Skip to content

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Notifications You must be signed in to change notification settings

Mehdi0x90/Web_Hacking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Web Hacking + Bug Bounty Tricks

5829442

These are my Bug Bounty / Pentest notes that I have gathered from various sources.

You can also contribute.

Twitter URL

Golden Tips

Recon & OSINT Techniques

List of Vulnerabilities

Bypass Techniques

Cloud / Docker

Top Tools & Extensions

  • inql - Burp extension for advanced GraphQL testing
  • Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
  • param-miner - Burp extension, identifies hidden, unlinked parameters
  • Oralyzer - a simple python script that probes for Open Redirection vulnerability in a website
  • SQLiPy Sqlmap Integration - SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API
  • ParamSpider - Parameter miner for humans
  • gf - A wrapper around grep to avoid typing common patterns

Mindmaps for Bug Hunters

Red Team Attacks

Secure Coding


All content of this repository will always be updated...