Skip to content

Instantly share code, notes, and snippets.

@ruevaughn

ruevaughn/00-==}}======> bbht-resources-notes

Last active March 20, 2024 06:32
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save ruevaughn/b26a7d3d80d973c0b876c6f98d97315d to your computer and use it in GitHub Desktop.
Save ruevaughn/b26a7d3d80d973c0b876c6f98d97315d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
00-==}}======> bbht-resources-notes
My Resources and Links over time to various Tools, Notes, Videos, Papers, Articles, Writeups, and more. Will be moving to my own private hosted Wikipedia soon. Ascii Art Font: Calvin S
╔╦╗╦ ╦ ╔╗ ┬ ┬┌─┐ ╔╗ ┌─┐┬ ┬┌┐┌┬┐┬ ┬ ╦═╗┌─┐┌─┐┌─┐┬ ┬┬─┐┌─┐┌─┐┌─┐
║║║╚╦╝ ╠╩╗│ ││ ┬ ╠╩╗│ ││ │││││ └┬┘ ╠╦╝├┤ └─┐│ ││ │├┬┘│ ├┤ └─┐
╩ ╩ ╩ ╚═╝└─┘└─┘ ╚═╝└─┘└─┘┘└┘┴ ┴ ╩╚═└─┘└─┘└─┘└─┘┴└─└─┘└─┘└─┘
//
()==========>>======================================--
\\
https://doepichack.com/
https://hunter.how/watch
My Owasp Top 10, top 10
Commix git clone https://github.com/commixproject/commix.git commix
Mongoaudit https://github.com/stampery/mongoaudit
Nosqlmap https://github.com/codingo/NoSQLMap
https://github.com/knassar702/lorsrf
https://github.com/In3tinct/See-SURF
Sqlmap https://github.com/sqlmapproject/sqlmap
SSRFMap https://github.com/swisskyrepo/SSRFmap
My Personal Favorites
asn https://github.com/Excloudx6/asn#screenshots
httpstat https://github.com/reorx/httpstat
mtr (https://github.com/traviscross/mtr)
nrich (https://gitlab.com/shodan-public/nrich)
prt https://github.com/elbee-cyber/prt
https://github.com/NetSPI/AutoDirbuster
pcf https://gitlab.com/invuls/pentest-projects/pcf
medic https://github.com/Rowno/medic#readme
https://hack.technoherder.com/category/web-app-attack/
https://rmusser.net/docs/#/
https://github.com/lutfumertceylan/top25-parameter
ihttps://github.com/flipkart-incubator/watchdog
OWasp v5.0 in progress https://github.com/OWASP/wstg/tree/master/document
https://github.com/sehno/Bug-bounty/blob/master/bugbounty_toolkit.md
Code - line 286
Javascript - line 730
prototype pollution - 939
Dec22
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-december-2022
https://hackerone.com/teleport?type=team
https://hackerone.com/zerobounce?type=team
https://hackerone.com/expediagroup_bbp?type=team
https://hackerone.com/amber-ai?type=team
https://github.com/HolyBugx/HolyTips/tree/main/Resources - A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
https://bugcrowd.com/crowdstream
https://hackerone.com/hacktivity
https://blog.intigriti.com/hackademy/
owasp .org/www-community/vulnerabilities/
www.veracode .com/security
portswigger .net/web-security/all-materials
https://blog.intigriti.com/2021/12/31/top-20-bug-bounty-youtube-channels-to-follow-in-2021/
z burp ext https://youtu.be/5OD6nUHR1l4?t=1210
https://infocon.org/cons/
2FA Bypass
2fa bypass Mindmap https://www.mindmeister.com/1736437018?t=SEeZOmvt01
2fa Bypass Methods https://workbook.securityboat.in/resources/web-app-pentest/business-logic-vulnerabilities/2fa-bypass
403 Bypassing
https://thegrayarea.tech/403-forbidden-access-control-bug-hunting-72234989f788
https://www.kitploit.com/2021/11/4-zero-3-403401-bypass-methods-bash.html
https://www.kitploit.com/2021/09/403bypasser-automates-techniques-used.html
Account Takeovers
https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-2-9abf62de4ca3
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
AdminPanelFinder
https://github.com/PushpenderIndia/aapfinder
adminphpfinder
https://linux
security.expert/tools/admin-page-finder-php/
Amass
MEHA LIST https://github.com/jhaddix/Amass-1/blob/master/REFERENCES.md
https://medium.com/@nynan/how-to-actually-use-amass-more-effectively-bug-bounty-59e83900de02
https://github.com/OWASP/Amass/blob/master/doc/user_guide.md
https://www.hahwul.com/2019/10/19/find-subdomain-takeover-with-amass-and-subjack/
https://github.com/OWASP/Amass/wiki/The-Configuration-File
https://github.com/OWASP/Amass/blob/master/examples/config.ini
https://www.youtube.com/watch?v=H1wdBgY1rtg&t=3096s
https://www.youtube.com/watch?v=HaVEH1vFiN0
https://www.youtube.com/watch?v=tGitZO8EkMI
ASPX
Run this ffuf command on aspx applications https://youtu.be/1-IB8TE0Hro?t=1813
axiom
https://web.archive.org/web/20200907114941/https://adamsvoboda.net/axiom-feels-like-cheating/
API Security
https://www.cloudflare.com/learning/security/api/owasp-api-security-top-10/
Shadowe apis https://www.cloudflare.com/learning/access-management/what-is-shadow-it/
Api Keys
https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys
API Hacking
astra demo and usage https://www.youtube.com/watch?v=EXAO-187ygI
https://youtu.be/0lV2AlO1HMo?t=75
https://github.com/Fuzzapi/fuzzapi
gem used in fuzzapi https://github.com/Fuzzapi/API-fuzzer
https://www.getastra.com/blog/knowledge-base/api-security-testing/
https://github.com/flipkart-incubator/Astra
https://github.com/microsoft/restler-fuzzer
https://github.com/hAPI-hacker/Hacking-APIs/fork
https://medium.com/better-practices/reverse-engineering-an-api-403fae885303
Using Postman Reversing an api https://medium.com/better-practices/reverse-engineering-an-api-403fae885303
Template for postman reversing an api https://documenter.getpostman.com/view/1559645/Rzn9uMQk
apk
https://archive.org/details/apkarchive
Amass
https://securityweekly.com/wp-content/uploads/2021/05/AmassTechSegment-0.pdf
Amass Scripting\
https://github.com/OWASP/Amass/tree/master/resources/scripts
https://github.com/OWASP/Amass/blob/master/doc/scripting.md
amass scripting https://youtu.be/H1wdBgY1rtg?t=4987
Bug Bounty for Beginners Stream#4:AMASS, Subfinder, FFUF https://www.youtube.com/watch?v=27zMfcr2fPE
https://hackbotone.com/blog/amass-osint-reconnaissance-tool/
https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7
https://securityonline.info/amass-subdomain-enumeration/
https://github.com/OWASP/Amass/releases
https://twitter.com/jeff_foley
https://github.com/OWASP/Amass/blob/master/doc/scripting.md
https://github.com/OWASP/Amass
https://gist.github.com/sillydadddy/b1726c8e8ce281d55b82d4e2a1a610e8
https://twitter.com/dokkillo/status/1305566849514471424
https://github.com/PatrikFehrenbach/amass-tools/blob/master/assetfinder.ads
https://github.com/OWASP/Amass#top-mentions
amass enum script command https://youtu.be/H1wdBgY1rtg?t=5408
Example of api key configuration https://www.hahwul.com/2020/09/23/amass-go-deep-in-the-sea-with-free-apis/#chaos
[31:33 / 1:56:06]
[How to Use Amass Efficiently by @jeff_foley #NahamCon2020](https://youtu.be/H1wdBgY1rtg?t=1974)
[OWASP AMass Boot Camp by Jeff Foley (Caffix)](https://www.youtube.com/watch?v=OOurkCPf2-I)
Amass Tutorial https://github.com/OWASP/Amass/blob/master/doc/tutorial.md
https://github.com/vortexau/dnsvalidator
https://twitter.com/owaspamass
Android
https://github.com/dzmitry-savitski/android-pentest-tool
AngularJS
https://github.com/snoopysecurity/Public/blob/master/Old%20Presentations/MWRICON%202018/README.md
Authentication
https://jigsaw.w3.org/HTTP/
https://jigsaw.w3.org/HTTP/Basic/
Ascii
https://github.com/heldersepu/hs-scripts/blob/master/ascii.txt
Asset Monitoring
https://github.com/ruevaughn/assetnote
https://github.com/yeswehack/pwn-machine
https://github.com/robre/jsmon
API Hacking
https://github.com/Excloudx6/31-days-of-API-Security-Tips
https://gist.github.com/ruevaughn/51048bccdc753596443eca95cbf39356
https://apexvicky.medium.com/top-10-api-bugs-where-to-find-them-5dac338b3d73
https://attacker-codeninja.github.io/2021-08-28-Hacking-APIs-notes-from-bug-bounty-bootcamp/
https://dfir.blog/unfurl/
https://www.slideshare.net/programmableweb/why-api-security-is-more-complicated-than-you-think-and-why-its-your-1-priority
Angular
https://github.com/PortSwigger/xss-cheatsheet-data/blob/master/json/angularjs.json
AWS
https://github.com/WhiteOakSecurity/GoAWSConsoleSpray
Amazon Cognito
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/CommonParameters.html
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html
https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt
Blogs
https://respectxss.blogspot.com/
Bludit CMS
https://github.com/0cirius0/Bludit-Bruteforcing-Script
Breach info
https://github.com/Ekultek/WhatBreach
Browsers
https://bughacking.com/best-browsers-for-hackers/
https://github.com/chromedp/chromedp
https://www.google.com/search/howsearchworks/
Surf - Text Browser - https://surf.suckless.org/
https://www.browserling.com/extensions
How Web Browsers work - pt 3 Prsing the HTML https://dev.to/arikaturika/how-web-browsers-work-parsing-the-html-part-3-with-illustrations-45fi
https://blog.logrocket.com/how-browser-rendering-works-behind-scenes/?utm_source=firefox_pocket_save_button
Original CSP on Sl.Ackers https://eeeeeeeeeeeeeeeeeeeeeeeeeee web.archive.org/web/20150318224529/http://ha.ckers.org/blog/20090701/mozillas-content-security-policy/
https://book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes
https://hacks.mozilla.org/2018/03/making-webassembly-better-for-rust-for-all-languages/?utm_source=firefox_pocket_save_button
https://research.mozilla.org/
Pt 1 https://hacks.mozilla.org/2017/02/a-cartoon-intro-to-webassembly/
Pt 2 https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers/
pt 3 https://hacks.mozilla.org/2017/02/a-crash-course-in-assembly/
Pt 4 https://hacks.mozilla.org/2017/02/creating-and-working-with-webassembly-modules/
Pt 5 https://hacks.mozilla.org/2017/02/what-makes-webassembly-fast/
Pt 6 https://hacks.mozilla.org/2017/02/where-is-webassembly-now-and-whats-next/
https://emscripten.org/docs/optimizing/Optimizing-Code.html#c-exceptions
Save multiple pages as a single html page https://github.com/gildas-lormeau/SingleFile
Single File CLI https://github.com/gildas-lormeau/single-file-cli
https://github.com/screenbreak/SingleFile-dockerized
https://github.com/david-littlefield/SingleFileMac
https://bughacking.com/best-browsers-for-hackers/
https://hackaday.com/2022/01/17/hack-the-web-without-a-browser/
https://woob.tech/
https://github.com/moonD4rk/HackBrowserData
https://resources.infosecinstitute.com/topic/ethical-hacking-top-10-browser-extensions-for-hacking/
https://github.com/Excloudx6/browser-compat-data
https://httpwg.org/specs/rfc7230.html#header.transfer-encoding
https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Length
https://stackoverflow.com/questions/978061/http-get-with-request-body?rq=1
https://datatracker.ietf.org/doc/html/rfc7230
https://groups.yahoo.com/neo/groups/rest-discuss/conversations/messages/9962
https://www.ietf.org/rfc/rfc2119.txt
https://www.elastic.co/guide/en/elasticsearch/guide/current/_empty_search.html
https://www.concise-courses.com/hacking-tools/web-browser-related-tools/
https://github.com/Sjord/messpostage/fork
Broken Access Control - https://cwe.mitre.org/data/definitions/1345.html
Busines Logic
https://shahmeeramir.com/breaking-the-web-with-logics-ce22e8a9c4e2
Browser Extensions - Chrome
Collusion - https://chrome.google.com/webstore/search/collusion
DotGit - https://chrome.google.com/webstore/detail/dotgit/pampamgoihgcedonnphgehgondkhikel?hl=en
Trufflehog https://chrome.google.com/webstore/detail/trufflehog/bafhdnhjnlcdbjcdcnafhdcphhnfnhjc
Tracy - https://github.com/nccgroup/tracy/wiki/Example-Workflows
Posta - https://github.com/benso-io/posta
Browser Extensions - Firefox
Cookie Editor - https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/
Bulk URL Opener - https://addons.mozilla.org/en-GB/firefox/addon/bulkurlopener/
Hacktoolshttps://addons.mozilla.org/en-US/firefox/addon/hacktools/
Tracy https://github.com/nccgroup/tracy/wiki/Example-Workflows
Mesagepostage https://github.com/Sjord/messpostage/fork
Hackbar https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Bug Bounty Programs
https://github.com/sehno/Bug-bounty/blob/master/bugbounty_public_program_list.md
https://blog.bugzero.io/bug-zero-is-going-to-pay-your-security-bill-for-2022-4b6396e2ee48
Bulk Load Programs https://gist.github.com/brevityinmotion/b86f7475d4cd2790003326a4d3a528ba
Google Acquisitions https://opensourcelibs.com/lib/google-acquisitions
https://github.com/The-Art-of-Hacking/h4cker/tree/master/bug-bounties#bug-bounty-platforms
Discovery Header DoD - https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty
King Recon DoD - https://github.com/KingOfBugbounty/KingRecon_DOD
Bentley Bug Bounty Program - https://www.bentley.com/en/products
https://lostsoulofawolf.medium.com/bug-bounty-how-to-get-private-invites-60062a5d0809
https://github.com/Hack-with-Github
Shopify
https://www.hulkapps.com/
BBP (Bug Bounty Programs!)
