Skip to content
/ Bug-Hunting Public

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

iamlucif3r.github.io/bug-hunting/

License

GPL-3.0 license
142 stars 30 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

IamLucif3r/Bug-Hunting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

114 Commits
.obsidian
.obsidian
 
 
Methodologies
Methodologies
 
 
Notes
Notes
 
 
Payloads
Payloads
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Bug Hunting

A Collection of Notes, Methodologies, POCs, Tools and everything else related to Bug Hunting. ✌️

👉 A Bug Bounty Program is a deal offered by several Oragnizations & Individuals by which recognition and compensation is provided to individuals for reporting Bugs.

You can Fork this Repo, I'm continuously adding the content!

Contents

👉 The repo is organized in following manner. You can read the notes:

  1. Reconnaissance - Phase 1
    1. CIDR Range
    2. Google Dorking
    3. Tools
  2. Reconnaissance - Phase 2
    1. Wordlists
    2. Subdomain Enumeration
      1. Certification Transparency Logs
      2. Search Engine
      3. Github
      4. Brute Force
      5. Subdomain Permutation
      6. Tools
    3. DNS Resolutions
    4. Screenshot
    5. Content Discovery
    6. Inspecting JS Files
    7. Google Dorks
    8. Conclusion
  3. Fingerprinting
    1. IP
    2. Web-Application
      1. Wapalyzer
      2. Firewall
    3. Conclusion
  4. Exploitation - Part 1
    1. Subdomain Takeover
    2. Github
    3. Misconfigured Cloud Storage Buckets
    4. Elastic Search DB
    5. Docker API
    6. Kuberneter API
    7. .git/.svn
    8. Google Firebase
  5. Exploitation - Part 2
    1. Exploiting CMS
    2. Exploiting OWASP
      1. XML Extended Entity (XXE)
      2. Cross Site Scripting (XXS)
      3. Server-Side Request Forgery (SSRF)
      4. Cross Side Request Forgery (CSRF)
      5. SQL Injection
      6. Command Injection
      7. Cross Site Web Socket Hijacking (CSWSH)
      8. File Upload
      9. Directory Traversal
      10. Open Redirect
      11. Insecure Direct Object Reference
  6. Methodology - Workflow
    1. Traditional Workflow
    2. Github Workflow
    3. Cloud Workflow
    4. Google Dork Workflow
    5. Leaked Credentials Workflow
    6. Exploit Workflow
  7. API-Pentesting
    1. APIs
    2. Authentication
  8. Caching Servers
    1. Web Cache Poisoning
    2. Web Cache Deception
  9. Miscellaneous
    1. On Site Request Forgery (OSRF)
    2. Prototype Pollution
    3. Client Side Template Injection
    4. XML External Entity
    5. Content Security Policy Bypass
    6. Relative Path Overwrite

Bug-Hunting Platforms

Following are some of the top Bug-Hunting Platforms. You can make your account and start hunting bugs for the programs available.

Note: This Repo is under development, Only Notes have been added till now. Separate Section for Tools, POCs and Tricks will be created soon

➡️ Contributions

You are Welcome to Contribute. You can contribute by:

  • Translating into other languages
  • Adding more Methodologies, Tools, and other Resources.
  • Just adding a star to our Github project :)

👉 If you have some new idea about this Repository, issue, feedback or found some valuable tool feel free to open an issue or just DM me via @IamLucif3r_

About

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

iamlucif3r.github.io/Bug-Hunting/

Topics

bug bug-bounty bugreport bugbounty bug-reporting bug-hunting methodologies bug-bounty-hunters bug-bounty-reconnaissance bug-bounty-tips

Resources

Readme

License

GPL-3.0 license
Activity

Stars

142 stars

Watchers

6 watching

Forks

30 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •