Bug Bounty - GitBook
Kanalga Telegram’da o‘tish
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Ko'proq ko'rsatish7 461
Obunachilar
+424 soatlar
+357 kunlar
+17030 kunlar
Postlar arxiv
7 464
🛡 Top 10 web hacking techniques of 2024.
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
7 464
"Hard times give birth to strong people, strong people create easy times. Easy times give birth to weak people. Weak people create hard times.
7 464
Oreilly_Mastering_Cybersecurity_with_Python_From_Basics_to_Advanced.zip1345.81 MB
7 464
Oreilly | Mastering Cybersecurity with Python From Basics to Advanced 2025
Info : https://www.oreilly.com/library/view/mastering-cybersecurity-with/9781837029273/
7 464
🔥Always remember to test the API for existence of addition headers.
X-Originaal-URL: /v1/api/endpoint_here
BOOM => Entire API routes disclosure.
Credit: @driccosec
7 464
Someone wrote a script that can be met with a server's security, it doesn't work out more about the pain of the newcomers not to have these common problems in configuring the server:
https://github.com/vernu/vps-audit
7 464
https://www.computerhope.com/
Interesting site, a lot of information about network, security, technology and ...
Of all years
From the past to now
7 464
Closing the server ping in the operating system layer (to increase security)
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
Sysctl -p
To open the ping, just enter the value of 0 instead of 1.
7 464
🔖All You Need to Master IDOR: A Complete Resource Guide
⬇️GitHub Repositories
All these GitHub Repositories contains 1000+ Hackerone reports to read from which you can learn how bug bounty hunters did recon to find IDOR Vulnerability, I suggest read atleast 300 reports to get your own unique perspective on IDOR Vulnerability.📱 Awesome-Bugbounty-Writeups - IDOR 📱 HackerOne Reports - Top IDOR 📱 HackerOneReports - IDOR ⬇️Critical/Highest bounty through IDOR Vulnerability 🖤 IDOR - how to predict an identifier? Bug bounty case study 🖤 $5,000 YouTube IDOR - Bug Bounty Reports Explained 🖤 $28k IDOR that broke Apple Shortcuts - Apple bug bounty ⬇️All possible parameters for IDOR and real life examples of each 🖤 Bug Bounty Hunting for IDORs - Part-I 🖤 Bug Bounty Hunting for IDORs - Part-II 🖤 Bug Bounty Hunting for IDORs - Part-III ⬇️Book 📕 Bug Bounty Bootcamp - By Vickie Li
7 464
🔖Hacking GraphQL APIs
GraphQL pentesting focuses on identifying security vulnerabilities in applications that use GraphQL for data querying. Unlike REST APIs, GraphQL allows clients to request specific data, which can expose underlying issues if not properly secured. Key areas of concern include improper authorization checks, excessive data exposure, and insufficient input validation. Pentesters should look for flaws such as introspection queries revealing sensitive schema details, or complex queries leading to denial of service. Ensuring robust input validation, implementing strict authorization checks, and limiting query complexity are essential practices to secure GraphQL endpoints.🖥 Articles and Blog Posts
🔗 Hacktricks - GraphQL and Security 🔗 Five easy ways to hack GraphQL targets 🔗 Portswigger - Graphql 🔗 ApiSecurity⬇️ GitHub Resources
📱 PayloadsAllTheThings 📱 hacking graphql 📱 Awesome Graphql Security 📱 Hack-graphql⬇️Videos
🖤 NahamCon2024: GraphQL is the New PHP 🖤 Finding Your Next Bug: GraphQL 🖤 GraphQL API Pentesting⬇️Books
📕 Black Hat GraphQL 📕 Hacking APIs - Breaking Web Application ... 📕 API Security in Action
7 464
🔥Robofinder is a powerful Python script designed to search for and retrieve historical robots.txt files from Archive.org for any given website. This tool is ideal for security researchers, web archivists, and penetration testers to uncover previously accessible paths or directories that were listed in a site's robots.txt.
🔖https://github.com/Spix0r/robofinder
7 464
🔖Essential Browser Extensions for Bug Bounty Hunters
⬇️FireFox
🔍 Link Gopher 🔍 Adblock Plus 🔍 FoxyProxy Standard 🔍 Video Speed Controller 🔍 Check XSS 🔍 HackTools 🔍 Bulk URL Opener 🔍 Temp Mail 🔍 JS Beautify CSS HTML 🔍 Multi-Account Containers⬇️Chrome
🌐
TruffleHog
🌐
Code Formatter
🌐
Freedium Extension
🌐
BuiltWith
🌐
Wappalyzer
🌐
WhatRuns
🌐
Retire.js
🌐
Cookie Extractor
🌐
Wayback Machine
🌐
EXIF Data Viwer
🌐
Shodan
🌐
S3 Bucket List
🌐
Ublock Origin
🌐
Resources Saver
🌐
Dot Git
🌐
EndPointer
7 464
bypass 403 & 401 errors:
https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/403-and-401-bypasses
7 464
