🤬
  • ■ ■ ■ ■ ■
    README.md
    skipped 19 lines
    20 20  - [Vulnerability Types](/assets/vulns.md)
    21 21  - [Mobile Hacking](/assets/mobile.md)
    22 22  - [Smart Contracts](/assets/smartcon.md)
     23 +- [Hardware & IoT](/assets/hardware.md)
    23 24  - [Blog posts & Talks](/assets/blogposts.md)
    24 25  - [Media Resources](/assets/media.md)
    25 26   
  • ■ ■ ■ ■ ■ ■
    assets/blogposts.md
    skipped 21 lines
    22 22  - [RCE](#RCE)
    23 23  - [Recon](#Recon)
    24 24  - [Smart Contracts](#Smart-Contracts)
     25 +- [API](#API)
    25 26  - [Misc](#Misc)
    26 27  ---
    27 28  ## XSS
    skipped 4 lines
    32 33  - [Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program](https://samcurry.net/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program/) - [Sam Curry](https://twitter.com/samwcyo)
    33 34  - [Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty](https://medium.com/bugbountywriteup/effortlessly-finding-cross-site-script-inclusion-xssi-jsonp-for-bug-bounty-38ae0b9e5c8a) - [@th3_hidd3n_mist](https://twitter.com/th3_hidd3n_mist)
    34 35  - [Microsoft Edge (Chromium) - EoP via XSS to Potential RCE](https://leucosite.com/Edge-Chromium-EoP-RCE/) - [@Qab](https://twitter.com/qab)
     36 +- [Reflected XSS in https://blocked.myndr.net](https://hackerone.com/reports/824433) - Thilakesh
     37 + 
     38 + 
    35 39  ### DOM XSS
    36 40  - [Persistent DOM-based XSS in https://help.twitter.com via localStorage](https://hackerone.com/reports/297968) - harisec
    37 41  - [DOM based XSS in search functionality](https://hackerone.com/reports/168165) - sameoldstory
    38 42  - [A Tale Of A DOM Based XSS In Paypal](https://www.rafaybaloch.com/2017/06/a-tale-of-dom-based-xss-in-paypal.html) - Rafay Baloch
    39 43  - [H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing](https://hackerone.com/reports/422043) - filedescriptor
     44 +- [DOM XSS on app.starbucks.com via ReturnUrl](https://hackerone.com/reports/526265) - Gamer7112
    40 45  ### Stored XSS
    41 46  - [Another XSS in Google Colaboratory](https://blog.bentkowski.info/2018/09/another-xss-in-google-colaboratory.html) - Michał Bentkowski
    42 47  - [Google adwords 3133.7$ Stored XSS](https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27) - Emad Shanab
    skipped 24 lines
    67 72  - [SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database](https://hackerone.com/reports/531051) - spaceraccoon
    68 73  - [Finding SQL injections fast with white-box analysis — a recent bug example](https://medium.com/@frycos/finding-sql-injections-fast-with-white-box-analysis-a-recent-bug-example-ca449bce6c76?) - [@frycos](https://twitter.com/frycos)
    69 74  - [How we hacked one of the worlds largest Cryptocurrency Website](https://strynx.org/insecure-crypto-code-execution/) - [strynx](https://strynx.org/)
     75 +- [Blind SQL Injection on windows10.hi-tech.mail.ru](https://hackerone.com/reports/786044) - Просто душка (api_0)
    70 76   
    71 77  ## Mobile
    72 78  ### iOS
    skipped 4 lines
    77 83  ## HTTP Desync
    78 84  - [HTTP Desync Attacks: Request Smuggling Reborn](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) in combination with this [report](https://hackerone.com/reports/510152) - [James Kettle](https://twitter.com/albinowax)
    79 85  - [HTTP Request Smuggling on vpn.lob.com](https://hackerone.com/reports/694604) - 0X0 (painreigns)
     86 +- [Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies](https://hackerone.com/reports/737140) - Evan Custodio
    80 87   
    81 88  ## File Upload
    82 89  - [Webshell via File Upload on ecjobs.starbucks.com.cn](https://hackerone.com/reports/506646) - johnstone
    83 90  - [Facebook Messenger server random memory exposure through corrupted GIF image ](https://www.vulnano.com/2019/03/facebook-messenger-server-random-memory.html) - [@xdzmitry](https://twitter.com/xdzmitry)
    84 91  - [A Tale of Exploitation in Spreadsheet File Conversions](https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/) - [@bbuerhaus](https://twitter.com/bbuerhaus)//[@daeken](https://twitter.com/daeken)//[@erbbysam](https://twitter.com/erbbysam)//[@smiegles](https://twitter.com/smiegles)
     92 +- [External XML Entity via File Upload (SVG)](https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/) - by 0xatul
     93 + 
    85 94   
    86 95  ## Automation
    87 96  - [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a) - Mohd Shibli
    skipped 13 lines
