-
-
Save ubogdan/96b26ab2bd7972a18f07a15ec6283848 to your computer and use it in GitHub Desktop.
Bug bounty checklist for Swiftness (https://github.com/ehrishirajsharma/SwiftnessX)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "targets": [], | |
| "libraries": [ | |
| { | |
| "folders": [ | |
| { | |
| "id": "c43bd29e-8ebb-4a72-8cd4-be26d4b96087", | |
| "title": "Reconnaissance", | |
| "checklist": [ | |
| { | |
| "id": "8526c4f2-1fe2-4e88-a09a-265be01770fe", | |
| "title": "Subdomain Discovery", | |
| "content": "<p>Find out subdomains using the following tools:</p><p><br /></p><p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• </span><strong>assetfinder</strong></p><p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• </span><strong>Amass</strong></p><p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• </span>Massdns</p><p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• </span><strong>Aquatone's discover module</strong></p><p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• </span>Project discovery's Chaos</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>Subbrute</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>Altdns</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>Subfinder</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>Shuffledns</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>dnsrecon</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>Knockpy</p>" | |
| }, | |
| { | |
| "id": "0fc544a4-2cd1-4133-8b83-638b16206295", | |
| "title": "IP and Port Scanning", | |
| "content": "<p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• </span>From the list of subdomains obtained, use the same to gather IP and ports on which potential <strong>/admin </strong>functionality is present. Use the following tools:</p><ol><li>NMAP</li><li>Masscan</li></ol><p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• </span>Once the services on miscellaneous ports are identified, check exploitation of the same using exploits from Exploit-DB, Searchsploit, etc.</p><p><span class=\"ql-bg-#ffffff\" style=\"color:rgb(66, 66, 66);\">• In some cases, you can find out some known misconfigurations such as default credentials</span></p>" | |
| }, | |
| { | |
| "id": "b3a739d0-daed-4e05-8e49-3aaf80490f0d", | |
| "title": "Find out working HTTP / HTTPS ", | |
| "content": "<p>Use the following tools:</p><p><br></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Tomnomnom's <strong>httprobe</strong></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Project discovery's <strong>httpx</strong></p>" | |
| }, | |
| { | |
| "id": "9c9ce7c0-8e11-486c-9c09-23a3c7520863", | |
| "title": "Take screenshots", | |
| "content": "<p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>aquatone (Golang version)</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>eyewitness</p><p><span style=\"font-family:open-sans;color:rgb(66, 66, 66);\">• </span>gowitness</p>" | |
| }, | |
| { | |
| "id": "fe9e5b6e-d54e-4348-a971-123893fc7c78", | |
| "title": "Directories / Files Enumeration", | |
| "content": "<p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Finding directories from <strong>robots.txt</strong></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Finding directories from <strong>sitemap.xml</strong></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Using wordlists and tools such as <strong>dirsearch, ffuf, gobuster</strong></p><p class=\"ql-indent-1\"><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Raft's wordlist</p><p class=\"ql-indent-1\"><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Directory 2.3 Medium</p><p class=\"ql-indent-1\"><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Jason Haddix's wordlist</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Custom wordlist</p>" | |
| }, | |
| { | |
| "id": "d28d53aa-99ad-4371-aec3-a18216eba9fc", | |
| "title": "Web server enumeration", | |
| "content": "<p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Use tools such as Nikto to perform basic web server enumeration</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Test for default credentials on certain areas such as default login pages</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Test for virtual hosting misconfigurations</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Test for web server software bugs</p>" | |
| }, | |
| { | |
| "id": "7c72800f-a1be-48e1-aee1-68d838a22e8c", | |
| "title": "WAF Enumeration", | |
| "content": "<p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Usage of tools such as <strong>wafwoof</strong></p>" | |
| }, | |
| { | |
| "id": "3de5522c-0440-4656-8198-ff502cad499d", | |
| "title": "Finding parameters", | |
| "content": "<p>To find parameters on working HTTP / HTTPS endpoints found, use the following tools:</p><p><br></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>paramspider</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Burp or OWASP ZAP crawler</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>param-miner</p>" | |
