uz
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Kanalga Telegram’da o‘tish
7 461
Obunachilar
+424 soatlar
+357 kunlar
+17030 kunlar
Postlar arxiv
💵💵💵Recon Skills and Tips by Godfather ORWA ⚡️

"Hard times give birth to strong people, strong people create easy times. Easy times give birth to weak people. Weak people create hard times.

Oreilly_Mastering_Cybersecurity_with_Python_From_Basics_to_Advanced.zip1345.81 MB

Oreilly | Mastering Cybersecurity with Python From Basics to Advanced 2025 Info : https://www.oreilly.com/library/view/master
Oreilly | Mastering Cybersecurity with Python From Basics to Advanced 2025 Info : https://www.oreilly.com/library/view/mastering-cybersecurity-with/9781837029273/

💠 Complete Web App Pentesting 🔗 https://hacklido.com/lists/8
💠 Complete Web App Pentesting 🔗 https://hacklido.com/lists/8

🔥Always remember to test the API for existence of addition headers. X-Originaal-URL: /v1/api/endpoint_here BOOM => Entire API routes disclosure. Credit: @driccosec

Someone wrote a script that can be met with a server's security, it doesn't work out more about the pain of the newcomers not to have these common problems in configuring the server: https://github.com/vernu/vps-audit

https://www.computerhope.com/ Interesting site, a lot of information about network, security, technology and ... Of all years From the past to now

‌ Closing the server ping in the operating system layer (to increase security) echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf Sysctl -p ‌ To open the ping, just enter the value of 0 instead of 1. ‌

🔖All You Need to Master IDOR: A Complete Resource Guide ⬇️GitHub Repositories All these GitHub Repositories contains 1000+ H
🔖All You Need to Master IDOR: A Complete Resource Guide ⬇️GitHub Repositories
All these GitHub Repositories contains 1000+ Hackerone reports to read from which you can learn how bug bounty hunters did recon to find IDOR Vulnerability, I suggest read atleast 300 reports to get your own unique perspective on IDOR Vulnerability.
📱 Awesome-Bugbounty-Writeups - IDOR 📱 HackerOne Reports - Top IDOR 📱 HackerOneReports - IDOR ⬇️Critical/Highest bounty through IDOR Vulnerability 🖤 IDOR - how to predict an identifier? Bug bounty case study 🖤 $5,000 YouTube IDOR - Bug Bounty Reports Explained 🖤 $28k IDOR that broke Apple Shortcuts - Apple bug bounty ⬇️All possible parameters for IDOR and real life examples of each 🖤 Bug Bounty Hunting for IDORs - Part-I 🖤 Bug Bounty Hunting for IDORs - Part-II 🖤 Bug Bounty Hunting for IDORs - Part-III ⬇️Book 📕 Bug Bounty Bootcamp - By Vickie Li

🔖Hacking GraphQL APIs GraphQL pentesting focuses on identifying security vulnerabilities in applications that use GraphQL fo
🔖Hacking GraphQL APIs
GraphQL pentesting focuses on identifying security vulnerabilities in applications that use GraphQL for data querying. Unlike REST APIs, GraphQL allows clients to request specific data, which can expose underlying issues if not properly secured. Key areas of concern include improper authorization checks, excessive data exposure, and insufficient input validation. Pentesters should look for flaws such as introspection queries revealing sensitive schema details, or complex queries leading to denial of service. Ensuring robust input validation, implementing strict authorization checks, and limiting query complexity are essential practices to secure GraphQL endpoints.
🖥 Articles and Blog Posts
🔗 Hacktricks - GraphQL and Security 🔗 Five easy ways to hack GraphQL targets 🔗 Portswigger - Graphql 🔗 ApiSecurity
⬇️ GitHub Resources
📱 PayloadsAllTheThings 📱 hacking graphql 📱 Awesome Graphql Security 📱 Hack-graphql
⬇️Videos
🖤  NahamCon2024: GraphQL is the New PHP 🖤  Finding Your Next Bug: GraphQL 🖤  GraphQL API Pentesting
⬇️Books
📕 Black Hat GraphQL 📕 Hacking APIs - Breaking Web Application ... 📕 API Security in Action

Language: persian

🔥Robofinder is a powerful Python script designed to search for and retrieve historical robots.txt files from Archive.org for
🔥Robofinder is a powerful Python script designed to search for and retrieve historical robots.txt files from Archive.org for any given website. This tool is ideal for security researchers, web archivists, and penetration testers to uncover previously accessible paths or directories that were listed in a site's robots.txt. 🔖https://github.com/Spix0r/robofinder

🔖Zzl - Collect subdomains from SSL certificates https://github.com/DEMON1A/zzl
🔖Zzl - Collect subdomains from SSL certificates https://github.com/DEMON1A/zzl

🔖Essential Browser Extensions for Bug Bounty Hunters ⬇️FireFox
🔍 Link Gopher 🔍 Adblock Plus 🔍 FoxyProxy Standard 🔍 Video Speed Controller 🔍 Check XSS 🔍 HackTools 🔍 Bulk URL Opener 🔍 Temp Mail 🔍 JS Beautify CSS HTML 🔍 Multi-Account Containers
⬇️Chrome
🌐
TruffleHog
🌐
Code Formatter
🌐
Freedium Extension
🌐
BuiltWith
🌐
Wappalyzer
🌐
WhatRuns
🌐
Retire.js
🌐
Cookie Extractor
🌐
Wayback Machine
🌐
EXIF Data Viwer
🌐
Shodan
🌐
S3 Bucket List
🌐
Ublock Origin
🌐
Resources Saver
🌐
Dot Git
🌐
EndPointer

🎯 Directory-Traversal-Payloads 🎯 List of Directory Traversal/LFI Payloads Scraped from the Internet 😸 Github ⬇️ Download
🎯 Directory-Traversal-Payloads 🎯 List of Directory Traversal/LFI Payloads Scraped from the Internet 😸 Github ⬇️ Download