bugbouncing

TODO

INITIAL

• go to awesome-bugbounty
• go to awesome hacker search engines
• go to awesome one liners
• go to awesome tools

AWESOME-BUGBOUNTY

Getting started

• read bug bounties 101
  • Start reading
  • Practice what you're learning
  • Read tech write-ups and POCs from other hackers
  • Gather your arsenal of tools
  • Join the community
  • Start learning about bug bounties
  • Get hacking!
  • Always Be learning and networking
• read how to become bug hunter
• read bug bounty hunter methodology
• read 5 of the write ups
  • sakurity.com/blog
  • respectxss.blogspot.in
  • labs.detectify.com
  • cliffordtrigo.info
  • stephensclafani.com

Platforms

• YesWeHack
  • contact
  • start hacking
  • tools
• intigriti
  • sign in
• hackerone
  • hacker101
  • hacktivity
  • opportunities
  • leaderboard
• bugcrowd
  • sign up
• cobalt
• bountysource
  • sign up
• bountyfactor
• coder bounty
• CESPPA

Available Programs

• Apple
• Google VRP
• Mozilla
• Facebook
• WP API

AWESOME HACKER SEARCH ENGINES

General Search Engines

• Kagi
• Gibiru
• Naver
• Yandex
• Baidu

Servers

• Shodan
  • search
  • Beyond the web
  • Monitor network exposure
  • Internet intelligence
• Censys search
  • search hosts
  • search certificates
  • Getting started
  • beta features
• Onyphe.io
  • search
• Zoomeye
• GreyNoise
  • search
  • cheatsheet

Vulnerabilities

• NIST NVD
  • CVSS V3 calculator
  • CVSS V2 calculator
  • CPE Dictionary
  • search & statistics
  • weakness types
  • legacy data feeds
  • vendor comments
  • cvmap
• cloudvulndb
  • search
  • aws
  • gcp
  • azure
  • critical
  • high
• osv.dev
  • search vuln db
  • cli tools
• Vulmon
  • research posts
  • trends
  • recent vulns
  • search
• Microsoft Security Response Center
  • bounty programs
  • blogs

Exploits

• Exploit-DB
  • exploits
  • ghdb
  • papers
  • shellcodes
• Sploitus
  • search
• LOLBAS
  • search
• PwnWiki
• XSS Payloads
  • XSStrike
  • brutexss terminal
  • brutexss gui
  • xss scanner online
  • xsser
  • xsscrapy
  • cyclops

Attack Surface

• FullHunt.io
  • search
• detectify
• BinaryEdge
• BigDataCloud
  • get started for free
• IPinfo.io

Code

• Github Code search
• gitlab code search
• ScriptMafia
• SourceHut
• Sourceforge

Mail Addresses

• Hunter.io
• PhoneBook
• IntelligenceX
• RocketReach
• ThatsThem

Domains

• Omnisint
• Riddler
• whois.domaintools.com
• BuiltWith
• similarweb.com
• wannabe1337.xyz

URLs

• URLScan
• Moz link explorer
• CommonCrawl Index
• URLVoid
• Norton Safeweb

DNS

• DNSDumpster
• Chaos
• RapidDNS
• DNSdb
• Validin

Certificates

• Crt.sh
• CTSearch
• tls.bufferover.run
• censys search
• Facebook CT

WiFi Networks

• Wigle.net
• wifimap.io
• wificafespots.com
• wifispc.com
• openwifimap.net

Device Information

• MACVendorLookup.com
• macvendors.com
• macaddress.io
• maclookup.app
• macvendors.co

Credentials

• Have I Been Pwned
• Dehashed
• LeakCheck.io
• ceackstation.net
• HashKiller

Leaks

• Have I Been Zuckered
• WikiLeaks
• Leak-Lookup
• Snusbase
• breachdirectory.org

Hidden Services

• AHMIA
• thehiddenwiki.org
• tor.link
• deepweblinks.net
• onionengine.com

Social Networks

• lookup the list

Phone Numbers

• NumLookup
• SpyDialer
• WhitePages
• National Cellular Directory
• Free Carrier Lookup

Images

• reverseimagesearch.org
• reverseimage.net
• pixsy.com
• same.energy
• imageidentify.com
• exifdata.com

Threat Intellligence

• MITRE ATT&CK
• PulseDive
• ThreatCrowd
• ThreatMiner
• bazaar.abuse.ch

Web History

• Web Archive
• Archive.ph
• CachedPages
• stored.website
• CommonCrawl

Surveillance cameras

• insencam.org
• surveillance under surveillance
• world cams
• skylinewebcams
• WebKams

