abhinavprasad47 / Bugbounty Starter Notes
Projects that are alternatives of or similar to Bugbounty Starter Notes
Books
- The web application hacker's handbook
- owasp testing guide
- web hacking 101
- breaking into infromation security
- mastering mordern web peneteration testing
Recon
-
ASN's(autonomous system numbers) - (ip ranges , keyword searches)
-
Rev whois - rev
-
shodan - shodan
-
we cannot miss out on burp
-
domlink domlink
-
builtwith - they also has a browser plugin it tells about stack that site is bult on and analytics
- google dorks
- robtex
- waybackmachine
- sublist3r
- Amass
- subfinder
- Cloudflare Enumeration Tool
-
massdns
ex:
.subbrute.py /root/work/bin/all.txt $TARGET.com | ./bin/massdns -r resolvers.txt -t A -a -o -w massdns_output.txt -
-
gobuster
ex
gobuster -m dns -u $TARGET.com -t 100 -w all.txt
-
best dictonary file : all.txt
-
masscan
ex:
masscan -p1-65535 -iL $TARGET_LIST --max-rate 10000 -oG $TARGET_OUTPUT
-
nmap
-
masscan output => map services scan -oG => brutespray credential bruteforcing.
ex:
python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5
-
Eyewitness
-
waybackursls enumeration using wayback
Keeping track of all this
Xmind organization
Identification and cve searching
- buldwith
- retire.js
- burp-vulners-scanner
- wappanalyzer
Parsing Heavy javascript sites
- zap Ajax spider - owasp zap
- [Linkfinder]
- [jsparser]
Content Discovery
- Gobuster
- Burp content discovery
- Robots disallowed
- wpscan
- Seclists / RAFT / Digger wordlists
- cmsmap
- custom wordlist
XSS
- blind xss frameworks
- XSS polyglot *
- XSS Mindmap
SSRF
- for testing in cloud https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b
- SSRFmap
- Gopherus
Subdomain Takeover
link
Above notes are from Jason haddix's How to shot web talkTBHMv4
notes on newer version of Jason Haddix's talksLearn How to Hunt
Tutorials and Things to Do while Hunting Vulnerability. Howtohunt repo
Gold mine of Resources from Nahamsec
Resources-for-Beginner-Bug-Bounty-Hunters🔥