A somewhat curated list of links to various topics in application security.
| Link | Excerpt | Word Count |
|---|---|---|
| File Upload XSS | A file upload is a great opportunity to XSS an application. User restricted area with an uploaded profile picture is everywhere, providing more chances to find a developer’s mistake. If it happens to be a self XSS, just take a look at the previous post. | 394 |
| All Bug Bounty POC write ups by Security Researchers. | All Bug Bounty POC write ups by Security Researchers. Description: When we have 2FA enabled on our Instagram account, let’s say I have an Instagram account with 2FA enabled. If I deactivate it for any reason, such as choosing to deactivate my Instagram... | 580 |
| Bug Bounty Forum | Bug Bounty Forum once started as a small Skype group but turned into a 200+ large community of researchers sharing information with each other and more. We now created a slack channel to handle new people! It's an invite-only group but we do have a sign up form where you can request an invite here. | 116 |
| ngalongc/bug-bounty-reference | I have been reading for Bug Bounty write-ups for a few months, I found it extremely useful to read relevant write-up when I found a certain type of vulnerability that I have no idea how to exploit. | 2349 |
| commixproject/commix | Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by (@ancst), that automates the detection and exploitation of command injection vulnerabilities. You can visit the collection of screenshots demonstrating some of the features on the wiki. | 148 |
| ZephrFish/BugBountyTemplates | A collection of templates for bug bounty reporting, with guides on how to write and fill out. Not the core standard on how to report but certainly a flow I follow personally which has been successful for me. Your milage may vary. | 147 |
| https://buer.haus/breport/ | 0 | |
| EdOverflow/bugbounty-cheatsheet | We welcome contributions from the public. The issue tracker is the preferred channel for bug reports and features requests. | 123 |
| nahamsec/JSParser | A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests when performing security research or bug bounty hunting. Run handler.py and then visit http://localhost:8008. | 67 |
| jobertabma/relative-url-extractor | During reconnaissance (recon) it is often helpful to get a quick overview of all the relative endpoints in a file. These days web applications have frontend pipelines that make it harder for humans to understand minified code. | 216 |
| Bug Bounty Toolkit | Free capture the flag virtual machines to download, run, and practice against. Free downloadable VMs and paid for online training and labs. Certainly worth checking out. | 1239 |
| enaqx/awesome-pentest | Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow this guidance to report it responsibly. | 7402 |
| https://medium.com/@Nick_Jenkins/the-hitchhikers-guide-to-bug-bounty-hunting-throughout-the-galaxy-474ddb87ae15 | 0 | |
| dsopas/assessment-mindset | I did this to help me on my security assessments (pentest, bug bounty, red-team, kung foo, you name it) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind. | 213 |
| Bug Bounty | ·FollowPublished inInfoSec Write-ups·--4ListenShareIt all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to t | 634 |
| DomLink | TLDR: Give DomLink a domain, it’ll go and find associated organization and e-mail registered then use this information to perform reverse WHOIS. Simple. You then get an output of lots of other associated domains registered by the company. | 352 |
| fransr/bountyplz | This is a project created by Frans Rosén. The idea is to be able to submit a report without any interaction. It's taking advantage of all features the existing site has, such as attachments, inline images, assets, weaknesses and severity. | 644 |
| Bug Bounty | ·FollowPublished inInfoSec Write-ups·--4ListenShareIt all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to t | 634 |
| So you want to be a web security researcher? | James Kettle Director of Research @albinowax Are you interested in pushing hacking techniques beyond the current state of the art and sharing your findings with the infosec community? In this post I’ll share some guidance on how to become a web security researcher, shaped by the opportunities and | 2139 |
