Bugbounty cheatsheet – Mohammed Adam(@iam_amdadam) Contains Recon, TBHMv4 Notes, Google Dorks, Web, OWASP Mobile-1, API Testing, API Checklist and API-Blogs with Video links, etc. (某个很厉害的大佬总结的各项tips,值得一看)
https://docs.google.com/spreadsheets/u/0/d/1TxNrvaIMRS_dmupcwjwJmXtaFk_lPGE1LzgxPu_7KqA/htmlview
A tool to find the CVE details with URL & description of the Vulnerable software/library.(需要能访问谷歌)
https://github.com/rsbarsania/softvul
CSRF Attack — 0 click account delete(0 click的还是比较罕见的)
https://hacklido.com/d/32-csrf-attack-0-click-account-delete-1st-write-up
API Security 101: Security Misconfiguration
https://blog.shiftleft.io/api-security-101-security-misconfiguration-eb9efed80ebe
Google Dorker with awesome features(傻瓜化工具)
https://dorks.faisalahmed.me/#
Google Map Api Key Checker by @dirtycoder0124 This tool checks found api_key is vulnerable to exploit or not.
https://googlekey.blindf.com/
Akamai XSS WAF bypass for ASP-style comma separated Parameter Pollution Reflection (YMMV based on config)
Top 15 software vulnerabilities that were routinely exploited in 2021
IBBH群AsiimoV师傅分享的安服仔专用水报告神器
https://github.com/linshaoSec/WaterExp
后台很多师傅留言想加入IBBH群,所以限时开放加入,关注公众号后 回复 IBBH 可见。请备注”加群”
原文始发于微信公众号(Bug Bounty Tips):Bug Bounty Tips(2022-10-18)