EdOverflow/proof-of-concepts

This repository has been archived on 27/Mar/2021
Stars
162
Rank 232,284 (Top 5 %)
Language
HTML
License
MIT License
Created almost 7 years ago
Updated about 5 years ago

EdOverflow/proof-of-concepts

EdOverflow

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Proof of concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Image courtesy of Hackaday

Contents

.
├── CSRF
│   └── csrf_no_redirect.html
├── LICENSE
├── Open redirect
│   ├── open_redirect_referrer.html
│   └── open_redirect_sign_in_form.md
├── Other
│   ├── reverse_tabnabbing.html
│   └── subdomain_takeover.html
├── README.md
└── XSS
    ├── pastejacking_reflected_xss_payload.html
    ├── xss_hidden_input.html
    └── xss_password_manager_form.html

Setup

Clone this repository to a website you use for testing purposes, publish everything, and you will be able to use all of the proof of concepts under the /proof-of-concepts/ directory (e.g. http://example.com/proof-of-concepts/pastejacking_reflected_xss_payload.html).

$ git clone https://github.com/EdOverflow/proof-of-concepts.git

⚠ Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage any of the proof of concepts found in this repository for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by these proof of concepts.

Contributing

Do you have a fun, creative and convincing proof of concept? Please feel free to submit a pull request and we will add it to this repository.

Using the issue tracker 💡

The issue tracker is the preferred channel for bug reports and features requests.

Issues and labels 🏷

The bug tracker utilizes several labels to help organize and identify issues.

Guidelines for bug reports 🐛

Use the GitHub issue search — check if the issue has already been reported.

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

bugbountyguide

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

megplus

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

contact.sh

An OSINT tool to find contacts in order to report security vulnerabilities.

bugbountywiki

The Bug Bounty Wiki

bug-bounty-responses

A collection of response templates for invalid bug bounty reports.

hacks

Some random scripts. Just trying to be like the cool kids.

legal-bug-bounty

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

smith

Simple wrapper for meg that sieves through meg's output for you.

security-template

A static website template for security pages.

curate

A tool for fetching archived URLs (to be rewritten in Go).

h1-cli

A CLI tool to interact with hackerone.com. This was my submission for HackerOne's Summer 2018 Hack Day.

security-policy-specification-standard

This document proposes a way of standardising the structure, language, and grammar used in security policies.

hunter

Guidelines for writing secure code for Python developers.

cryptojourney-content

Learn the basics of cryptography throughout history.

bounty-formula

A formula to calculate bounty amounts.

propaganda

Generate a personal Jekyll website using your Bibtex references.

hackerone-security-policy

This is the security policy for https://hackerone.com/ed.

bounty-pls

A Chrome extension that spices up those #togetherwehitharder tweets.

edoverflow

slides

Slides from my past talks.

.gitignore