These are my Bug Bounty / Pentest notes that I have gathered from various sources.
You can also contribute.
- API Key Leak
- CORS
- CRLF Injection
- CSRF
- Cache Poisoning / Deception
- Command Injection
- DOM Clobbering
- File Inclusion
- File Upload
- GraphQL
- Host Header Injection
- IDOR
- JWT
- NoSQLi
- Open Redirect
- Race Condition
- Reverse Tab Nabbing
- SQLi
- SSRF
- XSS
- XXE
- General Evasive Techniques
- 2FA / OTP Bypass
- 403 Bypass
- 429 Bypass
- Captcha Bypass
- CSP Bypass
- Email Verification Bypass
- Login Bypass
- Rate Limit Bypass
- Reset Password Bypass
- WAF Detect / Bypass
- inql - Burp extension for advanced GraphQL testing
- Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
- param-miner - Burp extension, identifies hidden, unlinked parameters
- Oralyzer - a simple python script that probes for Open Redirection vulnerability in a website
- SQLiPy Sqlmap Integration - SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API
- ParamSpider - Parameter miner for humans
- gf - A wrapper around grep to avoid typing common patterns
- 2FA
- Password Reset
- Session Fixation
- Broken Object Level Authorization
- Broken Authentication
- Broken Object Property Level Authorization
- Unrestricted Resource Consumption
- Broken Function Level Authorization
- Unrestricted Access to Sensitive Business Flows
- Server Side Request Forgery
- Security Misconfiguration
- Improper Inventory Management
- Unsafe Consumption of APIs
All content of this repository will always be updated...