Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Go to file
2024-07-27 13:56:00 +03:30
mindmaps-pdf Add files via upload 2023-10-01 09:09:32 +03:30
2FA_OTP_Bypass.md Update 2FA_OTP_Bypass.md 2023-08-31 13:44:47 +03:30
403 Bypass.md Update 2023-09-15 16:18:51 +03:30
429 Bypass.md Update 429 Bypass.md 2023-09-15 16:37:40 +03:30
API Key Leak.md Update API Key Leak.md 2023-08-23 14:53:35 +03:30
Cache Deception.md UpdateCache Deception.md 2023-09-18 09:36:02 +03:30
Captcha Bypass.md Update Captcha Bypass.md 2024-07-23 06:42:24 +03:30
Cloud - AWS.md Create Cloud - AWS.md 2024-02-10 11:11:58 +03:30
Cloud - Azure.md Create Cloud - Azure.md 2024-02-10 12:09:25 +03:30
Cloud - CDN - Domain Fronting.md Create Cloud - CDN - Domain Fronting.md 2024-02-10 12:44:00 +03:30
Cloud - Docker & Kubernetes.md Update Cloud - Docker & Kubernetes.md 2024-07-23 09:06:18 +03:30
Cloud - GCP.md Create Cloud - GCP.md 2024-02-10 12:28:13 +03:30
Cloud - Info Gathering.md Create Cloud - Info Gathering.md 2024-02-10 10:42:38 +03:30
Cloud-General.md Update Cloud-General.md 2024-02-11 15:31:02 +03:30
Command Injection.md Create Command Injection.md 2024-07-22 09:31:50 +03:30
Container Attacks.md Create Container Attacks.md 2024-04-13 08:29:40 +03:30
CORS - Misconfigurations & Bypass.md Update CORS - Misconfigurations & Bypass.md 2024-07-04 08:52:06 +03:30
CRLF.md Update CRLF.md 2024-07-22 14:23:53 +03:30
CSP Bypass.md Create CSP Bypass.md 2023-09-03 14:30:14 +03:30
CSRF.md Update CSRF.md 2023-08-30 10:26:09 +03:30
Dom Clobbering.md Create Dom Clobbering.md 2023-09-08 15:44:38 +03:30
Evasive Techniques.md Create Evasive Techniques.md 2024-07-27 13:56:00 +03:30
File Inclusion.md Create File Inclusion.md 2023-09-19 14:21:56 +03:30
File Upload.md Update File Upload.md 2023-08-27 16:22:11 +03:30
GraphQL.md Update GraphQL.md 2023-10-05 09:31:49 +03:30
Host Header Injection.md Create Host Header Injection.md 2023-10-30 11:41:53 +03:30
IDOR.md Update IDOR.md 2023-09-02 15:51:37 +03:30
Insecure Interfaces and APIs.md Create Insecure Interfaces and APIs.md 2024-01-01 13:41:14 +03:30
JWT.md Update JWT.md 2023-09-15 15:16:17 +03:30
LoggerPlusPlus.md Update LoggerPlusPlus.md 2023-10-05 09:42:26 +03:30
Login Bypass.md Update Login Bypass.md 2023-09-17 14:28:27 +03:30
NoSQL Injection.md Update NoSQL Injection.md 2024-07-27 08:47:26 +03:30
Open Redirect.md Update Open Redirect.md 2024-06-17 09:44:25 +03:30
OSINT.md Update OSINT.md - Add OpenBuckets 2024-01-10 22:29:40 +05:30
Privilege escalation EC2.md Create Privilege escalation EC2.md 2024-01-01 14:35:15 +03:30
Race Condition.md Update Race Condition.md 2023-08-24 13:57:56 +03:30
Rate Limit Bypass.md Create Rate Limit Bypass.md 2023-09-18 12:10:21 +03:30
README.md Update README.md 2024-07-22 09:36:27 +03:30
Recon.md Update Recon.md 2024-07-24 10:20:28 +03:30
Red Team - SMTP.md Create Red Team - SMTP.md 2023-12-22 14:02:20 +03:30
Reset Password Bypass.md Create Reset Password Bypass.md 2023-09-02 16:52:19 +03:30
Reverse Tab Nabbing.md Create Reverse Tab Nabbing.md 2023-12-04 10:49:19 +03:30
Secure Coding - 2FA.md Create Secure Coding - 2FA.md 2023-12-04 15:34:32 +03:30
Secure Coding - Broken Authentication.md Update Secure Coding - Broken Authentication.md 2023-12-09 10:07:39 +03:30
Secure Coding - Broken Function Level Authorization.md Create Secure Coding - Broken Function Level Authorization.md 2023-12-10 15:14:34 +03:30
Secure Coding - Broken Object Level Authorization.md Create Secure Coding - Broken Object Level Authorization.md 2023-12-08 16:34:47 +03:30
Secure Coding - Broken Object Property Level Authorization.md Create Secure Coding - Broken Object Property Level Authorization.md 2023-12-09 14:56:38 +03:30
Secure Coding - Improper Inventory Management.md Create Secure Coding - Improper Inventory Management.md 2023-12-16 10:51:23 +03:30
Secure Coding - Password Reset.md Update Secure Coding - Password Reset.md 2023-12-03 16:02:27 +03:30
Secure Coding - Security Misconfiguration.md Create Secure Coding - Security Misconfiguration.md 2023-12-16 10:21:02 +03:30
Secure Coding - Server Side Request Forgery.md Create Secure Coding - Server Side Request Forgery.md 2023-12-16 10:02:50 +03:30
Secure Coding - Session Fixation.md Create Secure Coding - Session Fixation.md 2023-12-02 10:24:21 +03:30
Secure Coding - Unrestricted Access to Sensitive Business Flows.md Create Secure Coding - Unrestricted Access to Sensitive Business Flows.md 2023-12-15 17:09:36 +03:30
Secure Coding - Unrestricted Resource Consumption.md Update Secure Coding - Unrestricted Resource Consumption.md 2023-12-10 14:49:02 +03:30
Secure Coding - Unsafe Consumption of APIs.md Create Secure Coding - Unsafe Consumption of APIs.md 2023-12-16 11:09:17 +03:30
SQL Injection.md Update SQL Injection.md 2024-06-13 13:03:54 +03:30
SSRF.md Update SSRF.md 2024-07-04 08:59:16 +03:30
WAF Bypass.md Update WAF Bypass.md 2023-11-16 13:29:29 +03:30
XSS.md Update XSS.md 2024-06-15 15:17:23 +03:30
XXE.md Create XXE.md 2023-09-19 09:39:45 +03:30

Web Hacking + Bug Bounty Tricks

5829442

These are my Bug Bounty / Pentest notes that I have gathered from various sources.

You can also contribute.

Twitter URL

Recon & OSINT Techniques

List of Vulnerabilities

Bypass Techniques

Cloud / Docker

Top Tools & Extensions

  • inql - Burp extension for advanced GraphQL testing
  • Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
  • param-miner - Burp extension, identifies hidden, unlinked parameters
  • Oralyzer - a simple python script that probes for Open Redirection vulnerability in a website
  • SQLiPy Sqlmap Integration - SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API
  • ParamSpider - Parameter miner for humans
  • gf - A wrapper around grep to avoid typing common patterns

Mindmaps for Bug Hunters

Red Team Attacks

Secure Coding


All content of this repository will always be updated...