Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Go to file

Mehdi 030b879688 Create Command Injection.md		2024-07-22 09:31:50 +03:30
mindmaps-pdf	Add files via upload	2023-10-01 09:09:32 +03:30
2FA_OTP_Bypass.md	Update 2FA_OTP_Bypass.md	2023-08-31 13:44:47 +03:30
403 Bypass.md	Update	2023-09-15 16:18:51 +03:30
429 Bypass.md	Update 429 Bypass.md	2023-09-15 16:37:40 +03:30
API Key Leak.md	Update API Key Leak.md	2023-08-23 14:53:35 +03:30
Cache Deception.md	UpdateCache Deception.md	2023-09-18 09:36:02 +03:30
Captcha Bypass.md	Update Captcha Bypass.md	2023-12-07 10:26:41 +03:30
Cloud - AWS.md	Create Cloud - AWS.md	2024-02-10 11:11:58 +03:30
Cloud - Azure.md	Create Cloud - Azure.md	2024-02-10 12:09:25 +03:30
Cloud - CDN - Domain Fronting.md	Create Cloud - CDN - Domain Fronting.md	2024-02-10 12:44:00 +03:30
Cloud - Docker & Kubernetes.md	Create Cloud - Docker & Kubernetes.md	2024-02-10 12:42:00 +03:30
Cloud - GCP.md	Create Cloud - GCP.md	2024-02-10 12:28:13 +03:30
Cloud - Info Gathering.md	Create Cloud - Info Gathering.md	2024-02-10 10:42:38 +03:30
Cloud-General.md	Update Cloud-General.md	2024-02-11 15:31:02 +03:30
Command Injection.md	Create Command Injection.md	2024-07-22 09:31:50 +03:30
Container Attacks.md	Create Container Attacks.md	2024-04-13 08:29:40 +03:30
CORS - Misconfigurations & Bypass.md	Update CORS - Misconfigurations & Bypass.md	2024-07-04 08:52:06 +03:30
CRLF.md	Create CRLF.md	2023-10-31 12:12:40 +03:30
CSP Bypass.md	Create CSP Bypass.md	2023-09-03 14:30:14 +03:30
CSRF.md	Update CSRF.md	2023-08-30 10:26:09 +03:30
Dom Clobbering.md	Create Dom Clobbering.md	2023-09-08 15:44:38 +03:30
File Inclusion.md	Create File Inclusion.md	2023-09-19 14:21:56 +03:30
File Upload.md	Update File Upload.md	2023-08-27 16:22:11 +03:30
GraphQL.md	Update GraphQL.md	2023-10-05 09:31:49 +03:30
Host Header Injection.md	Create Host Header Injection.md	2023-10-30 11:41:53 +03:30
IDOR.md	Update IDOR.md	2023-09-02 15:51:37 +03:30
Insecure Interfaces and APIs.md	Create Insecure Interfaces and APIs.md	2024-01-01 13:41:14 +03:30
JWT.md	Update JWT.md	2023-09-15 15:16:17 +03:30
LoggerPlusPlus.md	Update LoggerPlusPlus.md	2023-10-05 09:42:26 +03:30
Login Bypass.md	Update Login Bypass.md	2023-09-17 14:28:27 +03:30
NoSQL Injection.md	Update NoSQL Injection.md	2023-12-06 13:32:14 +03:30
Open Redirect.md	Update Open Redirect.md	2024-06-17 09:44:25 +03:30
OSINT.md	Update OSINT.md - Add OpenBuckets	2024-01-10 22:29:40 +05:30
Privilege escalation EC2.md	Create Privilege escalation EC2.md	2024-01-01 14:35:15 +03:30
Race Condition.md	Update Race Condition.md	2023-08-24 13:57:56 +03:30
Rate Limit Bypass.md	Create Rate Limit Bypass.md	2023-09-18 12:10:21 +03:30
README.md	Update README.md	2024-07-03 13:38:21 +03:30
Recon.md	Update Recon.md	2024-06-02 12:57:49 +03:30
Red Team - SMTP.md	Create Red Team - SMTP.md	2023-12-22 14:02:20 +03:30
Reset Password Bypass.md	Create Reset Password Bypass.md	2023-09-02 16:52:19 +03:30
Reverse Tab Nabbing.md	Create Reverse Tab Nabbing.md	2023-12-04 10:49:19 +03:30
Secure Coding - 2FA.md	Create Secure Coding - 2FA.md	2023-12-04 15:34:32 +03:30
Secure Coding - Broken Authentication.md	Update Secure Coding - Broken Authentication.md	2023-12-09 10:07:39 +03:30
Secure Coding - Broken Function Level Authorization.md	Create Secure Coding - Broken Function Level Authorization.md	2023-12-10 15:14:34 +03:30
Secure Coding - Broken Object Level Authorization.md	Create Secure Coding - Broken Object Level Authorization.md	2023-12-08 16:34:47 +03:30
Secure Coding - Broken Object Property Level Authorization.md	Create Secure Coding - Broken Object Property Level Authorization.md	2023-12-09 14:56:38 +03:30
Secure Coding - Improper Inventory Management.md	Create Secure Coding - Improper Inventory Management.md	2023-12-16 10:51:23 +03:30
Secure Coding - Password Reset.md	Update Secure Coding - Password Reset.md	2023-12-03 16:02:27 +03:30
Secure Coding - Security Misconfiguration.md	Create Secure Coding - Security Misconfiguration.md	2023-12-16 10:21:02 +03:30
Secure Coding - Server Side Request Forgery.md	Create Secure Coding - Server Side Request Forgery.md	2023-12-16 10:02:50 +03:30
Secure Coding - Session Fixation.md	Create Secure Coding - Session Fixation.md	2023-12-02 10:24:21 +03:30
Secure Coding - Unrestricted Access to Sensitive Business Flows.md	Create Secure Coding - Unrestricted Access to Sensitive Business Flows.md	2023-12-15 17:09:36 +03:30
Secure Coding - Unrestricted Resource Consumption.md	Update Secure Coding - Unrestricted Resource Consumption.md	2023-12-10 14:49:02 +03:30
Secure Coding - Unsafe Consumption of APIs.md	Create Secure Coding - Unsafe Consumption of APIs.md	2023-12-16 11:09:17 +03:30
SQL Injection.md	Update SQL Injection.md	2024-06-13 13:03:54 +03:30
SSRF.md	Update SSRF.md	2024-07-04 08:59:16 +03:30
WAF Bypass.md	Update WAF Bypass.md	2023-11-16 13:29:29 +03:30
XSS.md	Update XSS.md	2024-06-15 15:17:23 +03:30
XXE.md	Create XXE.md	2023-09-19 09:39:45 +03:30

README.md

Web Hacking + Bug Bounty Tricks

These are my Bug Bounty / Pentest notes that I have gathered from various sources.

You can also contribute.

List of Vulnerabilities

Bypass Techniques

Recon & OSINT Techniques

Recon
OSINT

Cloud / Docker

Top Tools & Extensions

inql - Burp extension for advanced GraphQL testing
Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
param-miner - Burp extension, identifies hidden, unlinked parameters
Oralyzer - a simple python script that probes for Open Redirection vulnerability in a website
SQLiPy Sqlmap Integration - SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API
ParamSpider - Parameter miner for humans
gf - A wrapper around grep to avoid typing common patterns

Mindmaps for Bug Hunters

Red Team Attacks

Secure Coding

All content of this repository will always be updated...