Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
api-pentestapi-securitybug-bounty-huntersbugbountybypasscheatsheetenumerationexploithackingowasppayloadspenetration-testingpentestreconredteamsecurityvulnerabilityweb-application-securitywebhackingwebsecurity
mindmaps-pdf | ||
2FA_OTP_Bypass.md | ||
403 Bypass.md | ||
429 Bypass.md | ||
API Key Leak.md | ||
Cache Deception.md | ||
Captcha Bypass.md | ||
Cloud - AWS.md | ||
Cloud - Azure.md | ||
Cloud - CDN - Domain Fronting.md | ||
Cloud - Docker & Kubernetes.md | ||
Cloud - GCP.md | ||
Cloud - Info Gathering.md | ||
Cloud-General.md | ||
Container Attacks.md | ||
CRLF.md | ||
CSP Bypass.md | ||
CSRF.md | ||
Dom Clobbering.md | ||
File Inclusion.md | ||
File Upload.md | ||
GraphQL.md | ||
Host Header Injection.md | ||
IDOR.md | ||
Insecure Interfaces and APIs.md | ||
JWT.md | ||
LoggerPlusPlus.md | ||
Login Bypass.md | ||
NoSQL Injection.md | ||
Open Redirect.md | ||
OSINT.md | ||
Privilege escalation EC2.md | ||
Race Condition.md | ||
Rate Limit Bypass.md | ||
README.md | ||
Recon.md | ||
Red Team - SMTP.md | ||
Reset Password Bypass.md | ||
Reverse Tab Nabbing.md | ||
Secure Coding - 2FA.md | ||
Secure Coding - Broken Authentication.md | ||
Secure Coding - Broken Function Level Authorization.md | ||
Secure Coding - Broken Object Level Authorization.md | ||
Secure Coding - Broken Object Property Level Authorization.md | ||
Secure Coding - Improper Inventory Management.md | ||
Secure Coding - Password Reset.md | ||
Secure Coding - Security Misconfiguration.md | ||
Secure Coding - Server Side Request Forgery.md | ||
Secure Coding - Session Fixation.md | ||
Secure Coding - Unrestricted Access to Sensitive Business Flows.md | ||
Secure Coding - Unrestricted Resource Consumption.md | ||
Secure Coding - Unsafe Consumption of APIs.md | ||
SQL Injection.md | ||
SSRF.md | ||
WAF Bypass.md | ||
XSS.md | ||
XXE.md |
Web Hacking + Bug Bounty Tricks
These are my Bug Bounty / Pentest notes that I have gathered from various sources.
You can also contribute.
List of Vulnerabilities
- API Key Leak
- CRLF Injection
- CSRF
- Cache Poisoning / Deception
- DOM Clobbering
- File Inclusion
- File Upload
- GraphQL
- Host Header Injection
- IDOR
- JWT
- NoSQLi
- Open Redirect
- Race Condition
- Reverse Tab Nabbing
- SQLi
- SSRF
- XSS
- XXE
Bypass Techniques
- 2FA / OTP Bypass
- 403 Bypass
- 429 Bypass
- Captcha Bypass
- CSP Bypass
- Login Bypass
- Rate Limit Bypass
- Reset Password Bypass
- WAF Detect / Bypass
Recon & OSINT Techniques
Cloud / Docker & Container
Top Tools & Extensions
- inql - Burp extension for advanced GraphQL testing
- Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
- param-miner - Burp extension, identifies hidden, unlinked parameters
Mindmaps for Bug Hunters
Red Team Attacks
Secure Coding
- 2FA
- Password Reset
- Session Fixation
- Broken Object Level Authorization
- Broken Authentication
- Broken Object Property Level Authorization
- Unrestricted Resource Consumption
- Broken Function Level Authorization
- Unrestricted Access to Sensitive Business Flows
- Server Side Request Forgery
- Security Misconfiguration
- Improper Inventory Management
- Unsafe Consumption of APIs
All content of this repository will always be updated...