| Writeups | Download as JSON file | 4 |
| Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018) | Hi, these are the notes I took while watching “The Bug Hunters Methodology v3(ish)” talk given by Jason Haddix on LevelUp 0x02 / 2018. This talk is about Jason Haddix’s bug hunting methodology. It is an upgrade of: | 1846 |
| https://medium.com/@hakluke/how-to-setup-an-automated-sub-domain-takeover-scanner-for-all-bug-bounty-programs-in-5-minutes-3562eb621db3 | 0 | |
| https://www.bugbountynotes.com/mobile | 0 | |
| https://www.bugbountynotes.com/mobile/training | 0 | |
| Source code disclosure via exposed .git folder | Hi, I recently found a .git folder exposed on a public bug bounty program and used it to reconstruct the Web app’s source code. I can’t disclose specific details yet, but wanted to share with you this tutorial on how to find and exploit this kind of bugs. | 668 |
| nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters | Welcome to our web hacking and bug bounty hunting resource repository! A curated collection of web hacking tools, tips, and resources is available here. | 160 |
| https://paper.seebug.org/802/ | 0 | |
| Automated monitoring of subdomains for fun and profit — Release of Sublert | Bug bounty has become a fast-growing industry with programs launching almost daily bringing along with it a fierce competition among hackers. It’s a sort of a monetized race which revolves around the first one to report a bug: first come, first served. | 1422 |
| Bug Hunting Methodology(Part-2) | Hi I am Shankar Ramakrishnan ( @trapp3r_hat) from India. I hope you all doing good. I am a security researcher from the last few years. Yes absolutely am doing bug bounty in the part-time because I am working as a Lead Security Consultant at Peneto Labs Pvt Ltd. | 2381 |
| Bug Hunting Methodology (part-1)Updated on 4-Jan-2020 | Hi I am Shankar Ramakrishnan (@trapp3r_hat) from India. I hope you all doing good. I am a security researcher from the last few years. Yes absolutely am doing bug bounty in the part-time because I am working as a Lead Security Consultant at Peneto Labs Pvt Ltd. | 2180 |
| Bug Bounty Guide | Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters. A great place to learn about the various aspects of bug bounties, and how you can improve your skills in this area. | 140 |
| https://link.medium.com/TMtwUFBULV | 0 | |
| https://link.medium.com/KdP429VHLX | 0 | |
| amass — Automated Attack Surface Mapping | SECURITY | AI | MEANING :: One security-minded AI builder's continuous stream of original ideas, analysis, tools, and mental models on how to build a successful and meaningful life in a world full of AI. | 32 |
| Bug Hunting Methodology from an Average Bug Hunter | Some of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter. | 1583 |
| https://link.medium.com/4nW2g1uZjZ | 0 | |
| Cookie worth a fortune | / | 0 |
| Finding Hidden API Keys & How to use them | Thanks for showing interest in this. Now the blog has been shifted to https://community.turgensec.com/finding-hidden-api-keys-how-to-use-them/ | 27 |
| Bug Hunting Methodology from an Average Bug Hunter | Some of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter. | 1583 |
| https://link.medium.com/Jiq4EKyFvZ | 0 | |
| https://www.hacktoday.io/t/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs/1990 | 0 | |
| The million dollar hacker: How a Scottish schoolboy who failed his A-level in computing went on to become one of the world's richest 'white hats' with a glitzy Las Vegas lifestyle with his former Playboy model wife | Relaxing in the sunshine with his former Playboy model wife, Mark Litchfield is contemplating another dip in his pool. The 85F heat at their luxurious lakeside home near Las Vegas is a world away from more autumnal conditions in his home town of Arbroath. | 1778 |
| Understanding the full potential of sqlmap during bug bounty hunting | Swiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar. | 1731 |
| https://link.medium.com/8M97ibhX30 | 0 | |
| https://link.medium.com/4kQ2DKcf60 | 0 | |
| dsopas/assessment-mindset | I did this to help me on my security assessments (pentest, bug bounty, red-team, kung foo, you name it) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind. | 213 |
| Bug Bounty Playbook | Do you like hacking ? Do you like security ? Do you want to make a living doing what you love? Do you want to find vulnerabilities and get paid to do so? If you answered YES to any of these questions then this book is for you. | 179 |
| arkadiyt/bounty-targets-data | This repo contains data dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports). The files provided are: The last change was detected on . New changes (if any) are picked up every 30 minutes. | 143 |
| https://link.medium.com/S5MFTthfV2 | 0 | |
| Hunting Good Bugs with only | Hey hunters! being a while of my last post! so let’s get deep on this right now! Really? it’s kind a joke? Getting bugs with <HTML>? | 1587 |
| https://link.medium.com/KEEGBSNPf3 | 0 | |
| bugbounty_checklist.md | This checklist may help you to have a good methodology for bug bounty hunting When you have done a action, don't forget to check ;) Happy hunting ! Recon on wildcard domainSingle domainInformation GatheringConfiguration ManagementSecure TransmissionAuthenticationSession ManagementAuthorizationData V | 937 |
| Samesite by Default and What It Means for Bug Bounty Hunters | You have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer. This attribute is going to be set by default for all cookies in Chrome 80 (February 4, 2020). | 784 |
| stevemcilwain/quiver | Quiver is an organized namespace of shell functions that pre-fill commands in your terminal so that you can ditch your reliance on notes, copying, pasting, editing, copying and pasting again. | 674 |
| @Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties! | Live Every Tuesday and Sunday on Twitch: https://twitch.tv/nahamsec Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Free $100 DigitalOcean Credit: https://m.do.co/c/3236 | 0 |
| Bug Bounty Hunting Tips #4 — Develop a Process and Follow It | The easiest way to fail as a bug bounty hunter is to search at random without a methodology or process to follow. Here’s what to consider. It is really easy to jump straight in and wildly throw payloads at a system when you first approach a target. | 1208 |
| devanshbatham/Awesome-Bugbounty-Writeups | Cross Site Scripting (XSS)Cross Site Request Forgery (CSRF)Clickjacking (UI Redressing Attack)Local File Inclusion (LFI)Subdomain TakeoverDenial of Service (DOS)Authentication BypassSQL injectionInsecure Direct Object Reference (IDOR)2FA Related issuesCORS Related issuesServer Side Request Forgery ( | 3850 |
| Security Tools | Security Tools, Curated list of security tools for Hackers & Builders! | 0 |
| Remote Code Execution explained with real life bug bounty reports | While reading about RCE last week and searching through Zerodium and why it's so heavily paid, found this : https://www.youtube.com/watch?v=649Nb0YFOi | 57 |
| Learn how to get started in bug bounties | Google has everything you need indexed. There are lots of queries you could search for, however here are some popular search queries: (don't forget to try different languages!) It really is as simple as: When looking for a companies security contact make sure to check for https://www.example.com/. | 430 |
| theinfosecguy/QuickXSS | Bash Script to Automate XSS using Waybackurls, GF, GF Patterns and Dalfox. Install Go in your Machine and then install required Tools. | 295 |
| https://vivekps143.medium.com/my-bug-bounty-journey-the-mind-of-a-middle-class-boy-who-wanted-everything-for-free-1456e160817c | 0 | |
| https://link.medium.com/oVNvKnISbdb | 0 | |
| https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/ | 0 | |
| https://link.medium.com/27usTAWCidb | 0 | |
| https://link.medium.com/5DUBJg9Didb | 0 | |
| Uncovering a blind SSRF Vulnerability in Facebook’s Infrastructure ($10000 — Bug Bounty) | This is a write-up about a blind SSRF vulnerability I found and reported to Facebook. The vulnerability could have allowed a malicious actor to send internal requests to the Facebook corporate network. | 311 |
| A community-curated Resource for Bug Bounty Hunting | Learn more about the types of bugs you can find on bug bounty programs. | 14 |
