appsec.fyi

A somewhat curated list of links to various topics in application security.

Bug Bounty

LinkExcerpt
VPS-web-hacking-toolsAutomatically install some web hacking/bug bounty tools for your VPS.
My bug bounty journey. The middle-class boy who wanted everything for free.My name is Vivek. I am currently working as a software developer in a private company. “Hacking” — I was introduced to this term when I was a school student. I was born into a middle-class family. I wanted everything for free.
How to discover up to 10,000 subdomains with your own toolThis time you will learn how to create your own tool with which you will be able to discover subdomains of websites. If in your free time you dedicate yourself to report vulnerabilities this can be very helpful for you. The subdomains are of the type: http://subdominio.dominio.
Analysing JavaScript Files For Bug Bounty HuntersJavascript is a client side object oriented scripting language. In essence this has several meanings:
Intro to Bug Bounty Automation (pt.2): Port Scanning with SlackOkay, so Slack can’t actually perform port scans! However, it can act as a communication channel to relay tasks, such as port scanning, to a remote server.
$10000 Facebook SSRF — Bug BountyThis is a write-up about a SSRF vulnerability I found on Facebook. The vulnerability could have allowed a malicious user to send internal requests to the Facebook corporate network.
nahamsec/Resources-for-Beginner-Bug-Bounty-HuntersThere are number of new hackers joining the community on regular basis and this raises the question of "How do I get started and what are some good resources?" and we hope to help with those questions using this repository.
QuickXSSBash Script to Automate XSS using Waybackurls, GF, GF Patterns and Dalfox. Install Go in your Machine and then use following commands.
Getting Started in Bug BountiesGoogle has everything you need indexed. There are lots of queries you could search for, however here are some popular search queries: (don't forget to try different languages!) Security.txt is defined as, A proposed standard which allows websites to define security policies. security.
nahamsec/Resources-for-Beginner-Bug-Bounty-HuntersThere are number of new hackers joining the community on regular basis and this raises the question of "How do I get started and what are some good resources?" and we hope to help with those questions using this repository.
Password Reset Token Leak via X-Forwarded-HostStudent of Bachelor of Commerce(B.Com) and also I am a Bug Bounty Hunter. This is my 1st blog, if you find any spelling mistakes, so please bear with it for the next few minutes.
Top 10 web hacking techniques of 2020Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year.
Noob’s Basic JSON web Token Exploit GuideHi, how are you la lala. Let’s cut short all that… I just want to cover a noob’s guide for basic json web token testing. Please note that this is not the only potential JSON analysis method. For more attack vectors, do have a look at https://github.com/DontPanicO/jwtXploiter
Uncle Rat's ultimate bug bounty guide
Finding My First Bug: HTTP Request SmugglingThis is the report of my first bug. The bug was HTTP Request Smuggling for which I got a bounty of $200. During my recon when I found all the possible subdomains I just started visiting them one by one, the vulnerable subdomain gave a 403 Forbidden error along with the version of the webserver.
HTTP Request Smuggling: A PrimerOne of the security issues you might face with your website or web app is request smuggling. HTTP request smuggling is a security vulnerability that allows an attacker to interfere with the way a server processes the HTTP requests it receives.
Daniel Miesslerffuf is an acronym for “fuzz faster you fool!”, and it’s a cli-based web attack tool written in Go. Veteran web testers might think of it as Burp Intruder on the command line. The hardest thing about ffuf is figuring out how to pronounce it.
🐛 BugBountyHunting Search Engine🐛 BugBountyHunting Search Engine Made with ❤️ by @payloadartist Example search: http://bugbountyhunting.
Subdomain Take Over Worth 100£When good ethics meet mother luck along with the right elements, This combination can bring good results. Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user’s account credentials.
CTF [Dec 11–15]: Pwn a buggy webapp in 5 minutesThis week’s CTF was based on WebApp Security and was by far the easiest one. In this post, I will be talking about an intentional bypass that allows you to get root and solve the whole WebApp Security CTF under 5 mins!
Website Penetration Testing and Database Hacking with SqlmapHey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“.
Hunting and Exploiting the Apache GhostcatThe Apache Ghostcat vulnerability is a file inclusion vulnerability which came out in the first quarter of this year while the world was gearing up for a lockdown fight up against the coronavirus.
Remote Code Execution explained with real life bug bounty reportsMight help other people.
Security ToolsSecurity Tools, Curated list of security tools for Hackers & Builders!
Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018)Hi, these are the notes I took while watching “The Bug Hunters Methodology v3(ish)” talk given by Jason Haddix on LevelUp 0x02 / 2018. This talk is about Jason Haddix’s bug hunting methodology. It is an upgrade of:
Bug Bounty Hunting Tips #4 — Develop a Process and Follow ItThe easiest way to fail as a bug bounty hunter is to search at random without a methodology or process to follow. Here’s what to consider. It is really easy to jump straight in and wildly throw payloads at a system when you first approach a target.
Samesite by Default and What It Means for Bug Bounty HuntersYou have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer. This attribute is going to be set by default for all cookies in Chrome 80 (February 4, 2020).
@Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties!Live Every Tuesday and Sunday on Twitch: https://twitch.tv/nahamsec Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Free $100 DigitalOcean Credit: https://m.do.co/c/3236
quiverQuiver is an opinionated and curated collection of commands, notes and scripts I use for bug bounty hunting. Clone the repo to your custom plugins folder.
sehno/Bug-bountyRessources for bug bounty hunting. Contribute to sehno/Bug-bounty development by creating an account on GitHub.
Bug Bounty ToolkitFree capture the flag virtual machines to download, run, and practice against. Free downloadable VMs and paid for online training and labs. Certainly worth checking out.
Bug BountyBug Bounty — Tips / Tricks / JS (JavaScript Files)It all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to th
The Hitchhiker’s Guide to Bug Bounty Hunting Throughout the Galaxy.Hello friends! I want to talk a little about what has got me started on reviving my technology skills and started me on this journey. As a lifetime linux aficionado, I’ve been aware of the hacker sub-culture almost my whole life.
The need for note making and an organized methodology in Bug Bounty HuntingIn the beginning everyone’s crap at bug bounty hunting. Apart from all the obvious reasons why, the lack of detailed notes and an organized methodology may also contribute to this. Let me, however, right at the start of this article, reiterate that this is solely my opinion.
Hunting Good Bugs with only Hey hunters! being a while of my last post! so let’s get deep on this right now! Really? it’s kind a joke? Getting bugs with ?
Bug Hunting Journey of 2019So I thought I should share a last writeup about some of the bugs which I have found this year.This is going to be a little long.I have been working on this for the last few days ,I hope you will like it. You can use grep to search for strings starting with https,http.
Bug Bounty PlaybookShare this on Facebook to get a % discount.
Bug BountyBug Bounty — Tips / Tricks / JS (JavaScript Files)It all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to th
How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
dsopas/assessment-mindsetSecurity Assessment Mindset Why I did this to help me on my security assessments (pentest, bug bounty, red-team, kung) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind.
bounty-targets-dataThis repo contains data dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports). The files provided are: The last change was detected on . New changes (if any) are picked up hourly.
Understanding the full potential of sqlmap during bug bounty huntingSwiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar.
amass — Automated Attack Surface MappingWhether you’re attacking or defending, you have the highest chance of success when you fully understand the target. The pronunciation stress is on the second syllable.
dsopas/assessment-mindsetSecurity Assessment Mindset Why I did this to help me on my security assessments (pentest, bug bounty, red-team, kung) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind.
Pro tips for bug bountyPro Tips For Bug Bounty1) clear your mindset about bugbounty ( learning > money)2) Always focus the target as it’s a fresh one3) Always look at the path less visited. Hunt on subdomain rather than main domain4) Don’t rely only an online courses and videos.
The complete story of how I got started into bug bounties and how you could get started alreadyHey, I am @dhakal_ananda from Nepal and I am back again with another writeup. This time, I want to share about my bug bounty journey. Let’s dive into it already. This all started when I was just a kid who used to play games and use facebook sometimes when I was maybe 13.
jobertabma/relative-url-extractorDuring reconnaissance (recon) it is often helpful to get a quick overview of all the relative endpoints in a file. These days web applications have frontend pipelines that make it harder for humans to understand minified code.
nahamsec/JSParserA python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests when performing security research or bug bounty hunting.
How a Scottish schoolboy who failed computing became one of the richest 'ethical hackers'Relaxing in the sunshine with his former Playboy model wife, Mark Litchfield is contemplating another dip in his pool. The 85F heat at their luxurious lakeside home near Las Vegas is a world away from more autumnal conditions in his home town of Arbroath.
bountyplz – automated security reporting from markdown templatesThis is a project created by Frans Rosén. The idea is to be able to submit a report without any interaction. It's taking advantage of all features the existing site has, such as attachments, inline images, assets, weaknesses and severity.
EdOverflow/bugbounty-cheatsheetWe welcome contributions from the public. The issue tracker is the preferred channel for bug reports and features requests.
ZephrFish/BugBountyTemplatesA collection of templates for bug bounty reporting, with guides on how to write and fill out. Not the core standard on how to report but certainly a flow I follow personally which has been successful for me. Your milage may vary.
Bounty Report Generator
File Upload XSSA file upload is a great opportunity to XSS an application. User restricted area with an uploaded profile picture is everywhere, providing more chances to find a developer’s mistake. If it happens to be a self XSS, just take a look at the previous post.
