AllAboutBugBounty/README.md

# All about bug bounty
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!

## List
- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Account%20Takeover.md)
- [Business Logic Errors](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Business%20Logic%20Errors.md)
- [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)
- [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
- [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
- [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)
- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
- [Password Reset Flaws](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Password%20Reset%20Flaws.md)
- [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)

## List Bypass
- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
- [Bypass CSRF](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20CSRF.md)
- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
- [Bypass File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20File%20Upload.md)
- [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md)

## List CMS
- [WordPress](https://github.com/daffainfo/AllAboutBugBounty/blob/master/CMS/WordPress.md)

## List Framework
- [Laravel](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Laravel.md)
- [Zend](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Zend.MD)

## Miscellaneous
- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Unauthenticated%20Jira%20CVE.md)

## Reconnaissance
* ### __Small Scope__
Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
- [x] Directory Enumeration
- [x] Technology Fingerprinting
- [x] Port Scanning
- [x] Parameter Fuzzing
- [x] Wayback History
- [x] Known Vulnerabilities
- [x] Hardcoded Information in JavaScript
- [x] Domain Specific GitHub & Google Dorking
- [x] Broken Link Hijacking
- [x] Data Breach Analysis
- [x] Misconfigured Cloud Storage
* ### __Medium Scope__
Usually the scope is wild card scope where all the subdomains are part of scope
- [x] Subdomain Enumeration
- [x] Subdomain Takeover
- [x] Probing & Technology Fingerprinting
- [x] Port Scanning
- [x] Known Vulnerabilities
- [x] Template Based Scanning (Nuclei/Jeales)
- [x] Misconfigured Cloud Storage
- [x] Broken Link Hijacking
- [x] Directory Enumeration
- [x] Hardcoded Information in JavaScript
- [x] GitHub Reconnaissance
- [x] Google Dorking
- [x] Data Breach Analysis
- [x] Parameter Fuzzing
- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
- [x] IP Range Enumeration (If in Scope)
- [x] Wayback History
- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
- [x] Heartbleed Scanning
- [x] General Security Misconfiguration Scanning
* ### __Large Scope__
Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) 
- [x] Subsidiary & Acquisition Enumeration (Depth – Max)
- [x] Reverse Lookup
- [x] ASN & IP Space Enumeration and Service Identification
- [x] Subdomain Enumeration
- [x] Subdomain Takeover
- [x] Probing & Technology Fingerprinting
- [x] Port Scanning
- [x] Known Vulnerabilities
- [x] Template Based Scanning (Nuclei/Jeales)
- [x] Misconfigured Cloud Storage
- [x] Broken Link Hijacking
- [x] Directory Enumeration
- [x] Hardcoded Information in JavaScript
- [x] GitHub Reconnaissance
- [x] Google Dorking
- [x] Data Breach Analysis
- [x] Parameter Fuzzing
- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
- [x] IP Range Enumeration (If in Scope)
- [x] Wayback History
- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
- [x] Heartbleed Scanning
- [x] General Security Misconfiguration Scanning
- [x] And any possible Recon Vector (Network/Web) can be applied.

Source: [Link](https://www.xmind.net/m/hKKexj/)

## Coming Soon!
-												Grouping, Added Jira CVE, Updated Readme

											
										
										
											2021-02-04 00:08:28 +00:00
+								# All about bug bounty
-												Major update

											
										
										
											2021-02-08 11:35:49 +00:00
+								These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
-												Grouping, Added Jira CVE, Updated Readme

											
										
										
											2021-02-04 00:08:28 +00:00
 								## List
 								- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Account%20Takeover.md)
-												Major update

											
										
										
											2021-02-08 11:35:49 +00:00
+								- [Business Logic Errors](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Business%20Logic%20Errors.md)
-												Grouping, Added Jira CVE, Updated Readme

											
										
										
											2021-02-04 00:08:28 +00:00
+								- [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)
 								- [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
 								- [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
 								- [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)
 								- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
 								- [Password Reset Flaws](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Password%20Reset%20Flaws.md)
-												Major update

											
										
										
											2021-02-08 11:35:49 +00:00
+								- [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)
-												Grouping, Added Jira CVE, Updated Readme

											
										
										
											2021-02-04 00:08:28 +00:00
 								## List Bypass
 								- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)
 								- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)
 								- [Bypass CSRF](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20CSRF.md)
 								- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)
 								- [Bypass File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20File%20Upload.md)
 								- [Bypass Rate Limit](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Rate%20Limit.md)
 								## List CMS
 								- [WordPress](https://github.com/daffainfo/AllAboutBugBounty/blob/master/CMS/WordPress.md)
 								## List Framework
 								- [Laravel](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Laravel.md)
 								- [Zend](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Zend.MD)
 								## Miscellaneous
 								- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Unauthenticated%20Jira%20CVE.md)
 								## Reconnaissance
 								* ### __Small Scope__
 								Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
 								- [x] Directory Enumeration
 								- [x] Technology Fingerprinting
 								- [x] Port Scanning
 								- [x] Parameter Fuzzing
 								- [x] Wayback History
 								- [x] Known Vulnerabilities
 								- [x] Hardcoded Information in JavaScript
 								- [x] Domain Specific GitHub & Google Dorking
 								- [x] Broken Link Hijacking
 								- [x] Data Breach Analysis
 								- [x] Misconfigured Cloud Storage
 								* ### __Medium Scope__
 								Usually the scope is wild card scope where all the subdomains are part of scope
 								- [x] Subdomain Enumeration
 								- [x] Subdomain Takeover
 								- [x] Probing & Technology Fingerprinting
 								- [x] Port Scanning
 								- [x] Known Vulnerabilities
 								- [x] Template Based Scanning (Nuclei/Jeales)
 								- [x] Misconfigured Cloud Storage
 								- [x] Broken Link Hijacking
 								- [x] Directory Enumeration
 								- [x] Hardcoded Information in JavaScript
 								- [x] GitHub Reconnaissance
 								- [x] Google Dorking
 								- [x] Data Breach Analysis
 								- [x] Parameter Fuzzing
 								- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
 								- [x] IP Range Enumeration (If in Scope)
 								- [x] Wayback History
 								- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
 								- [x] Heartbleed Scanning
 								- [x] General Security Misconfiguration Scanning
 								* ### __Large Scope__
 								Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
 								- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.)
 								- [x] Subsidiary & Acquisition Enumeration (Depth – Max)
 								- [x] Reverse Lookup
 								- [x] ASN & IP Space Enumeration and Service Identification
 								- [x] Subdomain Enumeration
 								- [x] Subdomain Takeover
 								- [x] Probing & Technology Fingerprinting
 								- [x] Port Scanning
 								- [x] Known Vulnerabilities
 								- [x] Template Based Scanning (Nuclei/Jeales)
 								- [x] Misconfigured Cloud Storage
 								- [x] Broken Link Hijacking
 								- [x] Directory Enumeration
 								- [x] Hardcoded Information in JavaScript
 								- [x] GitHub Reconnaissance
 								- [x] Google Dorking
 								- [x] Data Breach Analysis
 								- [x] Parameter Fuzzing
 								- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
 								- [x] IP Range Enumeration (If in Scope)
 								- [x] Wayback History
 								- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
 								- [x] Heartbleed Scanning
 								- [x] General Security Misconfiguration Scanning
 								- [x] And any possible Recon Vector (Network/Web) can be applied.
 								Source: [Link](https://www.xmind.net/m/hKKexj/)
 								## Coming Soon!