IamLucif3r/Bug-Hunting IamLucif3r/Bug-Hunting

  • Stars
    star
    110
  • Rank 316,770 (Top 7 %)
  • Language
  • License
    GNU General Publi...
  • Created over 3 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
IamLucif3r/Bug-Hunting
github

IamLucif3r

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Bug Hunting

A Collection of Notes, Methodologies, POCs, Tools and everything else related to Bug Hunting. ✌️

👉 A Bug Bounty Program is a deal offered by several Oragnizations & Individuals by which recognition and compensation is provided to individuals for reporting Bugs.

You can Fork this Repo, I'm continuously adding the content!

Contents

👉 The repo is organized in following manner. You can read the notes:

  1. Reconnaissance - Phase 1
    1. CIDR Range
    2. Google Dorking
    3. Tools
  2. Reconnaissance - Phase 2
    1. Wordlists
    2. Subdomain Enumeration
      1. Certification Transparency Logs
      2. Search Engine
      3. Github
      4. Brute Force
      5. Subdomain Permutation
      6. Tools
    3. DNS Resolutions
    4. Screenshot
    5. Content Discovery
    6. Inspecting JS Files
    7. Google Dorks
    8. Conclusion
  3. Fingerprinting
    1. IP
    2. Web-Application
      1. Wapalyzer
      2. Firewall
    3. Conclusion
  4. Exploitation - Part 1
    1. Subdomain Takeover
    2. Github
    3. Misconfigured Cloud Storage Buckets
    4. Elastic Search DB
    5. Docker API
    6. Kuberneter API
    7. .git/.svn
    8. Google Firebase
  5. Exploitation - Part 2
    1. Exploiting CMS
    2. Exploiting OWASP
      1. XML Extended Entity (XXE)
      2. Cross Site Scripting (XXS)
      3. Server-Side Request Forgery (SSRF)
      4. Cross Side Request Forgery (CSRF)
      5. SQL Injection
      6. Command Injection
      7. Cross Site Web Socket Hijacking (CSWSH)
      8. File Upload
      9. Directory Traversal
      10. Open Redirect
      11. Insecure Direct Object Reference
  6. Methodology - Workflow
    1. Traditional Workflow
    2. Github Workflow
    3. Cloud Workflow
    4. Google Dork Workflow
    5. Leaked Credentials Workflow
    6. Exploit Workflow
  7. API-Pentesting
    1. APIs
    2. Authentication
  8. Caching Servers
    1. Web Cache Poisoning
    2. Web Cache Deception
  9. Miscellaneous
    1. On Site Request Forgery (OSRF)
    2. Prototype Pollution
    3. Client Side Template Injection
    4. XML External Entity
    5. Content Security Policy Bypass
    6. Relative Path Overwrite

Bug-Hunting Platforms

Following are some of the top Bug-Hunting Platforms. You can make your account and start hunting bugs for the programs available.

Note: This Repo is under development, Only Notes have been added till now. Separate Section for Tools, POCs and Tricks will be created soon

➡️ Contributions

You are Welcome to Contribute. You can contribute by:

  • Translating into other languages
  • Adding more Methodologies, Tools, and other Resources.
  • Just adding a star to our Github project :)

👉 If you have some new idea about this Repository, issue, feedback or found some valuable tool feel free to open an issue or just DM me via @IamLucif3r_

More Repositories

1

Chat-On

A Secured TCP Chat Room built with Python.
Python
25
star
2

VoteChain

A Decentralized e-Voting System based on Ethereum Blockchain.
JavaScript
13
star
3

Recon-Plus

A Unified Reconnaissance Tool for Pentesting
Python
9
star
4

Buffer-Overflow

These are the scripts & methodologies that can be used in Buffer Over Flow Fuzzing and Exploitation
Ruby
9
star
5

LuciTools

These are Cybersecurity tools built with Python
Python
6
star
6

Awesome-Hacking-Tools

This Repo contains all tools that are required in Ethical Hacking organized in specific categories.
Shell
5
star
7

IamLucif3r

This is my Readme
4
star
8

OP2-Offensive-Pentesting-with-Python

OP2 - is a collection of tools and techniques, to be used in Offensive Pentesting, built using Python
Python
4
star
9

Data-Structure-Algorithm

This repository is a collection of Concepts, Questions along with Solutions and Methodologies of Solving Problems.
Java
4
star
10

ToDoz

This is an Angular Based TODO list making Repo
TypeScript
4
star
11

Cryptography

Implementation of Cryptographic Algorithms, using Python
Python
3
star
12

Applied-Machine-Learning-with-Python-

Jupyter Notebook
3
star
13

Introduction-to-Data-Science-in-Python

Coursera Course: Introduction to Data Science in Python by University of Michigan
Jupyter Notebook
3
star
14

Travel-Forest-Webpage

CSS
3
star
15

YHBH-Template

This is a template of Web-Page saying "You Have Been Hacked"
HTML
3
star
16

Applied-Plotting-Charting-Data-Representation-in-Python

Jupyter Notebooks of the lectures
Jupyter Notebook
3
star
17

Web-Dev-Projects

This is a colllection of Projects (Web Pages) that are builty using HTML, CSS, JavaScript, PHP.
HTML
3
star
18

WebSite-Template

This is a Template of Web-Page that is built using HTML, CSS & Javascript.
HTML
3
star
19

iamlucif3r.github.io

Browse To know me :)
CSS
3
star
20

Insta-API

Insta API using Go and Mongodb
Go
2
star
21

subresolver

A Subdomain Resolver tool
Go
2
star
22

Bug-Hunting-Template

A Template Repository for Bug Hunters.
2
star
23

bug-huntinng-warzone

A Dockerfile loaded with bug hunting tools to facilitate hunters a bug hunting ready environment
Dockerfile
1
star
24

Jan-Sahyog

Jan-Sahyog : An Android Application for Crime Reporting & SOS Services, facilitating the niche of Driver's Community
Java
1
star
25

Punisher

This is a test repo
1
star
26

Login-Demo

Java
1
star
27

APVSAA

EPICS Project
Java
1
star