Bug Bounty Hunting (Methodology, Toolkit, Tips & Tricks, Blogs)A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs , especially those pertaining to exploits and vulnerabilities.
Bug Hunting Methodology (part-1)Hi I am Shankar R from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the part-time Because I am working as a senior penetration tester at Penetolabs Pvt Ltd(Chennai).
All Bug Bounty POC write ups by Security Researchers.All Bug Bounty POC write ups by Security Researchers. Hello BugBountyPoc viewers, this is Khizer again, I decided to Write about this Issue because I have seen some people are still confused about “Fastly error: unknown domain” Many Subdomains of BugBounty programs have This error...
List of bug bounty writeups来源:https://pentester.land/ 1. Bug bounty writeups published in 2019 2.
Bug Bounty ReferenceI have been reading for Bug Bounty write-ups for a few months, I found it extremely useful to read relevant write-up when I found a certain type of vulnerability that I have no idea how to exploit.
List of bug bounty writeupsTable of contents Bug bounty writeups published in 2021 Bug bounty writeups published in 2020 Title & URL Author Bug bounty program Vulnerability Reward $$$ Publication date Cross Domain Referrer Leakage Mohsinalibukc - Cross-Domain Referrer Leakage $300 12/31/2020 Misconfigured s3 bucket leads to S
Collaborate and work with other security researchers on bug bountiesHacker101 is structured as a set of video lessons – some covering multiple topics, some covering a single one – and can be consumed in two different ways. Singular videos or all-in-one. Uplevel your bug hunting skills with Bugcrowd University.
The Bugs Are Out There, Hiding in Plain SightIt’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only bug hunting, but technology & security in general.
Bug Hunting Methodology from an Average Bug HunterSome of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter.
Finding Hidden API Keys & How to use themMy Name is Sumit Jain .This time i going to talk about how to find hidden API Keys & how to use them. APIs are the keys to an organization’s databases, so it’s essential to control who has access to them.
BugBountyNotesAfter attending H1-3120 hosted by HackerOne, I returned home feeling extremely motivated, as i'm sure many others do as well! When looking for bugs at this event I had the privilege of hacking across the table from Ben Sadeghipour (@nahamsec).
BUG BOUNTY FORUMBugbounty forum once started as a small Skype group but turned in to a 100+ large community of researchers sharing information with each other and more. We now created a slack channel to handle new people! It's an invite-only group but we do have a sign up form where you can request an invite here.
Cookie worth a fortuneIn the following post, a Cookie Based Cross-Site-Scripting vulnerability was converted into a Reflected Cross-Site-Scripting vulnerability. A cookie-based XSS is generally considered Out Of Scope because an attacker has to physically insert the malicious cookie, which is very less likely.
The Bugs Are Out There, Hiding in Plain SightIt’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only bug hunting, but technology & security in general.
Bug Hunting Methodology from an Average Bug HunterSome of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter.
Automated monitoring of subdomains for fun and profitWhat’s Sublert?Certificate Transparency (CT) is a new internet standard that came into the light to make TLS/SSL certificate issuance process open and publicly available.
So you want to be a web security researcher?Are you interested in pushing hacking techniques beyond the current state of the art and sharing your findings with the infosec community? In this post I’ll share some guidance on web security research, shaped by the opportunities and pitfalls I’ve experienced while pursuing this path myself.
What I have learn in my first month of Hacking and Bug Bounty?Hi , In this post I will share everything about hacking , programming and bug bounty , CIFs etc available resources in come across. If you don’t know anything about hacking, then end of this blog you will be advance in hacking. I was like 😱 😱 .
Awesome Penetration TestingPenetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕).
Bug Hunting Methodology(Part-2)Hi I am Shankar R from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the part-time Because I am working as a Senior Penetration Tester at Penetolabs Pvt Ltd(Chennai).
Spokeo Bug bounty ExperienceRecently I reported a XSS bug at spokeo bug bounty program. After reported I was waiting and checking regularly is that fix or any reply. But no response. After 9 days I checked the xss been fixed. Then again message them, the issue has been fixed. Then they reply :(
Bug Bounty GuideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters. A great place to learn about the various aspects of bug bounties, and how you can improve your skills in this area.
Source code disclosure via exposed .git folderHi, I recently found a .git folder exposed on a public bug bounty program and used it to reconstruct the Web app’s source code. I can’t disclose specific details yet, but wanted to share with you this tutorial on how to find and exploit this kind of bugs. Start with enumerating domains.
DomLink — Automating domain discoveryTLDR: Give DomLink a domain, it’ll go and find associated organization and e-mail registered then use this information to perform reverse WHOIS. Simple. You then get an output of lots of other associated domains registered by the company.