AI Summary: Web Hacking is a comprehensive repository of notes focused on bug bounty hunting and penetration testing, collating various techniques for vulnerability discovery and exploitation. The tool features extensive reconnaissance and OSINT methods, a detailed list of common vulnerabilities, and bypass techniques, making it a valuable resource for security professionals seeking to enhance their skills and methodologies in web application security. Additionally, it encourages community contributions, fostering continuous improvement and updates of its content.

README

Web Hacking + Bug Bounty Tricks

These are my Bug Bounty / Pentest notes that I have gathered from various sources.

You can also contribute.

Golden Tips

• Writeups
• Smart Hunting

Recon & OSINT Techniques

• Recon
• OSINT

List of Vulnerabilities

• API Key Leak
• CORS
• CRLF Injection
• CSRF
• Cache Poisoning / Deception
• Command Injection
• DOM Clobbering
• File Inclusion
• File Upload
• GraphQL
• Host Header Injection
• IDOR
• JWT
• NoSQLi
• Open Redirect
• Race Condition
• Reverse Tab Nabbing
• SQLi
• SSRF
• Sandwich Attack
• XSS
• XXE

Bypass Techniques

• General Evasive Techniques
• 2FA / OTP Bypass
• 403 Bypass
• 429 Bypass
• Captcha Bypass
• CSP Bypass
• Email Verification Bypass
• Login Bypass
• Rate Limit Bypass
• Reset Password Bypass
• WAF Detect / Bypass

Cloud / Docker

• General
• Info Gathering
• AWS
• Azure
• GCP
• CDN - Domain Fronting
• Docker & Kubernetes
• Container Attacks

Top Tools & Extensions

• Nuclei - Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates
• inql - Burp extension for advanced GraphQL testing
• Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
• param-miner - Burp extension, identifies hidden, unlinked parameters
• Oralyzer - a simple python script that probes for Open Redirection vulnerability in a website
• SQLiPy Sqlmap Integration - SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API
• ParamSpider - Parameter miner for humans
• gf - A wrapper around grep to avoid typing common patterns

Mindmaps for Bug Hunters

• XXE
• SSRF
• CORS
• Prototype Pollution

Red Team Attacks

• Insecure Interfaces and APIs - For Cloud
• Privilege escalation EC2
• SMTP

Secure Coding

• 2FA
• Password Reset
• Session Fixation
• Broken Object Level Authorization
• Broken Authentication
• Broken Object Property Level Authorization
• Unrestricted Resource Consumption
• Broken Function Level Authorization
• Unrestricted Access to Sensitive Business Flows
• Server Side Request Forgery
• Security Misconfiguration
• Improper Inventory Management
• Unsafe Consumption of APIs

All content of this repository will always be updated…