A list of questions that bounty hunters frequently DM me about. 😄
I have a simple philosophy that I share with everyone:
- Learn to make it. Then break it!
- Read books. Lots of books.
EdOverflow EdOverflow
☕
EdOverflow
/ bugbountyfaq.md
Last active
April 4, 2022 16:18
A list of questions that bug bounty hunters frequently DM me about.
EdOverflow
/ CTF_reversing_the_password.md
Last active
April 20, 2019 22:23
My solutions to the "reversing the passwords" CTF by Jobert.
EdOverflow
/ github_bugbountyhunting.md
Last active
April 13, 2024 13:20
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
EdOverflow
/ github_onplatform.md
Last active
August 27, 2020 10:22
My basic workflow when using GitHub for recon purposes.
Note: Please keep in mind, that all of this does not work if you are not signed in to GitHub.
When searching for issues related to a target I often like to quickly look up their GitHub organization on Google.
So let's say Gratipay says nothing about being open source. A quick Google "Gratipay GitHub" should return Gratipay's org page on GitHub.
Then from there I am going to check what repos actually belong to the org and which are forked. You can do this by selecting the Type: dropdown on the right hand side of the page.
EdOverflow
/ broken_link_hijacking.md
Last active
May 30, 2023 18:31
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link Hijacking comes in two forms, reflected and stored. This issue has been exploited in the wild numerous times, but surprisingly few researchers actively look for broken links in bug bounty programs.
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
EdOverflow
/ keybase.md
Created
October 20, 2017 14:31
I hereby claim:
- I am edoverflow on github.
- I am edoverflow (https://keybase.io/edoverflow) on keybase.
- I have a public key ASDfEwD4wuFwxlxKl77DZju1xcWdKUSV3sFDCdK16rW3Tgo
To claim this, I am signing this object:
EdOverflow
/ open_redirect_wordlist.txt
Last active
February 21, 2023 14:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /http://example.com | |
| /%5cexample.com | |
| /%2f%2fexample.com | |
| /example.com/%2f%2e%2e | |
| /http:/example.com | |
| /?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com | |
| /?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com | |
| /?url=/\/example.com&next=/\/example.com&redirect=/\/example.com | |
| /redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com | |
| /redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com |
EdOverflow
/ keybase.md
Last active
July 29, 2019 08:29
EdOverflow
/ blockstack.md
Created
January 20, 2018 14:28
Verifying my Blockstack ID is secured with the address 1MYJhkhmKN6HFXUBpaeDfFja8j5bFR6VTr https://explorer.blockstack.org/address/1MYJhkhmKN6HFXUBpaeDfFja8j5bFR6VTr
EdOverflow
/ htmli_2_xss.txt
Created
January 20, 2018 20:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <style>body{margin:0}.overlay{position:fixed;top:0;left:0;z-index:999;height:100vh;width:100vw;background:rgba(0,0,0,0.5)}.alert{width:300px;padding:0 20px 0 0px;position:absolute;top:50%;left:50%;transform:translate(-50%, -50%);background:#fff}.alert p{color:#000 !important;padding:45px;text-align:center;font-family:sans-serif}.ok{background:#eee;width:100%;height:30px;padding:10px 10px}.ok button{float:right;padding:0 25px;margin-right:5px}</style><div class="overlay"><div class="alert"><p>1</p><div class="ok"><button>OK</button></div></div></div> |
OlderNewer