Resources For Bug hunters.md

My Methodology

My Checklist Or My Methodology in bug bounty.

Recon on Subdomains Gathering :-

Tool>

Amass - Good tool in all gathering subdomains or CIDR or Ranges IPs

Subfinder - Good tool

Assetfinder - Best tool I used

Different choice - I used Rekon bash_script tools

shibli2700/Rekon

Sublist3r - Not bad also

Scanning single domain:-

Tool>

Burp Suite - Best tool I used so fun

OWASP Zap - Second best tool

Waybackmachine - hakrawler or tool tomnomnom Waybackmachine

Directory brute force or fuzzing with my tool Fuzz-xElkomy and dirb and fuff go tool

Manual Checking:-

In manual Checking I searching in Google Dorks, Shodan, github

and I am using Tools like lazys3 for recon public s3 buckets

Manually explore the site

Identify user roles.

Check the SESSION Expire and check out of scope roles :( —- :)

Check count for name user in profile to test DOS attack

Check Headers with Burp -X-Forwarded-For, * - * - Host ,* - * -Server ..etc for caching server or DOS attack.

Check Version for any CMS or anything at the website or this domain

Trying bypass the authentication Or bypass the authorization Crack The Register Verify and Try Crack 2FA Authentication

Exploit Vulnerabilities:-

In XSS exploit or recon I used XSStrike , XSpear , KNOXSS

In SSRF I used burp collaborator and Extension in burp called Taborator

In CSRF firs I check source code second check response the server after change anything and Keep going :)

Check in APIs or websites dashboards or sensitive data Improper access control

Some PoCs:-

• https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x

XSS :-

• https://www.youtube.com/watch?v=9g2ySpae10o

• https://www.youtube.com/watch?v=yxvBFF1c47w

• https://www.youtube.com/watch?v=aVIMIZeYVAQ

• https://www.youtube.com/watch?v=tri0RSMxt3g

• https://www.youtube.com/watch?v=NS8ml3ZShpU

• https://www.youtube.com/watch?v=KajedxDLq20

• https://www.youtube.com/watch?v=UYjufoB5Vpw

• https://www.youtube.com/watch?v=WC5kUPwzUtk

• https://blog.rakeshmane.com/2020/04/jsp-contextpath-link-manipulation-xss.html

Open Redirect :-

• https://www.youtube.com/watch?v=d5TEPQx5BWA

• https://www.youtube.com/watch?v=Xli9Yx9tzCI

• https://www.youtube.com/watch?v=YLMziP_e9k4

SSRF :-

• https://www.youtube.com/watch?v=WiJfG4Ch8p8

• https://www.youtube.com/watch?v=aRB-uYLp-ho

• https://www.youtube.com/watch?v=w94gTHoRXk8

• https://www.youtube.com/watch?v=Fi32ZkFofpU

• https://www.youtube.com/watch?v=RsK-uWLM0IE

IDOR :-

• https://www.youtube.com/watch?v=P9_ghgq2xVk

• https://www.youtube.com/watch?v=ABoFN_23Efw

• https://www.youtube.com/watch?v=blHG6D7Dd0M

• https://www.youtube.com/watch?v=Y846r0s_VEI

• https://www.youtube.com/watch?v=rcfEq6NUF7E&t=22s

CSRF :-

• https://www.youtube.com/watch?v=8TZJiU1FqeY

• https://www.youtube.com/watch?v=dBTuWzX8hd0

• https://www.youtube.com/watch?v=U1qdxHsLJHE

• https://www.youtube.com/watch?v=3T4m9tjXSeU

• https://www.youtube.com/watch?v=7jDCqitzL34

This Link is Awesome Link in github for Tips and Tricks for bug hunters.

• https://github.com/Shr3ySh4rma/YourNextBugTip