    101 110  ## GraphQL
    102 111  - [Private System Note Disclosure using GraphQL](https://hackerone.com/reports/633001) - Ron Chan
    103 112  - [Graphql Abuse to Steal Anyone’s Address](https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417) - pratik yadav
     113 + - [Email address of any user can be queried on Report Invitation GraphQL type when username is known](https://hackerone.com/reports/792927) - msdian7
    104 114   
    105 115  ## RCE
    106 116  - [My First RCE (Stressed Employee gets me 2x bounty)](https://medium.com/@abhishake100/my-first-rce-stressed-employee-gets-me-2x-bounty-c4879c277e37) - [Abhishek Yadav](https://medium.com/@abhishake100)
    skipped 7 lines
    114 124  - [Steal collateral during `end` process, by earning DSR interest after `flow](https://hackerone.com/reports/672664)(Listed as Business Logic Error)
    115 125  - [Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`](https://hackerone.com/reports/684152)(Listed as Improper Input Validation)
    116 126   
     127 +## API
     128 +- [31 Days of API Security Tips](https://github.com/smodnix/31-days-of-API-Security-Tips) - [smodnix](https://github.com/smodnix)
     129 + 
    117 130  ## Misc
    118 131  - [Hacking GitHub with Unicode's dotless 'i'](https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/)
    119 132  - [Abusing autoresponders and email bounces](https://medium.com/intigriti/abusing-autoresponders-and-email-bounces-9b1995eb53c2) - securinti
    skipped 1 lines
    121 134  - [Cracking reCAPTCHA, Turbo Intruder style](https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style) - James Kettle
    122 135  - [Abusing ImageMagick to obtain RCE](https://strynx.org/imagemagick-rce/) - [strynx](https://strynx.org/)
    123 136  - [How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN](https://blog.detectify.com/2019/09/19/alyssa-herrera-pulse-corporate-networks-ssl-vpn/) - [Alyssa Herrera](https://twitter.com/Alyssa_Herrera_)
     137 + 
    124 138   
    125 139  ---
    126 140  back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/changelog.md
    skipped 4 lines
    5 5  Updates to this repo will be pushed monthly. You can read about the latest changes below.
    6 6   
    7 7  ---
     8 +## Update 2020.04
     9 +### Added
     10 +- New: [Hardware & IoT](/assets/hardware.md)
     11 + - Added Exploitee.rs Wiki
     12 +- New [Podcasts](/assets/media.md#Podcasts):
     13 + - Darknet Diaries Episode 60 with dawgyg
     14 + - The Bug Bounty Podscast Episode 3 with nahamsec
     15 +- New in [Tools](/assets/tools.md):
     16 + - objection - A new Mobile tool
     17 + - CyberChef
     18 + - New Category: [Notes & Organization](/assets/tools.md#Notes-&-Organization)
     19 + - Reconness to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
     20 + - Updog to [Notes & Organization](/assets/tools.md#Notes-&-Organization)
     21 + - New Category: [Burp Extensions](/assets/tools.md#Burp-Extensions)
     22 + - Logger++ to [Burp Extensions](/assets/tools.md#Burp-Extensions)
     23 + - AuthMatrix to [Burp Extensions](/assets/tools.md#Burp-Extensions)
     24 + - Autorize to [Burp Extensions](/assets/tools.md#Burp-Extensions)
     25 + - Auto Repeater to [Burp Extensions](/assets/tools.md#Burp-Extensions)
     26 + - Progress Tracker to [Burp Extensions](/assets/tools.md#Burp-Extensions)
     27 + - Flow to [Burp Extensions](/assets/tools.md#Burp-Extensions)
     28 +- New in [Labs](/assets/labs.md):
     29 + - TryHackMe & Videos
     30 +- New [Streamers](/assets/media.md#Streamers):
     31 + - [sup3rhero1](https://www.twitch.tv/sup3rhero1)
     32 + - [STÖK](https://www.twitch.tv/stokfredrik)
     33 +- New in [BlogPosts](/assets/blogposts.md):
     34 + - New Category: [API](/assets/blogposts.md#API)
     35 + - Added "31 Days of API Security Tips" - Misc
     36 + - Added "Blind SQL Injection on windows10.hi-tech.mail.ru" - SQLInjection
     37 + - Added "DOM XSS on app.starbucks.com via ReturnUrl" - DOMXSS
     38 + - Added "Email address of any user can be queried on Report Invitation GraphQL type when username is known" - GraphQL
     39 + - Added "External XML Entity via File Upload (SVG)" - File Upload
     40 + - Added "Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies" - HTTP Desync
     41 +- New in [Mobile](/assets/mobile.md):
     42 + - [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources)
     43 +### Changed
     44 +### Fixed
     45 + - Frida?