Unclassified

• DorkSearch
• usersearch.org
• Pastebin
• wappalyzer

AWESOME-TOOLS

Subdomain Enumeration

• Sublist3r
• Amass
• massdns
• findomain
• sudomy

Port Scanning

• rustscan
• naabu
• nmap
• sandmap
• scancannon

Screenshots

• EyeWitness
• aquatone
• screenshoteer
• gowitness
• witnessme

Technologies

• whatweb
• retire.js
• httpx
• fingerprintx

Content Discovery

• gobuster
• recursebuster
• feroxbuster
• dirsearch
• filebuster

Links

• Linkfinder
• JS-Scan
• LinksDumper
• GoLinkFinder
• BurpJSLinkFinder

Parameters

• parameth
• param-miner
• parampampam
• Arjun
• x8

Fuzzing

• wfuzz
• ffuf
• fuzzdb
• IntruderPayloads
• fuzz.txt

Command Injection

• commix

CORSF misconf

• Corsy
• CORStest
• cors-scanner
• CorsMe

CRLF INje

• CRLFSuite
• crlfuzz
• CRLF-Injection-Scanner
• Injectus

CSRF

• XSRFProbe

Dir traversal

• dotdotpwn
• FDsploit
• off-by-slash
• liffier

File Inclusion

• liffy
• Burp-LFI-tests
• LFI-Enum
• LFISuite
• LFI-files

GraphQL injection

• inql
• GraphQLmap
• shapeshifter
• graphql_beautifier
• clairvoyance

Header injection

• headi

Insecure Deserialization

• ysoserial
• GadgetProbe
• phpggc

Insecure Direct Object References

• Autorize

Open Redirect

• Oralyzer
• Injectus
• dom-red
• Openredirex

Race Condition

• razzer
• racepwn
• requests-racer
• turbo-intruder
• race-the-web

Request Smuggling

• http-request-smuggling
• smuggler
• h2csmuggler
• tiscripts

Server Side Request Forgery

• SSRFmap
• Gopherus
• ground-control
• SSRFire
• httprebind

Sqql Injs

• sqlmap
• nosqlmap
• sqliscanner
• sleuthql
• mssqlproxy

XSS inj

• XSStrike
• xssor2
• xsscrapy
• sleepy-puppy
• ezXSS

XXE Inj

• ground-control
• dtd-finder
• docem
• xxeserv
• xxexploiter

passwords

• thc-hydra
• defaultcreds-cheat-sheet
• changeme
• brutex
• patator

Secrets

• git-secrets
• gitleaks
• trufflehog
• gitgraber
• talisman

git

• gittools
• gitjacker
• git-dumper
• githunter
• dvcs-ripper

buckets

• S3Scanner
• AWSbucketdump
• CloudScraper
• s3viewer
• festin

cms

• wpscan
• WPSpider
• wprecon
• CMSmap
• joomscan

json web token

• jwt_tool
• c-jwt-cracker
• jwt-heartbreaker
• jwtear
• jwt-key-id

postmessage

• PostMessage-tracker
• Postmessage_fuzz_tool

subdomain takeover

• subjack
• subover
• autosubtakeover
• NSBrute
• can-i-take-over-xyz

vulnerability scanner

• nuclei
• Sn1per
• metasploit
• nikto
• arachni

uncategorized

• JSONBee
• CyuberChef
• bountyplz
• PayloadsAllTheThings
• bounty-targets-data

one liners to implement somewhere

• Local File Inclusion
• Open-redirect
• XSS
• Prototype Pollution
• CVE-2020-5902
• CVE-2020-3452
• CVE-2022-0378
• vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
• Find JavaScript Files
• Extract Endpoints from JavaScript
• Get CIDR & Org Information from Target Lists
• Get Subdomains from RapidDNS.io
• Get Subdomains from BufferOver.run
• Get Subdomains from Riddler.io
• Get Subdomains from VirusTotal
• Get Subdomain with cyberxplore
• Get Subdomains from CertSpotter
• Get Subdomains from Archive
• Get Subdomains from JLDC
• Get Subdomains from securitytrails
• Bruteforcing Subdomain using DNS Over
• Get Subdomains With sonar.omnisint.io
• Get Subdomains With synapsint.com
• Get Subdomains from crt.sh
• Sort & Tested Domains from Recon.dev
• Subdomain Bruteforcer with FFUF
• Find Allocated IP Ranges for ASN from IP Address
• Extract IPs from a File
• Ports Scan without CloudFlare
• Create Custom Wordlists
• Extracts Juicy Informations
• Find Subdomains TakeOver
• Dump Custom URLs from ParamSpider
• URLs Probing with cURL + Parallel
• Dump In-scope Assets from chaos-bugbounty-list
• Dump In-scope Assets from bounty-targets-data
• HackerOne Programs
• BugCrowd Programs
• Intigriti Programs
• YesWeHack Programs
• HackenProof Programs
• Federacy Programs
• Dump URLs from sitemap.xml
• Pure Bash Linkfinder
• Extract Endpoints from swagger.json
• CORS Misconfiguration
• Find Hidden Servers and/or Admin Panels
• Recon Using api.recon.dev
• Find Live Host/Domain/Assets
• XSS without gf
• Get Subdomains from IPs
• Gather Domains from Content-Security-Policy
• Nmap IP:PORT Parser Piped to HTTPX