ZephrFish/BugBountyTemplates ZephrFish/BugBountyTemplates

  • Stars
    star
    312
  • Rank 134,171 (Top 3 %)
  • Language
  • License
    Apache License 2.0
  • Created almost 8 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ZephrFish/BugBountyTemplates
github

ZephrFish

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A collection of templates for bug bounty reporting

Bug Bounty Templates

A collection of templates for bug bounty reporting, with guides on how to write and fill out. Not the core standard on how to report but certainly a flow I follow personally which has been successful for me. Your milage may vary.

Feel free to clone down, modify, suggest changes, tweet me ideas @ZephrFish.

Templates Included

  • Blank Template
  • Headers only Template
  • Example Template
  • Short Template - Like a TL;DR Template

Writing Markdown

Sometimes manipulating markdown for some can be an alien task, luckily there are several tools out there for writing it and helping out, below is a list of some for online,windows, OSX & Linux.

VS Code now supports markdown by default via plugins, and so do many other text editors. VSCode is cross platform and a good option for writing.

Online

Windows

MacOS

Linux

Further reading

More Repositories

1

GoogD0rker

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!
Python
374
star
2

CVE-2020-1350_HoneyPoC

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.
PowerShell
280
star
3

DockerAttack

Various Tools and Docker Images
Shell
277
star
4

Wordlists

Various Payload wordlists
224
star
5

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax
202
star
6

static-tools

Static compiled binaries + scripts ready to use on systems
Lua
151
star
7

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish
Batchfile
99
star
8

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap
Python
92
star
9

AzureAttackKit

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information
PowerShell
72
star
10

XSSPayloads

Cross Site Scripting Payloads -- Variations
68
star
11

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388
Python
59
star
12

RandomScripts

Random Shell Scripts and other ideas I have along the way
PowerShell
51
star
13

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.
Shell
48
star
14

Stompy

Timestomp Tool to flatten MAC times with a specific timestamp
C#
45
star
15

GoogD0rk

Python
44
star
16

AttackDeploy

Scripts for Deploying new server
Shell
44
star
17

AutoHoneyPoC

AutoPoC Generator HoneyPoC
Python
33
star
18

CVE-2023-20198-Checker

CVE-2023-20198 & 0Day Implant Scanner
Python
31
star
19

DynamicMSBuilder

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
C#
30
star
20

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)
Python
27
star
21

ADFSDump-PS

PowerShell Implementation of ADFSDump to assist with GoldenSAML
PowerShell
27
star
22

bug-bounty-reference

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
24
star
23

ChunkyIngress

Solving problems I didn't think I'd have on a saturday with clipboard copy pasta limits with powershell
PowerShell
23
star
24

CVE-2020-16898

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).
20
star
25

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things
19
star
26

CVE-2021-41773-PoC

Python
18
star
27

SandboxSpy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.
Go
18
star
28

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine
PowerShell
17
star
29

PotUtils

Python
15
star
30

HelloJackHunter

Research into WinSxS binaries and finding hijackable paths
C#
13
star
31

LOLSearches

Living off the land searches for explorer and sharepoint
11
star
32

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.
Shell
11
star
33

MoveIT-WebShellCheck

Python
11
star
34

Autopeeper

Automated Screenshot Tool
Python
10
star
35

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett
Shell
9
star
36

xss-proxy

BeEF-inspired XSS proxy service
HTML
9
star
37

XSS

A collection of XSS Attack vectors
9
star
38

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082
Python
8
star
39

ZephrFish

8
star
40

PurpleTeamWorkshop-LabManual

Purple Team Workshop by @jorgeorchilles
8
star
41

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool
Shell
7
star
42

LogsSteelcon

6
star
43

OldGold

Sysadmin Tools
HTML
6
star
44

CSVInjectionPayloads

A list of various ways of injecting payloads for CSV Injection
6
star
45

PS-Scripts

Useful scripts for labs
PowerShell
5
star
46

LegacyResearch

Python
5
star
47

DoNotRunMe

4
star
48

Random-Yara-Rules

A collection of yara rules I've gathered over the years :-)
YARA
4
star
49

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3
Python
4
star
50

Exch-CVE-2021-26855_Priv

patched to work
Python
4
star
51

Mailgun-python

Python Wrapper for sending email with mailgun
Python
4
star
52

WebSocketsAreFun

FAFO with WebSockets
PowerShell
3
star
53

csc_cypher

Cyber Security Challenge Cipher Challenge
3
star
54

zephrfish.github.io

zsec backup blog
3
star
55

CVE-2024-4577-PHP-RCE

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template
Go
3
star
56

ghostDebian

GhostDeployment Script for Debian
Shell
2
star
57

blacksheepwall

blacksheepwall is a hostname reconnaissance tool
Go
2
star
58

redsocial

Shell
2
star
59

SSH_Notify

Different Scripts for SSH hardening blog
Python
2
star
60

Writeups

Various write-ups from CTFs, fixes for things and others
2
star
61

CTF-Solutions

2
star
62

cloudathost-debian

Provision Script for Debian on CAC
Shell
2
star
63

Bootspeed

Check the boot speed of a windows machine
Visual Basic
2
star
64

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP
Python
2
star
65

CVE-2024-3400-Canary

Have we not learnt from HoneyPoC?
Python
2
star
66

Sub2CDN

Python
2
star
67

LearnTheRopes

An outline as to how to get the basics nailed down before approaching information security as a career
2
star
68

VPNConnectScript

VPN Connection Menu Script, Created in Bash
Shell
2
star
69

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.
Shell
2
star
70

subroot

Another subdomain bruteforcer
2
star
71

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)
2
star
72

HoffPwn

Hoff in Style
1
star
73

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay
Python
1
star
74

UnlmtdCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices
Python
1
star
75

LearningThings

1
star
76

xfer

ingress tooling
1
star
77

configFiles

zsh stuffs
Shell
1
star
78

SH

PowerShell
1
star
79

zephrsnaps.github.io

1
star