appsec.fyi

A somewhat curated list of links to various topics in application security.

Bug Bounty

LinkExcerpt
Top 10 web hacking techniques of 2022Welcome to the Top 10 Web Hacking Techniques of 2022, the 16th edition of our annual community-powered effort to identify the most important and innovative web security research published in the last year.
devanshbatham/Awesome-Bugbounty-WriteupsContents Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Clickjacking (UI Redressing Attack) Local File Inclusion (LFI) Subdomain Takeover Denial of Service (DOS) Authentication Bypass SQL injection Insecure Direct Object Reference (IDOR) 2FA Related issues CORS Related issues Server Si
HTTP-HOST HEADER ATTACKSHi! My name is Hashar Mujahid and today we will learn how to carry out host header attacks in web applications. In layman’s terms, the HTTP host header is compulsory in the request it contains the domain name of the website that a user wants to access.
Bug Bounty Cheat SheetWe welcome contributions from the public. The issue tracker is the preferred channel for bug reports and features requests.
If you find powerful OXML XXE tool? it's "DOCEM"XXE 테스트 시 쓸만한 도구 하나 찾아서 공유드립니다. 직접 노가다하거나 기존에 공개됬던 툴보단 훨씬 편리할 것 같습니다. When I tested OXML XXE, OOXML XXE, I used to create payload myself or used this tool.
How to discover up to 10,000 subdomains with your own toolThis time you will learn how to create your own tool with which you will be able to discover subdomains of websites. If in your free time you dedicate yourself to report vulnerabilities this can be very helpful for you. The subdomains are of the type: http://subdominio.dominio.
Sponsor commixproject/commixCommix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by (@ancst), that automates the detection and exploitation of command injection vulnerabilities. Alternatively, you can download the latest tarball or zipball.
VPS-web-hacking-toolsAutomatically install some web hacking/bug bounty tools for your VPS.
My bug bounty journey. The middle-class boy who wanted everything for free.My name is Vivek. I am currently working as a software developer in a private company. “Hacking” — I was introduced to this term when I was a school student. I was born into a middle-class family. I wanted everything for free.
How to discover up to 10,000 subdomains with your own toolThis time you will learn how to create your own tool with which you will be able to discover subdomains of websites. If in your free time you dedicate yourself to report vulnerabilities this can be very helpful for you. The subdomains are of the type: http://subdominio.dominio.
Analysing JavaScript Files For Bug Bounty HuntersJavascript is a client side object oriented scripting language. In essence this has several meanings:
Intro to Bug Bounty Automation (pt.2): Port Scanning with SlackOkay, so Slack can’t actually perform port scans! However, it can act as a communication channel to relay tasks, such as port scanning, to a remote server.
$10000 Facebook SSRF — Bug BountyThis is a write-up about a SSRF vulnerability I found on Facebook. The vulnerability could have allowed a malicious user to send internal requests to the Facebook corporate network.
Resources-for-Beginner-Bug-Bounty-HuntersThere are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?".
QuickXSSBash Script to Automate XSS using Waybackurls, GF, GF Patterns and Dalfox. Install Go in your Machine and then install required Tools.
Learn how to get started in bug bountiesGoogle has everything you need indexed. There are lots of queries you could search for, however here are some popular search queries: (don't forget to try different languages!) It really is as simple as: When looking for a companies security contact make sure to check for https://www.example.com/.
Resources-for-Beginner-Bug-Bounty-HuntersThere are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?".
Password Reset Token Leak via X-Forwarded-HostStudent of Bachelor of Commerce(B.Com) and also I am a Bug Bounty Hunter. This is my 1st blog, if you find any spelling mistakes, so please bear with me for the next few minutes.
Top 10 web hacking techniques of 2020Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year.
Noob’s Basic JSON web Token Exploit GuideHi, how are you la lala. Let’s cut short all that… I just want to cover a noob’s guide for basic json web token testing. Please note that this is not the only potential JSON analysis method. For more attack vectors, do have a look at https://github.com/DontPanicO/jwtXploiter
Uncle Rat's ultimate bug bounty guide
Finding My First Bug: HTTP Request SmugglingThis is the report of my first bug. The bug was HTTP Request Smuggling for which I got a bounty of $200. During my recon when I found all the possible subdomains I just started visiting them one by one, the vulnerable subdomain gave a 403 Forbidden error along with the version of the webserver.
HTTP Request Smuggling: A PrimerOne of the security issues you might face with your website or web app is request smuggling. HTTP request smuggling is a security vulnerability that allows an attacker to interfere with the way a server processes the HTTP requests it receives.
Daniel Miesslerffuf is an acronym for “fuzz faster you fool!”, and it’s a cli-based web attack tool written in Go. Veteran web testers might think of it as Burp Intruder on the command line. The hardest thing about ffuf is figuring out how to pronounce it.
🐛 BugBountyHunting Search Engine🐛 BugBountyHunting Search Engine Made with ❤️ by @payloadartist Example search: http://bugbountyhunting.
Subdomain Take Over Worth 100£When good ethics meet mother luck along with the right elements, This combination can bring good results. Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user’s account credentials.
CTF [Dec 11–15]: Pwn a buggy webapp in 5 minutesThis week’s CTF was based on WebApp Security and was by far the easiest one. In this post, I will be talking about an intentional bypass that allows you to get root and solve the whole WebApp Security CTF under 5 mins!
Website Penetration Testing and Database Hacking with SqlmapHey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“.
Hunting and Exploiting the Apache GhostcatThe Apache Ghostcat vulnerability is a file inclusion vulnerability which came out in the first quarter of this year while the world was gearing up for a lockdown fight up against the coronavirus.
Remote Code Execution explained with real life bug bounty reportsMight help other people.
Security ToolsSecurity Tools, Curated list of security tools for Hackers & Builders!
Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018)Hi, these are the notes I took while watching “The Bug Hunters Methodology v3(ish)” talk given by Jason Haddix on LevelUp 0x02 / 2018. This talk is about Jason Haddix’s bug hunting methodology. It is an upgrade of:
Bug Bounty Hunting Tips #4 — Develop a Process and Follow ItThe easiest way to fail as a bug bounty hunter is to search at random without a methodology or process to follow. Here’s what to consider. It is really easy to jump straight in and wildly throw payloads at a system when you first approach a target.
Samesite by Default and What It Means for Bug Bounty HuntersYou have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer. This attribute is going to be set by default for all cookies in Chrome 80 (February 4, 2020).
@Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties!Live Every Tuesday and Sunday on Twitch: https://twitch.tv/nahamsec Follow me on social media: https://twitter.com/nahamsec https://instagram.com/nahamsec https://twitch.com/nahamsec https://hackerone.com/nahamsec https://facebook.com/nahamsec1 Free $100 DigitalOcean Credit: https://m.do.co/c/3236
Quiver : A Meta-Tool for Kali LinuxQuiver is an organized namespace of shell functions that pre-fill commands in your terminal so that you can ditch your reliance on notes, copying, pasting, editing, copying and pasting again.
sehno/Bug-bountyYou can find here some resources I use to do bug bounty hunting.
Bug Bounty ToolkitFree capture the flag virtual machines to download, run, and practice against. Free downloadable VMs and paid for online training and labs. Certainly worth checking out.
Bug BountyBug Bounty — Tips / Tricks / JS (JavaScript Files)It all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to th
Hunting Good Bugs with only Hey hunters! being a while of my last post! so let’s get deep on this right now! Really? it’s kind a joke? Getting bugs with <HTML>?
Bug Hunting Journey of 2019So I thought I should share a last writeup about some of the bugs which I have found this year.This is going to be a little long.I have been working on this for the last few days ,I hope you will like it. You can use grep to search for strings starting with https,http.
Bug Bounty PlaybookDo you like hacking ? Do you like security ? Do you want to make a living doing what you love? Do you want to find vulnerabilities and get paid to do so? If you answered YES to any of these questions then this book is for you.
Bug BountyBug Bounty — Tips / Tricks / JS (JavaScript Files)It all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat with him that day gave me some confidence to hunt for Bugs when he pointed towards his blog post The race to th
How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
Security Assessment MindsetSecurity Assessment Mindset Why I did this to help me on my security assessments (pentest, bug bounty, red-team, kung foo, you name it) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind.
bounty-targets-dataThis repo contains data dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports). The files provided are: The last change was detected on . New changes (if any) are picked up hourly.
Understanding the full potential of sqlmap during bug bounty huntingSwiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar.
amass — Automated Attack Surface MappingWhether you’re attacking or defending, you have the highest chance of success when you fully understand the target. The pronunciation stress is on the second syllable.
Security Assessment MindsetSecurity Assessment Mindset Why I did this to help me on my security assessments (pentest, bug bounty, red-team, kung foo, you name it) and to keep my work well organized. Each time I finished a task, I marked it with a check icon using XMind.
Pro tips for bug bountyPro Tips For Bug Bounty1) clear your mindset about bugbounty ( learning > money)2) Always focus the target as it’s a fresh one3) Always look at the path less visited. Hunt on subdomain rather than main domain4) Don’t rely only an online courses and videos.
The complete story of how I got started into bug bounties and how you could get started alreadyHey, I am @dhakal_ananda from Nepal and I am back again with another writeup. This time, I want to share about my bug bounty journey. Let’s dive into it already. This all started when I was just a kid who used to play games and use facebook sometimes when I was maybe 13.
UsageDuring reconnaissance (recon) it is often helpful to get a quick overview of all the relative endpoints in a file. These days web applications have frontend pipelines that make it harder for humans to understand minified code.
JSParserA python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests when performing security research or bug bounty hunting. Run handler.py and then visit http://localhost:8008.
How a Scottish schoolboy who failed computing became one of the richest 'ethical hackers'The million dollar hacker: How a Scottish schoolboy who failed his A-level in computing went on to become one of the world's richest 'white hats' with a glitzy Las Vegas lifestyle with his former Playboy model wife Relaxing in the sunshine with his former Playboy model wife, Mark Litchfield is conte
bountyplz – automated security reporting from markdown templatesThis is a project created by Frans Rosén. The idea is to be able to submit a report without any interaction. It's taking advantage of all features the existing site has, such as attachments, inline images, assets, weaknesses and severity.
Bug Bounty TemplatesA collection of templates for bug bounty reporting, with guides on how to write and fill out. Not the core standard on how to report but certainly a flow I follow personally which has been successful for me. Your milage may vary.
Bounty Report Generator
File Upload XSSA file upload is a great opportunity to XSS an application. User restricted area with an uploaded profile picture is everywhere, providing more chances to find a developer’s mistake. If it happens to be a self XSS, just take a look at the previous post.
Bug Bounty Hunting (Methodology, Toolkit, Tips & Tricks, Blogs)A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs , especially those pertaining to exploits and vulnerabilities.
Bug Hunting Methodology (part-1)Updated on 4-Jan-2020Hi I am Shankar R ( @trapp3r_hat) from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the part-time Because I am working as a Security Consultant at Penetolabs Pvt Ltd(Chennai).
All Bug Bounty POC write ups by Security Researchers.All Bug Bounty POC write ups by Security Researchers. Hello BugBountyPoc viewers, this is Khizer again, I decided to Write about this Issue because I have seen some people are still confused about “Fastly error: unknown domain” Many Subdomains of BugBounty programs have This error...
List of bug bounty writeups来源:https://pentester.land/ 1. Bug bounty writeups published in 2019 2.
Bug Bounty ReferenceI have been reading for Bug Bounty write-ups for a few months, I found it extremely useful to read relevant write-up when I found a certain type of vulnerability that I have no idea how to exploit.
WriteupsDownload as JSON file
The Bugs Are Out There, Hiding in Plain SightIt’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only bug hunting, but technology & security in general.
Bug Hunting Methodology from an Average Bug HunterSome of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter.
Finding Hidden API Keys & How to use themThanks for showing interest in this. Now the blog has been shifted to https://community.turgensec.com/finding-hidden-api-keys-how-to-use-them/
BUG BOUNTY FORUMBugbounty forum once started as a small Skype group but turned in to a 100+ large community of researchers sharing information with each other and more. We now created a slack channel to handle new people! It's an invite-only group but we do have a sign up form where you can request an invite here.
Cookie worth a fortuneIn the following post, a Cookie Based Cross-Site-Scripting vulnerability was converted into a Reflected Cross-Site-Scripting vulnerability. A cookie-based XSS is generally considered Out Of Scope because an attacker has to physically insert the malicious cookie, which is very less likely.
The Bugs Are Out There, Hiding in Plain SightIt’s no secret, bug bounty is not an easy field to jump into and be successful. The top hunters likely have years of experience in not only bug hunting, but technology & security in general.
Bug Hunting Methodology from an Average Bug HunterSome of the most common questions out there in the industry are “what is your methodology?” or “how do you look for bugs”? This post will be an attempt to answer that from the point of view of an average and continuously learning bug hunter.
Automated monitoring of subdomains for fun and profit — Release of SublertBug bounty has become a fast-growing industry with programs launching almost daily bringing along with it a fierce competition among hackers. It’s a sort of a monetized race which revolves around the first one to report a bug: first come, first served.
So you want to be a web security researcher?Are you interested in pushing hacking techniques beyond the current state of the art and sharing your findings with the infosec community? In this post I’ll share some guidance on web security research, shaped by the opportunities and pitfalls I’ve experienced while pursuing this path myself.
What I have learn in my first month of Hacking and Bug Bounty?Hi , In this post I will share everything about hacking , programming and bug bounty , CIFs etc available resources in come across. If you don’t know anything about hacking, then end of this blog you will be advance in hacking. I was like 😱 😱 .
enaqx/awesome-pentestPenetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow this guidance to report it responsibly.
Bug Hunting Methodology(Part-2)Hi I am Shankar R ( @trapp3r_hat) from Tirunelveli (India). I hope you all doing good. I am a security researcher from the last one year. Yes absolutely am doing bug bounty in the part-time Because I am working as a Senior Penetration Tester at Penetolabs Pvt Ltd(Chennai).
Spokeo Bug bounty ExperienceRecently I reported a XSS bug at spokeo bug bounty program. After reported I was waiting and checking regularly is that fix or any reply. But no response. After 9 days I checked the xss been fixed. Then again message them, the issue has been fixed. Then they reply :(
Bug Bounty GuideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters. A great place to learn about the various aspects of bug bounties, and how you can improve your skills in this area.
Source code disclosure via exposed .git folderHi, I recently found a .git folder exposed on a public bug bounty program and used it to reconstruct the Web app’s source code. I can’t disclose specific details yet, but wanted to share with you this tutorial on how to find and exploit this kind of bugs.
DomLinkTLDR: Give DomLink a domain, it’ll go and find associated organization and e-mail registered then use this information to perform reverse WHOIS. Simple. You then get an output of lots of other associated domains registered by the company.