STRLCPY/Cipherops

■ ■ ■ ■ ■ ■

SUMMARY.md

		skipped 4 lines
5	5		* [🌏 Journeying Through the World of Ethical Hacking with Cipher-ops](journeying-through-the-world-of-ethical-hacking-with-cipher-ops.md)
6	6		* [Let's Start](lets-start/README.md)
7	7		* [🥳 Exploring Top Platforms and Websites for Hacking Practice and Learning](lets-start/exploring-top-platforms-and-websites-for-hacking-practice-and-learning.md)
	8	+	* [Offensive virtual machine's](lets-start/offensive-virtual-machines.md)
	9	+	* [cybersecurity YouTube channels](lets-start/cybersecurity-youtube-channels.md)
8	10
9	11		## Overview
10	12
11		-	* [ℹ Recon Tips](overview/recon-tips/README.md)
12		-	* [Subdomain Enumeration](overview/recon-tips/subdomain-enumeration.md)
13		-	* [One Liner from Awesome bug bounty](overview/recon-tips/one-liner-from-awesome-bug-bounty.md)
14		-	* [Resources](overview/recon-tips/resources/README.md)
15		-	* [Best Recon Technique For Active Subdomain Enumeration](overview/recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md)
16		-	* [Mastering the Art of Information Gathering](overview/recon-tips/resources/mastering-the-art-of-information-gathering.md)
17		-	* [Introducing 20 web-application hacking tools🔥🤩🌵](overview/recon-tips/resources/introducing-20-web-application-hacking-tools.md)
18		-	* [All DAMN vulnerable resources](overview/recon-tips/resources/all-damn-vulnerable-resources.md)
	13	+	* [Resourses](overview/resourses/README.md)
	14	+	* [30 cybersecurity search engines](overview/resourses/30-cybersecurity-search-engines.md)
	15	+	* [Essential Linux Commands](overview/resourses/essential-linux-commands.md)
	16	+	* [Damn Vulnerabilities List Lab](overview/resourses/damn-vulnerabilities-list-lab.md)
	17	+	* [Try-Hack-me Roadmap](overview/resourses/try-hack-me-roadmap.md)
	18	+	* [OSINT](overview/osint.md)
19	19
20	20		***
21	21
22		-	* [Subdomain Takeover Resources](subdomain-takeover-resources.md)
23		-	* [Damn Vulnerabilities List Lab](damn-vulnerabilities-list-lab.md)
24		-	* [PORT SCANNING](port-scanning.md)
25		-	* [Offensive virtual machine's](offensive-virtual-machines.md)
26		-	* [Essential Linux Commands](essential-linux-commands.md)
27		-	* [30 cybersecurity search engines](30-cybersecurity-search-engines.md)
28		-	* [cybersecurity YouTube channels](cybersecurity-youtube-channels.md)
29		-	* [Try-Hack-me Roadmap](try-hack-me-roadmap.md)
30		-	* [OSINT](osint.md)
31		-	* [Screenshots](screenshots.md)
32		-	* [Technology Identification](technology-identification.md)
33		-	* [Content Discovery Tools](content-discovery-tools.md)
34		-	* [Link Extraction Tools](link-extraction-tools.md)
35		-	* [Parameter and web fuzzing tools](parameter-and-web-fuzzing-tools.md)
36		-
37		-	## 🥲 Exploitation
38		-
39		-	* [Exploitation Tools Categorized by Vulnerability Type](exploitation/exploitation-tools-categorized-by-vulnerability-type.md)
40		-	* [File Inclusion,CSRF Injection,Directory Traversal](exploitation/file-inclusion-csrf-injection-directory-traversal.md)
41		-	* [GraphQL Injection,Insecure Deserialization,Header Injection](exploitation/graphql-injection-insecure-deserialization-header-injection.md)
42		-	* [Insecure Direct Object References, Open Redirect, Request Smuggling](exploitation/insecure-direct-object-references-open-redirect-request-smuggling.md)
	22	+	* [ℹ Recon Tips](recon-tips/README.md)
	23	+	* [Subdomain Enumeration](recon-tips/subdomain-enumeration.md)
	24	+	* [One Liner from Awesome bug bounty](recon-tips/one-liner-from-awesome-bug-bounty.md)
	25	+	* [Resources](recon-tips/resources/README.md)
	26	+	* [Best Recon Technique For Active Subdomain Enumeration](recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md)
	27	+	* [Mastering the Art of Information Gathering](recon-tips/resources/mastering-the-art-of-information-gathering.md)
	28	+	* [Introducing 20 web-application hacking tools🔥🤩🌵](recon-tips/resources/introducing-20-web-application-hacking-tools.md)
	29	+	* [All DAMN vulnerable resources](recon-tips/resources/all-damn-vulnerable-resources.md)
	30	+	* [Web Application](web-application/README.md)
	31	+	* [PORT SCANNING](web-application/port-scanning.md)
	32	+	* [Subdomain Takeover Resources](web-application/subdomain-takeover-resources.md)
	33	+	* [Technology Identification](web-application/technology-identification.md)
	34	+	* [Content Discovery Tools](web-application/content-discovery-tools.md)
	35	+	* [Link Extraction Tools](web-application/link-extraction-tools.md)
	36	+	* [Parameter and web fuzzing tools](web-application/parameter-and-web-fuzzing-tools.md)
	37	+	* [Screenshots](web-application/screenshots.md)
	38	+	* [File Inclusion,CSRF Injection,Directory Traversal](web-application/file-inclusion-csrf-injection-directory-traversal.md)
	39	+	* [GraphQL Injection,Insecure Deserialization,Header Injection](web-application/graphql-injection-insecure-deserialization-header-injection.md)
	40	+	* [Exploitation Tools Categorized by Vulnerability Type](web-application/exploitation-tools-categorized-by-vulnerability-type.md)
	41	+	* [Insecure Direct Object References, Open Redirect, Request Smuggling](web-application/insecure-direct-object-references-open-redirect-request-smuggling.md)
43	42
44	43		## 🐦 Twitter Threads
45	44
46	45		* [Thread by @ArchAngelDDay on Thread Reader App](twitter-threads/thread-by-archangeldday-on-thread-reader-app.md)
47		-	* [Page 1](twitter-threads/page-1.md)
48	46

cybersecurity-youtube-channels.md lets-start/cybersecurity-youtube-channels.md

Content is identical

offensive-virtual-machines.md lets-start/offensive-virtual-machines.md

Content is identical

osint.md overview/osint.md

Content is identical

30-cybersecurity-search-engines.md overview/resourses/30-cybersecurity-search-engines.md

Content is identical

■ ■ ■ ■ ■ ■

overview/resourses/README.md

1	+	# Resourses
2	+
3	+

damn-vulnerabilities-list-lab.md overview/resourses/damn-vulnerabilities-list-lab.md

Content is identical

essential-linux-commands.md overview/resourses/essential-linux-commands.md

Content is identical

try-hack-me-roadmap.md overview/resourses/try-hack-me-roadmap.md

Content is identical

overview/recon-tips/README.md recon-tips/README.md

Content is identical

overview/recon-tips/one-liner-from-awesome-bug-bounty.md recon-tips/one-liner-from-awesome-bug-bounty.md

Content is identical

■ ■ ■ ■ ■ ■

overview/recon-tips/resources/README.md recon-tips/resources/README.md

		skipped 18 lines
19	19		* [SQLi](https://github.com/HolyBugx/HolyTips/tree/main/Resources#SQLi)
20	20		* [Misc](https://github.com/HolyBugx/HolyTips/tree/main/Resources#Misc)
21	21
22		-	***
	22	+
23	23
24	24		### <mark style="color:green;">Starting-Out</mark>
25	25
		skipped 3 lines
29	29		* [OWASP Top 10 API Training](https://application.security/free/owasp-top-10-API)
30	30		* [Web Security Course](https://web.stanford.edu/class/cs253/)
31	31
32		-	***
	32	+
33	33
34	34		### <mark style="color:green;">Books</mark>
35	35
		skipped 4 lines
40	40		* [The Hacker Playbook 2](https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B01072WJZE)
41	41		* [The Hacker Playbook 3](https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2)
42	42
43		-	***
	43	+
44	44
45	45		### <mark style="color:green;">Blogs</mark>
46	46
		skipped 5 lines
52	52		* [Patrik Hudak](https://0xpatrik.com/)
53	53		* [Honoki](https://honoki.net/)
54	54
55		-	***
	55	+
56	56
57	57		### <mark style="color:green;">Training-Platforms</mark>
58	58
		skipped 5 lines
64	64		* [PicoCTF](https://picoctf.org)
65	65		* [GoogleCTF](https://capturetheflag.withgoogle.com)
66	66
67		-	***
	67	+
68	68
69	69		### <mark style="color:green;">Web-Security</mark>
70	70
		skipped 7 lines
78	78		* [How to Hunt Bugs in SAML; a Methodology - Part III](https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/)
79	79		* [SAML Attack Surface](https://github.com/kelbyludwig/saml-attack-surface)
80	80
81		-	***
	81	+
82	82
83	83		### <mark style="color:green;">Recon</mark>
84	84
		skipped 4 lines
89	89		* [The Best Bug Bounty Recon Methodology](https://securib.ee/beelog/the-best-bug-bounty-recon-methodology/)
90	90		* [The Art of Subdomain Enumeration](https://appsecco.com/books/subdomain-enumeration/)
91	91
92		-	***
	92	+
93	93
94	94		### <mark style="color:green;">XSS</mark>
95	95
		skipped 6 lines
102	102		* [XSS while logging using Google](https://hackerone.com/reports/691611)
103	103		* [Stored XSS in RDoc wiki pages](https://hackerone.com/reports/662287)
104	104
105		-	***
	105	+
106	106
107	107		### <mark style="color:green;">CSR</mark>F
108	108
		skipped 6 lines
115	115		* [Media deletion CSRF vulnerability on Instagram](https://blog.darabi.me/2019/12/instagram-delete-media-csrf.html)
116	116		* [Facebook CSRF protection bypass which leads to Account Takeover](https://ysamm.com/?p=185)
117	117
118		-	***
	118	+
119	119
120	120		### <mark style="color:green;">IDOR</mark>
121	121
		skipped 6 lines
128	128		* [How I pwned a company using IDOR and Blind XSS](https://www.ansariosama.com/2017/11/how-i-pwned-company-using-idor-blind-xss.html)
129	129		* [Disclose Private Dashboard Chart's name and data in Facebook Analytics](https://bugreader.com/jubabaghdad@disclose-private-dashboard-charts-name-and-data-in-facebook-analytics-184)
130	130
131		-	***
	131	+
132	132
133	133		### <mark style="color:green;">Open-Redirect</mark>
