Bug Hunting Save

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Project README

Bug Hunting

A Collection of Notes, Methodologies, POCs, Tools and everything else related to Bug Hunting. :v:

:point_right: A Bug Bounty Program is a deal offered by several Oragnizations & Individuals by which recognition and compensation is provided to individuals for reporting Bugs.

You can Fork this Repo, I'm continuously adding the content!

Contents

:point_right: The repo is organized in following manner. You can read the notes:

  1. Reconnaissance - Phase 1
    1. CIDR Range
    2. Google Dorking
    3. Tools
  2. Reconnaissance - Phase 2
    1. Wordlists
    2. Subdomain Enumeration
      1. Certification Transparency Logs
      2. Search Engine
      3. Github
      4. Brute Force
      5. Subdomain Permutation
      6. Tools
    3. DNS Resolutions
    4. Screenshot
    5. Content Discovery
    6. Inspecting JS Files
    7. Google Dorks
    8. Conclusion
  3. Fingerprinting
    1. IP
    2. Web-Application
      1. Wapalyzer
      2. Firewall
    3. Conclusion
  4. Exploitation - Part 1
    1. Subdomain Takeover
    2. Github
    3. Misconfigured Cloud Storage Buckets
    4. Elastic Search DB
    5. Docker API
    6. Kuberneter API
    7. .git/.svn
    8. Google Firebase
  5. Exploitation - Part 2
    1. Exploiting CMS
    2. Exploiting OWASP
      1. XML Extended Entity (XXE)
      2. Cross Site Scripting (XXS)
      3. Server-Side Request Forgery (SSRF)
      4. Cross Side Request Forgery (CSRF)
      5. SQL Injection
      6. Command Injection
      7. Cross Site Web Socket Hijacking (CSWSH)
      8. File Upload
      9. Directory Traversal
      10. Open Redirect
      11. Insecure Direct Object Reference
  6. Methodology - Workflow
    1. Traditional Workflow
    2. Github Workflow
    3. Cloud Workflow
    4. Google Dork Workflow
    5. Leaked Credentials Workflow
    6. Exploit Workflow
  7. API-Pentesting
    1. APIs
    2. Authentication
  8. Caching Servers
    1. Web Cache Poisoning
    2. Web Cache Deception
  9. Miscellaneous
    1. On Site Request Forgery (OSRF)
    2. Prototype Pollution
    3. Client Side Template Injection
    4. XML External Entity
    5. Content Security Policy Bypass
    6. Relative Path Overwrite

Bug-Hunting Platforms

Following are some of the top Bug-Hunting Platforms. You can make your account and start hunting bugs for the programs available.

Note: This Repo is under development, Only Notes have been added till now. Separate Section for Tools, POCs and Tricks will be created soon

➡️ Contributions

You are Welcome to Contribute. You can contribute by:

  • Translating into other languages
  • Adding more Methodologies, Tools, and other Resources.
  • Just adding a star to our Github project :)

:point_right: If you have some new idea about this Repository, issue, feedback or found some valuable tool feel free to open an issue or just DM me via @IamLucif3r_

Open Source Agenda is not affiliated with "Bug Hunting" Project. README Source: IamLucif3r/Bug-Hunting
Stars
118
Open Issues
0
Last Commit
2 years ago
Repository
IamLucif3r/Bug-Hunting
License
GPL-3.0
Homepage
https://iamlucif3r.github.io/Bug-Hunting/
Tags
Bug Bug Bounty Bug Bounty Hunters Bug Bounty Reconnaissance Bug Bounty Tips Bug Hunting Bug Reporting Bugbounty Bugreport Methodologies

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?