xyele / Hackerone_wordlist
Licence: gpl-3.0
The wordlists that have been compiled using disclosed reports at HackerOne bug bounty platform
Stars: ✭ 353
Programming Languages
python
139335 projects - #7 most used programming language
HackerOne Wordlist
The wordlists that have been compiled using disclosed reports at the HackerOne bug bounty platform.
Match Cases
Here is the match cases how it extracts all these data.
URLs
I've used urlextract library for extracting URLs based on TLDs. Eventhough it works awesome, there might be false matches rarely.
Raw HTTP Requests
It extracts the raw http requests which is in three backticks (```). Her are the example:
Hey team! I've found an SQL Injection issue with your website.
## Request
```
POST /xyele/hackerone_wordlist HTTP/1.1
Host: github.com
star_repo=true'
```
So it extracts the request and parsing it.
POST /xyele/hackerone_wordlist HTTP/1.1
Host: github.com
star_repo=true'
Parameter names
Besides the getting parameters from requests and URLs, it gets parameter names with regex again. Here are the examples:
LFI throught the filename parameter --> filename
SQL Injection on blabla domain via userid parameter --> userid
<?php echo $_GET['makesense']; ?> --> makesense
Known Issues
- It downloads reports each by each but nothing to do for getting it faster because HackerOne has rate-limit.
Support Me
Reach out to me at one of the following places!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].