export of TreeSheets file D:\MEGA\ZLnote\Task.cts

Hacking

#Template

Meta

Target

VRP

https://www.google.com/about/appsecurity/chrome-rewards/

https://www.google.com/about/appsecurity/reward-program/

corp.google.com

Gaia ID

Yubico

Google Authenticator

Chrome Code

https://urlscan.io/domain/corp.google.com

https://www.abuseipdb.com/whois/66.249.83.87

Testing

IDOR

Target

	https://productexperts.withgoogle.com/directory
	https://developers.google.com/search/docs/basics/get-on-google?visit_id=637435158497094446-1847227754&rd=1
Feedback	https://developers.google.com/search/case-studies/rakuten-case-study
	https://h5validator.appspot.com/dcm/asset
	https://search.google.com/test/mobile-friendly?id=cX8BNdS7LGf9Vh2ziFmKCg

Writeup

Testing

IDOR

Domain1

	C	R	U	D	E	Date	Additional notes
Function1
Function2

Description

Method

C	Create
R	Remove
U	Update
D	Delete
E	Extent

Checklist

N	No Authentication
L	Low Authentication
S	Share
H	High Authentication
R	Reverse

Example

Domain1

	C	R	U	D	E	Date	Additional notes
Function1	N	NL	N	NLR	NL	2020-1-21
Function2	N	N	N	NLH	NS	2020-1-21

Tab

https://www.one-tab.com/page/v87L7Lt3SSyo_r9G7WSo5w

https://www.youtube.com/playlist?list=PL_BVafvwrIDj8V2dr7nZJvfsR3h8w_jbO

https://research.securitum.com/tag/bug-bounty/

https://github.com/swisskyrepo/PayloadsAllTheThings

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

https://github.com/weaknetlabs/Penetration-Testing-Grimoire

https://portswigger.net/kb/issues

https://github.com/jhaddix/tbhm

https://github.com/sbilly/awesome-security

https://github.com/enaqx/awesome-pentest

https://github.com/qazbnm456/awesome-web-security

https://kalitut.com/penetration-testing-resources/

Beginner

General

Secret Support

Hackerone	Bugcrowd
https://twitter.com/NahamSec	https://twitter.com/hakluke
	https://twitter.com/vortexau
	https://twitter.com/codingo_

https://medium.com/@98kartik.sharma/beginners-approach-to-bug-bounties-90ad9f1eccd7

https://medium.com/cybersec-101

https://medium.com/@iamj0ker/find-your-first-bug-1-subdomain-takeover-8c7e6192220f?sk=a768500880e814f7bf67d129fee1d117

https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/

https://www.google.com/about/appsecurity/play-rewards/

https://medium.com/@iamtess5277/bugcrowd-levelup0x07-ctf-2cf9d3138e7a

https://blog.securitypwned.org/?p=60

Writeup

https://pentester.land/list-of-bug-bounty-writeups.html

https://buer.haus/2020/09/11/coin-coin-artist-20k-puzzle-write-up/

facebook vulnerability writeup -site:facebook.com

https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups

https://github.com/gitshbhts/facebook_bug_bounty_writeup/blob/master/facebook.txt

https://blog.detectify.com/2012/12/30/how-i-hacked-facebook-and-received-a-3500-usd-facebook-bug-bounty/

https://medium.com/bugbountywriteup/bug-bounty-broken-api-authorization-d30c940ccb42

https://www.thezdi.com/blog/2020/7/22/chaining-5-bugs-for-code-execution-on-the-rockwell-factorytalk-hmi-at-pwn2own-miami

https://alaa0x2.medium.com/how-i-hacked-facebook-part-one-282bbb125a5d

Emoji

https://ctftime.org/writeup/23847

Bucket

https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/

Android

https://oscp.medium.com/complete-android-pentesting-guide-203ed34035e3

Apple

https://samcurry.net/hacking-apple/

Video

https://gosecure.github.io/template-injection-workshop/#0

https://gosecure.github.io/xxe-workshop/#0

Checklist

General

https://wiki.owasp.org/index.php/Testing_Checklist

https://gist.githubusercontent.com/jhaddix/6b777fb004768b388fefadf9175982ab/raw/c9bb46af0ed31bdabac3dda1dd0fafddfd8f329e/WAHH_Task_Checklist.md

