EdOverflow/bugbounty-cheatsheet EdOverflow/bugbounty-cheatsheet

  • Stars
    star
    5,775
  • Rank 6,973 (Top 0.2 %)
  • Language
  • License
    Creative Commons ...
  • Created about 7 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
EdOverflow/bugbounty-cheatsheet
github

EdOverflow

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A list of interesting payloads, tips and tricks for bug bounty hunters.

Bug Bounty Cheat Sheet

📚 Reference 🔎 Vulnerabilities
Bug Bounty Platforms XSS
Books SQLi
Special Tools SSRF
Recon CRLF Injection
Practice Platforms CSV Injection
Bug Bounty Tips LFI
XXE
RCE
Open Redirect
Crypto
Template Injection
Content Injection
XSLT Injection

Contributing

We welcome contributions from the public.

Using the issue tracker 💡

The issue tracker is the preferred channel for bug reports and features requests. GitHub issues

Issues and labels 🏷

Our bug tracker utilizes several labels to help organize and identify issues.

Guidelines for bug reports 🐛

Use the GitHub issue search — check if the issue has already been reported.

Style Guide

We like to keep our Markdown files as uniform as possible. So if you submit a PR, make sure to follow this style guide (we will not be angry if you do not).

  • Cheat sheet titles should start with ##.
  • Subheadings should be made bold. (**Subheading**)
  • Add newlines after subheadings and code blocks.
  • Code blocks should use three backticks. (```)
  • Make sure to use syntax highlighting whenever possible.

Contributors

More Repositories

1

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Python
4,757
star
2

bugbountyguide

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
HTML
453
star
3

megplus

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Shell
298
star
4

contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.
Shell
252
star
5

bugbountywiki

The Bug Bounty Wiki
167
star
6

proof-of-concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
HTML
162
star
7

bug-bounty-responses

A collection of response templates for invalid bug bounty reports.
80
star
8

hacks

Some random scripts. Just trying to be like the cool kids.
Shell
79
star
9

legal-bug-bounty

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
64
star
10

smith

Simple wrapper for meg that sieves through meg's output for you.
Shell
60
star
11

security-template

A static website template for security pages.
HTML
49
star
12

curate

A tool for fetching archived URLs (to be rewritten in Go).
Shell
39
star
13

h1-cli

A CLI tool to interact with hackerone.com. This was my submission for HackerOne's Summer 2018 Hack Day.
Shell
33
star
14

security-policy-specification-standard

This document proposes a way of standardising the structure, language, and grammar used in security policies.
25
star
15

hunter

Guidelines for writing secure code for Python developers.
18
star
16

cryptojourney-content

Learn the basics of cryptography throughout history.
18
star
17

bounty-formula

A formula to calculate bounty amounts.
HTML
12
star
18

propaganda

Generate a personal Jekyll website using your Bibtex references.
CSS
10
star
19

hackerone-security-policy

This is the security policy for https://hackerone.com/ed.
5
star
20

bounty-pls

A Chrome extension that spices up those #togetherwehitharder tweets.
JavaScript
5
star
21

edoverflow

2
star
22

slides

Slides from my past talks.
2
star
23

.gitignore

🤔
1
star