mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 18:36:12 +00:00
All about bug bounty (bypasses, payloads, and etc)
bugbugbountybugbountytipsbypasshackinginfosecpayloadpayloadspenetration-testingpentestreconnaissancesecurityvulnerability
Bypass | ||
CMS | ||
Framework | ||
Misc | ||
Account Takeover.md | ||
Business Logic Errors.md | ||
Cross Site Scripting.md | ||
Denial Of Service.md | ||
Exposed Source Code.md | ||
Host Header Injection.md | ||
Insecure Direct Object References.md | ||
Password Reset Flaws.md | ||
README.md | ||
Web Cache Poisoning.md |
All about bug bounty
These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
List
- Account Takeover
- Business Logic Errors
- Cross Site Scripting (XSS)
- Denial of Service (DoS)
- Exposed Source Code
- Host Header Injection
- Insecure Direct Object References (IDOR)
- Password Reset Flaws
- Web Cache Poisoning
List Bypass
List CMS
List Framework
Miscellaneous
Reconnaissance
-
Small Scope
Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
- Directory Enumeration
- Technology Fingerprinting
- Port Scanning
- Parameter Fuzzing
- Wayback History
- Known Vulnerabilities
- Hardcoded Information in JavaScript
- Domain Specific GitHub & Google Dorking
- Broken Link Hijacking
- Data Breach Analysis
- Misconfigured Cloud Storage
-
Medium Scope
Usually the scope is wild card scope where all the subdomains are part of scope
- Subdomain Enumeration
- Subdomain Takeover
- Probing & Technology Fingerprinting
- Port Scanning
- Known Vulnerabilities
- Template Based Scanning (Nuclei/Jeales)
- Misconfigured Cloud Storage
- Broken Link Hijacking
- Directory Enumeration
- Hardcoded Information in JavaScript
- GitHub Reconnaissance
- Google Dorking
- Data Breach Analysis
- Parameter Fuzzing
- Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
- IP Range Enumeration (If in Scope)
- Wayback History
- Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
- Heartbleed Scanning
- General Security Misconfiguration Scanning
-
Large Scope
Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
- Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.)
- Subsidiary & Acquisition Enumeration (Depth – Max)
- Reverse Lookup
- ASN & IP Space Enumeration and Service Identification
- Subdomain Enumeration
- Subdomain Takeover
- Probing & Technology Fingerprinting
- Port Scanning
- Known Vulnerabilities
- Template Based Scanning (Nuclei/Jeales)
- Misconfigured Cloud Storage
- Broken Link Hijacking
- Directory Enumeration
- Hardcoded Information in JavaScript
- GitHub Reconnaissance
- Google Dorking
- Data Breach Analysis
- Parameter Fuzzing
- Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
- IP Range Enumeration (If in Scope)
- Wayback History
- Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
- Heartbleed Scanning
- General Security Misconfiguration Scanning
- And any possible Recon Vector (Network/Web) can be applied.
Source: Link