Explore

Setup

burp-send-to

https://www.betterhacker.com/2021/01/the-burp-extension-no-one-told-you-about.html

Experiment

https://www.kitploit.com/2021/01/zmap-fast-single-packet-network-scanner.html

Passport

https://www.cjoint.com/c/GCDxEdsK3wR

https://www.1717zy.com/7476.html

https://www.cnblogs.com/raybiolee/archive/2004/01/13/5869541.html

https://blog.csdn.net/weixin_34293911/article/details/94196089

https://any.run/report/536ee8c21b252a5508f1d1f4ab6d9cccaf37cfccd11a9c2772ed02f9f1127b93/c2993cc2-8e0b-47d4-b594-4ab4e8b56908

http://118.89.28.86:808/C%3A/D/TheWorldPortable/Data/Default/IndexedDB/https_passport.weibo.com_0.indexeddb.leveldb

https://www.hackerone.com/blog/category/hacker-resources	#BugBountyTip
https://owasp.org/www-project-web-security-testing-guide/latest/
https://github.com/topics/infosec
https://github.com/topics/bugbounty
https://github.com/topics/pentesting
https://github.com/infosecn1nja/Red-Teaming-Toolkit
https://github.com/commixproject/commix
https://securitytrails.com/blog/tag=tips
https://medium.com/@markmotig/security-tool-list-update-dec-2020-99a27aec3dfd
https://hackforums.net/forumdisplay.php?fid=231
https://www.sans.org/cyber-security-courses/?focus-area=penetration-testing-ethical-hacking&training-format=
https://tools.kali.org/kali-metapackages
https://twitter.com/theXSSrat/status/1336361725084504065

Misc

VPS Cheatsheet

https://archive.ph/QBfir

Bounty

http://archive.today/*.google.com

https://cassandra.cerias.purdue.edu/CVE_changes/

https://subdomainfinder.c99.nl/

https://nitter.net/CVEnew

https://securitytrails.com/list/apex_domain/google.com

https://crt.sh/?q=%25.shopify.com

https://hackerone.com/xiaomi

https://bugcrowd.com/binance

https://hackerone.com/oppo

https://bugcrowd.com/accellion-public

https://hackerone.com/grab

https://bugcrowd.com/upwork

https://hackerone.com/tiktok

https://bugcrowd.com/twilio

https://hackerone.com/github

https://hackerone.com/logitech

https://hackerone.com/shopify-scripts

iFrame Open redirect

Google

newsstand	Mobile
publisher	IDOR
feedburner	SSRF
Book	iFrame Openredirect
collaborator	Newspaper Archive
	Drive: conversion bypass with Share

Exploit

API

Open AWS Bucket

XSS Hunter

Electron XSS

Twitter

IDOR

False Delete

Testing

Social Media

Facebook

Twitter

Instagram

Storage

Google Drive

Dropbox

Box

Mega

Yandex

Confirmed

Discord

https://www.bugcrowd.com/bug-bounty-list/

https://www.intigriti.com/programs/depersgroep/devolkskrant/detail

Google

VRP

https://www.google.com/about/appsecurity/chrome-rewards/

https://www.google.com/about/appsecurity/reward-program/

corp.google.com

Gaia ID

Yubico

Google Authenticator

Chrome Code

https://urlscan.io/domain/corp.google.com

https://www.abuseipdb.com/whois/66.249.83.87

Testing

IDOR

Youtube

	C	R	U	D	E	Date	Additional notes
Video
Playlist

Google

	C	R	U	D	E	Date	Additional notes
Video
Playlist

Repository

Google

https://github.com/google

GoogleArchive

https://github.com/googlearchive

Jigsaw

https://github.com/conversationai/conversationai-moderator

Target

https://productexperts.withgoogle.com/directory

https://developers.google.com/search/docs/basics/get-on-google?visit_id=637435158497094446-1847227754&rd=1