    8 46   
     47 + 
     48 + 
     49 +---
    9 50  ## Update 2020.03
    10 51  ### Added
    11 52  - New: [Smart Contracts](/assets/smartcon.md) (special thanks to [@0xatul](https://twitter.com/0xatul))
    skipped 65 lines
  • ■ ■ ■ ■ ■ ■
    assets/hardware.md
     1 +# Resources-for-Beginner-Bug-Bounty-Hunters
     2 + 
     3 +## Hardware & IoT ⚙️ <-- CHANGE ME!
     4 + 
     5 +### Resources
     6 +- [Exploitee.rs Wiki](https://www.exploitee.rs/index.php/Main_Page) - IoT Wiki Page with a bunch of Info when getting into Hardware
     7 +---
     8 +back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/labs.md
    skipped 12 lines
    13 13  - [Web Security Academy by PortSwigger](https://portswigger.net/web-security)
    14 14  - [XSS Labs from PwnFunction](https://xss.pwnfunction.com/) Great Labs in a beautiful layout
    15 15  - [0l4bs - Cross-site scripting labs for web application security enthusiasts](https://github.com/tegal1337/0l4bs) - by tegal1337
     16 +- [TryHackMe](https://tryhackme.com) | Cool Hacking & Pentesting Labs with Web Challenges
     17 + - Videos: [TryHackMe! Basic Penetration Testing](https://www.youtube.com/watch?v=xl2Xx5YOKcI) // [TryHackMe! EternalBlue/MS17-010 in Metasploit](https://www.youtube.com/watch?v=s6rwS7UuMt8) // [TryHackMe! OhSINT - METADATA & Research](https://www.youtube.com/watch?v=oF0TQQmFu4w)
    16 18   
    17 19  ---
    18 20  back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■ ■
    assets/media.md
    skipped 26 lines
    27 27  - [The Cyber Mentor](https://twitch.tv/thecybermentor) on Twitch
    28 28  - [The Blind Hacker](https://twitch.tv/theblindhacker) on Twitch
    29 29  - [Jason Haddix](https://www.twitch.tv/js0n_x/) on Twitch
     30 +- [sup3rhero1](https://www.twitch.tv/sup3rhero1) on Twitch
     31 +- [STÖK](https://www.twitch.tv/stokfredrik) on Twitch
    30 32   
    31 33   
    32 34  ## Podcasts
    33 35  - [Darknet Diaries](https://darknetdiaries.com/) by [Jack Rhysider](https://twitter.com/jackrhysider)
     36 + - [Episode 60 with dawgyg](https://darknetdiaries.com/episode/60/)
    34 37  - [The Bug Bounty Podcast](https://open.spotify.com/show/3yTTlfXH1avrI3FsXZyCpv) by Fisher
     38 + - [Episode 3 with nahamsec](https://anchor.fm/bugbountypodcast/episodes/Episode-3-ft--NahamSec-ebl392)
    35 39  - [Bug Hunter Podcast](https://anchor.fm/bughunter)
    36 40   
    37 41  ## Books
    skipped 80 lines
  • ■ ■ ■ ■ ■
    assets/mobile.md
    skipped 15 lines
    16 16   
    17 17  ## Misc
    18 18  - [Q&A With Android Hacker bagipro](https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro)
     19 +- [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources) - [Kyle Benac](https://github.com/B3nac)
    19 20   
    20 21  ---
    21 22  back to [Intro Page](/README.md)
  • ■ ■ ■ ■ ■
    assets/tools.md
    skipped 5 lines
    6 6   
    7 7  ## Table of Contents
    8 8  1. [Proxy & Network Sniffer](#Proxy-&-Network-Sniffer)
    9  -2. [Recon, OSINT & Discovery](#Recon,-OSINT-&-Discovery)
    10  -3. [Exploitation](#Exploitation)
    11  -4. [Scanners](#Scanners)
    12  -5. [Mobile Hacking](#Mobile-Hacking)
    13  -6. [Others](#Others)
     9 +2. [Burp Extensions](#Burp-Extensions)
     10 +3. [Recon, OSINT & Discovery](#Recon,-OSINT-&-Discovery)
     11 +4. [Exploitation](#Exploitation)
     12 +5. [Scanners](#Scanners)
     13 +6. [Mobile Hacking](#Mobile-Hacking)
     14 +7. [Notes & Organization](#Notes-&-Organization)
     15 +8. [Others](#Others)
    14 16   
    15 17  ### Proxy & Network Sniffer
    16 18  | Name | Description | Written in | Created by |
    skipped 1 lines
    18 20  |[Burp Suite](https://portswigger.net/burp)|A Proxy to intercept and manipulate Web Traffic (free & paid version). [Here](/assets/setup.md#setup) you can find Tips & Tricks to get started with Burp.|Java|Port Swigger|
    19 21  |[OWASP Zap Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)|A Proxy to intercept and manipulate Web Traffic (free).|Java|OWASP|