https://github.com/Excloudx6/KingRecon_DOD
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
https://jsfiddle.net/ruevaughn/2mnq5vgf/9/
https://github.com/detectify/cs-challenge
https://github.com/projectdiscovery/public-bugbounty-programs
https://app.intigriti.com/programs/redbull/redbull/detailhttps://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138
https://huntr.dev/
https://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138
https://support.google.com/websearch/answer/2466433?hl=en
Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c
https://gist.github.com/haxcited/e684df7f9ec210867d25f7ccac22c1d5
https://github.com/B3nac/Android-Reports-and-Resources
https://hackerone.com/alipay?type=team
https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html
https://github.com/The-Art-of-Hacking/h4cker
Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team
Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
Open Bug Bounty - openbugbounty.com
Burp
Burp alternative https://twitter.com/CaidoIO
Burp Extnesions
https://bitbucket.org/clr2of8/autoscanwithburp/src/master/
Extensions Dawgyg uses https://youtu.be/GeNJvOvzVSk?t=3590
Burp Importer
https://github.com/SmeegeSec/Burp-Importer/compare/master...devinertel:Burp-Importer:master
Burp Importer - Extended Branch by edrapac https://github.com/SmeegeSec/Burp-Importer/compare/master...edrapac:Burp-Importer:master
Extended Branch main logic - https://github.com/SmeegeSec/Burp-Importer/compare/master...edrapac:Burp-Importer:master#diff-a8019792e98428d267afc72e12cc0bcccf508cdb0856f63cebe350d28e359209R353
Burp Collaborator
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/ <--- usage examples
https://www.hackingarticles.in/burp-suite-for-pentester-burp-collaborator/
Burp Collaborator ALternatives
https://github.com/anshumanbh/terraform-burp-collaborator
https://honoki.net/2021/07/11/wilson-cloud-respwnder/
https://github.com/honoki/wilson-cloud-respwnder
Interactsh
https://github.com/4ARMED/interactsh
Blogs
https://www.veracode.com/blog?utm_source=lpFooter&utm_medium=Website
http://10degres.net/posts/
https://www.secureideas.com/blog
Brute Forcing
Brutesubs
https://github.com/anshumanbh/brutesubs
https://github.com/anshumanbh/brutesubs/compare/master...exploitprotocol:brutesubs:master
https://github.com/APTreat/brutesubs
https://github.com/janmasarik/brutesubs
https://github.com/RyanLongVA/brutesubs
Chaining Vulnerabilites
2022-style OAuth account takeover on Facebook - $45,000 bug bounty https://www.youtube.com/watch?v=pk7oYuz4x0Q
Certificate Transparancy
https://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate/
https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12
Attack Surface Management Series - EP1 - Certificate Transparency (In under 10 mins) - https://www.youtube.com/ watch?v=MGQ1GqmixY0
Certificates
https://github.com/moxie0/sslsniff
https://linuxsecurity.expert/tools/sslsniff/
https://charlesreid1.com/wiki/SSLSniff
DEF CON 17 - Moxie Marlinspike - More Tricks for Defeating SSL https://youtu.be/5dhSN9aEljg?t=1063 Good SSL and Handshake description
OCSP Line in cert w wwww qqqqqqqqeeeeeained here
CanaryTokens
https://canarytokens.org/generate
Cewl
https://en.kali.tools/?p=1253 cewl -> fab -> exiftool
Checklists
https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting
https://docs.google.com/presentation/d/1o7GWUOYwcd3uMwLBRG9UzARYCvfuX3VKUHfoPu38t78/edit#slide=id.gaf74e9365b_2_0
Cheatsheet
https://github.com/security-cheatsheet/reverse-shell-cheatsheet/fork
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/dgtlmoon/changedetection.io
https://docs.google.com/presentation/d/1o7GWUOYwcd3uMwLBRG9UzARYCvfuX3VKUHfoPu38t78/edit#slide=id.gaf74e9365b_2_0
#### CVE
Code Review/Audit
https://medium.com/techiepedia/javascript-code-review-guide-for-bug-bounty-hunters-c95a8aa7 037a
https://techbeacon.com/security/5-surefire-ways-developers-can-secure-their-code-get-go
https://techbeacon.com/app-dev-testing/13-tools-checking-security-risk-open-source-dependencies
https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228
https://rubysec.com/
https://www.youtube.com/watch?v=q5NqY2RRLj0
https://www.youtube.com/watch?v=bfLQjZmD5jY&feature=youtu.be
https://cdn2.hubspot.net/hub/203759/file-1100864196-pdf/docs/Contrast_-_Insecure_Libraries_2014.pdf
https://geekflare.com/nodejs-security-scanner/
https://open-security-summit.org/sessions/2020/summits/may/training/week-2/devsecops/dependency-scanning-lab/
https://owasp.org/www-project-dependency-check/
https://www.npmjs.com/package/helmet
https://geekflare.com/http-header-implementation/
https://www.oreilly.com/library/view/practical-security-automation/9781789802023/ddbdee71-3a6a-47fa-be17-9d862c9dc90f.xhtml
https://www.oreilly.com/library/view/practical-security-automation/9781789802023/f5d8795e-5763-4929-9881-4bb019ecdfd2.xhtml
Cookie
Cpanel https://gist.github.com/BU9D4DDY/5e4a8f60790feaa030b4733e57f44279
CSRF Tokens
https://www.veracode.com/security/csrf-token
Cors
csors https://chawdamrunal.medium.com/insecure-cors-configuration-808437d7cfd7
python cors_scan.py -u example.com -p http://127.0.0.1:8080 # To use socks5 proxy, install PySocks with pip install
https://jakearchibald.com/2021/cors/playground/
cors complete guide https://www.youtube.com/watch?v=t5FBwq-kudw
CSP
Original CSP on Sl.Ackers https://eeeeeeeeeeeeeeeeeeeeeeeeeee web.archive.org/web/20150318224529/http://ha.ckers.org/blog/20090701/mozillas-content-security-policy/
https://book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes
https://www.keycdn.com/support/content-security-policy
https://www.bloggersideas.com/cspisawesome/
https://content-security-policy.com/
Courses
https://web.stanford.edu/class/cs253/
Nehamsec Udemy Course https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/
Character Encodings
https://stat545.com/character-encoding.html
Charles Proxy
Use Charles Proxy to Reverse Engiener an IOS App https://www.youtube.com/watch?v=cvvPLlP4518&feature=emb_logo
Checklists
https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md
https://pentestbook.six2dez.com/others/web-checklist
https://github.com/zactly/handouts/blob/master/generic_checks.md
https://linuxsecurity.expert/checklists/
https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987
https://github.com/zactly/handouts/blob/master/example_template.md
https://github.com/zactly/handouts/blob/master/conferences/locomocosec22/notes.md
https://github.com/AnLoMinus/Bug-Bounty/tree/main/Checklist/Web%20App
https://github.com/security-checklist/php-security-check-list
https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987
Checkout
https://0day.hu/
Cheatsheets
https://pentester.land/cheatsheets
https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html
https://pentester.land/cheatsheets/2019/04/15/recon-resources.html
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html
https://securityzines.com/#comics
https://github.com/EdOverflow/bugbounty-cheatsheet
https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html
Cloud Hacking
https://github.com/janmasarik/generate-bucketnames
https://github.com/janmasarik/GCPBucketBrute
https://github.com/avicoder/notes/tree/master/Cloud
https://github.com/avicoder/notes
Pwned Cloud Society pdf https://www.slideshare.net/BryceKunz/pwned-cloud-society-bsidesslc-2017?from_action=save
Cloud Hacking https://www.youtube.com/watch?v=ITSZ8743MUk
https://www.cloudvulndb.org/
https://github.com/jordanpotti/CloudScraper
https://github.com/appsecco/spaces-finder
Code Review
https://raw.githubusercontent.com/zactly/handouts/master/Practical%20Secure%20Code%20Review%20-%20Whitepaper.pdf
Code audit
https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.html
Codeql
https://infocon.org/cons/H%40cktivityCon/H%40cktivityCon%202020/Discover%20vulnerabilities%20with%20CodeQL.mp4
Collaborator
https://webhook.site/
https://github.com/projectdiscovery/interactsh
Cookies
https://datatracker.ietf.org/doc/html/rfc6265#section-5.3w
https://github.com/jshttp/cookie
Crawlers / Crawling
https://github.com/Echocipher/HackeroneSpider
xnLinkFinde
https://github.com/spatie/crawler
http://www.robotstxt.org/
https://github.com/BruceDone/awesome-crawler
https://github.com/tijme/not-your-average-web-crawler
https://github.com/ghostlulzhacks/crawler
https://scotthelme.co.uk/top-1-million-analysis-march-2020/
https://crawler.ninja/
certs
https://github.com/Excloudx6/check-tls-cert
Cydia
https://appsec-labs.com/cydia_explained/
https://appsec-labs.com/iNalyzer/
Cryptography
http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html#sfmt
CTFs
https://github.com/SecurityInnovation/Smart-Contract-CTF
Stripe ctf https://gist.github.com/evandrix/1901352
CWE
CWE-548: Exposure of Information Through Directory Listing - https://cwe.mitre.org/data/definitions/548.html
Data
https://aws.amazon.com/opendata/?wwps-cards.sort-by=item.additionalFields.sortDate&wwps-cards.sort-order=desc
databases
https://tableplus.com/
https://www.jetbrains.com/datagrip/
ihttps://www.digitalocean.com/community/tutorials/how-to-connect-to-managed-database-ubuntu-18-04#connecting-to-a-managed-postgresql-database
https://www.digitalocean.com/community/tutorials/how-to-connect-to-managed-database-ubuntu-18-04
Default creds
https://github.com/Viralmaniar/Passhunt
Directory Listing
Konan branch ofDeepsearch https://github.com/rkreddypandu/Konan
deepsearch https://github.com/prosecurity/DeepSearch
Dirb https://techyrick.com/dirb/
http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&attackVectorId=254
http://projects.webappsec.org/w/page/13246922/Directory%20Indexing
https://web.archive.org/web/20111012071532/http://narkolayev-shlomi.blogspot.com/2010/04/directory-traversal-fuzz-list.html
Dns Discovery
https://github.com/m0nad/DNS-Discovery
https://reverseip.domaintools.com/
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/ <--- altdns dsngen massdsns
Django
https://blog.sonarsource.com/disclosing-information-with-a-side-channel-in-django/?utm_source=twitter&utm_medium=social&utm_campaign=djangodictsort&utm_content=security&utm_term=mofu
Dotnet
https://blog.isec.pl/all-is-xss-that-comes-to-the-net/
Dns
https://www.howtouselinux.com/post/dns-port
https://www.duckdns.org/
dnsfaster https://github.com/bp0lr/dnsfaster
Altdns https://github.com/infosec-au/altdns
Altdns replacesment dmut https://github.com/bp0lr/dmut
dmut resolvers https://github.com/bp0lr/dmut-resolvers
dmujt wordlist https://raw.githubusercontent.com/bp0lr/dmut/main/words.txt
dnsfaster on gitlab https://gitlab.com/jules.rigaudie/dnsfaster#why-should-you-test-the-dns-servers-you-use
https://www.diggui.com/#type=A&hostname=github.technology&nameserver=public&public=8.8.8.8&specify=&clientsubnet=&tcp=def&transport=def&mapped=def&nssearch=def&trace=def&recurse=def&edns=def&dnssec=def&subnet=def&cookie=def&all=def&cmd=def&question=def&answer=def&authority=def&additional=def&comments=def&stats=def&multiline=def&short=def&colorize=on
DNS Hijacking
https://www.cloudflare.com/en-ca/learning/security/global-dns-hijacking-threat/
https://github.com/mdsecresearch/Publications/blob/master/presentations/Offensive%20Development%20-%20Post-Exploitation%20Tradecraft%20in%20an%20EDR%20World%20-%20x33fcon%202020.pdf
dns Rebinding
https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge
http://1u.ms/
https://github.com/neex/1u.ms
Dorks
https://github.com/random-robbie/bugbountydork/fork
Aline - Dork Automator CLI - https://github.com/ferreiraklet/Aline
Brtwitter dork: https://mobile.twitter.com/i/events/1417062625997991936
https://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks
Shifa123 BugBounty Dorks https://github.com/shifa123/bugbountyDorks/blob/master/bbdorks
Goop https://github.com/s0md3v/goop
Go-Dork
https://github.com/dwisiswant0/go-dork
https://github.com/dwisiswant0/go-dork/compare/master...babaloveyou:go-dork:master
https://bxmbn.medium.com/ultimate-tips-and-tricks-to-find-more-cross-site-scripting-vulnerabilities-d2913765e2d5
Open Bug Bounty Targets https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
uDork https://github.com/m3n0sd0n4ld/uDork
Exploitation
good: https://gist.github.com/yezz123/52d2fc45c5de284ec89131c2a3dde389
File Uploads
A variation on the recent ImageMagick CVE-2022-4426[78]: https://twitter.com/emil_lerner/status/1621620862464966656
methodology https://gist.github.com/ruevaughn/404179839a2f794f753f1cea5d320aaa
How File Upload Vulnerabilities Work! https://www.youtube.com/watch?v=rPdn88pO7x0
https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html
https://blog.intigriti.com/hackademy/file-upload-vulnerabilities/
http://ghostlulz.com/xss-svg/
https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting#xss-uploading-files-svg
https://sm4rty.medium.com/hunting-for-bugs-in-file-upload-feature-c3b364fb01ba
https://github.com/almandin/fuxploider - File upload vulnerability scanner and exploitation tool.