Feedback

https://developers.google.com/search/case-studies/rakuten-case-study

https://h5validator.appspot.com/dcm/asset

https://search.google.com/test/mobile-friendly?id=cX8BNdS7LGf9Vh2ziFmKCg

Ads

Jigsaw

https://jigsaw.google.com

https://jigsaw.google.com/the-current/disinformation/dataviz/

https://projectassembler.org

https://www.perspectiveapi.com/#/home

https://getoutline.org/en/home

https://getintra.org/#!/

https://projectshield.withgoogle.com/landing

https://protectyourelection.withgoogle.com/intl/en/

https://redirectmethod.org/

https://maven.google.com/web/index.html

Writeup

Watch

https://bugs.xdavidhu.me/

https://github.com/xdavidhu/awesome-google-vrp-writeups

Ads

https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/

Playlist

https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/

Feedback

https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/

Twitter

Target

Crawler

https://twitter.com/9klipse/status/1281060078007709696?lang=bn

Facebook

Target

mbasic

https://legal.tapprd.thefacebook.com

https://legal.tapprd.thefacebook.com/tapprd/Portal/ShowWorkFlow/AnonymousShowStage?token=

https://legal.tapprd.thefacebook.com/tapprd/Portal/ShowWorkFlow/AnonymousEmbed/XXXXXXXXXXXXX

Writeup

	https://ysamm.com
	https://ysamm.com/?p=510
	https://ysamm.com/?p=525
Email	https://ysamm.com/?p=308
Token	https://ysamm.com/?p=35

Discord

...

https://www.google.com/about/appsecurity/chrome-rewards/

https://www.google.com/about/appsecurity/reward-program/

Testing

Target

Locked channel	For a brief moment after you just logged in
	https://cdn.discordapp.com/attachments/680938986965041246/795914829676019743/a0ac7b55c50cc042d98b8739d89f19d003816f38c79404f87d27efb007a32d32_1.jpg.jpg
	https://d.facdn.net/art/angel27/1612046661/1612046661.angel27_photo_jan_09,_9_18_14_pm.png

Writeup

Github

...

Testing

Repository

Target

https://github.com/conversationai

Writeup

Watch

Hackerone	https://hackerone.com/hacktivity
#BugbountyTips	https://twitter.com/hashtag/bugbountytips

Tab

	https://www.bugbountyhunting.com
#	https://www.one-tab.com/page/v87L7Lt3SSyo_r9G7WSo5w
	https://bu.gbounty.cc/
	https://book.hacktricks.xyz/pentesting-methodology
	https://github.com/jhaddix/tbhm
	https://github.com/jhaddix/tbhm/blob/master/11_Auxiliary_Info.md
	https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Methodology%20and%20Resources
	https://bugbountyforum.com/
	https://www.facebook.com/groups/bugbountyforum/
	https://github.com/projectdiscovery/public-bugbounty-programs

Recent

Weblogic RCE	https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
	https://security.lauritz-holtmann.de/advisories/tiktok-account-takeover/
	https://securityaffairs.co/wordpress/112218/hacking/easy-wp-smtp-wordpress-plugin-flaw.html
XSS automation	https://medium.com/bugbountywriteup/automating-xss-identification-with-dalfox-paramspider-e14283bb7916
Bronze bit attack	https://github.com/swisskyrepo/PayloadsAllTheThings/commit/67752de6e9d927c2678b1c64357bc4450ed50ecf
Client-Side Prototype Pollution	https://github.com/BlackFan/client-side-prototype-pollution

Experiment

https://github.com/OJ/gobuster

https://github.com/danielmiessler/SecLists/tree/master/Pattern-Matching

Misc

Deblur

https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d

Raw

https://github.com/random-robbie/bugbounty-scans

https://github.com/random-robbie

Tool

https://github.com/projectdiscovery/nuclei

https://github.com/nahamsec/bbht

https://github.com/nahamsec/lazyrecon

https://github.com/projectdiscovery/shuffledns

https://github.com/projectdiscovery/chaos-client

https://github.com/projectdiscovery/naabu