• Stars
    star
    312
  • Rank 134,133 (Top 3 %)
  • Language
  • License
    Apache License 2.0
  • Created about 8 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A collection of templates for bug bounty reporting

Bug Bounty Templates

A collection of templates for bug bounty reporting, with guides on how to write and fill out. Not the core standard on how to report but certainly a flow I follow personally which has been successful for me. Your milage may vary.

Feel free to clone down, modify, suggest changes, tweet me ideas @ZephrFish.

Templates Included

  • Blank Template
  • Headers only Template
  • Example Template
  • Short Template - Like a TL;DR Template

Writing Markdown

Sometimes manipulating markdown for some can be an alien task, luckily there are several tools out there for writing it and helping out, below is a list of some for online,windows, OSX & Linux.

VS Code now supports markdown by default via plugins, and so do many other text editors. VSCode is cross platform and a good option for writing.

Online

Windows

MacOS

Linux

Further reading

More Repositories

1

GoogD0rker

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!
Python
374
star
2

CVE-2020-1350_HoneyPoC

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.
PowerShell
280
star
3

DockerAttack

Various Tools and Docker Images
Shell
277
star
4

Wordlists

Various Payload wordlists
224
star
5

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax
202
star
6

static-tools

Static compiled binaries + scripts ready to use on systems
Lua
151
star
7

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish
Batchfile
99
star
8

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap
Python
92
star
9

AzureAttackKit

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information
PowerShell
72
star
10

XSSPayloads

Cross Site Scripting Payloads -- Variations
68
star
11

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388
Python
59
star
12

RandomScripts

Random Shell Scripts and other ideas I have along the way
PowerShell
51
star
13

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.
Shell
48
star
14

Stompy

Timestomp Tool to flatten MAC times with a specific timestamp
C#
45
star
15

GoogD0rk

Python
44
star
16

AttackDeploy

Scripts for Deploying new server
Shell
44
star
17

AutoHoneyPoC

AutoPoC Generator HoneyPoC
Python
33
star
18

CVE-2023-20198-Checker

CVE-2023-20198 & 0Day Implant Scanner
Python
31
star
19

DynamicMSBuilder

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
C#
30
star
20

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)
Python
27
star
21

ADFSDump-PS

PowerShell Implementation of ADFSDump to assist with GoldenSAML
PowerShell
27
star
22

ChunkyIngress

Solving problems I didn't think I'd have on a saturday with clipboard copy pasta limits with powershell
PowerShell
23
star
23

CVE-2020-16898

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).
20
star
24

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things
19
star
25

CVE-2021-41773-PoC

Python
18
star
26

SandboxSpy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.
Go
18
star
27

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine
PowerShell
17
star
28

PotUtils

Python
15
star
29

HelloJackHunter

Research into WinSxS binaries and finding hijackable paths
C#
13
star
30

LOLSearches

Living off the land searches for explorer and sharepoint
11
star
31

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.
Shell
11
star
32

MoveIT-WebShellCheck

Python
11
star
33

Autopeeper

Automated Screenshot Tool
Python
10
star
34

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett
Shell
9
star
35

xss-proxy

BeEF-inspired XSS proxy service
HTML
9
star
36

XSS

A collection of XSS Attack vectors
9
star
37

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082
Python
8
star
38

ZephrFish

8
star
39

PurpleTeamWorkshop-LabManual

Purple Team Workshop by @jorgeorchilles
8
star
40

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool
Shell
7
star
41

LogsSteelcon

6
star
42

OldGold

Sysadmin Tools
HTML
6
star
43

CSVInjectionPayloads

A list of various ways of injecting payloads for CSV Injection
6
star
44

PS-Scripts

Useful scripts for labs
PowerShell
5
star
45

LegacyResearch

Python
5
star
46

DoNotRunMe

4
star
47

Random-Yara-Rules

A collection of yara rules I've gathered over the years :-)
YARA
4
star
48

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3
Python
4
star
49

Exch-CVE-2021-26855_Priv

patched to work
Python
4
star
50

Mailgun-python

Python Wrapper for sending email with mailgun
Python
4
star
51

WebSocketsAreFun

FAFO with WebSockets
PowerShell
3
star
52

csc_cypher

Cyber Security Challenge Cipher Challenge
3
star
53

zephrfish.github.io

zsec backup blog
3
star
54

CVE-2024-4577-PHP-RCE

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template
Go
3
star
55

ghostDebian

GhostDeployment Script for Debian
Shell
2
star
56

redsocial

Shell
2
star
57

SSH_Notify

Different Scripts for SSH hardening blog
Python
2
star
58

Writeups

Various write-ups from CTFs, fixes for things and others
2
star
59

CTF-Solutions

2
star
60

cloudathost-debian

Provision Script for Debian on CAC
Shell
2
star
61

Bootspeed

Check the boot speed of a windows machine
Visual Basic
2
star
62

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP
Python
2
star
63

CVE-2024-3400-Canary

Have we not learnt from HoneyPoC?
Python
2
star
64

Sub2CDN

Python
2
star
65

LearnTheRopes

An outline as to how to get the basics nailed down before approaching information security as a career
2
star
66

VPNConnectScript

VPN Connection Menu Script, Created in Bash
Shell
2
star
67

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.
Shell
2
star
68

subroot

Another subdomain bruteforcer
2
star
69

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)
2
star
70

HoffPwn

Hoff in Style
1
star
71

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay
Python
1
star
72

UnlmtdCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices
Python
1
star
73

LearningThings

1
star
74

xfer

ingress tooling
1
star
75

configFiles

zsh stuffs
Shell
1
star
76

SH

PowerShell
1
star
77

zephrsnaps.github.io

1
star