https://github.com/pranav77/XSS-using-SVG-file
https://prashantbhatkal2000.medium.com/svg-based-stored-xss-ee6e9b240dee
https://github.com/pranav77/XSS-using-SVG-file
ffuf
How to Ffuf https://www.bugcrowd.com/blog/how-to-ffuf-with-codingo/
How to use ffuf - Hacker Toolbox https://www.youtube.com/watch?v=aN3Nayvd7FU
Fuzzing / FFUF -> 5-30-22 Nehamssec stream covered fuzzing A LOT https://www.twitch.tv/videos/1312499916
Protips ffuf - tips and tricks https://www.youtube.com/watch?v=uwcRBSUl8e4&t=358s
Late to the party, or, in other words massive web enumeration using ffuf. http://0entropy.blogspot.com/2020/05/late-to-party-or-in-other-words-massive.html
https://gowthams.gitbook.io/bughunter-handbook/fuzzing-fuff
https://0xmahmoudjo0.medium.com/how-i-found-multiple-sql-injection-with-ffuf-and-sqlmap-in-a-few-minutes-9c3bb3780e8f
Fingerprinting
Fingerpint JS https://github.com/fingerprintjs/fingerprintjs
Whatweb
"EscenicEngine5 https://github.com/urbanadventurer/WhatWeb/compare/master...ip2k:WhatWeb:master
Episerver plugin https://github.com/urbanadventurer/WhatWeb/compare/master...wflanagan:WhatWeb:master
Wappalyze
Webanalyze
Frameworks
axiom
https://github.com/pry0cc/axiom
https://github.com/pry0cc/axiom/blob/master/images/provisioners/default.json
BBRF Client - https://github.com/honoki/bbrf-client
BugBounty Toolkit - Hackersploit Framework - https://github.com/AlexisAhmed/BugBountyToolkit
Findomain https://github.com/Findomain/Findomain
Hive https://hexway.io/blog/new-update-hive/
Intrigue
https://core.intrigue.io/
https://core.intrigue.io/getting-started/
LazyRecon - https://github.com/nahamsec/lazyrecon
Mandiant - Web GUI Take decisive action with industry-leading intelligence https://www.mandiant.com
MooseDojo - apt2 - Pentesters Framework nmap centered
apt2 https://buaq.net/go-249.html
apt2 MooseDojo/apt2: automated penetration toolkit
Nerve
https://github.com/PaytmLabs/nerve
Osmedeus
https://docs.osmedeus.org/workflow/default-workflow/
https://github.com/j3ssie/osmedeus
https://xploitlab.com/osmedeus-the-most-complete-reconnaissance-tool-and-vulnerability-scanning/
https://docs.osmedeus.org/web-ui/
https://github.com/osmedeus/osmedeus-workflow/blob/main/general/subdomain.yaml
https://discord.com/invite/mtQG2FQsYA
https://docs.osmedeus.org/installation/practical-usage
https://docs.osmedeus.org/workflow/
Pwn Machine https://github.com/yeswehack/pwn-machine
ReconFTW - https://github.com/six2dez/reconftw
Recon NG
https://github.com/anshumanbh/domain
https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py
Github https://github.com/lanmaster53/recon-ng
Welcome to the Recon-ng Marketplace https://github.com/lanmaster53/recon-ng-marketplace
API Key list https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys
Setup script for Regon-ng and altdns https://github.com/jhaddix/domain
Reconness - https://github.com/reconness/reconness
Rengine -
https://github.com/yogeshojha/rengine/pull/655/files
https://github.com/yogeshojha/rengineDocumentation/blob/master/docs/backup/index.md
backup database etc https://www.rffuste.com/2022/05/23/rengine-a-brief-overview/
https://www.unlockyourbrain.bzh/2021/10/28/tool-demo-rengine-en/
https://github.com/yogeshojha/rengine
https://github.com/yogeshojha/rengine/commit/cf30e98e0440424019cb2cad600892ce405f850e
Default Config Engine Yaml file https://raw.githubusercontent.com/yogeshojha/rengine/master/default_yaml_config.yaml
Sniper - https://github.com/1N3/Sn1per
TIDoS Framework https://github.com/0xInfection/TIDoS-Framework
Trickest https://www.youtube.com/watch?v=fXwWinE0sSg
Vajra - https://github.com/r3curs1v3-pr0xy/vajra
WebhackerWeapons https://github.com/hahwul/WebHackersWeapons
Firebase
https://hackerone.com/reports/1166766
from reports 116676 - Using nodeJS, deploy a page in firebaseapp. It's free. Guide here -> https://firebase.google.com/docs/hosting/quickstart
Freq
Removes unnecesary output and only outputs happy (for us) path https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main
Fork by Realgoose. Adds a User-Agent bxss as well as robots.txt sprayer check https://github.com/takshal/freq/compare/main...RealGoose:freq:main
Removed unnecesary output https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main
Fork by kg11102 KaioGomes. Adds User-Agent firefox and Referrer Header check. Changes alert check. Ignored expired SSL Cert (Probably to skip errors) https://github.com/takshal/freq/compare/main...kg1102:freq:main
Fuzzing
https://raw.githubusercontent.com/secfigo/Awesome-Fuzzing/master/README.md
Gatsby
https://www.gatsbyjs.com/docs/conceptual/security-in-gatsby/#key-security
https://www.gatsbyjs.com/blog/2019-04-06-security-for-modern-web-frameworks/
Git/Source Code Secret Finding
https://www.notgitbleed.com/
https://github.com/riramar/scripts/blob/master/ngb.sh
https://github.com/gabrie30/ghorg
https://github.com/nyancrimew/goop
https://github.com/BishopFox/GitGot
https://github.com/auth0/repo-supervisor
https://blog.gitleaks.io/finding-secrets-with-regular-expressions-d90493bb3784
https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
https://github.com/takshal/Git-Finder
https://tillsongalloway.com/finding-sensitive-information-on-github/
https://secapps.com/tutorials/github-gist-recon
http://10degres.net/github-tools-collection/
https:// docs.github.com/en/rest/search
git-all-secrets
https://github.com/mhmdiaa/git-all-secrets
https://github.com/anshumanbh/git-all-secrets
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
https://github.com/koto/gitpillage
https://github.com/hisxo/gitGraber
https://github.com/gwen001/github-search
https://github.com/darkseed/gitpillage
Tools to Get sensitive info / secrets from https://twitter.com/soaj1664ashar/status/1176769454035939328
https://github.com/trufflesecurity/trufflehog
Why Exposed API Keys and Sensitive Data are Growing Cause for Concern https://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-growing-cause-concern/analysis/2015/01/05
Secret Hunting - Google Dorks, Git Dorks, Employee OSINT, etc
https://gist.github.com/markofu/549fbd287edf08c38e869dacc740e49de
https://github.com/aquasecurity/cloudsploit
Trufflehog https://www.youtube.com/watch?v=aioheMi1Wko
https://sapt.medium.com/perform-information-gathering-using-following-tools-on-the-given-targets-cyber-sapiens-internship-12c858166008
+Github Wiki Auditor https://www.smeegesec.com/2019/03/auditing-github-repo-wikis-for-fun-and.html
https://github.com/SmeegeSec/GitHub-Wiki-Auditor
https://www.kitploit.com/2022/04/gitbleedtools-for-extracting-data-from.html
https://github.com/phlmox/jslinkfinderv2
https://exposingtheinvisible.org/guides/google-dorking/ <---- huge dorking guide!
https://github.com/phlmox/bingdork
Git-Secrets
Adds supports for scanning aws, gcp, ads a gf regex pattern, https://github.com/awslabs/git-secrets/compare/master...deshpandetanmay:git-secrets:master
Adds support for scaning entire drive, concept of install.uninstall, a global config file and a regex patterns file (nice!) https://github.com/awslabs/git-secrets/compare/master...dbrs:git-secrets:master
He adds one pattern to replace all the previous ones, and it adds a curl request. Other various changes. https://github.com/awslabs/git-secrets/compare/master...konakonall:git-secrets:master
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
https://techvomit.net/aws-security/
https://github.com/gwen001/s3-bucketsdfinder.git
https://github.com/janmasarik/bucketsperm
https://github.com/phlmox/gdork
https://github.com/lc/secretz
https://github.com/kevthehermit/PasteHunter
gitdump (TODO Take Notes and Implement from John Hammon Stream)
https://github.com/topics/crawl?o=desc&s=updated
Google Dorks
https://www.cybrary.it/blog/0p3n/google-dorks-easy-way-of-hacking/
Graphql
graphql hacking resources https://twitter.com/imabhisarpandey/status/1439138033748512769
https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2
https://github.com/IvanGoncharov/graphql-voyager
https://github.com/Escape-Technologies/graphinder
https://github.com/gsmith257-cyber/GraphCrawler
Learn Graphql https://www.gatsbyjs.com/docs/conceptual/graphql-concepts/
That single GraphQL issue that you keep missing https://blog.doyensec.com/2021/05/20/graphql-csrf.html
https://blog.assetnote.io/2021/08/29/exploiting-graphql/
https://twitter.com/holybugx/status/1441460070387261440?s=21
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection
https://www.programmableweb.com/news/what-graphql-and-how-did-it-evolve-rest-and-other-api-technologies/analysis/2019/07/31
https://github.com/KathanP19/HowToHunt/blob/master/GraphQL/GraphQL.md
https://swizec.com/blog/reverse-engineer-a-graphql-api-to-automate-love-notes-codewithswiz-24/
https://www.youtube.com/watch?v=cvvPLlP4518&feature=emb_logo
Graphwoof https://github.com/dolevf/graphw00f
Graphql Voyager https://ivangoncharov.github.io/graphql-voyager/
inQL graphql Burp Extension for burp [here](https://youtu.be/5qSq1S2sRC8?t=753)
Githubs
https://github.com/bbhunter
Handson / Demos
https://github.com/rapid7/hackazon
https://github.com/vulhub/vulhub
https://blog.intigriti.com/hackademy/hacking-platforms/
https://blog.intigriti.com/hackademy/xss-challenges/
https://github.com/yandex/securitygym
aws test challenge http://flaws.cloud/
ABUH! https://darkrebel.net/metarget-framework-providing-automatic-consctions-of-vulnerable-infrastructures | metarget appv install dvwa | metarget install cve-2021-2312
xss jigsaw - https://blog.innerht.ml/page/2/
https://google-gruyere.appspot.com/
https://hackxor.net/
https://github.com/takshal/FOR-FUN
Vulnrable Task Manger app https://github.com/redpointsec/vtm
Hacking Tools
https://reqbin.com
https://gist.github.com/bgoonz/524b4ea887b216b810d16429265a34a3
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/file-formats
Html Injection
https://www.hackingarticles.in/comprehensive-guide-on-html-injection/
https://pentestlab.blog/2013/06/26/html-injection/
HTML5 (HTML 5)
https://homakov.blogspot.com/2013/04/html5-sandbox-bad-idea.html
HTTP
HTTP Pipelining in burp https://youtu.be/boHIjDHGmIo?t=204)
https://jigsaw.w3.org/HTTP/
https://http2-explained.haxx.se/en/part2
HTTP Host Header Injection
https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning
HTTP2
(TODO:)https://portswigger.net/burp/documentation/desktop/http2
https://http2-explained.haxx.se/en/part2
HTTP Parameer Pollution
HPP https://www.youtube.com/watch?v=QVZBl8yxVX0&t=13s
HTTP Request Smuggling
HTTP Security Headers https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/
HTTP HEader Smuggling https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html
http headers https://www.ibm.com/docs/en/ibm-mq/7.5?topic=headers-content-type-http-entity-header
Browser Powered Desync around 47:00 https://podcasters.spotify.com/pod/show/dayzerosec/episodes/bounty-Reading-GitLab-Hidden-HackerOne-Reports-and-Golang-Parameter-Smuggling-e1o4e0m
Hydra
https://github.com/frizb/Hydra-Cheatsheet/fork
https://www.hackingarticles.in/password-crackingsmb/
https://github.com/Excloudx6/Hydra-Cheatsheet/blob/master/Hydra-Password-Cracking-Cheatsheet.pdf
https://securitywriteups.wordpress.com/2019/09/11/hydra/
HTTP Request Smuggling (Request Smuggling, HRS, H2C)
https://github.com/ruevaughn/websocket-connection-smuggler
https://portswigger.net/daily-swig/how-to-perform-an-http-header-smuggling-attack-through-a-reverse-proxy
https://twitter.com/albinowax/status/1263122811683553283
Note: kitploit guys is the hackbogtone guy
https://www.kitploit.com/2021/08/http-request-smuggling-http-request.html
https://hackbotone.com/blog/http-request-smuggling-detection-tool/
https://www.youtube.com/watch?v=mijOcGLneLU&t=303.658823s
Defparam Variant - https://gist.github.com/defparam/840f7d9e31f77b3c5460c5921e0787ef/revisions
bbhunter mutations - https://gist.github.com/bbhunter
HTTP Request Smuggling - https://gist.github.com/ruevaughn/9c76260b412446f33b647c970bbb1001)
https://bishopfox.com/blog/h2c-smuggling-request
HTTP Request Smuggling Tools
https://github.com/Sh1Yo/request_smuggler
https://bishopfox.com/blog/h2c-smuggling-request
https://github.com/hahwul/websocket-connection-smuggler
https://github.com/riramar/h2csmuggler-proxy
https://github.com/BishopFox/h2csmuggler
https://github.com/riramar/smuggler (updated version, details: https://github.com/defparam/smuggler/compare/master...riramar:smuggler:master)
IDOR
https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21
Iframes
https://web.dev/sandboxed-iframes/
https://www.theguardian.com/technology/2008/apr/03/security.google
https://book.hacktricks.xyz/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes
Gareth Hayes Hackability Inspector https://portswigger-labs.net/hackability/inspector/?html=%3Ciframe%20src=%22//subdomain1.portswigger-labs.net/hackability/inspector?html=%3Ciframe%20src=/%3E%22%20id=x%3E
https://resources.infosecinstitute.com/topic/iframe-security-risk/
https://breakthesecurity.cysecurity.org/2011/07/what-is-an-iframe-injection-mass-iframe-attack-tutorial.html
IOS
https://appsec-labs.com/cydia_explained/
https://appsec-labs.com/iNalyzer/
IP Address Rotating
https://0xn3va.gitbook.io/cheat-sheets/web-application/improper-rate-limits
ISS
iis https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
Ios
https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21
https://havoc.app/package/crane
Insecure Deserialisation
Insecure Deserialisation https://www.youtube.com/watch?v=SNi7gNkfLSM
IP (INternet Protocol) https://youtu.be/C7CpfL1p6y0?t=320
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
Javascript
https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf
https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdfript
https://www.geeksforgeeks.org/jshole-javascript-components-vulnrability-scanner-based-on-retirejs/
https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json
Disclose content of internal Facebook javascript modules ( Revisited ) https://ysamm.com/?p=487
https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json
https://antoinevastel.com/categories.html#JavaScript-ref
convert .package-lock.json into a package.json https://pravnyadv.github.io/unpackage/
https://medium.com/techiepedia/javascript-code-review-guide-for-bug-bounty-hunters-c95a8aa7 037a
Dev tools
Dev tools https://firefox-source-docs.mozilla.org/devtools-user/page_inspector/how_to/examine_event_listeners/index.html
Bug bounty bits: Chrome developer console is gold!
