Convert Figma logo to code with AI

devanshbatham logoAwesome-Bugbounty-Writeups

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

4,628
997
4,628
10

Top Related Projects

A list of resources for those interested in getting started in bug bounties

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

A list of interesting payloads, tips and tricks for bug bounty hunters.

Ressources for bug bounty hunting

A collection of various awesome lists for hackers, pentesters and security researchers

Quick Overview

The "Awesome-Bugbounty-Writeups" repository is a curated list of bug bounty writeups, organized by different vulnerability types and platforms. It serves as a comprehensive resource for security researchers, bug bounty hunters, and anyone interested in learning about real-world security vulnerabilities and how they were discovered and exploited.

Pros

  • Extensive collection of high-quality bug bounty writeups from various sources
  • Well-organized structure, categorized by vulnerability types and platforms
  • Regularly updated with new writeups and resources
  • Valuable learning resource for both beginners and experienced security researchers

Cons

  • Some links may become outdated or broken over time
  • Quality of writeups can vary, as they come from different authors
  • May not cover all possible vulnerability types or platforms
  • Requires basic understanding of security concepts to fully benefit from the content

As this is not a code library, we'll skip the code examples and getting started instructions sections.

Competitor Comparisons

A list of resources for those interested in getting started in bug bounties

Pros of Resources-for-Beginner-Bug-Bounty-Hunters

  • More comprehensive resource covering various aspects of bug bounty hunting
  • Includes learning paths and methodologies for beginners
  • Offers a wider range of content types (videos, courses, tools)

Cons of Resources-for-Beginner-Bug-Bounty-Hunters

  • Less focused on specific bug bounty writeups
  • May be overwhelming for absolute beginners due to the amount of information
  • Requires more time to navigate and find relevant resources

Code Comparison

Not applicable for these repositories as they are primarily curated lists of resources and don't contain significant code samples.

Summary

Resources-for-Beginner-Bug-Bounty-Hunters is a more comprehensive guide for those starting in bug bounty hunting, offering a wide range of resources and learning paths. It's ideal for beginners who want a structured approach to learning.

Awesome-Bugbounty-Writeups focuses specifically on bug bounty writeups, making it more suitable for those looking to learn from real-world examples and case studies. It's better for intermediate hunters or those who prefer learning through practical examples.

Both repositories serve different purposes and can be complementary in a bug bounty hunter's learning journey. Resources-for-Beginner-Bug-Bounty-Hunters provides a broader foundation, while Awesome-Bugbounty-Writeups offers more specific, practical insights through writeups.

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Pros of awesome-bug-bounty

  • More comprehensive list of resources, including platforms, tools, and educational materials
  • Better organized with clear categories and subcategories
  • Regularly updated with new content and contributions

Cons of awesome-bug-bounty

  • Lacks specific writeups and case studies of real-world bug bounty reports
  • Less focused on practical examples and learning from actual vulnerabilities
  • May be overwhelming for beginners due to the sheer volume of information

Code Comparison

While both repositories are primarily curated lists of resources, they don't contain significant code snippets. However, here's a comparison of their README structures:

awesome-bug-bounty:

# awesome-bug-bounty
A comprehensive curated list of Bug Bounty Programs and write-ups.

## Table of Contents
- [Getting Started](#getting-started)
- [Bug Bounty Platforms](#bug-bounty-platforms)
- [Tools](#tools)

Awesome-Bugbounty-Writeups:

# Awesome Bugbounty Writeups

A curated list of bugbounty writeups.

## Contributing

Your contributions are always welcome!

The awesome-bug-bounty repository has a more structured and detailed README, while Awesome-Bugbounty-Writeups focuses primarily on the list of writeups.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Pros of bug-bounty-reference

  • More comprehensive categorization of vulnerabilities and attack vectors
  • Includes a section on tools and resources for bug bounty hunting
  • Regularly updated with new content and references

Cons of bug-bounty-reference

  • Less focus on specific writeups and real-world examples
  • Navigation can be more challenging due to the extensive list of links
  • Lacks a curated selection of high-quality or notable reports

Code comparison

While both repositories primarily consist of markdown files with lists of links and resources, bug-bounty-reference includes a simple HTML file for better navigation:

<!-- bug-bounty-reference -->
<h3>
<a id="user-content-cross-site-scripting-xss" class="anchor" href="#cross-site-scripting-xss" aria-hidden="true"><span class="octicon octicon-link"></span></a>Cross-Site Scripting (XSS)</h3>

Awesome-Bugbounty-Writeups uses a more straightforward markdown approach:

## Cross-Site Scripting (XSS)

- [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A) - LiveOverflow
- [XSS on Google Search - Efficiently finding XSS](https://www.youtube.com/watch?v=t5fB6OZsR6c) - LiveOverflow

Both repositories serve as valuable resources for bug bounty hunters, with bug-bounty-reference offering a more comprehensive reference guide and Awesome-Bugbounty-Writeups focusing on curated writeups and real-world examples.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Pros of bugbounty-cheatsheet

  • More concise and focused on specific techniques and payloads
  • Organized by vulnerability type, making it easier to find relevant information quickly
  • Includes practical examples and code snippets for immediate use

Cons of bugbounty-cheatsheet

  • Less comprehensive in terms of overall bug bounty knowledge and resources
  • Lacks detailed explanations and context for each vulnerability or technique
  • May not be as suitable for beginners who need more in-depth information

Code Comparison

bugbounty-cheatsheet:

# CRLF injection
%0ASet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
%0D%0ASet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
%0DSet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;

Awesome-Bugbounty-Writeups:

No direct code snippets available in the repository.
The focus is on curating and organizing writeups rather than providing code examples.

Both repositories serve different purposes in the bug bounty community. bugbounty-cheatsheet is a quick reference guide for specific techniques, while Awesome-Bugbounty-Writeups is a comprehensive collection of detailed writeups and resources. The choice between them depends on the user's needs and experience level in bug bounty hunting.

Ressources for bug bounty hunting

Pros of Bug-bounty

  • More focused on practical tools and resources for bug bounty hunting
  • Includes a section on bug bounty platforms and programs
  • Provides links to useful browser extensions for bug hunters

Cons of Bug-bounty

  • Less comprehensive collection of writeups compared to Awesome-Bugbounty-Writeups
  • Not as frequently updated or maintained
  • Lacks categorization by vulnerability types or specific technologies

Code Comparison

While both repositories primarily consist of curated lists and links, Bug-bounty includes some code snippets for useful commands. Here's an example from Bug-bounty:

# Find subdomains using subfinder
subfinder -d example.com -o subdomains.txt

# Run nuclei on discovered subdomains
cat subdomains.txt | nuclei -t nuclei-templates

Awesome-Bugbounty-Writeups doesn't include code snippets, focusing instead on organizing and categorizing writeups and resources.

Summary

Bug-bounty offers a more practical approach with tools and resources for active bug hunters, while Awesome-Bugbounty-Writeups provides a more extensive collection of writeups for learning and reference. The choice between the two depends on whether you're looking for hands-on tools or a comprehensive library of past vulnerabilities and their explanations.

A collection of various awesome lists for hackers, pentesters and security researchers

Pros of Awesome-Hacking

  • Broader scope covering various hacking topics beyond just bug bounties
  • More extensive collection of resources and tools
  • Regularly updated with new content and categories

Cons of Awesome-Hacking

  • Less focused on specific bug bounty writeups and case studies
  • May be overwhelming for beginners due to the vast amount of information
  • Lacks detailed explanations or summaries for each resource

Code Comparison

While both repositories are primarily curated lists of resources, they don't contain significant code samples. However, here's a comparison of their README structures:

Awesome-Bugbounty-Writeups:

## Table of Contents
- [Recon](#recon)
- [SQL Injection](#sql-injection)
- [XSS](#xss)
...

Awesome-Hacking:

### Contents
- [Awesome Hacking](#awesome-hacking)
    - [Computer](#computer)
    - [Network](#network)
    - [Reverse Engineering](#reverse-engineering)
...

Both repositories use similar Markdown structures for organizing their content, but Awesome-Hacking has a more detailed and hierarchical organization due to its broader scope.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Contents

Cross Site Scripting (XSS)

Cross Site Request Forgery (CSRF)

Clickjacking (UI redressing attack)

Local File Inclusion (LFI)

Subdomain Takeover

Denial of Service (DOS)

Authentication Bypass

SQL Injection(SQLI)

Insecure Direct Object Reference (IDOR)

2FA related issues

CORS related issues

Server Side Request Forgery (SSRF)

Race Condition

Remote Code Execution (RCE)

Buffer Overflow Writeups

Android Pentesting

Contributing

  • Open Pull Requests
  • Send me links of writeups to My Twitter : 0xAsm0d3us

Maintainers

This Repo is maintained by :