Convert Figma logo to code with AI

sehno logoBug-bounty

Ressources for bug bounty hunting

1,701
553
1,701
1

Top Related Projects

A list of resources for those interested in getting started in bug bounties

A list of interesting payloads, tips and tricks for bug bounty hunters.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

Quick Overview

The sehno/Bug-bounty repository is a collection of resources and tools for bug bounty hunters and security researchers. It provides a curated list of platforms, methodologies, and tools to assist in finding and reporting security vulnerabilities in web applications and systems.

Pros

  • Comprehensive collection of bug bounty resources in one place
  • Regularly updated with new tools and platforms
  • Includes both free and paid resources for different skill levels
  • Organized into categories for easy navigation

Cons

  • Lacks detailed explanations or tutorials for using the listed tools
  • Some links may become outdated over time
  • Does not provide a structured learning path for beginners
  • May overwhelm newcomers with the sheer amount of information

As this is not a code library, we'll skip the code examples and getting started instructions sections.

Competitor Comparisons

A list of resources for those interested in getting started in bug bounties

Pros of Resources-for-Beginner-Bug-Bounty-Hunters

  • More comprehensive and structured content, covering various aspects of bug bounty hunting
  • Regularly updated with new resources and information
  • Includes a wide range of topics, from basic concepts to advanced techniques

Cons of Resources-for-Beginner-Bug-Bounty-Hunters

  • May be overwhelming for absolute beginners due to the large amount of information
  • Lacks specific step-by-step guides for certain topics
  • Some links may become outdated over time

Code Comparison

While both repositories primarily focus on providing resources rather than code, Resources-for-Beginner-Bug-Bounty-Hunters includes some basic examples of vulnerability payloads:

<!-- Resources-for-Beginner-Bug-Bounty-Hunters -->
<script>alert(document.cookie)</script>

Bug-bounty doesn't include code examples, as it's mainly a collection of links and resources.

Summary

Resources-for-Beginner-Bug-Bounty-Hunters offers a more extensive and structured approach to learning bug bounty hunting, making it suitable for beginners who want a comprehensive resource. However, its breadth may be overwhelming for some. Bug-bounty, while less extensive, provides a more focused list of resources that may be easier for absolute beginners to navigate.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Pros of bugbounty-cheatsheet

  • More comprehensive and structured content, covering a wider range of bug bounty topics
  • Regularly updated with contributions from multiple authors
  • Includes practical examples and payloads for various vulnerability types

Cons of bugbounty-cheatsheet

  • May be overwhelming for beginners due to the extensive information
  • Lacks a clear learning path or progression for users
  • Some sections could benefit from more detailed explanations

Code Comparison

bugbounty-cheatsheet:

curl -H "X-Forwarded-For: 127.0.0.1" http://example.com/

Bug-bounty:

# No equivalent code sample available

The bugbounty-cheatsheet repository provides specific code examples and payloads, while the Bug-bounty repository focuses more on general information and resources without including code samples.

Both repositories serve as valuable resources for bug bounty hunters, with bugbounty-cheatsheet offering a more extensive and technical approach, while Bug-bounty provides a curated list of tools and general guidance. The choice between the two depends on the user's experience level and specific needs in the bug bounty field.

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

Pros of bug-bounty-reference

  • More comprehensive and regularly updated resource
  • Well-organized structure with categorized vulnerabilities
  • Includes links to write-ups and detailed explanations

Cons of bug-bounty-reference

  • May be overwhelming for beginners due to extensive information
  • Lacks specific tools or scripts for bug hunting
  • Less focus on practical tips and methodologies

Code Comparison

While both repositories primarily focus on providing resources rather than code, bug-bounty-reference includes some example payloads:

"><script src=//brutelogic.com.br/1.js>

Bug-bounty, on the other hand, doesn't contain code snippets but offers links to external resources.

Summary

bug-bounty-reference is a more extensive and well-maintained resource, ideal for experienced bug hunters seeking a wide range of vulnerability types and examples. It provides a structured approach to learning about different security issues.