Chunks, maps, unpacking, webpacker, etc
Webpack Config Basics - 8. Source-maps httpsa ://www.youtube.com/watch?v=fGed9phNkto
Webpack Config: Commons Chunk Plugin pt.1 https://www.youtube.com/watch?v=-xzWMKuiS2o
https://github.com/MattHsiung/webpack-tutorial
Webpack video playlist https://www.youtube.com/@matthewhsiung1439
https://bitthebyte.medium.com/javascript-for-bug-bounty-hunters-part-3-3b987f24ab27
------------|> https://pentestbook.six2dez.com/enumeration/webservices/js <|-------------
https://pulsesecurity.co.nz/articles/javascript-from-sourcemaps
Download Javascript Map file and Run unmap on it. Entire Workflow here. https://twitter.com/nullenc0de/status/1367933667868295169
github.com/chbrown/unmap
https://github.com/denandz/sourcemapper
JS methodology workflow and unmap file https://pentestbook.six2dez.com/enumeration/webservices/js
🕵️ Pinkerton is an JavaScript file crawler and secret finder developed in Python https://github.com/oppsec/Pinkerton
Looking through javascript files live hacking Ch1-R0n1n https://youtu.be/xx5fF7i-dCQ?t=2582
https://www.youtube.com/watch?v=PYuD7AxtEYg
This playing has good javascript talks, in depth analysis NDSS 2022 3A: Web Securityhttps://youtu.be/gZ8SfS22_1A?list=PLfUWWM-POgQtu29CHm6cFg53hvTl2fakQ
https://www.bugbountyhunter.com/guides/?type=javascript_files
https://pentesttools.net/jshole-a-javascript-components-vulnerability-scanner-based-on-retirejs/
Bug Bounty Bits: JavaScript matters, let me tell you why you should probably read that huge .js file https://www.youtube.com/watch?v=qKPRGXaycOQ
Jshole retire file https://github.com/callforpapers-source/jshole/blob/master/data/retirejs.json
https://github.com/callforpapers-source/jshole
JAVASCRIPTRECON.md https://gist.github.com/m4ll0k/31ce0505270e0a022410a50c8b6311ff
https://portswigger.net/research/dom-based-angularjs-sandbox-escapes
Javascript for hackers https://www.youtube.com/watch?v=FTeE3OrTNoA
https://legallybreaking.com/discussion/88/full-featured-javascript-recon-automation-jsfscan-sh
https://ysamm.com/?p=493
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/
Javascript Enumeration https://www.youtube.com/watch?v=IsSWbVHk11M
https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html
unminifier http://dean.edwards.name/my/
https://github.com/ryanseddon/source-map/wiki/Source-maps:-languages,-tools-and-other-info
https://medium.com/techiepedia/javascript-code-review-guide-for-bug-bounty-hunters-c95a8aa7 037a
https://github.com/robre/scripthunter
JSON Attacks - JSON https://www.youtube.com/watch?v=oUAeWhW5b8c
Json
https://news.ycombinator.com/item?id=24468874
JQ
https://news.ycombinator.com/item?id=23694908
https://news.ycombinator.com/item?id=24468874
JWT
https://blog.websecurify.com/2017/02/hacking-json-web-tokens
https://gist.github.com/ruevaughn/328067fadf926ddb788f98cd0d2d1a71 Crack JWT
https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0
Security Weekly Unlocked: https://www.youtube.com/playlist?list=PLlPkFwQHxYE7nQtKNzjnsVyoSOu2K4l9e
https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d
https://www.youtube.com/watch?v=muYmiEtPL8U JWT with bbking
JWT Traversal https://github.com/MoisesTapia/JwtTransversal
Labs
https://hackxpert.com/labs.php
LFI
Lfimap https://github.com/hansmach1ne/lfimap
Markdown
https://www.reddit.com/r/neovim/comments/yx0fcv/til_you_can_run_code_inside_markdown_o/
Magento
https://github.com/steverobbins/magescan
Md5
https://github.com/juuso/BozoCrack
Meg
https://github.com/blackhatethicalhacking/meg/compare/master...tomnomnom:meg:master
https://github.com/tomnomnom/meg/compare/master...3lpsy:megurl:master
https://github.com/tomnomnom/meg/compare/master...Cgboal:meg:master
https://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master
https://github.com/tomnomnom/meg/compare/master...GwynHannay:meg:master
Methodologies (Hackers)
What to do with all the subdomains endpoints you found! https://youtu.be/v7FMPU3J3Qw?t=1864
Cyberheartmi Methodology https://gist.github.com/cyberheartmi9/1ac77d171d9b9dc9a5be45fa4f4c8dcb
Bug Bounty Mini Course:Automated Recon https://www.youtube.com/watch?v=0VOWgM4klpM&list=WL&index=19&t=53s
Zseanos Methodology https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf
https://github.com/Micro0x00/Hacking-PDF
Prototype-Pollution Methodloy https://githuab.com/lanmaster53/lanmaster53-src/blob/master/content/posts/2023-02-01-prototype-polution-in-flask.md
Mime Type Sniffing
https://www.keycdn.com/support/what-is-mime-sniffing
Mindmaps
List of Attack Vectors http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp
Huge Mind Map. Lots of resources. Has All Exploits and a lot of good info. https://www.xmind.net/m/Xy7XEW/
Collaborative Mindmaps - Collaborative Mind Mapping
Mobile
https://github.com/skateforever/pentest-scripts/tree/main/mobile
https://www.veracode.com/blog/2010/12/mobile-app-top-10-list
Mootools
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md
mootools 1.4.5 vuln
https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31812/summary
Vulnerable Line https://github.com/vsviridov/mootools-node/commit/0fcc500aa1be356bc8745b322e8182f38ec8f0a0#diff-c4d2ea9c35bf14dd01cf28b174dba68fca9d2d9a2ae4b63d48ee496d7e9deedbR360-R367
poc https://snyk.io/test/npm/mootools/1.4.5
https://www.cloudbees.com/blog/preproduction-checklist-for-a-rails-app?utm_source=rubyweekly&utm_medium=email
https://youtu.be/CIhHpkybYsY?t=1171
https://github.com/zactly/handouts/find/master
https://github.com/zactly/handouts/blob/master/conferences/virtual-appsecday-2020/skea_rails_routes.md
Motivation
Reality of Hacking https://youtu.be/z75qGJMvQ2Q?t=2920 Ch1ron1n and his mentor the xss rat
Okkay shrug lets hit up stanford https://www.youtube.com/live/pS1hG6NpycA?feature=share&t=192
oh hai https://www.youtube.com/watch?v=pS1hG6NpycA
Nmap
https://nmap.org/book/osdetect-usage.html
https://github.com/ruevaughn/nmap-vulners/blob/master/http-vulners-regex.nse
https://www.opensourceforu.com/2011/04/advanced-nmap-nmap-script-scanning/
https://www.opensourceforu.com/tag/advanced-nmap-series/
https://github.com/vulnersCom/nmap-vulners
https://github.com/vulnersCom/nmap-vulners/blob/master/README.md
https://github.com/vulnersCom/vulners-proxy
https://github.com/projectdiscovery/naabu#nmap-integration
nmap and spiderfood 2021 feb https://mobile.twitter.com/spiderfoot/status/1363577807578750979
https://tecadmin.net/scanning-open-ports-with-nmap/inif
nmap pwn https://gist.github.com/BU9D4DDY/3e31890ae407e7c41a00f3715d00c5d7
Nodejs hacking
https://github.com/zactly/handouts/blob/master/node_js_generic_checks.md
Notifications
https://pushover.net/
https://github.com/projectdiscovery/notify
https://github.com/dgtlmoon/changedetection.io
https://www.hahwul.com/2020/05/04/how-to-use-dalfoxs-fun-options/
Nuclei Template
https://github.com/BishopFox/h2csmuggler/compare/master...hazanasec:h2csmuggler:master
https://github.com/geeknik/the-nuclei-templates
# oooooOOOOO
Oauth
https://mysecnotebook.wordpress.com/2018/10/07/oauth-2-0-and-csrf-attacks/
Identity in Browsers, Single-Page Apps, JWT Access Tokens -
Happy Hour https://www.youtube.com/watch?v=TwVy3m_R2OM
https://www.youtube.com/watch?v=uwbqqRA7wbI OAuth Happy Hour! Front-channel attacks, PKCE, browser security with Aaron and Vittorio
How to hack oauth https://www.youtube.com/watch?v=aU9RsE4fcRM&t=197s
#### Oauth Bug Bounty Cheatheet
Oauth: WHen things go wrong https://www.youtube.com/watch?v=H6MxsFMAoP8
https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d
Everything You Ever Wanted to Know About OAuth and OIDC https://www.youtube.com/watch?v=8aCyojTIW6U
OAuth 2.0 and OpenID Connect (in plain English) https://www.youtube.com/watch?v=996OiexHze0
Oneliners
automate prototype polution https://twitter.com/R0X4R/status/1402906185301323776
https://github.com/D4Vinci/One-Lin3rt
https://github.com/Excloudx6/Elsfa7110-Oneliner-bughunting
https://hackingblogs.com/bug-bounty-builder-project-tool-use/#ONE-LINERRECONfor_FUZZ_XSS
https://github.com/KingOfBugbounty/KingOfBugBountyTips/compare/master...halencarjunior:KingOfBugBountyTips:master
https://www.youtube.com/watch?v=ZcG8ARatgs0&t=467s
https://giters.com/okaayfine/oneliner-bugbounty
https://twitter.com/ofjaaah/status/1532581839344394241
https://gist.github.com/cyberheartmi9/c993542044fdc45834837c3f88484a63
https://github.com/trimstray/the-book-of-secret-knowledge
Open Redirects
https://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master
https://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks
http://www.thespanner.co.uk/2014/03/21/rpo/
https://nostarch.com/download/samples/RealWorldBugHunting_Ch02_Sample.pdf
https://i.blackhat.com/asia-19/Fri-March-29/bh-asia-Wang-Make-Redirection-Evil-Again-wp.pdf
https://devcraft.io/2020/10/19/github-gist-account-takeover.html
https://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-an-open-redirecthttps://blog.intigriti.com/hackademy/open-redirect/
http request smugglin open redorect defparam https://www.youtube.com/watch?v=3tpnuzFLU8g
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/understanding-and-discovering-open-redirect-vulnerabilities/
https://corneacristian.medium.com/top-25-open-redirect-bug-bounty-reports-5ffe11788794
https://www.youtube.com/watch?v=4Jk_I-cw4WE
https://www.youtube.com/watch?v=grkMW56WX2E
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/open_redirect_wwwist.txt
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/openredirects.txt
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/Open-Redirect-payloads.txt
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html
https://github.com/AnLoMinus/Bug-Bounty/blob/2d654a0a62c1194564aa841745c171c4b1374252/Checklist/Web%20App/Upload%20Function.md
https://github.com/Excloudx6/open-redirect-payload-list
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect
https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt
https://giters.com/okaayfine/oneliner-bugbounty#open-redirect
https://infosecwriteups.com/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941
Tnom and ori https://youtu.be/SYExiynPEKM?t=2630
OSINT
https://www.secura.com/blog/red-wizard-1
OSINT
https://www.secura.com/blog/red-wizard-1
Owasp Top 10 (2021) https://cwe.mitre.org/data/definitions/1344.html
Params
More Silent wheb running https://github.com/0xecho/parameth
Normal Branch https://github.com/maK-/parameth
Docker support https://github.com/Shaked/parameth
Passive
https://github.com/Excloudx6/sdlookup
https://sidxparab.gitbook.io/subdomain-enumeration-guide/passive-enumeration/passive-sources
https://tomnomnom.com/talks/passiveish.pdf
git clone https://github.com/ethicalhack3r/passive-spider.git
https://github.com/ruevaughn/Lilly
https://www.youtube.com/watch?v=DvS_ew77GXA
https://www.audacy.com/podcasts/the-infosec-osint-show-37297/13-advanced-passive-recon-with-the-amass-scripting-engine-281294369
https://twitter.com/c4ir0_/status/1591476424782893057
Parameter Tampering -
http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&attackVectorId=57
Payloads / POCs
https://github.com/bugcrowd/templates
https://github.com/knownsec/pocsuite3
https://github.com/Excloudx6/Public/tree/master/payloads
https://github.com/sh377c0d3/Payloads/fork
https://github.com/RootUp/PersonalStuff
https://github.com/swisskyrepo/PayloadsAllTheThings
https://portswigger.net/research/top-10-web-hacking-techniques-of-2019-nominations-open
https://portswigger.net/research/top-10-web-hacking-techniques-of-2019
https://portswigger.net/research/top-10-web-hacking-techniques-of-2020-nominations-open
https://portswigger.net/research/top-10-web-hacking-techniques-of-2020
https://portswigger.net/research/top-10-web-hacking-techniques-of-2021-nominations-open
https://portswigger.net/research/top-10-web-hacking-techniques-of-2021
https://portswigger.net/research/top-10-web-hacking-techniques
https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge
POC Videos
https://repo.telematika.org/project/bminossi_allvideopocsfromhackerone/
https://github.com/zeroc00I/AllVideoPocsFromHackerOne
Ports (Port Scanning)
https://gist.github.com/yezz123/52d2fc45c5de284ec89131c2a3dde389#redis---6379 <---- (How to Hack each Port methodology - GOOD
portscan.sh https://gist.github.com/priyanshus/8f9710f48a98c2bfe92860e78258e5a0
Postman
Features in develpment https://trello.com/b/4N7PnHAz/postman-public-roadmap-moved-to-https-gopstmnio-public-roadmap
https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/
Password Cracking
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf
People
https://blog.intigriti.com/2021/12/31/top-20-bug-bounty-youtube-channels-to-follow-in-2021/
tnom interview https://gist.github.com/ruevaughn/00638360841b2bec94149080c4f04f28
Ashar Jahvid https://twitter.com/soaj1664ashar
https://www.linkedin.com/in/alex-thomas-488a1ab2/?_l=en_US https://medium.com/@ghostlulzhacks
Ch1-R0n1n https://www.youtube.com/@Ch1R0n1n
Phone Numbers / virtual numbers
https://smspva.com/
https://github.com/nicoandmee/smspva-client
Post Message
https://github.com/benso-io/posta
https://ysamm.com/?p=493
https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/
https://blog.yeswehack.com/yeswerhackers/introduction-postmessage-vulnerabilities/
automate prototype polution https://twitter.com/R0X4R/status/1402906185301323776
https://payatu.com/blog/postmessage-vulnerabilities/
https://rhynorater.github.io/postMessage-Braindump
Products / Services
Protobuf https://github.com/protocolbuffers/protobuf
Protype Pollution
https://www.youtube.com/watch?v=Z6CtDSx8C5kHow to Hunt for Prototype Pollution Vulnerabilities in Open Source Bug Bounty | #methodology
https://www.youtube.com/watch?v=E494seho3E0 NDSS 2022 Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Mill...
