JakobTheDev/bug-bounty

Stars
143
Rank 257,007 (Top 6 %)
Language
JavaScript
Created over 4 years ago
Updated over 1 year ago

JakobTheDev/bug-bounty

JakobTheDev

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

My personal bug bounty toolkit.

Environment

My basic testing environment includes:

Docker container (see Dockerfile)
Standard config (see my config repo)
BurpSuite
Firefox
Terminal

Methodology

Bug Classes

SQLi
XSS

Polyglots

XSS

Notes

Recon Workflow

Below is a summary of my reconnaissance workflow. More details about the workflow and example commands can be found on the recon page.

Tips

Create a separate Chrome profile / Google account for Bug Bounty. Create dedicated BB accounts for YouTube etc. so you can get only relevant recommended content.
However you do it, set up an environment that has all the tools you use, all the time.
Use aliases and bash scripts to simplify commands you use all the time.

Resources

Guides

Self-Hosted Burp Collaborator - ROT

Lists

Awesome Bug Bounty

Methodology

How to Shot Web: Web and mobile hacking in 2015 - Jason Haddix
The Art of Subdomain Enumeration - Appsecco

Tooling

Bug Bounty Toolkit

information-security

A place where I can create, collect and share tooling, resources and knowledge about information security.

vs-code-remote-dev-demo

Demonstrating remote development in a Kali Linux Docker container.

vulnerable

The anti-styleguide for building a secure web application.

handle-free-yet

Twitter is releasing inactive handles 😎 Want to get notified when your twitter handle is free?

ng-password

An angular library that provides a collections of tools to test for password strength.

developers-cheatsheet

A collection of one-liners, tooling and notes for software developers.

vulnerable-api

The anti-styleguide for building a secure web API.

project-redbull

A companion for penetration testers and bug bounty hunters.