| A ffuf Primer | SECURITY | AI | MEANING :: One security-minded AI builder's continuous stream of original ideas, analysis, tools, and mental models on how to build a successful and meaningful life in a world full of AI. | 32 |
| https://link.medium.com/JLSJD8HrWdb | 0 | |
| https://link.medium.com/veE7slRrWdb | 0 | |
| https://thexssrat.podia.com/uncle-rat-s-ultimate-bug-bounty-guide?coupon=SDFDSCSD | 0 | |
| Noob’s Basic JSON web Token Exploit Guide | Hi, how are you la lala. Let’s cut short all that… I just want to cover a noob’s guide for basic json web token testing. Please note that this is not the only potential JSON analysis method. For more attack vectors, do have a look at https://github.com/DontPanicO/jwtXploiter | 315 |
| Top 10 web hacking techniques of 2020 | Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. | 1149 |
| https://infosecwriteups.com/intro-to-bug-bounty-automation-pt-2-8bf4b57f1881 | 0 | |
| How to discover up to 10,000 subdomains with your own tool | This time you will learn how to create your own tool with which you will be able to discover subdomains of websites. If in your free time you dedicate yourself to report vulnerabilities this can be very helpful for you. The subdomains are of the type: http://subdominio.dominio. | 1369 |
| Password Reset Token Leak via X-Forwarded-Host | Student of Bachelor of Commerce(B.Com) and also I am a Bug Bounty Hunter. This is my 1st blog, if you find any spelling mistakes, so please bear with me for the next few minutes. | 619 |
| nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters | Welcome to our web hacking and bug bounty hunting resource repository! A curated collection of web hacking tools, tips, and resources is available here. | 160 |
| Analyzing JavaScript Files for Bug Bounty Hunters | Javascript is a client-side object-oriented scripting language. In essence, this has several meanings: | 210 |
| supr4s/WebHackingTools | Automatically install some web hacking/bug bounty tools for your VPS/hacking station. | 247 |
| How to discover up to 10,000 subdomains with your own tool | This time you will learn how to create your own tool with which you will be able to discover subdomains of websites. If in your free time you dedicate yourself to report vulnerabilities this can be very helpful for you. The subdomains are of the type: http://subdominio.dominio. | 243 |
| If you find powerful OXML XXE tool? it’s “DOCEM” | XXE 테스트 시 쓸만한 도구 하나 찾아서 공유드립니다. 직접 노가다하거나 기존에 공개됬던 툴보단 훨씬 편리할 것 같습니다. When I tested OXML XXE, OOXML XXE, I used to create payload myself or used this tool. | 1039 |
| HTTP-HOST HEADER ATTACKS | Hi! My name is Hashar Mujahid and today we will learn how to carry out host header attacks in web applications. In layman’s terms, the HTTP host header is compulsory in the request it contains the domain name of the website that a user wants to access. | 960 |
| Top 10 web hacking techniques of 2022 | Welcome to the Top 10 Web Hacking Techniques of 2022, the 16th edition of our annual community-powered effort to identify the most important and innovative web security research published in the last year. | 1495 |
| 0xPugal/One-Liners | dirsearch -l urls.txt -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bak,bkp,cache,cgi,conf,csv,html,inc,jar,js,json,jsp,jsp~,lock,log,rar,old,sql,sql.gz,sql.zip,sql.tar.gz,sql~,swp,swp~,tar,tar.bz2,tar. | 72 |
| (Research) Exploiting HTTP Parsers Inconsistencies | The HTTP protocol plays a vital role in the seamless functioning of web applications, however, the implementation of HTTP parsers across different technologies can introduce subtle discrepancies, leading to potential security loopholes. | 3477 |
| How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports | 📚 Access full case study here: https://members.bugbountyexplained.com/sqli-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the case study of 128 SQ | 0 |
| IDOR - how to predict an identifier? Bug bounty case study | 📚 Access full case study here: https://members.bugbountyexplained.com/how-to-make-money-with-idors-idor-case-study/ 📖 Check out AppSecEngineer, the sponsor of today's video: https://www.appsecengineer.com 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing | 0 |