automate prototype polution https://twitter.com/R0X4R/status/1402906185301323776
automate https://twitter.com/R0X4R/status/1402906185301323776
https://www.kitploit.com/2021/09/plution-prototype-pollution-scanner.html
https://github.com/dwisiswant0/ppfuzz?tag=v1.0.0
https://github.com/kosmosec/proto-find
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution
https://github.com/BlackFan/client-side-prototype-pollution
https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/
https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf
https://www.youtube.com/watch?v=Gv1nK6Wj8qM&t=1558s
https://blog.abdulrah33m.com/prototype-pollution-in-python/
https://github.com/lanmaster53/lanmaster53-src/blob/master/content/posts/2023-02-01-prototype-polution-in-flask.md
https://blog.intigriti.com/2021/07/14/bug-bytes-131-credential-stuffing-in-bug-bounty-hijacking-shortlinks-hacker-shows/
https://www.geeksforgeeks.org/ppmap-a-scanner-or-exploitation-tool-written-in-go/
https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution
Prototype polution Tools
https://github.com/msrkp/PPScan
Proxychains
https://www.edureka.co/blog/proxychains-anonsurf-macchanger-ethical-hacking/
hackersploit proxychains setup https://www.youtube.com/watch?v=NN9fQwiomAU
https://github.com/haad/proxychains/issues/26
https://github.com/rofl0r/proxychains-ng
https://gist.github.com/allenhuang/3792521
https://github.com/Und3rf10w/kali-anonsurf
https://www.reddit.com/r/ParrotSecurity/comments/9qvj7r/how_does_anonsurf_work_how_is_it_different_from_a/
Proxies
https://proxy-store.com/
https://5socks.net/en/
https://github.com/nicoandmee/5socks
https://github.com/lightbody/browsermob-proxy
https://github.com/adamfisk/LittleProxy
http://bmp.lightbody.net/
https://github.com/PeterDaveHello/tor-socks-proxy
https://resources.infosecinstitute.com/topic/tor-part-2/
Zap Vs Burp ch1ronin and xssrat https://www.youtube.com/watch?v=5UxdFpd340Q
ppmap
https://blog.intigriti.com/2021/07/14/bug-bytes-131-credential-stuffing-in-bug-bounty-hijacking-shortlinks-hacker-shows/
https://www.geeksforgeeks.org/ppmap-a-scanner-or-exploitation-tool-written-in-go/
https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution
Prototype polution Tools
https://github.com/msrkp/PPScan
Python
https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03?utm_source=pocket-ff-recs
Rails
https://contributors.rubyonrails.org/contributors/aaron-patterson/commits
https://github.com/zactly/handouts/blob/master/oss_apps.md
https://github.com/zactly/handouts/blob/master/materials.md
https://github.com/gramantin/awesome-rails#apps-made-with-rails
Mass Assignment https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html
https://code.tutsplus.com/tutorials/mass-assignment-rails-and-you--net-31695
https://www.cloudbees.com/blog/preproduction-checklist-for-a-rails-app?utm_source=rubyweekly&utm_medium=email
Networking
https://ipv6.he.net/presentations.php
Recon
https://github.com/003random/003Recon
https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py
Reconmap GUI Website SaaS https://demo.reconmap.com/login
https://github.com/0xbharath/assets-from-spf
https://mavericknerd.github.io/knowledgebase/BugBountyRecon/
https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf
https://ulir.ul.ie/bitstream/handle/10344/8278/Nuseibeh_2019_Text.pdf?sequence=2
https://github.com/janmasarik/resolvers
https://github.com/janmasarik/resolvers/pull/31/files
Redis
https://gist.github.com/yezz123/52d2fc45c5de284ec89131c2a3dde389#redis---6379
RCE
https://infosecwriteups.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398
Resolvers
https://github.com/janmasarik/resolvers/pull/31/files
https://github.com/janmasarik/resolvers
Reporting
https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html
https://bughunters.google.com/learn/invalid-reports/web-platform/xss/6619189462433792/xss-in-sandbox-domains
Reflected File Downloads
Reflected File Download - A New Web Attack Vector https://www.youtube.com/watch?v=dl1BJUNk8V4
https://blog.davidvassallo.me/2014/11/02/practical-reflected-file-download-and-jsonp/
https://drive.google.com/file/d/0B0KLoHg_gR_XQnV4RVhlNl96MHM/view?resourcekey=0-NV7cTUTB48bltMEddlULLg
https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
https://www.davidsopas.com/reflected-file-download-cheat-sheet/
Regexp
Regexp Basics https://www.youtube.com/watch?v=KJG1dETacLI
https://regexr.com/
Recon
https://armx64.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
Rengine
https://security.packt.com/rengine-an-automated-recon-framework/
Resources
https://github.com/Excloudx6/Infosec_Reference/compare/master...rmusser01:Infosec_Reference:master
https://rmusser.net/docs/#/
https://www.reddit.com/r/Slackers/
Part 1 Detectify Hakluke how to hack web apps in 2022 https://labs.detectify.com/2022/05/16/how-to-hack-web-applications/
Part 2 Detectify Hakluke how to hack web apps in 2022 https://labs.detectify.com/2022/08/05/how-to-hack-web-applications-in-2022/
How to Hack APIs in 2021 by Hakluke & https://twitter.com/farah_hawaa https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/
https://portswigger.net/research/web-cache-entanglement
https://github.com/AnLoMinus/Bug-Bounty
https://github.com/ngalongc/bug-bounty-reference
https://www.youtube.com/c/krypt0muxbugbounty
https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Getting_Started_with_Bug_Bounty.pdf
https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Hacking_101.pdf
https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Adddddddddddddela_Hanikova_All_roads_lead_to_domain_admin.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
Really good bug bounty playlist https://www.youtube.com/watch?v=FeXloh12Mnw&list=PLlrnAg4kKF3r26OIyfoYQQ-YqySE3fyE_&index=2
When looking for something ot hack https://web.archive.org/web/20210420062735/https://help.intrigue.io/reference/intrigue-core-api-endpoints
The 5 Hacking NewsLetter 107 - https://pentester.land/newsletter/2020/05/27/the-5-hacking-newsletter-107.html
Cloud Metadata - https://gist.github.com/rudSarkar/39f821249bf0d38093cafbfd23bc33ee | https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb
Megathread https://twitter.com/ITSecurityguard/status/1519272305729458176
Reset Passwprd https://docs.google.com/presentation/d/1QzBl3k3n2q44ULyfZgr_gPZexj8nF5vD8JrS5AUJRbs/edit#slide=id.gb5aea10a86_0_167
Bug Bounty Google Doc https://docs.google.com/presentation/d/1o7GWUOYwcd3uMwLBRG9UzARYCvfuX3VKUHfoPu38t78/edit
Bug Bounty Udemy Courses Tip https://twitter.com/ITSecurityguard/status/1519272305729458176
https://github.com/carlospolop/PEASS-ng
Saturday Night Bug Bounty Bytes w/ Ch1-R0n1n https://www.youtube.com/watch?v=xx5fF7i-dCQ
Nicolas Grégoire - Hunting for Top Bounties https://www.youtube.com/watch?v=mQjTgDuLsp4
Hacktify Playlist to learn hacking https://www.youtube.com/watch?v=NBCrlRqX2AY&list=RDCMUCS82DNnKOhXHcGKxGzQvNSQ&start_radio=1&rv=NBCrlRqX2AY&t=0
https://gabb4r.gitbook.io/oscp-notes/windows-post-exploitation/windows-exploit-suggester
Resolvers
https://github.com/bp0lr/dmut-resolvers/
https://github.com/blechschmidt/massdns/blob/master/lists/resolvers.txt
https://github.com/janmasarik/resolvers/blob/master/resolvers.txt
https://github.com/six2dez/resolvers_reconftw
Reverse Engineering
a bianry debuger in action https://www.youtube.com/watch?v=5CCaQ9OK2vU&t=19s
Router Hacking
https://github.com/nicoandmee/NetgearHammerv2/fork
RNG http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html
RPO (Relative Path overide) Gadgets
https://blog.innerht.ml/rpo-gadgets/
https://www2018.thewebconf.org/proceedings/
https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/
https://www.nds.rub.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf
https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities
inurl:/.well-known/security ext:txt -hackerone -bugcrowd -synack -openbugbount
SAML
https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf
https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/
Scanners
2020_3452
https://www.zoomeye.org/
https://searchcode.com/
https://fullhunt.io/
https://github.com/RustScan/RustScan
https://github.com/knassar702/scant3r
S3 buckets
https://github.com/sa7mon/S3Scanner
Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations https://www.youtube.com/watch?v=ITSZ8743MUk
https://support.cloudflare.com/hc/en-us/articles/360037983412-Configuring-an-Amazon-Web-Services-static-site-to-use-Cloudflare
Scraping / Web Scraipn
https://github.com/selenide/selenide
Second Order Takeovers
Shubbs Talking about it in his 5 years of hacking talk. Good. https://youtu.be/iG7-c0YbhbM?t=1472
Self Hosting
https://github.com/710leo/urlooker
https://github.com/Fuzzapi/fuzzapi
https://github.com/flipkart-incubator/Astra
https://docs.webpagetest.org/private-instances/
https://gitlab.com/invuls/pentest-projects/w
https://geekflare.com/prometheus-grafana-intro/
https://prometheus.io/
https://github.com/photoprism/photoprism
https://hub.docker.com/r/photoprism/photoprism
https://www.cervantessec.org
https://github.com/louislam/uptime-kuma
https://github.com/SabyasachiRana/WebMap
https://nlnetlabs.nl/projects/unbound/about/
https://github.com/projectdiscovery/interactsh-web
https://github.com/netbox-community/netbox
https://github.com/awesome-selfhosted/awesome-selfhosted
https://chewbaka69.github.io/PlexShare/
https://honoki.net/2021/07/11/wilson-cloud-respwnder/
Shodan like nmap results parser (https://github.com/shivammehta007/ScanX) PBNJ(http://pbnj.sourceforge.net/) (A suite of tools to monitor change in a network over time) store NMAP Results in a database to monitor changes on a network over time and then conducts historical analysis to identify new hosts -
Scripts
LFI https://web.archive.org/web/20100228162410/http://pastie.org/840199
https://github.com/killswitch-GUI/PenTesting-Scripts
https://github.com/mohitraj/mohitcs
Session Poisoning - https://en.wikipedia.org/wiki/Session_poisoning
https://github.com/t1m4/ptl_lab
Setup
Bug Bounty Tools Setup - https://github.com/oliveira-andre/bug_bounty_tools
Redherd - https://redherd.readthedocs.io/en/latest/ | https://www.youtube.com/channel/UCYSM51oldVsryhZxGdB3hXA
Shodan
https://github.com/Excloudx6/sdlookup
Shells
https://github.com/security-cheatsheet/reverse-shell-cheatsheet/fork
https://github.com/tennc/webshell/blob/master/README_EN.md
Smart Contracts
https://github.com/SecurityInnovation/Smart-Contract-CTF
soap
https://burpsuite.guide/extensions/wsdler/
Sockets
https://www.opensourceforu.com/2015/03/a-guide-to-using-raw-sockets/
Sourcemaps
https://github.com/ryanseddon/source-map/wiki/Source-maps:-languages,-tools-and-other-info
SSRF
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/ <-- mentions SSRF
SSRF HTTP Bypass List https://pastebin.com/YbsKrMpf
SSRF - Practical by Hacktify https://www.youtube.com/watch?v=NBCrlRqX2AY
https://reconshell.com/jira-mobile-ssrf-exploit/
https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssrf
https://gist.githubusercontent.com/BuffaloWill/fa96693af67e3a3dd3fb/raw/f452e1146336b62628ca065baabeb90cc954a4cf/cloud_metadata.txt
Subdomain Takeovers
https://github.com/mhmdiaa/tko-subs
https://github.com/mhmdiaa/second-order
https://0xpatrik.com/subdomain-takeover-ns/
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
https://www.hackerone.com/application-security/guide-subdomain-takeovers
https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75
https://import.cdn.thinkific.com/359809/courses/1386931/locomotivesubdomaintakeover-210608-154821.yamll
https://github.com/buckhacker/SubDomainTakeoverTools
github.com/lukasikic/subzy
-> https://gist.githubusercontent.com/ruevaughn/91d3369fdf0d93b0bdc6662c771cb7ae/raw/79e07b315e465bae1f003ec8fd40fcf5471b223b/fingerprints.json
github.com/mhmdiaa/second-order
Submitting a report
https://about.gitlab.com/blog/2020/09/28/top-tips-for-better-bug-bounty-reports-and-a-hacker-contest/
SQL INjection
https://www.cloudflare.com/learning/security/threats/sql-injection/
Shodan
Awesome Shodan Queries https://github.com/jakejarvis/awesome-shodan-queries
Shodan Dorks https://twitter.com/0xhunster/status/1548382647759491074/photo/1
Shodan CVE Dorks Kathan https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
https://carbon.now.sh/6nEp25xrtuu53L6aquU4
https://twitter.com/kotylevskiy/status/1551926067908182018/photo/1
shodan_favico_hashscans.sh https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a
Sitemap.xml
https://github.com/atomicptr/crab
SMS / Phone Numbers
https://github.com/nicoandmee/smspva-client
https://smspva.com/ virtual phone numbers
Status Codes
Web status codes https://requests.readthedocs.io/en/latest/api/#status-code-lookup
Sqlmap
Sqlmap tip - https://youtu.be/rVu0GUjic_g?t=2246
https://twitter.com/ReconOne_bk/status/1600468125488906240
Source Code Analysis
https://twitter.com/dhakal_ananda/status/1544574015779606529
SVG Uploads
https://www.reddit.com/r/xss/comments/wvesnp/xss_svg_ghostlulz/
http://ghostlulz.com/xss-svg/
Takeovers
https://github.com/musana/mx-takeover
Timing Attacks
Time Attacks http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp?antiCsrfToken=null&filterCategory=9
Tips
Parse Github URls https://github.com/ruevaughn/git-url-parse
Randomize IPs https://gist.github.com/yehgdotnet/27114d4bb5b28ec093e6dd36e329c389
Find IP Address behind CDN
https://woorkup.com/view-dns-history-free/
https://github.com/mandatoryprogrammer/cloudflare_enum
https://infosecwriteups.com/finding-the-origin-ip-behind-cdns-37cd18d5275
https://zdresearch.com/finding-the-origin-ip-behind-cdns/
https://twitter.com/HolyBugx/status/1343156549162852352?s=20
Test Shodan Queries https://app.netlas.io/responses/
https://bbinfosec.medium.com/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/bugbountytips.md
King of Bug Bounty Tips - https://github.com/KingOfBugbounty/KingOfBugBountyTips
https://abhinavprasad47.github.io/bugbounty-starter-notes/
https://www.google.com/search?tbm=bks&q=recon-ng
gh dork: https://github.com/topics/one-liners
Eval command and security issues https://mywiki.wooledge.org/BashFAQ/048
🌟 Find company's owned domains (company.*) with these #googledorks: | https://twitter.com/nil0x42/status/1533094473067995137
https://redhuntlabs.com/nvadr
TLS https://dl.acm.org/doi/pdf/10.1145/3355369.3355601
https://tls.peet.ws/api/all
https://en-academic.com/dic.nsf/enwiki/868408#Fingerprinting_tools
