Bug Bounty - GitBook
رفتن به کانال در Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
نمایش بیشتر7 451
مشترکین
+524 ساعت
+107 روز
+17130 روز
آرشیو پست ها
7 451
Famous Platforms to practice Pentesting
✅ tryhackme
https://tryhackme.com
✅ bWAPP
http://itsecgames.com
✅ flAWS Cloud
http://flaws.cloud
✅ Hack Yourself First
http://hackyourselffirst.troyhunt.com
✅ OWASP Juice Shop
http://juice-shop.herokuapp.com
✅ Google Gruyere
https://google-gruyere.appspot.com
✅ Hack Me
https://hack.me
✅ HackTheBox
https://hackthebox.eu
✅ Root-Me
https://root-me.org
✅ XSS Game
https://xss-game.appspot.com
✅ Pentesterlab
https://pentesterlab.com
✅ OverTheWire
https://overthewire.org/wargames/
✅ Hacking Lab
https://hacking-lab.com/index.html
✅ IO
http://io.netgarage.org
✅ smashthestack
http://smashthestack.org
✅ microcorruption
https://microcorruption.com/login
✅ ExploitMe Mobile
http://securitycompass.github.io/AndroidLabs/index.html
✅ Hax.Tor
http://hax.tor.hu/welcome/
✅ Java Vulnerable Lab
https://github.com/CSPF-Founder/JavaVulnerableLab
✅ Pwnos
http://pwnos.com
✅ Ringzero
https://ringzer0team.com/challenges
✅ Avatao
https://avatao.com
✅ GameOver
https://sourceforge.net/projects/null-gameover/
✅ HSCTF3
http://hsctf.com
7 451
A simple Python script to scan multiple targets for SQL Injection via HTTP headers like User-Agent, X-Forwarded-For, and X-Client-IP.
https://github.com/ifconfig-me/SQLi-Scanner
7 451
Awesome Vulnerable Applications
A curated list of various vulnerable by design applications
https://github.com/vavkamil/awesome-vulnerable-apps
7 451
Veer Chetal a/k/a Wiz, has been arrested for his involvement in the $243M Bitcoin heist.
7 451
This Simple URL Encoding Made me $50,000 in Bounties
https://www.youtube.com/watch?v=sW9SK0ZcHxU
7 451
File Upload via XSS
If you found a file upload function for an image, try introducing an image with XSS in the filename like so:
<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
"><svg onmouseover=alert(1)>.svg
<<script>alert('xss')<!--a-->a.png7 451
DOM XSS Source/Sinks
A complete set of XSS vulnerability source and SINKs that are inside the WSTG Reference repository
https://github.com/wisec/domxssswiki/wiki/sinks
The website https://domgo.at currently has 10 XSS exercises with code; An important feature is that the Data Flow also has a code, which will help you better understand.
7 451
Bypassing Detections with Command-Line Obfuscation
https://www.wietzebeukema.nl/blog/bypassing-detections-with-command-line-obfuscation
7 451
• Volumetric Mind Map, which list the main methods and tools for bypassing antiviruses and EDR.
➡️ https://github.com/cmepw/bypassav
• Necessary links: https://github.com/matro7sh/bypassav/blob/main/bypass-av.md
7 451
Wireshark Display Filter Cheat Sheet.
https://github.com/Ignitetechnologies/Mindmap/tree/main/Wireshark
7 451
Automating Authenticated scans in burp suite for 2FA applications
https://freedium.cfd/https://medium.com/@thelazypentester/automating-authenticated-scans-in-burp-suite-for-2fa-applications-ae93882e26c9
7 451
In Linux, if you had a command that gave an error and needed SUDO.
Use SUDO !! executes the same order with Sudo.
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