    20 22  |[Wireshark](https://www.wireshark.org)|Wireshark is a network protocol analyzer that lets you capture and read network packets.|C, C++|The Wireshark team|
     23 + 
     24 +### Burp Extension
     25 +| Name | Description | Written in |
     26 +|------ |------------- |------------ |
     27 +|[Logger++](https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81)|"This extension can be used to log the requests and responses made by all Burp tools, and display them in a sortable table. It can also save the logged data in CSV format."|Java|
     28 +|[Flow](https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d)|"This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools."|Java|
     29 +|[AuthMatrix](https://portswigger.net/bappstore/30d8ee9f40c041b0bfec67441aad158e)|"AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are displayed through the UI in a similar format to that of an access control matrix commonly built in various threat modeling methodologies."|Python (Needs Jython version 2.7.0 or later)|
     30 +|[Autorize](https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f)|"Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities..."|Python (Needs Jython)|
     31 +|[Auto Repeater](https://portswigger.net/bappstore/f89f2837c22c4ab4b772f31522647ed8)|"This extension automatically repeats requests, with replacement rules and response diffing. It provides a general-purpose solution for streamlining authorization testing within web applications."|Java|
     32 +|[Progress Tracker](https://portswigger.net/bappstore/17544cadcec64dcf8ed68df8518592e4)|"Burp Suite extension to track vulnerability assessment progress"|Python|
    21 33   
    22 34  ### Recon, OSINT & Discovery
    23 35  | Name | Description | Written in | Created by |
    skipped 52 lines
    76 88  |[dex2jar](https://github.com/pxb1988/dex2jar)|Useful to convert dex files into jar to decompile the application.|Java, Smali|Bob Pan|
    77 89  |[andriller](https://github.com/den4uk/andriller)|Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. [andriller.com](https://www.andriller.com/)|Python|[Denis Sazonov](https://github.com/den4uk)|
    78 90  |[Mobile Security Framework (MobSF)](https://github.com/MobSF/Mobile-Security-Framework-MobSF/)|Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.|Python|MobSF Team|
     91 +|[objection](https://github.com/sensepost/objection)|"objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak."|Python & TypeScript|[sensepost](https://github.com/sensepost)|
     92 + 
     93 +### Notes & Organization
     94 +| Name | Description | Written in | Created by |
     95 +|------ |------------- | ------------ |------------- |
     96 +|[Reconness](https://github.com/reconness/reconness)|"ReconNess helps you to run and keep all your #recon in the same place allowing you to focus only on the potentially vulnerable targets without distraction and without required a lot of bash skill or programing skill in general."|C#|[Reconness](https://github.com/reconness)|
     97 +|[Updog](https://github.com/sc0tfree/updog)|"Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use HTTP basic auth."|Python|[sc0tfree](https://github.com/sc0tfree)|
     98 + 
    79 99   
    80 100  ### Others
    81 101  | Name | Description | Written in | Created by |
    82 102  |------ |------------- | ------------ |------------- |
    83 103  |[SecLists](https://github.com/danielmiessler/SecLists)|A huge collection of word lists for hacking.||Daniel Miessler|
    84 104  |[Recon Pi](https://github.com/x1mdev/ReconPi)|A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.||[@x1m_martijn](https://twitter.com/x1m_martijn)|
     105 +|[CyberChef](https://gchq.github.io/CyberChef/)|Awesome Tool for de-/encoding stuff. Try it out!|JavaScript|[gchq](https://github.com/gchq)|
    85 106   
    86 107  ---
    87 108  back to [Intro Page](/README.md)
Please wait...
Page is in error, reload to recover