GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → IamLucif3r → Bug-Hunting

IamLucif3r / Bug-Hunting

Licence: GPL-3.0 license
A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Labels

bugbug-bountybugreportbugbountybug-reportingbug-huntingmethodologiesbug-bounty-huntersbug-bounty-reconnaissancebug-bounty-tips

Projects that are alternatives of or similar to Bug-Hunting

BugHunter
No description or website provided.
Stars: ✭ 23 (-79.09%)
Mutual labels:  bug, bugreport, bugbounty
Galaxy-Bugbounty-Checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
Stars: ✭ 34 (-69.09%)
Mutual labels:  bug, bugbounty
credcheck
Credentials Checking Framework
Stars: ✭ 50 (-54.55%)
Mutual labels:  bug-bounty, bugbounty
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+167.27%)
Mutual labels:  bug-bounty, bugbounty
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+334.55%)
Mutual labels:  bug, bugbounty
BugHunterID
Para pencari bug / celah kemanan bisa bergabung.
Stars: ✭ 72 (-34.55%)
Mutual labels:  bug, bugbounty
roboxtractor
Extract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-63.64%)
Mutual labels:  bug-bounty, bugbounty
Bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (+29.09%)
Mutual labels:  bug-bounty, bugbounty
Allaboutbugbounty
All about bug bounty (bypasses, payloads, and etc)
Stars: ✭ 758 (+589.09%)
Mutual labels:  bug, bugbounty
Ezxss
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+829.09%)
Mutual labels:  bug, bugbounty
Clickjacking Tester
A python script designed to check if the website if vulnerable of clickjacking and create a poc
Stars: ✭ 72 (-34.55%)
Mutual labels:  bug, bug-bounty
Rfi Lfi Payload List
🎯 RFI/LFI Payload List
Stars: ✭ 202 (+83.64%)
Mutual labels:  bug-bounty, bugbounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+72.73%)
Mutual labels:  bug-bounty, bugbounty
fleex
Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
Stars: ✭ 181 (+64.55%)
Mutual labels:  bug-bounty, bugbounty
Di.we.h
Repositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (+41.82%)
Mutual labels:  bug-bounty, bugbounty
Awesome Vulnerable Apps
Awesome Vulnerable Applications
Stars: ✭ 180 (+63.64%)
Mutual labels:  bug, bugbounty
Subjack
Subdomain Takeover tool written in Go
Stars: ✭ 1,194 (+985.45%)
Mutual labels:  bug-bounty, bugbounty
Facebook Bugbounty Writeups
Collection of Facebook Bug Bounty Writeups
Stars: ✭ 110 (+0%)
Mutual labels:  bug-bounty, bugbounty
Bug-Bounty-Scripts
Script for Bug Bounty
Stars: ✭ 17 (-84.55%)
Mutual labels:  bug, bug-bounty
Hackeronedb
The unofficial HackerOne disclosure Timeline
Stars: ✭ 117 (+6.36%)
Mutual labels:  bug, bugbounty
View All Similar Projects ➔

Bug Hunting

A Collection of Notes, Methodologies, POCs, Tools and everything else related to Bug Hunting. ✌️

👉 A Bug Bounty Program is a deal offered by several Oragnizations & Individuals by which recognition and compensation is provided to individuals for reporting Bugs.

You can Fork this Repo, I'm continuously adding the content!

Contents

👉 The repo is organized in following manner. You can read the notes:

  1. Reconnaissance - Phase 1
    1. CIDR Range
    2. Google Dorking
    3. Tools
  2. Reconnaissance - Phase 2
    1. Wordlists
    2. Subdomain Enumeration
      1. Certification Transparency Logs
      2. Search Engine
      3. Github
      4. Brute Force
      5. Subdomain Permutation
      6. Tools
    3. DNS Resolutions
    4. Screenshot
    5. Content Discovery
    6. Inspecting JS Files
    7. Google Dorks
    8. Conclusion
  3. Fingerprinting
    1. IP
    2. Web-Application
      1. Wapalyzer
      2. Firewall
    3. Conclusion
  4. Exploitation - Part 1
    1. Subdomain Takeover
    2. Github
    3. Misconfigured Cloud Storage Buckets
    4. Elastic Search DB
    5. Docker API
    6. Kuberneter API
    7. .git/.svn
    8. Google Firebase
  5. Exploitation - Part 2
    1. Exploiting CMS
    2. Exploiting OWASP
      1. XML Extended Entity (XXE)
      2. Cross Site Scripting (XXS)
      3. Server-Side Request Forgery (SSRF)
      4. Cross Side Request Forgery (CSRF)
      5. SQL Injection
      6. Command Injection
      7. Cross Site Web Socket Hijacking (CSWSH)
      8. File Upload
      9. Directory Traversal
      10. Open Redirect
      11. Insecure Direct Object Reference
  6. Methodology - Workflow
    1. Traditional Workflow
    2. Github Workflow
    3. Cloud Workflow
    4. Google Dork Workflow
    5. Leaked Credentials Workflow
    6. Exploit Workflow
  7. API-Pentesting
    1. APIs
    2. Authentication
  8. Caching Servers
    1. Web Cache Poisoning
    2. Web Cache Deception
  9. Miscellaneous
    1. On Site Request Forgery (OSRF)
    2. Prototype Pollution
    3. Client Side Template Injection
    4. XML External Entity
    5. Content Security Policy Bypass
    6. Relative Path Overwrite

Bug-Hunting Platforms

Following are some of the top Bug-Hunting Platforms. You can make your account and start hunting bugs for the programs available.

Note: This Repo is under development, Only Notes have been added till now. Separate Section for Tools, POCs and Tricks will be created soon

➡️ Contributions

You are Welcome to Contribute. You can contribute by:

  • Translating into other languages
  • Adding more Methodologies, Tools, and other Resources.
  • Just adding a star to our Github project :)

👉 If you have some new idea about this Repository, issue, feedback or found some valuable tool feel free to open an issue or just DM me via @IamLucif3r_

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].