| }, | |
| { | |
| "id": "a62d93fc-5a77-424f-9cfa-f0cec7ba42dd", | |
| "title": "CMS Identification", | |
| "content": "<p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Fingerprint CMS running using browser extensions such as <strong>Wappalyzer</strong></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>Tools such as <strong>WPScan, Joomscan, Joomlavs, Droopescan </strong>help in finding out vulnerabilities for a specific version of CMS such as WordPress, Joomla, Drupal.</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>For other CMS, such as Kentico, or CMS based on Java / .NET, look for common exploits available on Exploit-DB</p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• </span>To develop your own exploit, review the changes done in CMS on GitHub and drill down the exact endpoint for exploitation</p>" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "81bdfa4b-1c3b-4b68-9c17-e4f4feeb2754", | |
| "title": "Testing client - side controls", | |
| "checklist": [ | |
| { | |
| "id": "43f87a92-8185-4e04-8c67-9663e0c87304", | |
| "title": "Testing client - side controls", | |
| "content": "<p>To perform testing of client - side controls, the following actions can be taken for the same:</p><p><br></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• Testing of data transmission via the client</span></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• Testing of client side controls over user input</span></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• Testing of thick-client components</span></p>" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "937924f4-c3d7-439a-8fbf-fe32e853aa07", | |
| "title": "Testing access controls", | |
| "checklist": [ | |
| { | |
| "id": "f8accc67-4f5d-4bb7-a02b-741994ea16ba", | |
| "title": "Testing access controls", | |
| "content": "<p>To test access controls for application in scope:</p><p><br></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• Understanding access controls requirements</span></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• Testing with multiple accounts to check access control of user A over user B</span></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• Testing with limited access to review if functions that can only be accessed using authenticated controls are being accessed or not.</span></p><p><span style=\"font-family: open-sans; color: rgb(66, 66, 66);\">• Testing for insecure access control</span></p>" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "34c0b64e-00cb-472f-ab8a-8bde6085a8fe", | |
| "title": "Testing authentication mechanisms", | |
| "checklist": [ | |
| { | |
| "id": "7178f101-8be3-4307-a4dc-4221dbe1d29f", | |
| "title": "Understanding the mechanism", | |
| "content": "" | |
| }, | |
| { | |
| "id": "995ddf5d-1e5a-40cf-a83d-8e39d6b07e3d", | |
| "title": "Test password quality", | |
| "content": "" | |
| }, | |
| { | |
| "id": "9a75239d-cd17-44ca-b6bd-e67c3e666df6", | |
| "title": "Test for username enumeration", | |
| "content": "<ol><li>Forgot password</li><li class=\"ql-indent-1\">Message output</li><li class=\"ql-indent-1\">Timing request</li><li>Signup page</li><li>Change username</li></ol>" | |
| }, | |
| { | |
| "id": "452b7f48-ce92-4cde-9502-8c15e1cb6724", | |
| "title": "Testing resilience to password guessing", | |
| "content": "" | |
| }, | |
| { | |
| "id": "87e3a80e-c9b5-428a-ac6a-3eef57744114", | |
| "title": "Testing account recovery function", | |
| "content": "" | |
| }, | |
| { | |
| "id": "e578b01b-ec34-4f6f-a05b-657a4b985d2f", | |
| "title": "Test remember me function", | |
| "content": "" | |
| }, | |
| { | |
| "id": "555bb1fe-574c-48c2-b526-b6abf2242ba1", | |
| "title": "Test impersonation functions", | |
| "content": "" | |
| }, | |
| { | |
| "id": "162d1c00-a04a-41fd-a4c3-f76dca252c65", | |
| "title": "Test username uniqueness", | |
| "content": "<p> Test company internal domains</p>" | |
| }, | |
| { | |
| "id": "c10c8110-0e57-404b-8ee5-f714d1ffd901", | |
| "title": "Check predictability of auto-generated credentials", | |
| "content": "" | |
| }, | |
| { | |
| "id": "12ff2720-ec59-487b-9cdd-fbd436a38078", | |
| "title": "Test unsafe transmission of credentials", | |
| "content": "" | |
| }, | |
| { | |
| "id": "cf32d2bb-b12e-4a77-a11e-c40ea86a0061", | |
| "title": "Test logic flaws", | |
| "content": "<ol><li>Identify key attack surface</li><li>Test multistage process</li><li>Test handling of incomplete input</li><li>Test trust boundaries</li><li>Test transaction logic</li></ol>" | |
| }, | |
| { | |
| "id": "c049c55f-0b6a-466c-9acb-fa467858278a", | |
| "title": "Exploit any other known vulnerability to bypass authentication", | |
| "content": "" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "a18eaa1f-e12c-49be-82d7-73910aa6123c", | |
| "title": "Testing session management mechanism", | |
| "checklist": [ | |
| { | |
| "id": "0963f54c-7714-41da-8387-30dbcd1b9839", | |
| "title": "Understand the mechanism", | |
| "content": "" | |
| }, | |
| { | |
| "id": "58cbd93f-f7ff-4e8d-9d52-55655734701e", | |
| "title": "Test token for certain meaning", | |
| "content": "" | |
| }, | |
| { | |
| "id": "2d1be1f8-dc27-4eac-887d-b8f4df4010ed", | |
| "title": "Test tokens for predictability", | |
| "content": "" | |
| }, | |
| { | |
| "id": "e72d87e1-8dc4-46b7-8c38-c577e49c0de7", | |
| "title": "Test insecure transmission of tokens", | |
| "content": "" | |
| }, | |
| { | |
| "id": "d3fb3d2a-03c7-487b-b517-b91cabfec00c", | |
| "title": "Test disclosure of tokens in logs", | |
| "content": "" | |
| }, | |
| { | |
| "id": "3ad473e5-4dcb-4503-9e14-2fb0e27e803e", | |
| "title": "Test of tokens to session", | |
| "content": "" | |
| }, | |
| { | |
| "id": "c21dc6ba-b8cf-416e-920e-8c0595d1f4c1", | |
| "title": "Test session termination", | |
| "content": "" | |
| }, | |
| { | |
| "id": "0711d99d-6cab-4474-a69c-fcaf07e538f9", | |
| "title": "Test session fixation", | |
| "content": "" | |
| }, | |
| { | |
| "id": "2196b6c2-d7c3-423b-8907-b9e0bd71bbdc", | |
| "title": "Test CSRF", | |
| "content": "" | |
| }, | |
| { | |
| "id": "0a4c416f-c433-4327-8363-ed9cac6895a5", | |
| "title": "Test cookie scope", | |
| "content": "" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "3c476a32-f847-4b0b-9e04-685df3d1242d", | |
| "title": "Testing input validation", | |
| "checklist": [ | |
| { | |
| "id": "31d971c3-bbc1-4e04-86d8-973c65bfa1f2", | |
| "title": "Test for SQL Injection", | |
| "content": "<p><br /></p>" | |
| }, | |
| { | |
| "id": "27f71351-cd51-4dc8-bf68-553088855bcb", | |
| "title": "Test for HTML injection", | |
| "content": "" | |
| }, | |
| { | |
| "id": "8a70459d-3086-4e76-bde8-73c857d6e038", | |
| "title": "Test for CSS injection", | |
| "content": "" | |
| }, | |
| { | |
| "id": "074d785b-9860-460f-92ee-f7e5a65cf923", | |
| "title": "Test for reflected XSS", | |
| "content": "" | |
| }, | |
| { | |
| "id": "c3dcb3a4-e1de-4606-acba-06aad60948d1", | |
| "title": "Test for stored XSS", | |
| "content": "" | |
| }, | |
| { | |
| "id": "a1d6f615-6c3a-4423-abbd-534d8bc958b9", | |
| "title": "Test for DOM XSS", | |
| "content": "" | |
| }, | |
| { | |
| "id": "02d59599-4cb6-4009-bbad-36e808c9b7dc", | |
| "title": "Test for other DOM based issues", | |
| "content": "" | |
| }, | |
| { | |
| "id": "afecf711-1604-4c7c-8cfb-cdc32deca95d", | |
| "title": "Test for path traversal", | |
| "content": "" | |
| }, | |
| { | |
| "id": "566ac240-c053-4cb2-ad52-b233465485ed", | |
| "title": "Test for script injection", | |
| "content": "" | |
| }, | |
| { | |
| "id": "3477e702-5464-437d-ad56-bbc93c52251b", | |
| "title": "Test for file inclusion", | |
| "content": "" | |
| }, | |
| { | |
| "id": "b67b40db-7bda-4eb9-b24a-e4e76f747106", | |
| "title": "Test for file upload", | |
| "content": "" | |
| }, | |
| { | |
| "id": "b0108c28-2b7c-4020-8f45-1d5950d1bb5d", | |
| "title": "Test for command injection", | |
| "content": "" | |
| }, | |
| { | |
| "id": "cf59ae57-af86-405c-a186-26f2f450429b", | |
| "title": "Test for server side request forgery", | |
| "content": "" | |
| }, | |
| { | |
| "id": "b30da113-9de0-47bf-a1ee-6fa0f287cd00", | |
| "title": "Test for XML external entity injection", | |
| "content": "<p>Tools to use:</p><p><br></p><ol><li>XXEInjector</li><li>oxml_xxe</li><li>xxe.sh</li><li>xxer</li></ol>" | |
| }, | |
| { | |
| "id": "78cb5a2c-b52a-40a5-874e-e2c1a0dad602", | |
| "title": "Test for open redirect", | |
| "content": "<p>Parameters to keep an eye on:</p><p><br></p><ol><li>go</li><li>return</li><li>url</li><li>redirect</li><li>redirect_url</li><li>redirect_uri</li><li>next</li><li>redir</li></ol>" | |
| }, | |
| { | |
| "id": "88316bdf-ccd1-4c43-9722-41f04fb9f926", | |
| "title": "Test for CRLF injection", | |
| "content": "" | |
| }, | |
| { | |
| "id": "19d1c199-2e64-4700-a20d-dc743349be73", | |
| "title": "Test for HTTP header injection", | |
| "content": "" | |
| }, | |
| { | |
| "id": "8229929c-f3b6-4f0d-9fbf-d22b14785b25", | |
| "title": "Test for HTTP response splitting", | |
| "content": "" | |
| }, | |
| { | |
| "id": "1abead28-e654-4b12-804a-089f4fd53138", | |
| "title": "Test for web cache poisoning", | |
| "content": "" | |
| }, | |
| { | |
| "id": "44bbc76d-c60f-46b0-a6f2-1aa8f42124dc", | |
| "title": "Test for HTTP requests smuggling", | |
| "content": "" | |
| } | |
| ] | |
| }, | |
| { | |
| "id": "72e5858f-1b2d-4d17-b05b-117a0585d777", | |
| "title": "New Folder", | |
| "checklist": [] | |
| } | |
| ], | |
| "id": "1f46ca17-9043-4665-9168-d0bbeaef3c1d", | |
| "title": "Bug Bounty Checklist" | |
| } | |
| ], | |
| "templates": [], | |
| "payloads": [] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment