2023-08-31 12:30:24 +03:00
|
|
|
# Web Hacking + Bug Bounty Tricks
|
2023-09-07 10:39:57 +03:00
|
|
|
|
|
|
|
|
|
2023-09-18 09:11:31 +03:00
|
|
|
These are my **Bug Bounty / Pentest** notes that I have gathered from various sources.
|
2023-09-07 13:00:22 +03:00
|
|
|
|
|
|
|
|
You can also contribute.
|
|
|
|
|
|
|
|
|
|
[](https://twitter.com/mehdi0x90)
|
|
|
|
|
|
2023-08-28 10:48:00 +03:00
|
|
|
|
2023-09-15 16:21:48 +03:00
|
|
|
## List of Vulnerabilities
|
2023-08-28 10:57:19 +03:00
|
|
|
* [API Key Leak](https://github.com/Mehdi0x90/Web_Hacking/blob/main/API%20Key%20Leak.md)
|
2023-08-30 09:54:09 +03:00
|
|
|
* [CSRF](https://github.com/Mehdi0x90/Web_Hacking/blob/main/CSRF.md)
|
2023-09-18 09:08:16 +03:00
|
|
|
* [Cache Poisoning / Deception](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Cache%20Deception.md)
|
2023-09-15 17:01:05 +03:00
|
|
|
* [DOM Clobbering](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Dom%20Clobbering.md)
|
2023-08-28 10:57:19 +03:00
|
|
|
* [File Upload](https://github.com/Mehdi0x90/Web_Hacking/blob/main/File%20Upload.md)
|
2023-09-02 15:14:55 +03:00
|
|
|
* [IDOR](https://github.com/Mehdi0x90/Web_Hacking/blob/main/IDOR.md)
|
2023-09-15 16:26:38 +03:00
|
|
|
* [JWT](https://github.com/Mehdi0x90/Web_Hacking/blob/main/JWT.md)
|
2023-09-17 10:04:09 +03:00
|
|
|
* [NoSQLi](https://github.com/Mehdi0x90/Web_Hacking/blob/main/NoSQL%20Injection.md)
|
2023-08-28 10:57:19 +03:00
|
|
|
* [Open Redirect](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Open%20Redirect.md)
|
|
|
|
|
* [Race Condition](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Race%20Condition.md)
|
2023-09-17 10:04:09 +03:00
|
|
|
* [SQLi](https://github.com/Mehdi0x90/Web_Hacking/blob/main/SQL%20Injection.md)
|
2023-08-28 10:57:19 +03:00
|
|
|
* [SSRF](https://github.com/Mehdi0x90/Web_Hacking/blob/main/SSRF.md)
|
|
|
|
|
* [XSS](https://github.com/Mehdi0x90/Web_Hacking/blob/main/XSS.md)
|
2023-09-19 09:10:52 +03:00
|
|
|
* [XXE](https://github.com/Mehdi0x90/Web_Hacking/blob/main/XXE.md)
|
2023-08-28 10:57:19 +03:00
|
|
|
|
2023-09-15 16:21:48 +03:00
|
|
|
## Bypass Techniques
|
2023-09-15 16:23:15 +03:00
|
|
|
* [2FA / OTP Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/2FA_OTP_Bypass.md)
|
2023-09-15 16:21:48 +03:00
|
|
|
* [403 Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/403%20Bypass.md)
|
|
|
|
|
* [429 Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/429%20Bypass.md)
|
|
|
|
|
* [Captcha Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Captcha%20Bypass.md)
|
|
|
|
|
* [CSP Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/CSP%20Bypass.md)
|
2023-09-17 13:56:11 +03:00
|
|
|
* [Login Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Login%20Bypass.md)
|
2023-09-18 11:45:16 +03:00
|
|
|
* [Rate Limit Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Rate%20Limit%20Bypass.md)
|
|
|
|
|
* [Reset Password Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Reset%20Password%20Bypass.md)
|
|
|
|
|
|
2023-09-15 16:21:48 +03:00
|
|
|
|
|
|
|
|
## Recon & OSINT Techniques
|
|
|
|
|
* [Recon](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Recon.md)
|
2023-09-16 16:19:16 +03:00
|
|
|
* [OSINT](https://github.com/Mehdi0x90/Web_Hacking/blob/main/OSINT.md)
|
2023-09-15 16:21:48 +03:00
|
|
|
|
|
|
|
|
## Top Tools & Extensions
|
2023-09-19 09:23:00 +03:00
|
|
|
* [Logger++ (Burp extension)](https://github.com/Mehdi0x90/Web_Hacking/blob/main/LoggerPlusPlus.md)
|
2023-09-19 09:22:19 +03:00
|
|
|
* [param-miner (Burp extension)](https://github.com/PortSwigger/param-miner)
|
2023-09-15 16:21:48 +03:00
|
|
|
|
|
|
|
|
|
2023-09-17 13:56:11 +03:00
|
|
|
-----
|
|
|
|
|
*All content of this repository will always be updated...*
|
