bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
Top Related Projects
A list of resources for those interested in getting started in bug bounties
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
All about bug bounty (bypasses, payloads, and etc)
Collection of methodology and test case for various web vulnerabilities.
A collection of various awesome lists for hackers, pentesters and security researchers
Quick Overview
The EdOverflow/bugbounty-cheatsheet is a comprehensive GitHub repository that serves as a reference guide for bug bounty hunters and security researchers. It contains a collection of resources, techniques, and methodologies for identifying and exploiting various types of vulnerabilities across different platforms and technologies.
Pros
- Extensive coverage of various vulnerability types and attack vectors
- Regularly updated with new techniques and information
- Community-driven project with contributions from experienced security researchers
- Well-organized structure making it easy to find specific information
Cons
- May be overwhelming for beginners due to the vast amount of information
- Some sections might lack detailed explanations or examples
- Occasional outdated information as security landscapes evolve rapidly
- Potential misuse by malicious actors if not used responsibly
Getting Started
To get started with the bugbounty-cheatsheet:
- Visit the GitHub repository: https://github.com/EdOverflow/bugbounty-cheatsheet
- Browse through the README.md file for an overview of available topics
- Click on specific markdown files in the repository to access detailed information on various vulnerability types and techniques
- Consider starring or forking the repository to stay updated with new additions and changes
Note: This is not a code library, so there are no code examples or installation instructions. The cheatsheet is meant to be used as a reference guide for bug bounty hunting and security research.
Competitor Comparisons
A list of resources for those interested in getting started in bug bounties
Pros of Resources-for-Beginner-Bug-Bounty-Hunters
- More comprehensive and structured content, covering a wider range of topics
- Includes learning resources, tools, and methodologies for beginners
- Regularly updated with community contributions
Cons of Resources-for-Beginner-Bug-Bounty-Hunters
- Less focused on specific vulnerabilities and payloads
- May be overwhelming for absolute beginners due to the amount of information
- Lacks concise, quick-reference format for experienced hunters
Code Comparison
While both repositories primarily focus on providing information rather than code, bugbounty-cheatsheet includes some payload examples:
bugbounty-cheatsheet:
<script>alert(1)</script>
"><script>alert(1)</script>
<img src=x onerror=alert(1)>
Resources-for-Beginner-Bug-Bounty-Hunters doesn't typically include specific payload examples, instead focusing on explanations and external resources.
Both repositories serve different purposes: bugbounty-cheatsheet is a quick reference for specific vulnerabilities and payloads, while Resources-for-Beginner-Bug-Bounty-Hunters is a comprehensive guide for newcomers to bug bounty hunting. The choice between them depends on the user's experience level and immediate needs.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Pros of PayloadsAllTheThings
- More comprehensive coverage of various attack vectors and techniques
- Regularly updated with new payloads and methodologies
- Better organized structure with separate directories for each topic
Cons of PayloadsAllTheThings
- Can be overwhelming for beginners due to the sheer amount of information
- Less focused on bug bounty-specific techniques compared to bugbounty-cheatsheet
Code Comparison
bugbounty-cheatsheet:
# CORS misconfiguration
curl -I -X OPTIONS -H "Origin: http://example.com" http://example.com/api/endpoint
PayloadsAllTheThings:
# CORS misconfiguration
curl -H "Origin: https://evil.com" -I https://example.com/api/endpoint
curl -H "Origin: null" -I https://example.com/api/endpoint
PayloadsAllTheThings provides more variations and examples for each vulnerability type, while bugbounty-cheatsheet offers concise, focused examples for bug bounty hunters.
Both repositories serve as valuable resources for security researchers and bug bounty hunters, with PayloadsAllTheThings offering a broader scope and bugbounty-cheatsheet providing a more targeted approach for bug bounty programs. The choice between the two depends on the user's specific needs and level of expertise in the field.
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
Pros of bug-bounty-reference
- More comprehensive and detailed resource with a wider range of vulnerability types covered
- Includes specific examples and case studies for various vulnerabilities
- Provides links to external resources and tools for further learning
Cons of bug-bounty-reference
- Less frequently updated compared to bugbounty-cheatsheet
- Organization may be less intuitive for beginners
- Lacks concise, quick-reference format found in bugbounty-cheatsheet
Code Comparison
bugbounty-cheatsheet:
## Cross-Site Scripting (XSS)
```<script>alert(1)</script>```
```javascript:alert(1)```
```data:text/html,<script>alert(1)</script>```
```<img src=x onerror=alert(1)>```
```<svg onload=alert(1)>```
bug-bounty-reference:
### Cross-Site Scripting (XSS)
- [Comprehensive XSS Guide](https://github.com/s0md3v/AwesomeXSS)
- [XSS Payloads](http://www.xss-payloads.com)
- [XSS Filter Evasion Cheat Sheet](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet)
The code comparison shows that bugbounty-cheatsheet provides direct, ready-to-use XSS payloads, while bug-bounty-reference offers links to more comprehensive resources on the topic.
All about bug bounty (bypasses, payloads, and etc)
Pros of AllAboutBugBounty
- More comprehensive coverage of various vulnerability types and techniques
- Includes practical examples and payloads for each vulnerability
- Regularly updated with new content and techniques
Cons of AllAboutBugBounty
- Less concise and may be overwhelming for beginners
- Lacks the quick-reference format of bugbounty-cheatsheet
- Some sections may require more context or explanation
Code Comparison
bugbounty-cheatsheet:
$ subfinder -d example.com | httprobe | tee domains.txt
AllAboutBugBounty:
subfinder -d example.com -silent | httpx -silent -mc 200 | anew domains.txt
Both repositories provide command examples for subdomain enumeration, but AllAboutBugBounty's example includes additional tools and flags for improved results.
Summary
AllAboutBugBounty offers a more extensive resource with detailed explanations and examples, making it suitable for in-depth learning. However, bugbounty-cheatsheet provides a more concise reference guide, which can be beneficial for quick lookups during bug hunting sessions. Both repositories have their merits, and the choice between them depends on the user's experience level and specific needs in bug bounty hunting.
Collection of methodology and test case for various web vulnerabilities.
Pros of HowToHunt
- More comprehensive and detailed content, covering a wider range of topics
- Regularly updated with new techniques and methodologies
- Includes practical examples and step-by-step guides for various vulnerabilities
Cons of HowToHunt
- Less structured organization compared to bugbounty-cheatsheet
- May be overwhelming for beginners due to the large amount of information
- Some sections lack consistency in formatting and depth of content
Code Comparison
HowToHunt example (SQL Injection):
' UNION SELECT NULL,NULL,NULL-- -
' UNION SELECT NULL,NULL,NULL,NULL-- -
' UNION SELECT NULL,NULL,NULL,NULL,NULL-- -
bugbounty-cheatsheet example (SQL Injection):
' OR '1'='1
' OR 1 -- -
' OR 1=1--
Both repositories provide valuable resources for bug bounty hunters and security researchers. HowToHunt offers a more extensive collection of techniques and methodologies, making it suitable for both beginners and experienced researchers. However, its organization may be less intuitive compared to bugbounty-cheatsheet.
bugbounty-cheatsheet provides a more concise and structured approach, making it easier for users to quickly find specific information. While it may not cover as many topics as HowToHunt, it offers a solid foundation for common vulnerabilities and techniques.
Ultimately, both repositories can be complementary resources for security professionals, with HowToHunt offering depth and breadth, and bugbounty-cheatsheet providing a quick reference guide.
A collection of various awesome lists for hackers, pentesters and security researchers
Pros of Awesome-Hacking
- Broader scope covering various hacking topics beyond bug bounties
- Larger collection of resources and tools
- More frequently updated with new content
Cons of Awesome-Hacking
- Less focused on specific bug bounty techniques
- May be overwhelming for beginners due to the vast amount of information
- Lacks detailed explanations for individual vulnerabilities
Code Comparison
While both repositories primarily consist of curated lists and don't contain much code, here's a comparison of their README structures:
Awesome-Hacking:
# Awesome Hacking
A collection of awesome lists for hackers, pentesters & security researchers.
## Table of Contents
- [Awesome Hacking](#awesome-hacking)
- [CTF Tools](#ctf-tools)
- [Exploits](#exploits)
- [Fuzzing](#fuzzing)
bugbounty-cheatsheet:
# Bug Bounty Cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
## Table of Contents
- [XSS](xss.md)
- [SQLi](sqli.md)
- [SSRF](ssrf.md)
The Awesome-Hacking repository has a more extensive structure, while the bugbounty-cheatsheet is more concise and focused on specific vulnerability types.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Bug Bounty Cheat Sheet
Contributing
We welcome contributions from the public.
Using the issue tracker ð¡
The issue tracker is the preferred channel for bug reports and features requests.
Issues and labels ð·
Our bug tracker utilizes several labels to help organize and identify issues.
Guidelines for bug reports ð
Use the GitHub issue search â check if the issue has already been reported.
Style Guide
We like to keep our Markdown files as uniform as possible. So if you submit a PR, make sure to follow this style guide (we will not be angry if you do not).
- Cheat sheet titles should start with
##
. - Subheadings should be made bold. (
**Subheading**
) - Add newlines after subheadings and code blocks.
- Code blocks should use three backticks. (```)
- Make sure to use syntax highlighting whenever possible.
Contributors
Top Related Projects
A list of resources for those interested in getting started in bug bounties
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
All about bug bounty (bypasses, payloads, and etc)
Collection of methodology and test case for various web vulnerabilities.
A collection of various awesome lists for hackers, pentesters and security researchers
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot