A somewhat curated list of links to various topics in application security.
| Link | Excerpt | Word Count |
|---|---|---|
| devanshbatham/Awesome-Bugbounty-Writeups | Contents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection Insecure Direct Object Reference (IDOR) 2FA Related issues CORS Related issues Server Si | 3918 |
| (Research) Exploiting HTTP Parsers Inconsistencies | The HTTP protocol plays a vital role in the seamless functioning of web applications, however, the implementation of HTTP parsers across different technologies can introduce subtle discrepancies, leading to potential security loopholes. | 3477 |
| IDOR - how to predict an identifier? Bug bounty case study | 📚 Access full case study here: https://members.bugbountyexplained.com/how-to-make-money-with-idors-idor-case-study/ 📖 Check out AppSecEngineer, the sponsor of today's video: https://www.appsecengineer.com 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing | 0 |
| How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports | 📚 Access full case study here: https://members.bugbountyexplained.com/sqli-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the case study of 128 SQ | 0 |
| 0xPugazh/One-Liners | One-Liners Thanks to all who create these Awesome One Liners❤️ Subdomain Enumeration Juicy Subdomains subfinder -d target.com -silent | dnsprobe -silent | cut -d ' ' -f1 | grep --color 'api\|dev\|stg\|test\|admin\|demo\|stage\|pre\|vpn' from BufferOver.run curl -s https://dns.bufferover. | 1838 |
| Top 10 web hacking techniques of 2022 | Welcome to the Top 10 Web Hacking Techniques of 2022, the 16th edition of our annual community-powered effort to identify the most important and innovative web security research published in the last year. | 1487 |
| HTTP-HOST HEADER ATTACKS | Hi! My name is Hashar Mujahid and today we will learn how to carry out host header attacks in web applications. In layman’s terms, the HTTP host header is compulsory in the request it contains the domain name of the website that a user wants to access. | 953 |
| Bug Bounty Cheat Sheet | We welcome contributions from the public. The issue tracker is the preferred channel for bug reports and features requests. | 175 |
| If you find powerful OXML XXE tool? it's "DOCEM" | XXE 테스트 시 쓸만한 도구 하나 찾아서 공유드립니다. 직접 노가다하거나 기존에 공개됬던 툴보단 훨씬 편리할 것 같습니다. When I tested OXML XXE, OOXML XXE, I used to create payload myself or used this tool. | 1039 |
| How to discover up to 10,000 subdomains with your own tool | This time you will learn how to create your own tool with which you will be able to discover subdomains of websites. If in your free time you dedicate yourself to report vulnerabilities this can be very helpful for you. The subdomains are of the type: http://subdominio.dominio. | 1360 |
| Sponsor commixproject/commix | Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by (@ancst), that automates the detection and exploitation of command injection vulnerabilities. Alternatively, you can download the latest tarball or zipball. | 134 |
| VPS-web-hacking-tools | Automatically install some web hacking/bug bounty tools for your VPS. | 143 |
| My bug bounty journey. The middle-class boy who wanted everything for free. | My name is Vivek. I am currently working as a software developer in a private company. “Hacking” — I was introduced to this term when I was a school student. I was born into a middle-class family. I wanted everything for free. | 808 |
| How to discover up to 10,000 subdomains with your own tool | This time you will learn how to create your own tool with which you will be able to discover subdomains of websites. If in your free time you dedicate yourself to report vulnerabilities this can be very helpful for you. The subdomains are of the type: http://subdominio.dominio. | 1360 |
| Analysing JavaScript Files For Bug Bounty Hunters | Javascript is a client side object oriented scripting language. In essence this has several meanings: | 644 |
| Intro to Bug Bounty Automation (pt.2): Port Scanning with Slack | Okay, so Slack can’t actually perform port scans! However, it can act as a communication channel to relay tasks, such as port scanning, to a remote server. | 655 |
| $10000 Facebook SSRF — Bug Bounty | This is a write-up about a SSRF vulnerability I found on Facebook. The vulnerability could have allowed a malicious user to send internal requests to the Facebook corporate network. | 266 |
| Resources-for-Beginner-Bug-Bounty-Hunters | There are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?". | 195 |
| QuickXSS | Bash Script to Automate XSS using Waybackurls, GF, GF Patterns and Dalfox. Install Go in your Machine and then install required Tools. | 263 |
| Learn how to get started in bug bounties | Google has everything you need indexed. There are lots of queries you could search for, however here are some popular search queries: (don't forget to try different languages!) It really is as simple as: When looking for a companies security contact make sure to check for https://www.example.com/. | 430 |
| Resources-for-Beginner-Bug-Bounty-Hunters | There are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?". | 195 |
| Password Reset Token Leak via X-Forwarded-Host | Student of Bachelor of Commerce(B.Com) and also I am a Bug Bounty Hunter. This is my 1st blog, if you find any spelling mistakes, so please bear with me for the next few minutes. | 612 |
| Top 10 web hacking techniques of 2020 | Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. | 1153 |
| Noob’s Basic JSON web Token Exploit Guide | Hi, how are you la lala. Let’s cut short all that… I just want to cover a noob’s guide for basic json web token testing. Please note that this is not the only potential JSON analysis method. For more attack vectors, do have a look at https://github.com/DontPanicO/jwtXploiter | 305 |
| Uncle Rat's ultimate bug bounty guide | 0 | |
| Finding My First Bug: HTTP Request Smuggling | This is the report of my first bug. The bug was HTTP Request Smuggling for which I got a bounty of $200. During my recon when I found all the possible subdomains I just started visiting them one by one, the vulnerable subdomain gave a 403 Forbidden error along with the version of the webserver. | 351 |
| HTTP Request Smuggling: A Primer | One of the security issues you might face with your website or web app is request smuggling. HTTP request smuggling is a security vulnerability that allows an attacker to interfere with the way a server processes the HTTP requests it receives. | 1160 |
| Daniel Miessler | ffuf is an acronym for “fuzz faster you fool!”, and it’s a cli-based web attack tool written in Go. Veteran web testers might think of it as Burp Intruder on the command line. The hardest thing about ffuf is figuring out how to pronounce it. | 732 |
| 🐛 BugBountyHunting Search Engine | 🐛 BugBountyHunting Search Engine Made with ❤️ by @payloadartist Example search: http://bugbountyhunting. | 26 |
| Subdomain Take Over Worth 100£ | When good ethics meet mother luck along with the right elements, This combination can bring good results. Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user’s account credentials. | 779 |
| CTF [Dec 11–15]: Pwn a buggy webapp in 5 minutes | This week’s CTF was based on WebApp Security and was by far the easiest one. In this post, I will be talking about an intentional bypass that allows you to get root and solve the whole WebApp Security CTF under 5 mins! | 398 |
| Website Penetration Testing and Database Hacking with Sqlmap | Hey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“. | 1314 |
| Hunting and Exploiting the Apache Ghostcat | The Apache Ghostcat vulnerability is a file inclusion vulnerability which came out in the first quarter of this year while the world was gearing up for a lockdown fight up against the coronavirus. | 1031 |
| Remote Code Execution explained with real life bug bounty reports | Might help other people. | 57 |
| Security Tools | Security Tools, Curated list of security tools for Hackers & Builders! | 0 |
| Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018) | Hi, these are the notes I took while watching “The Bug Hunters Methodology v3(ish)” talk given by Jason Haddix on LevelUp 0x02 / 2018. This talk is about Jason Haddix’s bug hunting methodology. It is an upgrade of: | 1774 |
| Bug Bounty Hunting Tips #4 — Develop a Process and Follow It | The easiest way to fail as a bug bounty hunter is to search at random without a methodology or process to follow. Here’s what to consider. It is really easy to jump straight in and wildly throw payloads at a system when you first approach a target. | 1222 |
| Samesite by Default and What It Means for Bug Bounty Hunters | You have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer. This attribute is going to be set by default for all cookies in Chrome 80 (February 4, 2020). | 784 |
| @Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties! | Live Every Tuesday and Sunday on Twitch: https://twitch.tv/nahamsec Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Free $100 DigitalOcean Credit: https://m.do.co/c/3236 | 0 |
| Quiver : A Meta-Tool for Kali Linux | Quiver is an organized namespace of shell functions that pre-fill commands in your terminal so that you can ditch your reliance on notes, copying, pasting, editing, copying and pasting again. | 693 |
| sehno/Bug-bounty | You can find here some resources I use to do bug bounty hunting. | 29 |
| Bug Bounty Toolkit | Free capture the flag virtual machines to download, run, and practice against. Free downloadable VMs and paid for online training and labs. Certainly worth checking out. | 1233 |
