portswigger.net/burp/application-security-testing/oast
https://www.udemy.com/course/web-application-ethical-hacking/learn/lecture/3305350?start=0#overview
https://portswigger.net/blog/a-modern-elastic-design-for-burp-collaborator-server
https://portswigger.net/blog/burp-suite-roadmap-for-2022
https://portswigger.net/blog/burp-suite-certification-prices-hacked-for-black-friday
https://portswigger.net/blog/the-mystery-of-the-missing-mac-release
Burp Documentation https://portswigger.net/burp/documentation/desktop/functions/generate-csrf-poc
#### [Burp](https://gist.github.com/ruevaughn/a6da987379f5593d0ab4a878fe1b6baf/575fd3933296ea1eb734fe4e69bd99a01c6d425e#file-burp-L2)
**https://apps.burpsuite.guide/**
**https://securityzines.com/flyers/burp.html**
Burp api Tip https://youtu.be/5qSq1S2sRC8?t=731
https://github.com/InitRoot/BurpJSLinkFinder
https://github.com/tristanlatr/burpa
https://github.com/mdsecresearch/BurpSuiteSharpener
TurboIntruder
https://github.com/PortSwigger/turbo-intruder/blob/master/resources/examples/timingAttackWithState.py
https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack
https://github.com/PortSwigger/turbo-intruder
https://web.archive.org/web/20210501000000*/https://www.pentagrid.ch/en/blog/password-reset-code-brute-force-vulnerability-in-AWS-Cognito/
https://github.com/PortSwigger/turbo-intruder/blob/master/decorators.md
x8-Burp
https://github.com/Excloudx6/x8#burp-suite-integrations
Create
Raw
Tools.mkd

Tools

Customizable Tools

Leaktopus

  • Backend (API) 8000 Mandatory
  • Backend (Worker) N/A Mandatory
  • Redis 6379 Mandatory
  • Frontend 8080 Optional
  • Elasticsearch 9200 Optional
  • Logstash 5000 Optional
  • Kibana 5601 Optional

Whatweb Nuclei

Secret Finding

Deploy

tko-subs https://github.com/anshumanbh/tko-subs Trufflehog GF Vajra

Proxy/Proxies Browser Extensions Burp Collabertator https://blog.intigriti.com/2021/05/05/bug-bytes-121-free-burp-collaborator-alternative-hacking-chrome-extensions-28k-facebook-oauth-account-takeover/ Charles Proxy https://www.charlesproxy.com/ Charles List of API Requests in Charles https://youtu.be/cvvPLlP4518?t=682 Fiddler https://www.telerik.com/fiddler Hetty https://hetty.xyz

MitmIntercept - Intercept And Modify non-HTTP Protocols Through Burp And Others https://www.kitplo it.com/2022/06/mitmintercept-little-bit-less-hackish.html

MITM Proxy Webpage https://mitmproxy.org/ MITM Proxy https://www.kitploit.com/2022/06/mitmintercept-little-bit-less-hackish.html Pysocks - Run Python scripts through a proxy To use socks5 proxy, install PySocks with pip install PySocks Proxychains - a tool that forces any TCP req through proxy https://github.com/haad/proxychains Proxy By Abhinsignh https://github.com/abhinavsingh/proxy.py TCP over HTTP https://github.com/neex/tcp-over-http Telnet Via Proxy https://unix.stackexchange.com/questions/36627/how-to-telnet-via-proxy-authentication Tint Proxy http://tinyproxy.github.io/ Torsocks Proxy torsocks proxy torsocks gitls -l user.list) or -tor op Zap videos By Hawhul https://www.youtube.com/watch?v=GK46fsCL7kk Zap Quick Start Bundle https://www.zaproxy.org/docs/developer/quick-start-build/ Zap / Docker https://www.zaproxy.org/docs/docker/about/ Zap Scripts by Sepehrdaddev https://github.com/sepehrdaddev/zap-scripts Zap Extension Wiki - https://github.com/zaproxy/zap-extensions/wiki

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment