Skip to content

mdd1704/AllAboutBugBounty

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
Bypass
Bypass
 
 
CMS
CMS
 
 
Framework
Framework
 
 
Misc
Misc
 
 
Account Takeover.md
Account Takeover.md
 
 
Cross Site Scripting.md
Cross Site Scripting.md
 
 
Denial Of Service.md
Denial Of Service.md
 
 
Exposed Source Code.md
Exposed Source Code.md
 
 
Host Header Injection.md
Host Header Injection.md
 
 
Insecure Direct Object References.md
Insecure Direct Object References.md
 
 
Password Reset Flaws.md
Password Reset Flaws.md
 
 
README.md
README.md
 
 

Repository files navigation

All about bug bounty

List

List Bypass

List CMS

List Framework

Miscellaneous

Reconnaissance

  • Small Scope

Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.

  • Directory Enumeration
  • Technology Fingerprinting
  • Port Scanning
  • Parameter Fuzzing
  • Wayback History
  • Known Vulnerabilities
  • Hardcoded Information in JavaScript
  • Domain Specific GitHub & Google Dorking
  • Broken Link Hijacking
  • Data Breach Analysis
  • Misconfigured Cloud Storage

  • Medium Scope

Usually the scope is wild card scope where all the subdomains are part of scope

  • Subdomain Enumeration
  • Subdomain Takeover
  • Probing & Technology Fingerprinting
  • Port Scanning
  • Known Vulnerabilities
  • Template Based Scanning (Nuclei/Jeales)
  • Misconfigured Cloud Storage
  • Broken Link Hijacking
  • Directory Enumeration
  • Hardcoded Information in JavaScript
  • GitHub Reconnaissance
  • Google Dorking
  • Data Breach Analysis
  • Parameter Fuzzing
  • Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
  • IP Range Enumeration (If in Scope)
  • Wayback History
  • Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
  • Heartbleed Scanning
  • General Security Misconfiguration Scanning

  • Large Scope

Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.

  • Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
  • Subsidiary & Acquisition Enumeration (Depth – Max)​
  • Reverse Lookup
  • ASN & IP Space Enumeration and Service Identification​
  • Subdomain Enumeration
  • Subdomain Takeover
  • Probing & Technology Fingerprinting
  • Port Scanning
  • Known Vulnerabilities
  • Template Based Scanning (Nuclei/Jeales)
  • Misconfigured Cloud Storage
  • Broken Link Hijacking
  • Directory Enumeration
  • Hardcoded Information in JavaScript
  • GitHub Reconnaissance
  • Google Dorking
  • Data Breach Analysis
  • Parameter Fuzzing
  • Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
  • IP Range Enumeration (If in Scope)
  • Wayback History
  • Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
  • Heartbleed Scanning
  • General Security Misconfiguration Scanning
  • And any possible Recon Vector (Network/Web) can be applied.​

Source: Link

Coming Soon!

About

All about bug bounty (bypasses, payloads, and etc)

daffa.tech/

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published