| Bug Bounty | Bug Bounty — Tips / Tricks / JS (JavaScript Files)It all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to th | 573 |
| Hunting Good Bugs with only | Hey hunters! being a while of my last post! so let’s get deep on this right now! Really? it’s kind a joke? Getting bugs with <HTML>? | 1527 |
| Bug Hunting Journey of 2019 | So I thought I should share a last writeup about some of the bugs which I have found this year.This is going to be a little long.I have been working on this for the last few days ,I hope you will like it. You can use grep to search for strings starting with https,http. | 1754 |
| Bug Bounty Playbook | Do you like hacking ? Do you like security ? Do you want to make a living doing what you love? Do you want to find vulnerabilities and get paid to do so? If you answered YES to any of these questions then this book is for you. | 158 |
| Bug Bounty | Bug Bounty — Tips / Tricks / JS (JavaScript Files)It all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to th | 573 |
| How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes | 0 | |
| Security Assessment Mindset | Security Assessment Mindset Why I did this to help me on my security assessments (pentest, bug bounty, red-team, kung foo, you name it) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind. | 224 |
| bounty-targets-data | This repo contains data dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports). The files provided are: The last change was detected on . New changes (if any) are picked up hourly. | 154 |
| Understanding the full potential of sqlmap during bug bounty hunting | Swiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar. | 1733 |
| amass — Automated Attack Surface Mapping | Whether you’re attacking or defending, you have the highest chance of success when you fully understand the target. The pronunciation stress is on the second syllable. | 1261 |
| Security Assessment Mindset | Security Assessment Mindset Why I did this to help me on my security assessments (pentest, bug bounty, red-team, kung foo, you name it) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind. | 224 |
| Pro tips for bug bounty | Pro Tips For Bug Bounty1) clear your mindset about bugbounty ( learning > money)2) Always focus the target as it’s a fresh one3) Always look at the path less visited. Hunt on subdomain rather than main domain4) Don’t rely only an online courses and videos. | 198 |
| The complete story of how I got started into bug bounties and how you could get started already | Hey, I am @dhakal_ananda from Nepal and I am back again with another writeup. This time, I want to share about my bug bounty journey. Let’s dive into it already. This all started when I was just a kid who used to play games and use facebook sometimes when I was maybe 13. | 1099 |
| Usage | During reconnaissance (recon) it is often helpful to get a quick overview of all the relative endpoints in a file. These days web applications have frontend pipelines that make it harder for humans to understand minified code. | 218 |
| JSParser | A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests when performing security research or bug bounty hunting. Run handler.py and then visit http://localhost:8008. | 76 |
| How a Scottish schoolboy who failed computing became one of the richest 'ethical hackers' | The million dollar hacker: How a Scottish schoolboy who failed his A-level in computing went on to become one of the world's richest 'white hats' with a glitzy Las Vegas lifestyle with his former Playboy model wife Relaxing in the sunshine with his former Playboy model wife, Mark Litchfield is conte | 1815 |
| bountyplz – automated security reporting from markdown templates | This is a project created by Frans Rosén. The idea is to be able to submit a report without any interaction. It's taking advantage of all features the existing site has, such as attachments, inline images, assets, weaknesses and severity. | 665 |
| Bug Bounty Templates | A collection of templates for bug bounty reporting, with guides on how to write and fill out. Not the core standard on how to report but certainly a flow I follow personally which has been successful for me. Your milage may vary. | 131 |
| Bounty Report Generator | 0 | |
| File Upload XSS | A file upload is a great opportunity to XSS an application. User restricted area with an uploaded profile picture is everywhere, providing more chances to find a developer’s mistake. If it happens to be a self XSS, just take a look at the previous post. | 394 |
| Bug Bounty Hunting (Methodology, Toolkit, Tips & Tricks, Blogs) | A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs , especially those pertaining to exploits and vulnerabilities. | 947 |
| Bug Hunting Methodology (part-1)Updated on 4-Jan-2020 | Hi I am Shankar R ( @trapp3r_hat) from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the part-time Because I am working as a Security Consultant at Penetolabs Pvt Ltd(Chennai). | 1968 |
| All Bug Bounty POC write ups by Security Researchers. | All Bug Bounty POC write ups by Security Researchers. Hello friends, Recently I came across S3 Bucket Misconfiguration vulnerability on one of the private program. I saw many write-ups on how to exploit it but none of them was from Basics. So i... | 581 |
| List of bug bounty writeups | 来源:https://pentester.land/ 1. Bug bounty writeups published in 2019 2. | 1383 |
| Bug Bounty Reference | I have been reading for Bug Bounty write-ups for a few months, I found it extremely useful to read relevant write-up when I found a certain type of vulnerability that I have no idea how to exploit. | 2372 |
| Writeups | Download as JSON file | 4 |
| The Bugs Are Out There, Hiding in Plain Sight | It’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only bug hunting, but technology & security in general. | 105 |
| Bug Hunting Methodology from an Average Bug Hunter | Some of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter. | 1572 |
| Finding Hidden API Keys & How to use them | Thanks for showing interest in this. Now the blog has been shifted to https://community.turgensec.com/finding-hidden-api-keys-how-to-use-them/ | 27 |
| Bug Bounty Forum | Bug Bounty Forum once started as a small Skype group but turned into a 200+ large community of researchers sharing information with each other and more. We now created a slack channel to handle new people! It's an invite-only group but we do have a sign up form where you can request an invite here. | 116 |
| Cookie worth a fortune | In the following post, a Cookie Based Cross-Site-Scripting vulnerability was converted into a Reflected Cross-Site-Scripting vulnerability. A cookie-based XSS is generally considered Out Of Scope because an attacker has to physically insert the malicious cookie, which is very less likely. | 1026 |
| The Bugs Are Out There, Hiding in Plain Sight | It’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only bug hunting, but technology & security in general. | 105 |
| Bug Hunting Methodology from an Average Bug Hunter | Some of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter. | 1572 |
| Automated monitoring of subdomains for fun and profit — Release of Sublert | Bug bounty has become a fast-growing industry with programs launching almost daily bringing along with it a fierce competition among hackers. It’s a sort of a monetized race which revolves around the first one to report a bug: first come, first served. | 1422 |
| So you want to be a web security researcher? | Are you interested in pushing hacking techniques beyond the current state of the art and sharing your findings with the infosec community? In this post I’ll share some guidance on web security research, shaped by the opportunities and pitfalls I’ve experienced while pursuing this path myself. | 1820 |
| What I have learn in my first month of Hacking and Bug Bounty? | Hi , In this post I will share everything about hacking , programming and bug bounty , CIFs etc available resources in come across. If you don’t know anything about hacking, then end of this blog you will be advance in hacking. I was like 😱 😱 . | 1871 |
| enaqx/awesome-pentest | Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow this guidance to report it responsibly. | 7450 |
| Bug Hunting Methodology(Part-2) | Hi I am Shankar R ( @trapp3r_hat) from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the part-time Because I am working as a Senior Penetration Tester at Penetolabs Pvt Ltd(Chennai). | 1880 |
| Spokeo Bug bounty Experience | Recently I reported a XSS bug at spokeo bug bounty program. After reported I was waiting and checking regularly is that fix or any reply. But no response. After 9 days I checked the xss been fixed. Then again message them, the issue has been fixed. Then they reply :( | 140 |
| Bug Bounty Guide | Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters. A great place to learn about the various aspects of bug bounties, and how you can improve your skills in this area. | 140 |
| Source code disclosure via exposed .git folder | Hi, I recently found a .git folder exposed on a public bug bounty program and used it to reconstruct the Web app’s source code. I can’t disclose specific details yet, but wanted to share with you this tutorial on how to find and exploit this kind of bugs. | 649 |
| DomLink | TLDR: Give DomLink a domain, it’ll go and find associated organization and e-mail registered then use this information to perform reverse WHOIS. Simple. You then get an output of lots of other associated domains registered by the company. | 343 |