Bug Bounty Resources

Pentesting

Misc. Public Reports of Penetration Testing and Security Audits.

Current Collection of Pentest Reports (Something missing, add it up by opening an issue/pull request)

• Cure53 Pentest Reports Collection

Getting Started with Pentesting Resources

Its still under construction and not yet ready as per the usability guidelines provided below

• Take a look inside this Repo

• Reports belonging to different organisations will be listed in Markdown format

• Reports will be categorised based on types of application and clients, etc.

• Categories help in narrowing down your search to particular architectures, for example, you are looking for Electron based app pentesting resources - We have removed the clutter and taken the hassle to handpick and list them.

• Latest Reports are being continually added to this Repo so Watch and 🌟 it!

A collection of Public Pentest Reports by Cure53 Team

We found some reports interesting, so decided to categorize and list, the interesting and important ones in a heirarchial manner!

This document only lists out important, useful, and latest reports while some others maybe intentionally skipped out.

• VPN Clients Pentest

  • Pentest-Report Mullvad VPN Clients

• Electron Application Pentest

  • Pentest-Report Frame Electron

• Pentesting Authentication Provider Apps - SAML

  • Pentest-Report SimpleSAMLphp

• Crypto-based Apps and Wallets Pentest

  • Pentest-Report MyEtherWallet Website

  • Pentest-Report MetaMask

  • Pentest-Report imToken Wallet

• Pentesting Password Managers

  • Bitwarden Pentest Report

• Pentesting Mail Clients

  • Pentest-Report Thunderbird & Enigmail

• Miscellaneous Other Reports

  • Pentest-Report CrypTech/DiamondKey

  • Edge and Service Proxy - Pentest-Report Envoy Proxy

  • '16 - cURL Pentest

The resources should also be helpful for CTFs, and Vulnerability Assessments apart from Bug Bounty Hunting and Pentesting owing to the rich content and methodologies clearly defined in them. The way they are listed should help you to pick one for your read depending on what you want to test. Over time, more writeups, guides and whitepapers would also be added to this project. Hence, we said - Stay tuned!