134	134
		skipped 7 lines
142	142		* [Airbnb chaining third party open redirect into SSRF via liveperson chat](https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/)
143	143		* [Oauth authentication bypass on airbnb acquistion using wierd 1 char open redirect](https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/)
144	144
145		-	***
	145	+
146	146
147	147		### <mark style="color:green;">Race-Condition</mark>
148	148
		skipped 6 lines
155	155		* [Race Condition in account survey](https://hackerone.com/reports/165570)
156	156		* [Race Condition at create new Location](https://hackerone.com/reports/413759)
157	157
158		-	***
	158	+
159	159
160	160		### <mark style="color:green;">Subdomain-Takeover</mark>
161	161
		skipped 6 lines
168	168		* [Subdomain Takeover on blog.greenhouse.io pointing to Hubspot](https://hackerone.com/reports/38007)
169	169		* [Subdomain Takeover on openapi.starbucks.com](https://hackerone.com/reports/241503)
170	170
171		-	***
	171	+
172	172
173	173		### <mark style="color:green;">SSRF</mark>
174	174
		skipped 6 lines
181	181		* [31k$ SSRF in Google Cloud Monitoring led to metadata exposure](https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html)
182	182		* [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
183	183
184		-	***
	184	+
185	185
186	186		### <mark style="color:green;">XXE</mark>
187	187
		skipped 6 lines
194	194		* [LFI and SSRF via XXE in emblem editor](https://hackerone.com/reports/347139)
195	195		* [Non-production Open Database In Combination With XXE Leads To SSRF](https://hackerone.com/reports/742808)
196	196
197		-	***
	197	+
198	198
199	199		### <mark style="color:green;">SQLi</mark>
200	200
		skipped 9 lines

overview/recon-tips/resources/all-damn-vulnerable-resources.md recon-tips/resources/all-damn-vulnerable-resources.md

Content is identical

overview/recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md

Content is identical

overview/recon-tips/resources/introducing-20-web-application-hacking-tools.md recon-tips/resources/introducing-20-web-application-hacking-tools.md

Content is identical

overview/recon-tips/resources/mastering-the-art-of-information-gathering.md recon-tips/resources/mastering-the-art-of-information-gathering.md

Content is identical

overview/recon-tips/subdomain-enumeration.md recon-tips/subdomain-enumeration.md

Content is identical

■ ■ ■ ■ ■ ■

twitter-threads/page-1.md

1	-	# Page 1
2	-
3	-

■ ■ ■ ■ ■ ■

web-application/README.md

1	+	# Web Application
2	+
3	+

content-discovery-tools.md web-application/content-discovery-tools.md

Content is identical

exploitation/exploitation-tools-categorized-by-vulnerability-type.md web-application/exploitation-tools-categorized-by-vulnerability-type.md

Content is identical

exploitation/file-inclusion-csrf-injection-directory-traversal.md web-application/file-inclusion-csrf-injection-directory-traversal.md

Content is identical

exploitation/graphql-injection-insecure-deserialization-header-injection.md web-application/graphql-injection-insecure-deserialization-header-injection.md

Content is identical

exploitation/insecure-direct-object-references-open-redirect-request-smuggling.md web-application/insecure-direct-object-references-open-redirect-request-smuggling.md

Content is identical

link-extraction-tools.md web-application/link-extraction-tools.md

Content is identical

parameter-and-web-fuzzing-tools.md web-application/parameter-and-web-fuzzing-tools.md

Content is identical

port-scanning.md web-application/port-scanning.md

Content is identical

screenshots.md web-application/screenshots.md

Content is identical

subdomain-takeover-resources.md web-application/subdomain-takeover-resources.md

Content is identical

technology-identification.md web-application/technology-identification.md

Content is identical

GITBOOK-19: change request with no subject merged in GitBook