#Template
Meta
Target
VRP
https://www.google.com/about/appsecurity/chrome-rewards/
|
https://www.google.com/about/appsecurity/reward-program/
|
|
corp.google.com
Gaia ID
|
Yubico
|
Google Authenticator
|
Chrome Code
|
|
https://urlscan.io/domain/corp.google.com
|
https://www.abuseipdb.com/whois/66.249.83.87
|
|
|
Testing
|
Target
|
https://productexperts.withgoogle.com/directory
|
|
https://developers.google.com/search/docs/basics/get-on-google?visit_id=637435158497094446-1847227754&rd=1
|
Feedback
|
https://developers.google.com/search/case-studies/rakuten-case-study
|
|
https://h5validator.appspot.com/dcm/asset
|
|
https://search.google.com/test/mobile-friendly?id=cX8BNdS7LGf9Vh2ziFmKCg
|
|
Writeup
|
|
|
Testing
IDOR
Domain1
|
C
|
R
|
U
|
D
|
E
|
Date
|
Additional notes
|
Function1
|
|
|
|
|
|
|
|
Function2
|
|
|
|
|
|
|
|
|
Description
Method
C
|
Create
|
R
|
Remove
|
U
|
Update
|
D
|
Delete
|
E
|
Extent
|
|
Checklist
N
|
No Authentication
|
L
|
Low Authentication
|
S
|
Share
|
H
|
High Authentication
|
R
|
Reverse
|
|
|
Example
Domain1
|
C
|
R
|
U
|
D
|
E
|
Date
|
Additional notes
|
Function1
|
N
|
NL
|
N
|
NLR
|
NL
|
2020-1-21
|
|
Function2
|
N
|
N
|
N
|
NLH
|
NS
|
2020-1-21
|
|
|
|
|
|
|
|
Tab
https://www.one-tab.com/page/v87L7Lt3SSyo_r9G7WSo5w
|
https://www.youtube.com/playlist?list=PL_BVafvwrIDj8V2dr7nZJvfsR3h8w_jbO
|
https://research.securitum.com/tag/bug-bounty/
|
https://github.com/swisskyrepo/PayloadsAllTheThings
|
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
|
https://github.com/weaknetlabs/Penetration-Testing-Grimoire
|
https://portswigger.net/kb/issues
|
https://github.com/jhaddix/tbhm
|
https://github.com/sbilly/awesome-security
|
https://github.com/enaqx/awesome-pentest
|
https://github.com/qazbnm456/awesome-web-security
|
https://kalitut.com/penetration-testing-resources/
|
|
Beginner
General
Secret Support
Hackerone
|
Bugcrowd
|
https://twitter.com/NahamSec
|
https://twitter.com/hakluke
|
|
https://twitter.com/vortexau
|
|
https://twitter.com/codingo_
|
|
https://medium.com/@98kartik.sharma/beginners-approach-to-bug-bounties-90ad9f1eccd7
|
https://medium.com/cybersec-101
|
https://medium.com/@iamj0ker/find-your-first-bug-1-subdomain-takeover-8c7e6192220f?sk=a768500880e814f7bf67d129fee1d117
|
https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/
|
https://www.google.com/about/appsecurity/play-rewards/
|
https://medium.com/@iamtess5277/bugcrowd-levelup0x07-ctf-2cf9d3138e7a
|
https://blog.securitypwned.org/?p=60
|
|
|
Writeup
|
https://pentester.land/list-of-bug-bounty-writeups.html
|
|
https://buer.haus/2020/09/11/coin-coin-artist-20k-puzzle-write-up/
|
|
facebook vulnerability writeup -site:facebook.com
https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
|
https://github.com/gitshbhts/facebook_bug_bounty_writeup/blob/master/facebook.txt
|
https://blog.detectify.com/2012/12/30/how-i-hacked-facebook-and-received-a-3500-usd-facebook-bug-bounty/
|
|
|
https://medium.com/bugbountywriteup/bug-bounty-broken-api-authorization-d30c940ccb42
|
|
https://www.thezdi.com/blog/2020/7/22/chaining-5-bugs-for-code-execution-on-the-rockwell-factorytalk-hmi-at-pwn2own-miami
|
|
https://alaa0x2.medium.com/how-i-hacked-facebook-part-one-282bbb125a5d
|
Emoji
|
https://ctftime.org/writeup/23847
|
Bucket
|
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/
|
Android
|
https://oscp.medium.com/complete-android-pentesting-guide-203ed34035e3
|
Apple
|
https://samcurry.net/hacking-apple/
|
|
Video
https://gosecure.github.io/template-injection-workshop/#0
|
https://gosecure.github.io/xxe-workshop/#0
|
|
Checklist
General
https://wiki.owasp.org/index.php/Testing_Checklist
|
https://gist.githubusercontent.com/jhaddix/6b777fb004768b388fefadf9175982ab/raw/c9bb46af0ed31bdabac3dda1dd0fafddfd8f329e/WAHH_Task_Checklist.md
|
|
|
Explore
Setup
burp-send-to
|
https://www.betterhacker.com/2021/01/the-burp-extension-no-one-told-you-about.html
|
|
Experiment
https://www.kitploit.com/2021/01/zmap-fast-single-packet-network-scanner.html
|
|
|
Passport
https://www.cjoint.com/c/GCDxEdsK3wR
|
https://www.1717zy.com/7476.html
|
https://www.cnblogs.com/raybiolee/archive/2004/01/13/5869541.html
|
https://blog.csdn.net/weixin_34293911/article/details/94196089
|
https://any.run/report/536ee8c21b252a5508f1d1f4ab6d9cccaf37cfccd11a9c2772ed02f9f1127b93/c2993cc2-8e0b-47d4-b594-4ab4e8b56908
|
http://118.89.28.86:808/C%3A/D/TheWorldPortable/Data/Default/IndexedDB/https_passport.weibo.com_0.indexeddb.leveldb
|
|
|
https://www.hackerone.com/blog/category/hacker-resources
|
#BugBountyTip
|
https://owasp.org/www-project-web-security-testing-guide/latest/
|
|
https://github.com/topics/infosec
|
|
https://github.com/topics/bugbounty
|
|
https://github.com/topics/pentesting
|
|
https://github.com/infosecn1nja/Red-Teaming-Toolkit
|
|
https://github.com/commixproject/commix
|
|
https://securitytrails.com/blog/tag=tips
|
|
https://medium.com/@markmotig/security-tool-list-update-dec-2020-99a27aec3dfd
|
|
https://hackforums.net/forumdisplay.php?fid=231
|
|
https://www.sans.org/cyber-security-courses/?focus-area=penetration-testing-ethical-hacking&training-format=
|
|
https://tools.kali.org/kali-metapackages
|
|
https://twitter.com/theXSSrat/status/1336361725084504065
|
|
|
|
Misc
VPS Cheatsheet
|
https://archive.ph/QBfir
|
|