Bug-bounty offers a simpler, more concise list of resources, which may be more suitable for beginners or those looking for a quick reference. It focuses on providing links to external tools and platforms rather than detailed explanations.

Both repositories serve as valuable starting points for bug bounty hunters, with bug-bounty-reference being more comprehensive and Bug-bounty being more straightforward and beginner-friendly.

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

Pros of bounty-targets-data

  • Regularly updated with automated daily data collection
  • Comprehensive dataset covering multiple bug bounty platforms
  • Provides data in easily parsable formats (JSON, TXT)

Cons of bounty-targets-data

  • Focused solely on target data, lacking additional resources or tools
  • May require additional processing or tools to utilize the data effectively
  • Limited documentation on how to use the data in bug bounty workflows

Code Comparison

bounty-targets-data:

import json
with open('data/hackerone_data.json') as f:
    hackerone_data = json.load(f)
for program in hackerone_data:
    print(program['name'], program['url'])

Bug-bounty:

#!/bin/bash
echo "Starting recon for $1"
subfinder -d $1 -o subdomains.txt
nmap -iL subdomains.txt -oN nmap_results.txt

The code snippets highlight the different focus of each repository. bounty-targets-data provides raw data that can be parsed and used in custom scripts, while Bug-bounty offers ready-to-use tools and scripts for reconnaissance and scanning.

Both repositories serve different purposes in the bug bounty ecosystem. bounty-targets-data is ideal for researchers who want up-to-date target information and prefer to build their own tools, while Bug-bounty provides a collection of tools and resources for those who want a more guided approach to bug hunting.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Pros of nuclei-templates

  • Larger and more active community, with frequent updates and contributions
  • Extensive collection of templates covering a wide range of vulnerabilities
  • Well-organized structure with categorized templates for easier navigation

Cons of nuclei-templates

  • Steeper learning curve due to the large number of templates and complex syntax
  • May require more resources to run due to the extensive template collection
  • Some templates might be overly specific or not applicable to all scenarios

Code Comparison

nuclei-templates:

id: example-vulnerability
info:
  name: Example Vulnerability
  author: John Doe
  severity: medium
requests:
  - method: GET
    path:
      - "{{BaseURL}}/vulnerable-endpoint"
    matchers:
      - type: word
        words:
          - "vulnerable response"

Bug-bounty:

No specific code structure available for comparison.
The repository primarily contains markdown files with
information and resources related to bug bounty hunting.

Summary

nuclei-templates offers a comprehensive set of templates for vulnerability scanning, backed by a large community. It provides a structured approach to security testing but may require more resources and expertise. Bug-bounty, on the other hand, serves as a curated collection of bug bounty resources and information, making it more accessible for beginners but less automated in its approach to vulnerability discovery.

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish to influence Onelinetips and explain the commands, for the better understanding of new hunters..

Pros of KingOfBugBountyTips

  • More comprehensive and regularly updated resource
  • Includes a wider range of tools and techniques
  • Better organized with clear categories and sections

Cons of KingOfBugBountyTips

  • May be overwhelming for beginners due to the large amount of information
  • Some tools and techniques might be outdated or less relevant

Code Comparison

While both repositories primarily focus on providing resources and tips rather than code, KingOfBugBountyTips includes more command-line examples and tool usage. Here's a brief comparison:

KingOfBugBountyTips:

cat domains.txt | hakrawler -d 3 -t 50 | grep -i "api" | sort -u

Bug-bounty:

No specific code examples provided in the main README.

KingOfBugBountyTips offers more practical examples of using various tools, which can be helpful for users looking to implement specific techniques. Bug-bounty, on the other hand, focuses more on providing links to resources and general information without specific code examples.

Overall, KingOfBugBountyTips appears to be a more comprehensive and actively maintained resource for bug bounty hunters, offering a wider range of tools and techniques. However, Bug-bounty may be more suitable for beginners looking for a simpler introduction to the topic.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Bug bounty


You can find here some resources I use to do bug bounty hunting.

Inventory of resources