Bug Bounty Checklist and Cheatsheets
WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf
Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html
File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf
IDOR-https://notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
XSS-https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
SQLi-https://portswigger.net/web-security/sql-injection/cheat-sheet
XXE-https://link.medium.com/lprTDcXRYgb
SSRF-https://0xn3va.gitbook.io/cheat-sheets/web-application/server-side-request-forgery
2FA-https://drive.google.com/file/d/11FlzxlVw4GIZ60s5v3I1S5p8kXZHExFT/view
CORS-https://0xn3va.gitbook.io/cheat-sheets/web-application/cors-misconfiguration
Business Logic Flaws-https://link.medium.com/MX5hzfESYgb
CSRF-https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery
Insecure deserialization-https://thehackerish.com/insecure-deserialization-explained-with-examples/
Web Cache Poisoning-https://0xn3va.gitbook.io/cheat-sheets/web-application/web-cache-poisoning
HTTP request smuggling-https://portswigger.net/web-security/request-smuggling/finding
Command Injection-https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
SAML-https://github.com/e11i0t4lders0n/SAML-SSO
Race Condition-https://pandaonair.com/2020/06/11/race-conditions-exploring-the-possibilities.html
S3 Bucket Misconfiguration-https://medium.com/@janijay007/s3-bucket-misconfiguration-from-basics-to-pawn-6893776d1007
Server-Side Template Injection-https://portswigger.net/research/server-side-template-injection
WebSockets Vulnerabilities-https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages
WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf
Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf
Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html
File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf
IDOR-https://notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b
XSS-https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
SQLi-https://portswigger.net/web-security/sql-injection/cheat-sheet
XXE-https://link.medium.com/lprTDcXRYgb
SSRF-https://0xn3va.gitbook.io/cheat-sheets/web-application/server-side-request-forgery
2FA-https://drive.google.com/file/d/11FlzxlVw4GIZ60s5v3I1S5p8kXZHExFT/view
CORS-https://0xn3va.gitbook.io/cheat-sheets/web-application/cors-misconfiguration
Business Logic Flaws-https://link.medium.com/MX5hzfESYgb
CSRF-https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery
Insecure deserialization-https://thehackerish.com/insecure-deserialization-explained-with-examples/
Web Cache Poisoning-https://0xn3va.gitbook.io/cheat-sheets/web-application/web-cache-poisoning
HTTP request smuggling-https://portswigger.net/web-security/request-smuggling/finding
Command Injection-https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
SAML-https://github.com/e11i0t4lders0n/SAML-SSO
Race Condition-https://pandaonair.com/2020/06/11/race-conditions-exploring-the-possibilities.html
S3 Bucket Misconfiguration-https://medium.com/@janijay007/s3-bucket-misconfiguration-from-basics-to-pawn-6893776d1007
Server-Side Template Injection-https://portswigger.net/research/server-side-template-injection
WebSockets Vulnerabilities-https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages
👍10🔥4❤3
🌟Find Waybackurls JS Endpoints With 1-Click🌟
1. Add a Blank Bookmark on your browser.
2. Add this Regex in URL Section.
3. Now open any site and click on your bookmark!
1. Add a Blank Bookmark on your browser.
2. Add this Regex in URL Section.
javanoscript:(function() { var currentURL = encodeURIComponent(window.location.hostname.replace(/^www\./, '')); var newURL = 'https://web.archive.org/cdx/search/cdx?url=%27 + currentURL; window.open(newURL, %27_blank%27);})();3. Now open any site and click on your bookmark!
❤13🔥3👍1
🚨Subprober🚨
👉Subprober is a powerful and efficient subdomain scanning tool👈
📥 https://github.com/sanjai-AK47/Subprober
👉Subprober is a powerful and efficient subdomain scanning tool👈
📥 https://github.com/sanjai-AK47/Subprober
👍7🔥2
Cache Poisoning and Cache Deception.pdf
567.6 KB
References-->
https://portswigger.net/web-security/web-cache-poisoning
https://portswigger.net/web-security/web-cache-poisoning/exploiting#using-web-cache-poisoning-to-exploit-cookie-handling-vulnerabilities
https://hackerone.com/reports/593712
https://youst.in/posts/cache-poisoning-at-scale/
https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9
https://portswigger.net/web-security/web-cache-poisoning
https://portswigger.net/web-security/web-cache-poisoning/exploiting#using-web-cache-poisoning-to-exploit-cookie-handling-vulnerabilities
https://hackerone.com/reports/593712
https://youst.in/posts/cache-poisoning-at-scale/
https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9
🔥6❤5👍2
🌟Dons Js Scanner🌟
👉Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.
👉https://github.com/dragonked2/Dons
👉Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.
👉https://github.com/dragonked2/Dons
❤7👏3👍1🔥1😁1
This media is not supported in your browser
VIEW IN TELEGRAM
𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐢𝐧𝐠 𝐑𝐚𝐜𝐞 𝐂𝐨𝐧𝐝𝐢𝐭𝐢𝐨𝐧𝐬 𝐮𝐬𝐢𝐧𝐠 𝐁𝐮𝐫𝐩 𝐑𝐞𝐩𝐞𝐚𝐭𝐞𝐫 𝐆𝐫𝐨𝐮𝐩𝐬 👇
Race condition vulnerabilities abuse the server's (improper) way of handling concurrent requests.
These vulnerabilities can be used to perform limit-overrun attacks such as:
- using the same gift card multiple times
- redeeming the same coupon code
- bypassing a shop's quantity limits (nvidia video cards 😉)
How to check for race condition vulns
1. Find the request that triggers the server-side check
2. Create a new tab group in Repeater
3. Add the same request multiple times to the group (CTRL+R)
4. Select "Send group in parallel"
5. Run the attack
6. Check if more than one response is valid
*
Credit- Andrei Agape
Lab: https://portswigger.net/web-security/race-conditions/lab-race-conditions-limit-overrun
Article: https://portswigger.net/research/smashing-the-state-machine
Race condition vulnerabilities abuse the server's (improper) way of handling concurrent requests.
These vulnerabilities can be used to perform limit-overrun attacks such as:
- using the same gift card multiple times
- redeeming the same coupon code
- bypassing a shop's quantity limits (nvidia video cards 😉)
How to check for race condition vulns
1. Find the request that triggers the server-side check
2. Create a new tab group in Repeater
3. Add the same request multiple times to the group (CTRL+R)
4. Select "Send group in parallel"
5. Run the attack
6. Check if more than one response is valid
*
Credit- Andrei Agape
Lab: https://portswigger.net/web-security/race-conditions/lab-race-conditions-limit-overrun
Article: https://portswigger.net/research/smashing-the-state-machine
❤8👍6🔥4
🤑Bug Bounty Tips for SSRF🤑
Step 1: Subdomain Enumeration
•DNS Dumpster
•Sublist3r
•Amass
•Google Dorking
•Certificate Transparency Logs
•subdomainer
Step 2: Find Live Domains
cat all-domains.txt | httpx > all-live.txt
Step 3: Identify All URLs
cat all-live.txt | gauplus -subs -b png,jpg,gif,jpeg,swf,woff,gif,noscript -o allUrls.txt
Step 4: Injection Burp Collaborator URL in Parameters
cat /home/casperino/tools/nuclei/httpx.txt | grep "=" | ./qsreplace 40ga7gynfy6pcg06ov.oastify.com > ssrf.txt
Step 5: Test for SSRF Vulnerabilities
cat ssrf.txt | httpx -fr
Step 6: How to check which URL is vulnerable
split -l 10 ssrf.txt output_file_
❤27👍10🔥7