GitHub - BountySecurity/gbounty-profiles at refs/tags/v1.1.0

Web vulnerability profiles.

Highly customizable website vulnerability profiles.

This repository houses various type of web vulnerability profiles contributed by security researchers and engineers.

Warning

This project is in active development.

Profiles

What is a profile?

A profile is a manifest file, in JSON format, with the .bb2 extension, that contains all the information used by GBounty to run web vulnerability scans.

How can I use profiles?

By default, GBounty will download (clone) the latest release of this repository, containing the most recent version of each profile, and store them in the ~/.gbounty/profiles directory.

Later, whenever a new release is published, you can update them with: gbounty --update-profiles.

Additionally, you can tell GBounty to use one (or more) specific profiles, with the -p <path-to-profile> flag. For instance, in case you want to use just one profile: gbounty -p ~/.gbounty/profiles/SQLi.bb2. Or, in case you want to manage your own set of profiles in another directory.

How can I create new profiles?

To simplify the task of creating new profiles, and not having to write them manually in plain JSON, you can use the GBounty Profiles Designer, which is a small Java application with a user-friendly interface to create web vulnerability profiles.

Find here the designer docs.

And bear in mind, contributions are welcome!

License

GBounty Profiles are distributed under MIT License

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
.github/workflows		.github/workflows
static		static
ApiKeyRequest.bb2		ApiKeyRequest.bb2
BannerServer.bb2		BannerServer.bb2
Blind_RCE_Linux.bb2		Blind_RCE_Linux.bb2
Blind_RCE_Windows.bb2		Blind_RCE_Windows.bb2
Blind_SQLi.bb2		Blind_SQLi.bb2
Blind_XSS.bb2		Blind_XSS.bb2
Blind_XXE.bb2		Blind_XXE.bb2
CMS_Detection.bb2		CMS_Detection.bb2
CORS Misconfiguration.bb2		CORS Misconfiguration.bb2
CRLF Injection.bb2		CRLF Injection.bb2
CVE-2022-41479: Source Code Leak via IDOR.bb2		CVE-2022-41479: Source Code Leak via IDOR.bb2
Citrix_XSS_CVE-2023-24488.bb2		Citrix_XSS_CVE-2023-24488.bb2
Confluence_RCE_CVE-2022-26134.bb2		Confluence_RCE_CVE-2022-26134.bb2
F5_Big_IP_RCE_CVE-2022-1388.bb2		F5_Big_IP_RCE_CVE-2022-1388.bb2
Fuzzing_Directories.bb2		Fuzzing_Directories.bb2
Grafana_8.4.3_CVE-2022-32276.bb2		Grafana_8.4.3_CVE-2022-32276.bb2
Grafana_8.4.3_CVE-2022-32276_2.bb2		Grafana_8.4.3_CVE-2022-32276_2.bb2
GraphQL Alias Overloading.bb2		GraphQL Alias Overloading.bb2
GraphQL Batching.bb2		GraphQL Batching.bb2
GraphQL Directives Overloading.bb2		GraphQL Directives Overloading.bb2
GraphQL Field Duplication.bb2		GraphQL Field Duplication.bb2
GraphQL Introspection.bb2		GraphQL Introspection.bb2
Host_Header_Injection.bb2		Host_Header_Injection.bb2
LICENSE		LICENSE
Open Firebase Database.bb2		Open Firebase Database.bb2
OpenRedirect-ParameterPollution.bb2		OpenRedirect-ParameterPollution.bb2
OpenRedirect-ParameterPollution_Path.bb2		OpenRedirect-ParameterPollution_Path.bb2
OpenRedirect.bb2		OpenRedirect.bb2
OpenRedirect_SSRF.bb2		OpenRedirect_SSRF.bb2
OpenRedirect_SSRF_Parameter.bb2		OpenRedirect_SSRF_Parameter.bb2
Path_Traversal_linux.bb2		Path_Traversal_linux.bb2
RCE_Log4j.bb2		RCE_Log4j.bb2
RCE_Log4j_GETPOST.bb2		RCE_Log4j_GETPOST.bb2
RCE_Log4j_URLEncode.bb2		RCE_Log4j_URLEncode.bb2
README.md		README.md
SQL Text Detected.bb2		SQL Text Detected.bb2
SQLi.bb2		SQLi.bb2
SQLi_BlindHost.bb2		SQLi_BlindHost.bb2
SQLi_ContentLength.bb2		SQLi_ContentLength.bb2
SQLi_StausCode.bb2		SQLi_StausCode.bb2
SQLi_Timebased.bb2		SQLi_Timebased.bb2
SSRF_Localfile.bb2		SSRF_Localfile.bb2
SSRF_URLScheme.bb2		SSRF_URLScheme.bb2
SSTI.bb2		SSTI.bb2
Spring Boot Actuators.bb2		Spring Boot Actuators.bb2
Text4Shell.bb2		Text4Shell.bb2
Wordpress_Config.bb2		Wordpress_Config.bb2
Wordpress_SSRF_and_Path_Traversal.bb2		Wordpress_SSRF_and_Path_Traversal.bb2
Wordpress_XMLRPC_ListMethods.bb2		Wordpress_XMLRPC_ListMethods.bb2
Wordpress_directory_listing.bb2		Wordpress_directory_listing.bb2
Wordpress_user_enum.bb2		Wordpress_user_enum.bb2
X-Headers-BlindHost.bb2		X-Headers-BlindHost.bb2
XSS.bb2		XSS.bb2
XSS_HtmlUrlEncode.bb2		XSS_HtmlUrlEncode.bb2
XSS_Script.bb2		XSS_Script.bb2
XSS_URLEncode.bb2		XSS_URLEncode.bb2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Web vulnerability profiles.

Profiles

What is a profile?

How can I use profiles?

How can I create new profiles?

License

About

Uh oh!

Releases 5

Packages

Uh oh!

Contributors 2

Uh oh!

License

BountySecurity/gbounty-profiles

Folders and files

Latest commit

History

Repository files navigation

Web vulnerability profiles.

Profiles

What is a profile?

How can I use profiles?

How can I create new profiles?

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 5

Packages 0

Uh oh!

Contributors 2

Uh oh!

Packages