Tobuy https://order.shareit.com/cart/view | https://tryhackme.com/why-subscribe | https://findomain.app/#Pricing | https://github.com/Excloudx6/InfoSec-Black-Friday | HAKLUKE RECOMENDS https://securitytrails.com/corp/osint-toolkit?referral_code=LLDAK0F80M
book https://www.amazon.de/dp/3936546495/
Todo
read https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
https://tillsongalloway.com/finding-sensitive-information-on-github/
TODO: Make a worldist from these Amazon Cognito API actions GetUser etc https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html
Tools
Gareth Hayes Hackability Inspector https://portswigger-labs.net/hackability/inspector/?html=%3Ciframe%20src=%22//subdomain1.portswigger-labs.net/hackability/inspector?html=%3Ciframe%20src=/%3E%22%20id=x%3E
https://gist.github.com/heinthanth/cc9812678daa63ac798a2baa9089559c
https://www.computec.ch/projekte/httprecon/
https://www.computec.ch/mruef/?s=software&l=e
https://github.com/ladecruze/Subdorker/fork
Brute Force Tomcat https://github.com/Excloudx6/tomcter
Code Snippets
https://carbon.now.sh/snippets
HTML Tools (CSV To HTML, Regexpal, 50+ tools)
https://www.cleancss.com/join.php
Arjun
https://www.rffuste.com/2022/08/01/arjun-introduction/
https://github.com/s0md3v/Arjun/wiki/Usage#scan-a-single-url
crobat
https://www.onsecurity.io/blog/how-i-made-rapid7s-project-sonar-searchable/
Dom Invader
https://www.youtube.com/watch?v=GeqVMOUugqY
ffuf
https://mikekitckchan.medium.com/holy-ffuf-a-beginner-guide-to-fuzz-with-ffuf-4bc6a66b5391 | https://thexssrat.medium.com/what-the-fuzz-the-truth-behind-content-discovery-77cd0c0756e7
gf
Automate GF and gau https://gist.github.com/BU9D4DDY/eea5f7580577d9bf5d009ce923bac4fe
https://rengine.wiki/usage/tool_conf/
https://github.com/1ndianl33t/Gf-Patterns
https://github.com/halencarjunior/BugBuntu/wiki/Installing-Gf-Patterns
https://github.com/NitinYadav00/gf-patterns/fork
https://twitter.com/sratarun/status/1361209626478276610
MORE GF TEMPLATES https://github.com/lutfumertceylan/top25-parameter/releases/tag/v1.0.7
https://github.com/tomnomnom/gf/compare/master...pry0cc:jf:master |
https://github.com/ResistanceIsUseless/gf |
https://github.com/tomnomnom/gf/compare/master...medbsq:gf:master |
https://github.com/mrofisr/gf-patterns
gee
Similar to Tee. More Functionality. https://github.com/hahwul/gee
Gee Tips https://twitter.com/hahwul/status/1360495560843689989
FFMPEG-AVI-m3u-xbin - https://github.com/Excloudx6/ffmpeg-avi-m3u-xbin
metabigor v2 - Metabigor https://twitter.com/j3ssiejjj/status/1528687407587299330/photo/1
pywhat -- Identify anything. pyWhat easily lets you identify PI from pcap files
https://github.com/bee-san/pyWhat/fork
recon-ng https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py
SimpleApachePathTraversal - https://github.com/MrCl0wnLab/SimplesApachePathTraversal
Source2Url -
Tmux
tmux or screen https://youtu.be/a8LaNydbJyA?t=6406
Tracy
https://newsroom.nccgroup.com/
https://github.com/nccgroup/tracy/blob/master/src/js/database-worker.js
https://github.com/nccgroup/tracy
UrlEncode/Decode
https://www.w3schools.com/tags/ref_urlencode.ASP
https://network-tools.com/url-encode/
https://www.url-encode-decode.com/
Vulscan
Updated DB https://github.com/scipag/vulscan/compare/master...tokyoneon:vulscan:master
anotehe db https://github.com/Gameye98/vulscan/commit/425ee701db01cf94f56a8145af92a950c02f97c3#diff-794ffbc603a01842814a2779375ffd40f324f55fcfdd63ebf6f94994f61ac1f8
https://www.cve.org/Downloads
There are the following pre-installed databases available at the moment:
https://www.computec.ch/projekte/vulscan/?s=documentation
* scipvuldb.csv | http://www.scip.ch/en/?vuldb
* cve.csv | http://cve.mitre.org
* osvdb.csv | http://www.osvdb.org
* securityfocus.csv | http://www.securityfocus.com/bid/
* securitytracker.csv | http://www.securitytracker.com
* xforce.csv | http://xforce.iss.net
* expliotdb.csv | http://www.exploit-db.com
* openvas.csv | http://www.openvas.org
voip
https://github.com/EnableSecurity/awesome-rtc-hacking
Vulnerable Things
https://github.com/kiwicom/xssable
https://github.com/janmasarik/dumb-password-rules
https://github.com/duffn/dumb-password-rules/fork
wayback urls
https://github.com/akamhy/waybackpy
mhmdiaa/waybackurls.py https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
WhatWeb - https://github.com/urbanadventurer/WhatWeb
WFUZZ - https://book.hacktricks.xyz/pentesting-web/web-tool-wfuzz
ahttps://useragent.me/
Wireshark
How Nmap really works // And how to catch it // Stealth scan vs TCP scan // Wireshark analysis https://youtu.be/F2PXe_o7KqM?t=551
https://www.udemy.com/course/wireshark-for-ethical-hackers/
Wordlists
https://packetstormsecurity.com/Crackers/wordlists/
Cewl -> fab -> exiftool https://en.kali.tools/?p=1253
https://gist.github.com/vijay922/9132266d9078eca18ab37e4b144429d9
Could be useful when automating wordlist building - only add a word to the wordlist if its frequency is > 10 or something https://github.com/Excloudx6/freq-of-each-word-perfile
Same with this one https://github.com/Excloudx6/freq-word-counter-rust
https://owasp.org/www-project-d4n155/#div-operations
https://www.geeksforgeeks.org/owasp-d4n155-intelligent-and-dynamic-wordlist-using-osint/
Cpanel https://gist.github.com/BU9D4DDY/5e4a8f60790feaa030b4733e57f44279
https://infocon.org/word%20lists/
https://worksheets-dev.codalab.org/rest/bundles/0x08a6d15c3572418c945713a14b880d5f/contents/blob/vocab.en
https://raw.githubusercontent.com/chrisk44/Hijacker/master/wordlists/darkc0de.lst
http://paper.vulsee.com/Dictionary-Of-Pentesting/Subdomain/subnames-880199.txt (VHOST)
https://github.com/3ndG4me/KaliLists
python libs https://gist.github.com/void4/9376be72d380921cc5cc371305792806
Bruteforce Wordlist https://gist.github.com/random-robbie/0f9d24a7b3c7268ee0c1ecdbe280611b
Config Files by Tomnomnom https://github.com/tomnomnom/meg/blob/master/lists/configfiles
DNS Wordlists DeepMagic https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/deepmagic.com-prefixes-top50000.txt
https://wordlists-cdn.assetnote.io/rawdata/kiterunner/swagger-files.tar
Open Redirect Wordlist https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txtI
Passwords Wordlist http://web.mit.edu/~mkgray/jik/src/Attic/kerberos_password_hacker/allwords
Wifi Cracking
https://githtmlpreview.netlify.app/?https://github.com/Gexos/Hacking-Tools-Repository/blob/gh-pages/index.html#Wireless
https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-with-cowpatty-0148423/
https://github.com/calebmadrigal/trackerjacker
https://github.com/chrisk44/Hijacker
https://techyrick.com/cowpatty/
https://github.com/Excloudx6/Hydra-Cheatsheet/blob/master/Hydra-Password-Cracking-Cheatsheet.pdf
https://github.com/hash3liZer/WiFiBroot/fork
Windows hacking
https://github.com/AonCyberLabs/Windows-Exploit-Suggester
Wordlists
https://github.com/mhmdiaa/chronos
https://github.com/d4rckh/gorilla
https://github.com/jim3ma/crunch
https://github.com/the-xentropy/samlists/fork
https://github.com/AyProductions-Team/NEXTdependencydownloader/blob/588fa54b77743f808feec88070a4a0c76ac7c993/bin/Debug/net6.0-windows/DependencyDownloader.exe.WebView2/EBWebView/ZxcvbnData/3.0.0.0/passwords.txt
https://gist.github.com/random-robbie/c9671939d029848df38e06c5383e6395
Short Wordlist by Tomnomnom https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51
https://github.com/giteshnxtlvl/cook
https://imgur.com/user/silverblack1111/New%20Folder
https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056
https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt
https://github.com/koaj/aws-s3-bucket-wordlist
https://github.com/Karanxa/Bug-Bounty-Wordlists
FUZZ.txt good -https://gist.github.com/m4ll0k/50efec5f04179b107c9d7597eec7d23c
https://gist.github.com/m4ll0k/https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d
Stream: Creating Target Specific Wordlist!! https://www.youtube.com/watch?v=AF-zp6DROTs
API Endpoints https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d
https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af
https://wordlists.assetnote.io/
https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056
https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt
https://gist.github.com/miguelmota/706ebaeb661e246e1b682c400d49d1c9
https://github.com/ghostlulzhacks/wordlist/blob/master/directory-brute-wordlist.txt
to harvest https://youtu.be/YO3ldj4jkJk?t=275
Common Bucket Names https://github.com/buckhacker/buckhacker/blob/master/resources/common-bucket-names.txt
https://portswigger.net/web-security/authentication/auth-lab-passwords
https://portswigger.net/web-security/authentication/auth-lab-usernames
https://github.com/SmeegeSec/SmeegeScrape
make a wl from js https://gist.github.com/seqrity/d67608eb6372cd6f455bfeeefa77b9c2
Who what where when tomnomnom - https://www.youtube.com/watch?v=W4_QCSIujQ4
https://pentestbook.six2dez.com/recon/webs-recon Wordlist Gen
https://github.com/giteshnxtlvl/cook
https://gitlab.com/kalilinux/packages/amass/-/tree/91a5313226ab9ebd4ecbad40622584dd6f3f7cd5/wordlists Wordlists
Wordpress
https://wpscan.com/howto-find-wordpress-plugin-vulnerabilities-wpscan-ebook.pdff
https://www.hacking.land/2017/12/xattacker-website-vulnerability-scanner.html
How to Use WPScan With ethicalhack3r https://www.youtube.com/watch?v=C2qEh5NMczo
How to scan WordPress for Vulnerabilities using WPScan video Part 1 | Tutorial 2021 with InfoSec Pat
ttps://www.turnkeylinux.org/wordpress
Writeups
https://github.com/kh4sh3i/bug-bounty-writeups
securityforeveryone.com/scan-repository
2022-07-15 Exploiting Arbitrary Object Instantiations in PHP without Custom Classes https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/
https://github.com/fardeen-ahmed/Bug-bounty-Writeups
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://twitter.com/ITSecurityguard/status/1519272305729458176
https://github.com/ngalongc/bug-bounty-reference
https://github.com/djadmin/awesome-bug-bounty
https://ysamm.com/#
https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/
https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups
https://infosecwriteups.com/intro-to-bug-bounty-automation-tool-chaining-with-bash-13e11348016f
https://hacklido.com/u/excloudx
https://subscription.packtpub.com/book/ssnetworking-and-servers/9781788626897/7/ch07lvl1sec47/example
https://subscription.packtpub.com/owned
https://id.bugbountyhub.com/auth/realms/bugbountyhub/login-actions/authenticate?execution=a484e1a7-bc42-472b-a339-15be49996b14&client_id=prod-platform&tab_id=MivkVulj_p8
https://github.com/phlmox/public-reports/blob/main/hackerone-one-million-reports
https://footstep.ninja/posts/
https://twitter.com/omespino/status/1489310300708900868/photo/
https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/
https://discord.com/channels/772850979955671103/772854181433573398/895230570366402590 Hacking Articles
Vhosts
https://github.com/codingo/VHostScan
https://twitter.com/rez0__/status/1254588390114287617?lang=en0
00010
https://github.com/cujanovic/Virtual-host-wordlist
ffuf tips andtricks (vhost) ffuf scripts and tricks [NahamCon 2021]
https://github.com/Shaked/vhost-finder
Vhost Discovery https://github.com/projectdiscovery/tlsx#sancn-probe
VPS
https://www.brevityinmotion.com/automated-cloud-based-recon
https://docs.webpagetest.org/private-instances/
https://github.com/SecuraBV/RedWizard
https://github.com/flipkart-incubator/Astra
https://gitlab.com/invuls/pentest-projects/pcf
https://github.com/forwardemail/free-email-forwarding
https://sublime.security/start
https://docs.digitalocean.com/tutorials/recommended-droplet-setup/
Welcome to DigitalOcean Intro Playlist https://www.youtube.com/watch?v=y3PCZ4UEUcI&list=PLseEp7p6Ewibnv09L_48W3bi2HKiY6lrx
https://docs.digitalocean.com/developer-center/onboarding-how-to-use-digitalocean-spaces/
https://securityonline.info/bxss-simple-blind-xss-detection-tool/
bounty-setup https://gist.github.com/random-robbie/9698790be3f7aec3d9c00301441b9070
https://www.jomar.fr/posts/2021/my_bounty_infrastructure/
https://github.com/khast3x/Redcloud#screenshots
https://github.com/bbhunter/pentest-scripts/blob/main/useful/get-tools.sh
https://github.com/crawlab-team/crawlab
https://github.com/righettod/toolbox-pentest-web
https://web.archive.org/web/20210413185007/https://jomar.s3.fr-par.scw.cloud/Public/tuto.sh
https://github.com/daxAKAhackerman/simple-one-time-secret
google cloud official repos https://github.com/googleapis/google-cloud-ruby
google cloud repos https://github.com/orgs/4ARMED/repositories
Certifcate install https://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate
https://github.com/orgs/4ARMED/repositories
Teraform Burp Colab server https://github.com/anshumanbh/terraform-burp-collaborator
Setup script for Regon-ng and altdns https://github.com/jhaddix/domain
https://github.com/AntSwordProject/antSword
https://github.com/janmasarik/resolvers/blob/master/.github/workflows/main.yml
https://github.com/pry0cc/axiom/tree/master/images/provisioners
https://github.com/janmasarik/resolvers
Assetnote Setup and Installation https://gist.github.com/sz3n/1fdf2f871a10d4e9180757afc8fd80e2
https://demo.ezxss.com/manage/dashboard
https://github.com/ssl/ezXSS/wiki/Installation
https://honoki.net/2021/07/11/wilson-cloud-respwnder/
https://github.com/ruevaughn/assetnote
Good one -> https://github.com/tdr130/assetnote
https://github.com/gitcolt/assetmon
https://github.com/daxAKAhackerman/XSS-Catcher
https://github.com/robre/jsmon
https://traefik.io/
Host and Deploy Assetnote https://gist.github.com/BU9D4DDY/9e023d0fae3314273302ae895ae7c5ed
vps_install.sh by Rajchowdhury420 https://gist.github.com/Rajchowdhury420/24fa500ebc4edbb2018860f85f93b8cf
https://hackingblogs.com/bug-bounty-builder-project-tool-use/
Beats - Lightweight shippers for Elasticsearch & Logstash
https://github.com/nicolargo/glances
https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29
https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/learn/lecture/5878090?start=0#overview
Pt a website onlne https://www.youtube.com/watch?v=NQP89ish9t8
https://www.trenchesofit.com/2021/06/14/bug-bounty-vps-build/
https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29
https://github.com/AlexisAhmed/BugBountyToolkit <-- docker
Whitepapers
https://github.com/zactly/handouts/tree/master/conferences
XSS (Cross Site Scripting)
https://excess-xss.com/
Http://ha.ckers.org/xss.js https://web.archive.org/web/20230000000000*/Http://ha.ckers.org/xss.js
https://web.archive.org/web/20120217083736/Http://ha.ckers.org/xss.js
https://github.com/gitcolt/js-tracker ?
