Skip to content
/ Web_Hacking Public

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

261 stars 48 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Mehdi0x90/Web_Hacking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

254 Commits
XSS-PDF Payloads
XSS-PDF Payloads
 
 
mindmaps-pdf
mindmaps-pdf
 
 
2FA_OTP_Bypass.md
2FA_OTP_Bypass.md
 
 
403 Bypass.md
403 Bypass.md
 
 
429 Bypass.md
429 Bypass.md
 
 
API Key Leak.md
API Key Leak.md
 
 
CORS - Misconfigurations & Bypass.md
CORS - Misconfigurations & Bypass.md
 
 
CRLF.md
CRLF.md
 
 
CSP Bypass.md
CSP Bypass.md
 
 
CSRF.md
CSRF.md
 
 
Cache Deception.md
Cache Deception.md
 
 
Captcha Bypass.md
Captcha Bypass.md
 
 
Cloud - AWS.md
Cloud - AWS.md
 
 
Cloud - Azure.md
Cloud - Azure.md
 
 
Cloud - CDN - Domain Fronting.md
Cloud - CDN - Domain Fronting.md
 
 
Cloud - Docker & Kubernetes.md
Cloud - Docker & Kubernetes.md
 
 
Cloud - GCP.md
Cloud - GCP.md
 
 
Cloud - Info Gathering.md
Cloud - Info Gathering.md
 
 
Cloud-General.md
Cloud-General.md
 
 
Command Injection.md
Command Injection.md
 
 
Container Attacks.md
Container Attacks.md
 
 
Dom Clobbering.md
Dom Clobbering.md
 
 
Evasive Techniques.md
Evasive Techniques.md
 
 
File Inclusion.md
File Inclusion.md
 
 
File Upload.md
File Upload.md
 
 
GraphQL.md
GraphQL.md
 
 
Host Header Injection.md
Host Header Injection.md
 
 
IDOR.md
IDOR.md
 
 
Insecure Interfaces and APIs.md
Insecure Interfaces and APIs.md
 
 
JWT.md
JWT.md
 
 
LoggerPlusPlus.md
LoggerPlusPlus.md
 
 
Login Bypass.md
Login Bypass.md
 
 
NoSQL Injection.md
NoSQL Injection.md
 
 
OSINT.md
OSINT.md
 
 
Open Redirect.md
Open Redirect.md
 
 
Privilege escalation EC2.md
Privilege escalation EC2.md
 
 
README.md
README.md
 
 
Race Condition.md
Race Condition.md
 
 
Rate Limit Bypass.md
Rate Limit Bypass.md
 
 
Recon.md
Recon.md
 
 
Red Team - SMTP.md
Red Team - SMTP.md
 
 
Reset Password Bypass.md
Reset Password Bypass.md
 
 
Reverse Tab Nabbing.md
Reverse Tab Nabbing.md
 
 
SQL Injection.md
SQL Injection.md
 
 
SSRF.md
SSRF.md
 
 
Secure Coding - 2FA.md
Secure Coding - 2FA.md
 
 
Secure Coding - Broken Authentication.md
Secure Coding - Broken Authentication.md
 
 
Secure Coding - Broken Function Level Authorization.md
Secure Coding - Broken Function Level Authorization.md
 
 
Secure Coding - Broken Object Level Authorization.md
Secure Coding - Broken Object Level Authorization.md
 
 
Secure Coding - Broken Object Property Level Authorization.md
Secure Coding - Broken Object Property Level Authorization.md
 
 
Secure Coding - Improper Inventory Management.md
Secure Coding - Improper Inventory Management.md
 
 
Secure Coding - Password Reset.md
Secure Coding - Password Reset.md
 
 
Secure Coding - Security Misconfiguration.md
Secure Coding - Security Misconfiguration.md
 
 
Secure Coding - Server Side Request Forgery.md
Secure Coding - Server Side Request Forgery.md
 
 
Secure Coding - Session Fixation.md
Secure Coding - Session Fixation.md
 
 
Secure Coding - Unrestricted Access to Sensitive Business Flows.md
Secure Coding - Unrestricted Access to Sensitive Business Flows.md
 
 
Secure Coding - Unrestricted Resource Consumption.md
Secure Coding - Unrestricted Resource Consumption.md
 
 
Secure Coding - Unsafe Consumption of APIs.md
Secure Coding - Unsafe Consumption of APIs.md
 
 
WAF Bypass.md
WAF Bypass.md
 
 
XSS.md
XSS.md
 
 
XXE.md
XXE.md
 
 
email verification bypass.md
email verification bypass.md
 
 
foxit-reader-poc.pdf
foxit-reader-poc.pdf
 
 
payload1.pdf
payload1.pdf
 
 
payload2.pdf
payload2.pdf
 
 
payload3.pdf
payload3.pdf
 
 
payload4.pdf
payload4.pdf
 
 
payload5.pdf
payload5.pdf
 
 
payload6.pdf
payload6.pdf
 
 
payload7.pdf
payload7.pdf
 
 
payload8.pdf
payload8.pdf
 
 
starter_pack.pdf
starter_pack.pdf
 
 
writeups.md
writeups.md
 
 

Repository files navigation

Web Hacking + Bug Bounty Tricks

5829442

These are my Bug Bounty / Pentest notes that I have gathered from various sources.

You can also contribute.

Twitter URL

Golden Tips

Recon & OSINT Techniques

List of Vulnerabilities

Bypass Techniques

Cloud / Docker

Top Tools & Extensions

  • inql - Burp extension for advanced GraphQL testing
  • Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
  • param-miner - Burp extension, identifies hidden, unlinked parameters
  • Oralyzer - a simple python script that probes for Open Redirection vulnerability in a website
  • SQLiPy Sqlmap Integration - SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API
  • ParamSpider - Parameter miner for humans
  • gf - A wrapper around grep to avoid typing common patterns

Mindmaps for Bug Hunters

Red Team Attacks

Secure Coding

All content of this repository will always be updated...

About

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Topics

security exploit hacking owasp cheatsheet enumeration penetration-testing vulnerability recon bugbounty pentest bypass payloads websecurity web-application-security redteam api-security webhacking bug-bounty-hunters api-pentest

Resources

Readme
Activity

Stars

261 stars

Watchers

4 watching

Forks

48 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2