Web_Hacking/README.md
2023-09-15 16:51:48 +03:30

41 lines
2.0 KiB
Markdown

# Web Hacking + Bug Bounty Tricks
![5829442](https://github.com/Mehdi0x90/Web_Hacking/assets/17106836/5ffcc3e2-3cc0-4327-b5f9-00c58f524c6b)
These are my **bug bounty / Pentest** notes that I have gathered from various sources.
You can also contribute.
[![Twitter URL](https://img.shields.io/twitter/follow/mehdi0x90)](https://twitter.com/mehdi0x90)
## List of Vulnerabilities
* [API Key Leak](https://github.com/Mehdi0x90/Web_Hacking/blob/main/API%20Key%20Leak.md)
* [CSRF](https://github.com/Mehdi0x90/Web_Hacking/blob/main/CSRF.md)
* [Dom Clobbering](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Dom%20Clobbering.md)
* [File Upload](https://github.com/Mehdi0x90/Web_Hacking/blob/main/File%20Upload.md)
* [IDOR](https://github.com/Mehdi0x90/Web_Hacking/blob/main/IDOR.md)
* [JWT Attacks](https://github.com/Mehdi0x90/Web_Hacking/blob/main/JWT.md)
* [NoSQL Injection](https://github.com/Mehdi0x90/Web_Hacking/blob/main/NoSQL%20Injection.md)
* [Open Redirect](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Open%20Redirect.md)
* [Race Condition](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Race%20Condition.md)
* [SSRF](https://github.com/Mehdi0x90/Web_Hacking/blob/main/SSRF.md)
* [XSS](https://github.com/Mehdi0x90/Web_Hacking/blob/main/XSS.md)
## Bypass Techniques
* [2FA/OTP Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/2FA_OTP_Bypass.md)
* [403 Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/403%20Bypass.md)
* [429 Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/429%20Bypass.md)
* [Captcha Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Captcha%20Bypass.md)
* [Reset Password Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Reset%20Password%20Bypass.md)
* [CSP Bypass](https://github.com/Mehdi0x90/Web_Hacking/blob/main/CSP%20Bypass.md)
## Recon & OSINT Techniques
* [Recon](https://github.com/Mehdi0x90/Web_Hacking/blob/main/Recon.md)
## Top Tools & Extensions
* [LoggerPlusPlus (Burp extension)](https://github.com/Mehdi0x90/Web_Hacking/blob/main/LoggerPlusPlus.md)
***Will always be updated ...***