Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

Fuzzing / Wordlists

  1. https://twitter.com/Jhaddix/status/1177706552272142337

    1. https://twitter.com/NahamSec/status/1177672652011343873

  2. https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d

    1. https://twitter.com/Yassineaboukir/status/1189813564053180416

  3. https://twitter.com/soaj1664ashar/status/1189570378961739777

  4. https://twitter.com/s0md3v/status/1190325611215982592

  5. Param Bruteforce -https://twitter.com/HusseiN98D/status/1166759438503620610 - Arjun

  6. Rustbuster - https://twitter.com/michael_eder_/status/1166629786711670784

  7. Check Status Codes - https://github.com/Sy3Omda/dotfiles/blob/master/fetcher.sh

  8. Robots disallowed - https://github.com/danielmiessler/RobotsDisallowed

  9. Content Discovery - https://twitter.com/Alra3ees/status/1208502084246671366 (Also downloaded the same)

  10. https://twitter.com/Random_Robbie/status/1221748816308768770

  11. Dirbuster - When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:

    dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u - https://twitter.com/i/status/1221792235215151104

  12. PathBrute - https://github.com/milo2012/pathbrute

  13. https://github.com/enciphers/Wordlists

  14. Content_discovery_nullenc0de.txt

  15. https://github.com/pwnwiki/webappurls

  16. Status codes - hakul/hakcrawl - gofetch , statusparser

  17. What are your normal testing steps when you see a 401? - https://twitter.com/nomanAli181/status/1146411693590736896

  18. https://twitter.com/payloadartist/status/1240591694753452032

  19. https://github.com/deibit/cansina - web content discovery

  20. https://twitter.com/_harleo/status/1138883725675192322

  21. https://github.com/phspade/Combined-Wordlists

  22. New dirs to bruteforce -https://twitter.com/nullenc0de/status/1249804904790732802

  23. https://twitter.com/imranparray101/status/1141100671581556736?s=20

  24. Jhaddix -

Tools - Fast web fuzzer written in Go - https://github.com/ffuf/ffuf

When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:

dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u

Thread Related -- https://twitter.com/search?q=FFuF&src=typed_query

Any tool to dedupe a list of urls according their parameters? I mean keep only 1 url if it appears several times with same params no matter their values - https://twitter.com/gwendallecoguic/status/1207435306410168322

  • https://securityjunky.com/ffuf-on-steroids/

  • https://github.com/assetnote/commonspeak2-wordlists

  • wordlist by random robbie - https://gist.github.com/random-robbie/0f9d24a7b3c7268ee0c1ecdbe280611b

  • Subdomain bruteforce list - https://twitter.com/Alra3ees/status/1068079409117188096

  • FULLL LIST _ https://forum.bugcrowd.com/t/dropping-a-cool-wordlist/9211

  • Interesting file extensions to look for: - https://twitter.com/s0md3v/status/1271241942576185344

  • Check out subs_all txt here - https://drive.google.com/file/d/12nABC1GUL7lBsPuzC0pWJrPRzHMHqe8X/view?usp=sharing

  • Tool - wordlistgen

  • https://github.com/Bo0oM/fuzz.txt

  • https://github.com/epi052/feroxbuster

  • https://github.com/Droidzzzio/EnumerationList

  • https://github.com/six2dez/OneListForAll

  • https://github.com/BonJarber/SecUtils/tree/master/clean_wordlist

  • https://github.com/gh0stkey/Web-Fuzzing-Box

  • https://github.com/six2dez/OneListForAll

  • Huge_DIR_wordlist:- https://github.com/emadshanab/Huge_DIR_wordlist

Exploiting:

  • https://github.com/ayoubfathi/leaky-paths

PreviousMobile SecurityNextBugBounty Short Write-ups

Last updated 3 years ago

Was this helpful?

https://twitter.com/Mah3Sec_/status/1325030700039368709
GitHub - lutfumertceylan/top25-parameter: For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙GitHub
Logo