https://github.com/beefproject/beef/wiki/Xss-Rays#details Gareth Hayes built back in 2009 and now BeEF Framework updates with new exploit for bxss
Everything I Know About The Script Tag https://eager.io/blog/everything-I-know-about-the-script-tag/
https://web.archive.org/web/20201030153249/https://enciphers.com/finding-and-exploiting-blind-xss/
https://github.com/randomactsofsecurity/sleepy-puppy
https://github.com/randomactsofsecurity/ezXSS
https://github.com/kiwicom/xssable
https://twitter.com/soaj1664ashar
https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/
xss - https://threadreaderapp.com/thread/1508406052663934979.html
https://google-gruyere.appspot.com/
https://0x1.gitlab.io/web-security/Weaponised-XSS-Payloads/
https://infosecwriteups.com/weaponizing-reflected-xss-to-account-takeover-ae8aeea7aca3
https://hakluke.medium.com/upgrade-xss-from-medium-to-critical-cb96597b6cc4
https://github.com/hakluke/weaponised-XSS-payloads
https://medium.com/redteam/weaponising-angularjs-bypasses-4e59790a730a
https://github.com/dwisiswant0/findom-xss
https://www.secureideas.com/blog/2018/12/twelve-days-of-xssmas.html
https://www.geeksforgeeks.org/findom-xss-fast-dom-based-xss-vulnerability-scanner/?ref=rp
https://thexssrat.podia.com/free-labs
https://github.com/topics/xss
https://twitter.com/ofjaaah/status/1504932805431767046
https://portswigger.net/research/new-xss-vectors
https://medium.com/bugbountywriteup/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1
https://github.com/takshal/freq
https://bytemeta.vip/index.php/@takshal
https://github.com/takshal/freq/pull/2/commits/ca176eee65889530b4896d782419edd0e4325713
https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html
What is the best method to use dalfox?? https://attacker-codeninja.github.io/2021-09-09-portswigger-notes-on-host-header-attack/
https://github.sre.pub/topics/xss-scanners
https://medium.com/@skavans_/the-unobvious-about-xss-and-html-encoding-4e0d536a35d9
Al the ways you can alert js -> https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309
https://github.com/wisec/domxsswiki/wiki
https://github.sre.pub/topics/xss-scanners
https://owasp.org/www-community/attacks/xss/
Moving beyond alert()xss https://av.tib.eu/media/49191
https://unescape-room.jobertabma.nl/
https://infosecwriteups.com/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df
https://github.com/danielthatcher/Cookieless-Session-Scanner session is for identifying xss as described here https://blog.isec.pl/all-is-xss-that-comes-to-the-net/
XSS Labs
https://google-gruyere.appspot.com/
Sandbox
https://homakov.blogspot.com/2013/04/html5-sandbox-bad-idea.html
https://web.dev/sandboxed-iframes/
Screenshots
http://gallery.menalto.com/
https://github.com/detectify/page-fetch/fork
Eyeballer
https://github.com/BishopFox/eyeballer <----- TODO BIG IG and [this](https://www.kaggle.com/datasets/altf42600/pentest-screensots)
https://www.akamai.com/blog#HTTP2rs
https://www.jhaddix.com/post/tooltime-2-ssl-certificate-parsers-for-recon
Recon
Notify -bulk - workflow to funnel everything to Notify https://youtu.be/v7FMPU3J3Qw?t=3044
ReconFTW Automation - https://youtu.be/v7FMPU3J3Qw?t=2841
Tools
https://github.com/tess-ss/good-tools/blob/main/tools.md
https://gist.github.com/olivierlemoal/e95d11c54a6465db749078298e22cc83
https://gist.github.com/imrelaxed/016af6998cf05ec1f3c9034e87856dd9
https://githtmlpreview.netlify.app/?https://github.com/Gexos/Hacking-Tools-Repository/blob/gh-pages/index.html#Wireless
https://reconshell.com/awesome-bug-bounty-tools/
https://reconshell.com/mobile-hackers-weapons/
https://book.hacktricks.xyz/todo/more-tools
https://github.com/fardeen-ahmed/Bug-bounty-Writeups#-bug-bounty-tools---
https://github.com/vavkamil/awesome-bugbounty-tools#Recon
Image upload
https://github.com/barrracud4/image-upload-exploits
https://hackbotone.com/blog/essential-recon-tools/
https://github.com/danielthatcher/spydom
https://allciber.com/web-attack-cheat-sheet/
Alias / Snippet / Command Management
https://github.com/nahamsec/recon_profile
https://github.com/hahwul/hack-pet/commit/6405608c856551d241174d8c839c79efdff5153c
https://github.com/hahwul/hack-pet
https://github.com/knqyf263/pet
https://github.com/anshumanbh/brutesubs
https://github.com/VainlyStrain/Vailyn
RECON
https://www.offensity.com/en/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
https://infosecwriteups.com/whats-tools-i-use-for-my-recon-during-bugbounty-ec25f7f12e6d
https://gist.github.com/khanjanny/039d7c7d825a866b9020e3945e04ace9
https://github.com/KathanP19/HowToHunt
https://prettyrecon.com/auth/forgot_password/
Tweets Dorks
https://twitter.com/hashtag/bugbountytips
https://twitter.com/search?q=%23bugbountytips&cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email
https://twitter.com/ghostlulz1337
https://www.google.com/search?client=firefox-b-1-d&q=site%3Agist.github.com+%22dalfox%22+automate
https://gist.github.com/sec99
https://gist.github.com/Bedrovelsen/starred
https://gist.github.com/tranphuoctien/47c1242c8189b42fb4d268c548db4526
https://gist.github.com/GrahamcOfBorg/601b9608c6010d9c82cf0e9535faac4b
https://gist.github.com/babaloveyou
https://www.google.com/search?client=firefox-b-1-d&q=bug+bountny+automation
https://www.reddit.com/r/bugbounty/comments/nkaz32/automation_for_bug_bounty_recon_framework/
https://github.com/dirsoooo/Recon
https://gowthams.gitbook.io/bughunter-handbook/automation
Sqli (SQL Injection)
https://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
https://infosecwriteups.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398
https://github.com/ladecruze/Exploits/blob/master/sqlexploit.js
https://book.hacktricks.xyz/pentesting-web/sql-injection
(at the bottom of the page, the image and text for 2 sqli x-forwarded-for tips) https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21
https://github.com/0xEval/sql2shell
https://sapt.medium.com/ko-on-a-bugcrowd-private-program-17858b57ec61
http://sqlninja.sourceforge.net/download.html
https://w3af.org/howtos/find-cross-site-scripting-and-sql-injections
https://www.securedyou.com/how-to-hack-sql-database-password-cracking/
https://www.securedyou.com/download-havij-free-automated-sql-injection-tool/
sqlmap
https://h1pmnh.github.io/post/advanced-sqlmap-case-study-1
Default Credentials
https://github.com/Excloudx6/WebCrack
The Open Cloud Vulnerability & Security Issue Database https://www.cloudvulndb.org/
https://github.com/SummitRoute/csp_security_mistakes
Default Cred Scanner https://github.com/ztgrace/changeme
Monitor Server Status
https://github.com/firefart/websitewatcher
https://github.com/sudo-jtcsec/server-status-mon
https://github.com/Excloudx6/server-status_PWN
Tmux https://github.com/Excloudx6/clips
# My Bug Bounty Wiki Page
https://github.com/MrM8BRH/SuperLibrary
https://github.com/zeroc00I/ReconNotes
https://gist.github.com/ruevaughn/71c31d7f67b7d105d9f480489e02c906
A-Z Sorting in progress
AwsCli https://aws.plainenglish.io/aws-s3-cli-cheatsheet-9078366fca83
Welcome to my Bug Bounty Wiki page. It's currently not organized or cleaned up at all though that's a WIP. Originally was where I was dumping links and things I needed to rememnber.
News Articles
https://www.bbc.com/news/technology-43581624
https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
Deserialisation
Deserialization example <-https://youtu.be/oUAeWhW5b8c?t=1583
Another Deserialization example https://youtu.be/eDfGpu3iE4Q?t=266
https://github.com/GerbenJavado/LinkFinder
https://medium.com/@duhroach/how-png-works-f1174e3cc7b7
https://github.com/beurtschipper/Depix <-- unblur
### A
Twitter
https://mobile.twitter.com/drunkrhin0/status/1344130730947825664
https://kathmandupost.com/science-technology/2021/04/06/we-dream-to-be-nepal-s-first-billion-dollar-it-company
https://reconwithme.com/
https://jaeles-project.github.io/
APIs
Huge API Resources list! https://dsopas.github.io/MindAPI/references
https://thexssrat.podia.com/view/courses/free-api-testing-and-securing-guide/923506-api-top-10-videos/2699995-owasp-api-top-10-a0-to-a3
https://www.hahwul.com/2019/07/01/easy-security-testing-with-applications-bridge-in-zap/
https://github.com/PortSwigger
### B
Books https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/BOOKS.md
https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html
https://guidesmiths.github.io/cybersecurity-handbook/resources
https://guidesmiths.github.io/cybersecurity-handbook/tooling
https://github.com/1N3/Sn1per/blob/master/modes/normal_webporthttp.sh
Blogs
https://opsecx.com/index.php/category/blog/
Url FInder
https://www.kitploit.com/2021/08/sigurlfind3r-reconnaissance-tool-it.html
Email
https://www.ibm.com/docs/en/sqsp/32.0?topic=SSBRUQ_32.0.0/com.ibm.resilient.doc/install/resilient_install_defang s.htm
Nuclei
Nuclei : A Bug Bounty Tool https://www.youtube.com/watch?v=ZcG8ARatgs0
https://www.reddit.com/r/infosec_daily/comments/lrz9bg/nuclei_tool_review/
Finding bugs with Nuclei with PinkDraconian (Robbe Van Roey) https://www.youtube.com/watch?v=ewP0xVPW-Pk
Nuclei templates
https://github.com/adampielak/cent
https://github.com/xm1k3/cent <-- manage nuclei tempaltes and ibg list of templateseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
https://github.com/trickest/log4j/blob/main/.cent.yaml
https://github.com/aboul3la/nuclei-templates
https://github.com/projectdiscovery/nuclei-templates/compare/master...s4e-labs:nuclei-templates:master
https://github.com/projectdiscovery/nuclei-templates/discussions/693
https://nuclei-templates.netlify.app/
cool
https://github.com/nikitastupin/param-miner-doc
rxrdxrhttps://platforms.disclose.io/
https://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022
https://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer
### C
Fuzzing
https://thugcrowd.com/kiosk/ Badass Fuzzing tools / Resources
https://0xn3va.gitbook.io/cheat-sheets/resources/software/fuzzing
Bug Bounty Videos
Mix - webpwnized https://www.youtube.com/watch?v=Y_2JVREtDFk&list=RDCMUCPeJcqbi8v46Adk59plaaXg&start_radio=1
Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! - https://www.youtube.com/watch?v=CIhHpkybYsY&t=2s
Videos
HackTube5 Youtube https://www.youtube.com/channel/UCiiEXWVI8XDV_SbIOYVuKog
GynvaelEN https://www.youtube.com/user/GynvaelEN
Hacktify https://www.youtube.com/channel/UCS82DNnKOhXHcGKxGzQvNSQ
Hack the Box Youtube https://www.youtube.com/channel/UCi67lRCd5qpaHwSXNJisuRQ
Hackerone https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw
Hackersploit https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
Hacking Simplified https://www.youtube.com/channel/UCARsgS1stRbRgh99E63Q3ng
Hacking Simplifed (smaller channel) https://www.youtube.com/channel/UCTIHXPYJ4gT7PBQK9tUmFJA
https://administraitor.video/edition/Hack.lu/2019
https://portswigger.net/news
Notify - https://youtu.be/rbr7ZmBI9qs?t=278
https://www.youtube.com/watch?v=kbi2KaAzTLg
What after Recon? - Sup Subdomains?!
DORK
https://exposingtheinvisible.org/guides/google-dorking/
https://www.google.com/imgres?imgurl=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FEf6ELytWAAAswXx%3Fformat%3Djpg%26name%3D4096x4096&imgrefurl=https%3A%2F%2Fmobile.twitter.com%2Fbugbountyrecon&tbnid=pQu57Q5pha2WIM&vet=12ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ..i&docid=NghhHzdXU7Ey8M&w=2480&h=1302&q=Bug%20bounty%20automation%20GitHub&client=firefox-b-1-d&ved=2ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
Reporting
https://hacktify.in/bugbounty/ <---- lots of resources for reporting
#### Ruby on Rails
https://hackerone.com/reports/904059
https://hackerone.com/reports/1400309
https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md
https://bugbountyforum.com/resources/#ruby-on-rails
Free Shodan key and nmap automatin script to search for big f5 ip acve
https://learn.hacktify.in/courses/take/bug-bounty-hunting-and-penetration-testing/lessons/16862042-assets-resources
https://github.com/shifa123/f5BigIPExploit/blob/master/assets
dnmap
https://github.com/vdjagilev/nmap-formatter
https://www.darknet.org.uk/2016/07/dnmap-distributed-nmap-framework/?utm_source=pocket-ff-recs
https://github.com/alt3kx/CVE-2021-21985_PoC/blob/main/CVE-2021-21985.nse
# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse
# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve2020-3452.nse
aquatone -
https://github.com/randomactsofsecurity/ezXSS
https://github.com/michenriksen/aquatone/compare/master...firefart:aquatone:master
https://gist.github.com/random-robbie/beae1991e9ad139c6168c385d8a31f7d
https://github.com/4k4xs4pH1r3/aquatone
https://github.com/michenriksen/aquatone/compare/master...VasilyKaiser:aquatone:master
https://www.tib.eu/en/publishing-archiving/research-data
https://github.com/erbbysam/Hunting-Certificates-And-Servers/blob/master/Hunting%20Certificates%20%26%20Servers.pdf
Bug Bouty Programs
https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html
https://guidesmiths.github.io/cybersecurity-handbook/resources
https://guidesmiths.github.io/cybersecurity-handbook/tooling
rxrdxrhttps://platforms.disclose.io/
https://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022
https://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer
https://hackerone.com/alipay?type=team
https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html
Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team
* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
https://github.com/detectify/cs-challenge
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
VDP
Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c
https://www.justice.gov/criminal-ccips/page/file/983996/download
"Bug Bounty programs|VDP|launch" -> Google News etc
#### J
#### L
Labs
Linux
https://linuxsecurity.expert/resources/
#### M
Mobile
file:///Users/cjensen/Dropbox/Mac/Downloads/NPC_2_MOBILE-HUNTING_JACKSON.pdf
Monitoring
https://github.com/dgtlmoon/changedetection.io Monitor Website Changes
Operating Systems
https://exegol.readthedocs.io/en/latest/
### P
Podcasts
Links here -> https://blog.intigriti.com/2019/11/12/bug-bytes-44-new-platform-new-programs-and-a-e25k-head-csrf/
SelfHosted Podcast https://selfhosted.show/60?t=777
Programs
https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt
Rate Limit
Reverse Shells
Redis
https://render.com/docs/blueprint-spec#redis-instances
### T
Top 10
IDN Homograph
https://www.akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks
#### Tools
https://inventory.raw.pm/tools.html#title-tools-collaboration-report
https://www.xmind.net/m/Xy7XEW/# <-----
https://github.com/Excloudx6/PentestTools#exploitation-tools
https://linuxsecurity.expert/security-tools/top-100/
https://intelx.io/tools
https://github.com/nccgroup/ScoutSuite/tree/master/tools
Clean Ips Script
https://gist.github.com/LuD1161/bd4ac4377de548990b47b0af8d03dc78
### D
https://github.com/nccgroup/tracy
#### Todo
hetty.xyz
https://www.bugbountyhunting.com/
https://github.com/KingOfBugbounty/KingOfBugBountyTips#scan-log4j-using- -and-log4j-scan
https://medium.com/hacking-info-sec/how-to-install-and-use-bbrf-35f6aa15fbc9
Same Origin Policy (SOP)
Same Origin Policy good video https://www.youtube.com/watch?v=zul8TtVS-64
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/mindmap.png
https://github.com/topics/bugbounty
https://gist.github.com/R0X4R/bc08d55e368965f22c0b41ee8475ba87
SSRF
https://github.com/Excloudx6/Guide-to-SSRF
https://cheatsheetseries.owasp.org/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Big.pdf
Nmap
nmaparse
https://github.com/actuated/nmaparse
https://www.rffuste.com/2022/08/22/parse-nmap-results-with-nmparse/
https://github.com/killswitch-GUI/PenTesting-Scripts/blob/master/Nmap-Strings
https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology/
https://github.com/SmeegeSec/Security_Headers_Nmap_Parser
https://gist.github.com/BU9D4DDY/3e31890ae407e7c41a00f3715d00c5d7 nmappwn.sh
ssh bruting
A simple multi-threaded distributed SSH brute-forcing tool written in Python https://github.com/k4yt3x/orbitaldump
https://github.com/d3vilbug/Brutal_SSH
Sharepoint Endpoints
https://github.com/JohnTroony/Scriptology/blob/master/payloads/SharePoint-Endpoints.txt
xsshunter
https://github.com/mystech7/xsshunter - duplicate within 15 min check added
https://gosecure.github.io/security-cheat-sheet/
https://twitter.com/e11i0t_4lders0n/status/1489234267687497735
https://snyk.io/log4j-vulnerability-resources/
https://gist.github.com/sminez/571bd7bafb1b88630b85c85a0cd66e3a - grep through this
try
https://github.com/arjunshibu/gcmd
https://splash.readthedocs.io/en/stable/scripting-tutorial.html#scripting-tutorial
https://github.com/phlmox
Recon
https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration
https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6
https://blog.appsecco.com/open-source-intelligence-gathering-101-d2861d4429e3
https://www.reddit.com/r/netsec/comments/7c704k/a_penetration_testers_guide_to_subdomain/
https://news.ycombinator.com/item?id=15676951
https://blog.appsecco.com/open-source-intelligence-gathering-101-d2861d4429e3
https://github.com/Viralmaniar/BigBountyRecon
https://www.kitploit.com/2021/10/webdiscover-purpose-of-this-script-is.html
https://www.cobalt.io/blog/scope-based-recon-smart-recon-tactics
Checklists
https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab
https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/
https://gist.github.com/pdelteil/ba005609789ae14862f023da4191826d
https://github.com/rails/rails/issues/37620
SUBDOMAIN TAKEOVERS
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
https://www.udemy.com/course/cloud-hacking/learn/lecture/8613164?start=0#overview
https://github.com/indianajson/can-i-take-over-dns
https://scotthelme.co.uk/top-1-million-analysis-march-2020/
FINISH Watching - https://www.youtube.com/watch?v=12gtkYbMGd4&t=362s
HARSHBROTHA - https://www.youtube.com/watch?v=UrdvDCb4Gz8
NOTIFY - https://www.youtube.com/watch?v=rbr7ZmBI9qs
Handle your data carefully https://www.y
outube.com/watch?v=rbr7ZmBI9qs
UserAgents
https://github.com/Shaked/user-agents
https://github.com/BbhunterOne/ReconChef/blob/main/recon.sh#L82
Service Workers
https://blog.bitsrc.io/how-to-generate-service-workers-automatically-b6bbbaa632c3
https://web.dev/progressive-web-apps/
https://ultimatecourses.com/blog/ultimate-guide-pwa-workbox
https://developer.chrome.com/docs/workbox/service-worker-overview/
https://glitch.com/
https://developer.chrome.com/docs/workbox/caching-strategies-overview/
Screenshots
https://github.com/spatie/browsershot
# https://github.com/maaaaz/webscreenshot
https://random-robbie.github.io/bugbounty-scans/
https://buaq.net/go-99375.html
https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive?rq=1
Search Engines
https://infosecwriteups.com/30-search-engines-for-cybersecurity-researchers-part-2-of-3-3412d6a35118
Sourcemap Tools (online)
https://ryanseddon.com/demo/source_mapping/
http://sourcemapper.qfox.nl/
Sourcemap Tools
https://github.com/denandz/sourcemapper go project
https://github.com/tehryanx/sourcemapper bash script
https://github.com/rarecoil/unwebpack-sourcemap
https://github.com/PortSwigger/source-mapper
https://github.com/pvdz/sourcemapper
Sourcemaps
https://web.archive.org/web/20150315124821/http://www.html5rocks.com/en/tutorials/developertools/sourcemaps
https://portswigger.net/bappstore/d8148953358b44f4861688410e642a6f
https://pulsesecurity.co.nz/articles/javascript-from-sourcemaps
https://ryanseddon.com/demo/source_mapping/https://sourcemaps.info/spec.html
https://sourcemaps.info/spec.html
http://ryansylvestre.com/posts/sourcemapper/
http://ryansylvestre.com/presentations/source-maps/#/
cheatsheets
https://0xn3va.gitbook.io/cheat-sheets/
https://0xn3va.gitbook.io/cheat-sheets/web-application/http-request-smuggling
_ _ _ _ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \
( F | R | A | M | E | W | O | R | K | S )
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/
+ ------ +
|Articles|
+ ------ +
* E.crack jwt - https://github.com/brendan-rius/c-jwt-cracker
https://github.com/SecureAuthCorp/impacket
Neo4j vs postgres (graphdb)
https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
Automation script
https://www.benteveo.kiwi/blog/automating-bug-bounties
https://github.com/AlexisAhmed/BugBountyToolkit <-- docker
https://gowthams.gitbook.io/bughunter-handbook/automation
Secret
https://www.directdefense.com/csrf-in-the-age-of-json/
https://buaq.net/go-249.html
Intentionally Vulnerable Github repo
https://github.com/shifa123/githubleak
https://wiki.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contentsfff
https://pentestbook.six2dez.com/
https://github.com/m4ll0k
https://github.com/six2dez
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
https://github.com/shifa123
https://www.udemy.com/course/web-application-ethical-hacking/learn/lecture/3305350?start=0#overview
## BugBounty Programs
---
https://huntr.dev/
https://www.zerodayinitiative.com/
https://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5
https://opensourcelibs.com/lib/google-acquisitions
https://opensourcelibs.com/libs/bugbounty
List of .gov
Tatget crypto https://arlolra.github.io/otr/
https://github.com/cisagov/dotgov-data
[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.
[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.
[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)
[Security Ninja Files List](https://crawler.ninja/files/)
https://allabouttesting.org/
Todo:
https://boards.greenhouse.io/cobaltio/jobs/4141074002 <--- solve challenge
CheatSheets
https://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md
Automated Scanners
* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)
* [Dalfox](https://github.com/hahwul/dalfox)
* [XSSTrike](https://github.com/s0md3v/XSStrike)
* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)
[SSTI-XSS-Finder](https://github.com/darklotuskdb/SSTI-XSS-Finder)
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
* https://twitter.com/0xJin/status/1470748925963513863
* https://twitter.com/0xJin/status/1470748925963513863/photo/1
XML / XXE
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/ <-=- goood writeup
https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity
https://medium.com/@ghostlulzhacks/xml-external-entity-xxe-62bcd1555b7b
https://app.intigriti.com/programs/dpgm/libelle/detail
https://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html
https://twitter.com/infosec_au/status/1340785029899698181?lang=en
https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html
Understanding DTD-< https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html
## Owasp Top 10
---
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WhatsNew.html
### Clickjacking
https://lcamtuf.blogspot.com/2011/12/x-frame-options-or-solving-wrong.html
https://blog.innerht.ml/page/2/
https://hackerone.com/reports/8724
### CSRF
* https://hackerone.com/reports/44146
- 7-19-16
* [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&t=5s)
* https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/
- 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))
### XSS
https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
Paid Services
https://findomain.app/#Pricing
## Resources
---
Params
Config override using non-validated query parameter allows at least reflected XSS by injecting configuration into state
https://hackerone.com/reports/1082847
Fuzzcon & fuzzung
https://twitter.com/hashtag/hacklu?src=hashtag_click
https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Fuzzing.md
Recoon
eiIaaefwaaa m
k
- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
[PrettyRecon](https://prettyrecon.com/auth/signup)
### Dorks
https://ask.fm/tags/bounty
### Lists
https://github.com/payloadbox/xss-payload-list
Protips and Trips
Most of the sites use AWS nowadays...
AWS localhost is 169.254.169.2qqqd eede 4bs.com/2017/02/wallpaper-penetration-testing-and-exploit-dev-cheatsheet/
https://githubhelp.com/topic/bugbountytips
Githubs
https://github.com/kleiton0x00?tab=stars
https://github.com/fuzz-security
---
- [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)
- [Disclose/diodb](https://github.com/disclose/diodb)
-
### Streams
[Nehamsec Twitch](https://www.twitch.tv/nahamsec)
### Twitter Tweetin'
https://twitter.com/0xMstar/status/1464658472981565444{{
https://twitter.com/0xJin/status/1470748925963513863
podcasts
https://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q
### Data
---
Bugcrowd Subdomain Enumeration https://www.youtube.com/watch?v=La3iWKRX-tE
CVE-2019-11510 Detail
/dana-na
## CVE/CVD
---
CVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx
- https://vuls.cert.org/confluence/display/CVD/Executive+Summary
- https://vuls.cert.org/confluence/display/CVD/Sightings
https://github.com/detectify/cs-challenge
https://github.com/r3curs1v3-pr0xy
https://notsosecure.com/resources
https://reconshell.com/bug-bounty-tips/
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md
[Insecure Deserialization Part 1](https://www.youtube.com/watch?v=SNi7gNkfLSM)
[Insecure Deserialization part 3](https://www.youtube.com/watch?v=icAKHE-iKOs)
https://secoceans.com/blog-2/
https://portswigger.net/research
https://portswigger.net/blog
https://portswigger.net/news
https://portswigger.net/daily-swig
courses
https://www.udemy.com/course/penetration-testing-bug-bounty-hunting-level-2-hacktify/
https://spongebhav.medium.com/facebook-group-members-disclosure-e53eb83df39e
https://github.com/six2dez/talks/blob/main/Gotta_ENG.pdf
packets
https://www.kitploit.com/2018/08/polymorph-real-time-network-packet.html
Automation
https://gowthams.gitbook.io/bughunter-handbook/automation
[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)
https://pentestbook.six2dez.com/
https://github.com/m4ll0k
https://github.com/six2dez
https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter
https://github.com/shifa123
Writeups
## BugBounty Programs
---
https://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5
https://opensourcelibs.com/lib/google-acquisitions
https://opensourcelibs.com/libs/bugbounty
List of .gov
https://github.com/cisagov/dotgov-data
[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.
[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.
[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)
[Security Ninja Files List](https://crawler.ninja/files/)
https://allabouttesting.org/
CheatSheets
https://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md
### Z
Zap
https://github.com/sepehrdaddev/zap-scripts/fork
https://www.zaproxy.org/authors/thorin/
https://github.com/zaproxy/zap-extensions
Frameworks
https://core.intrigue.io/
Reconness
Pwnmachine
axiom
https://www.mandiant.com/
https://trickest.com/
(https://github.com/Findomain/Findomain/releases)
* [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)
* https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring
Automated Scanners
* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)
* [Dalfox](https://github.com/hahwul/dalfox)
* [XSSTrike](https://github.com/s0md3v/XSStrike)
* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)
https://github.com/darklotuskdb/SSTI-XSS-Finder
* [Learn with @DarkLotusKDB: Recon with Shodan & Spyse,XSS, Bypass Op enRed irects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)
* https://twitter.com/0xJin/status/1470748925963513863
* https://twitter.com/0xJin/status/1470748925963513863/photo/1
## Owasp Top 10
---
### Clickjacking
https://hackerone.com/reports/8724
### CSRF
* https://hackerone.com/reports/44146
- 7-19-16
* [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&t=5s)
* https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/
- 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))
### XSS
Paid Services
https://findomain.app/#Pricing
## Resources
---
[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)
How to view someones IP address and connection speed! https://www.youtube.com/watch?v=SXmv8quf_xM
Recoon
eiIaaefwaaa m
k
- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks
[PrettyRecon](https://prettyrecon.com/auth/signup)
### Dorks
https://ask.fm/tags/bounty
### Lists
https://github.com/payloadbox/xss-payload-list
### Githubs
---
- [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)
- [Disclose/diodb](https://github.com/disclose/diodb)
-
Active Directory
Penttesting Active Directory https://www.xmind.net/m/5dypm8/a
https://adsecurity.org/
### Streams
[Nehamsec Twitch](https://www.twitch.tv/nahamsec)
Live Bug Bounty Hunting Speedbiker https://www.youtube.com/watch?v=9W94AKLc5g8
Watch Live [Current] https://www.youtube.com/c/Ch1R0n1n
### Twitter Tweetin'
https://twitter.com/samwcyo/status/1529888063576584202
https://twitter.com/sshell_
https://mobile.twitter.com/TechnoTimLive Devops tweets
https://mobile.twitter.com/drunkrhin0/status/1344130729320435712
https://twitter.com/0xMstar/status/1464658472981565444{{
https://twitter.com/0xJin/status/1470748925963513863
podcasts
https://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q
### Data
---
* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)
CVE-2019-11510 Detail
/dana-na
## CVE/CVD
---
CVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx
- https://vuls.cert.org/confluence/display/CVD/Executive+Summary
- https://vuls.cert.org/confluence/display/CVD/Sightings
https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods
https://opensourcelibs.com/lib/google-acquisitions
Reverse shells
https://github.com/wwkenwong/Pentest-note
https://github.com/tehryanx?tab=repositories
https://github.com/sawzeeyy/Sanitiz3r
https://buaq.net/go-249.html
s
(https://github.com/Findomain/Findomain/releases)
* [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)
* https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring
https://github.com/D35m0nd142/LFISuite
https://hub.docker.com/u/secsi
tips
WebAssembly
https://lists.w3.org/Archives/Public/public-webassembly/2017Feb/0002.html
https://github.com/WebAssembly/design/issues/
https://developer.mozilla.org/en-US/docs/WebAssembly
https://webassembly.org/getting-started/developers-guide/
https://webassembly.github.io/spec/js-api/index.html
https://hacks.mozilla.org/2018/03/making-webassembly-better-for-rust-for-all-languages/?utm_source=firefox_pocket_save_button
wifi
https://github.com/nicoandmee/NetgearHammerv2/fork
https://null-byte.wonderhowto.com/how-to/break-into-router-gateways-with-patator-0194600/
https://inventory.raw.pm/tools.html#title-
-wireless
https://infosecwriteups.com/how-i-hacked-into-my-neighbours-wifi-and-harvested-credentials-487fab106bfc
https://d3ext-github-io.translate.goog/posts/Curso/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US
https://github.com/S3cur3Th1sSh1t/Pentest-Tools#Wifi-Tools
Wig
https://linuxsecurity.expert/tools/wig/
xxxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzxΩxxxxxxxxxxx≈≈
BlindElephant
https://linuxsecurity.expert/tools/blindelephant/alternatives/
https://ronak-9889.medium.com/denial-of-service-using-cookie-bombing-55c2d0ef808c
IOT
https://www.youtube.com/watch?v=AKoyZLibIeo
Raw
01-Ethereum-Smartcontracts-Blockchain
https://cointelegraph.com/news/bug-bounty-quadruples-for-ethereum-network-up-to-1m-payouts-ahead-of-merge
https://github.com/Linuxinet/learn-blockchain-hacking
https://hackenproof.com/
https://infocon.org/cons/LASCON/LASCON%202021/A%20Hacker%27s%20Guide%20to%20Blockchain%2C%20Smart%20Contracts%2C%20and%20NFTs.mp4
https://speakerdeck.com/raz0r/upgradeable-smart-contracts-security?slide=3
Blockchain
https://hash.ai/@b/uniswap
https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b
https://github.com/ruby/webrick/blob/master/lib/webrick/httprequest.rb }9
https://twitter.com/0xAsm0d3us/status/1438149310080712709 cdC
https://www.youtube.com/watch?v=pBmj9ZPeqwE&feature=emb_logo
https://www.youtube.com/watch?v=rdImuHW4Xlo
Ethereum Hacking
https://github.com/HalbornSecurity/burp-eth
https://github.com/NafisiAslH/KnowledgeSharing
https://github.com/SecurityInnovation/Smart-Contract-CTF
https://twitter.com/CyberWarship/sta tus/1533710785914056705
https://github.com/heldersepu/hs-scripts/blob/master/NodeJS/web3/VestingERC20.js
https://portswigger.net/knowledgebase/papers/exploitingcorsmisconfigurations.pdf
https://www.youtube.com/watch?time_continue=699&v=wgkj4ZgxI4c&feature=emb_logo
https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties
Raw
Burp Proxy
https://www.hackingarticles.in/burp-suite-for-pentester-burp-sequencer/
Burp Grep Example for "Username does not Exist!"
https://github.com/wallarm/jwt-heartbreaker
https://avleonov.com/2017/12/10/vulners-com-vulnerability-detection-plugins-for-burp-suite-and-google-chrome/
https://www.whiteoaksecurity.com/blog/web-app-pentesting-burp-suite-scan-profile/
Raw
dorks
site:*.example.org ext:php | ext:txt | ext:log
Raw
gistfile1.txt
https://dbdiagram.io/d
Raw
to_share.db
IDea to get people interested in what i'm doing / create or connnect with community / friends family
https://www.hackerone.com/top-ten-vulnerabilities
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment