Skip to content

ifofor/SRC-experience

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
Security Assessment Mindset
Security Assessment Mindset
 
 
Fuzz大法之挖掘潜在的逻辑越权.pdf
Fuzz大法之挖掘潜在的逻辑越权.pdf
 
 
GET来的漏洞 _ WooYun知识库.pdf
GET来的漏洞 _ WooYun知识库.pdf
 
 
README.md
README.md
 
 
SRC混子是怎样练成的.pdf
SRC混子是怎样练成的.pdf
 
 
SSRF Bypass and Exploit.pptx
SSRF Bypass and Exploit.pptx
 
 
XS-Search.pptx
XS-Search.pptx
 
 
XSS-Cheat-Sheet-2019-Edition-2 翻译版本.pdf
XSS-Cheat-Sheet-2019-Edition-2 翻译版本.pdf
 
 
nmap_cheet_sheet_0.6_2.pdf
nmap_cheet_sheet_0.6_2.pdf
 
 
众测漏洞榜之脑洞篇.pptx
众测漏洞榜之脑洞篇.pptx
 
 
众测经验谈.pptx
众测经验谈.pptx
 
 
信息收集.pptx
信息收集.pptx
 
 
区块链src.txt
区块链src.txt
 
 
国内SRC漏洞挖掘技巧与经验分享.pdf
国内SRC漏洞挖掘技巧与经验分享.pdf
 
 
我是如何挖各SRC漏洞的.pdf
我是如何挖各SRC漏洞的.pdf
 
 
某SRC从源码泄露到getshell.pdf
某SRC从源码泄露到getshell.pdf
 
 
给开发者的终极XSS防护备忘录.pdf
给开发者的终极XSS防护备忘录.pdf
 
 
网盘泄露.docx
网盘泄露.docx
 
 
论src漏洞挖掘的前期信息收集 .pptx
论src漏洞挖掘的前期信息收集 .pptx
 
 
边界渗透中的小技巧.pdf
边界渗透中的小技巧.pdf
 
 
面向企业src的漏洞挖掘.pdf
面向企业src的漏洞挖掘.pdf
 
 

Repository files navigation

SRC-experience

工欲善其事,必先利其器

最近收集到的一些src挖掘奇技淫巧,然后还有一些国外新技术的学习网站分享给大家。

2021.10.20: 时隔两年更新下文章。

Bug Bounty trick website

https://www.bugbountynotes.com/training

https://pentester.land/newsletter/2019/02/12/the-5-hacking-newsletter-40.html

https://www.openbugbounty.org/

hackerone-reports

hackerone-reports

bug-bounty-reference 按漏洞性质分类的漏洞赏金记录列表

BUG BOUNTY HUNTING

bounty-targets-data 赏金目标数据

6000多份HackerOne漏洞公开报告

https://github.com/ngalongc/bug-bounty-reference

Awesome-Bugbounty-Writeups

https://github.com/w181496/Web-CTF-Cheatsheet

collection-of-bug-bounty-tip-will-be-updated-daily

Web-CTF-Cheatsheet

https://github.com/w181496/Web-CTF-Cheatsheet
https://github.com/harsh-bothra/learn365/
https://github.com/carlospolop/hacktricks

Penetration

BugBountyHunting Search Engine
https://www.bugbountyhunting.com/

Bug Bounty Collection
https://github.com/ngalongc/bug-bounty-reference
https://github.com/djadmin/awesome-bug-bounty
https://github.com/Muhammd/awesome-bug-bounty
https://github.com/djadmin/awesome-bug-bounty
https://github.com/dwisiswant0/awesome-oneliner-bugbounty
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/m4ll0k/Bug-Bounty-Toolz
https://github.com/EdOverflow/bugbounty-cheatsheet
https://github.com/KingOfBugbounty/KingOfBugBountyTips
https://github.com/EdOverflow/bugbountyguide
https://github.com/AlexisAhmed/BugBountyToolkit
https://github.com/e11i0t4lders0n/Bugbounty-Resources

https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
https://github.com/1ndianl33t/Bugbounty-Resources
https://github.com/1ndianl33t/BugBounty_Profile
https://github.com/KathanP19/HowToHunt
https://github.com/vaib25vicky/awesome-mobile-security
https://github.com/Voorivex/pentest-guide
https://github.com/Hack-with-Github/Awesome-Hacking

https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/0xedward/awesome-infosec
https://github.com/victoni/Bug-Bounty-Scripts
https://github.com/ujjwal96/arsenal
https://github.com/Sambal0x/Recon-tools
https://github.com/bobby-lin/bug-bounty-guide
https://github.com/vavkamil/awesome-bugbounty-tools
https://book.hacktricks.xyz

https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/0xedward/awesome-infosec
https://github.com/victoni/Bug-Bounty-Scripts
https://github.com/ujjwal96/arsenal
https://github.com/Sambal0x/Recon-tools
https://github.com/bobby-lin/bug-bounty-guide
https://github.com/vavkamil/awesome-bugbounty-tools
https://book.hacktricks.xyz

https://github.com/infoslack/awesome-web-hacking
https://github.com/jaredthecoder/awesome-vehicle-security
https://github.com/trimstray/the-book-of-secret-knowledge
https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet
https://github.com/The404Hacking/AndroRAT
https://github.com/sundaysec/Android-Exploits
https://github.com/AzimsTech/Android_Hacking
https://github.com/hahwul/MobileHackersWeapons

Cheat Sheet collection
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://github.com/OlivierLaflamme/Cheatsheet-God
https://github.com/baumanab/cheat_sheets
https://github.com/detailyang/awesome-cheatsheet
https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://gist.github.com/jeremypruitt/c435aefa2c2abaec02985d77fb370ec5
https://github.com/PeterSufliarsky/pentesting-cheat-sheet

Penetration Testing Checklist collection
https://github.com/oxr463/pentesting-checklist
https://github.com/netbiosX/Checklists
https://github.com/harsh-kk/web-pentesting-checklist
https://github.com/chennylmf/OWASP-Web-App-Pentesting-checklists
https://github.com/MahdiMashrur/Awesome-Application-Security-Checklist
https://github.com/Probely/security_checklist
https://github.com/sderosiaux/checklists

Pentesters Roadmap collection
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
https://github.com/GrandGarcon/Complete_Cybersecurity_Path
https://github.com/CSIRT-MU/edu-resources
https://github.com/argowang/cyber-security-roadmap
https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap
https://github.com/nairuzabulhul/RoadMap
https://github.com/nairuzabulhul/RoadMap/blob/master/PTS/Pentesting.md
https://github.com/sundowndev/hacker-roadmap

Payloads Collection

Payloads Collection
https://github.com/omurugur/SQL_Injection_Payload
https://github.com/omurugur/XSS_Payload_List
https://github.com/omurugur/OS_Command_Payload_List
https://github.com/omurugur/Open_Redirect_Payload_List
https://github.com/cujanovic/SSRF-Testing
https://github.com/swisskyrepo/PayloadsAllTheThings

https://github.com/akalankauk/XSS-SQL-Master-Payloads
https://github.com/austinsonger/payloadsandlists
https://github.com/BrodieInfoSec/BIG_XSS
https://github.com/pgaijin66/XSS-Payloads
https://github.com/sh377c0d3/Payloads
https://github.com/omurugur/SQL_Injection_Payload
https://github.com/RedVirus0/LFI-Payloads
https://github.com/emadshanab/LFI-Payload-List
https://github.com/secf00tprint/payloadtester_lfi_rfi

https://github.com/foospidy/payloads
https://github.com/payloadbox/command-injection-payload-list
https://github.com/payloadbox/sql-injection-payload-list
https://github.com/payloadbox/open-redirect-payload-list
https://github.com/payloadbox/xxe-injection-payload-list
https://github.com/payloadbox/rfi-lfi-payload-list
https://github.com/payloadbox/csv-injection-payloads
https://github.com/terjanq/Tiny-XSS-Payloads
https://github.com/hahwul/XSS-Payload-without-Anything

Awesome Electron.js hacking

https://github.com/doyensec/awesome-electronjs-hacking

从别的地方扒来一些案例和知识点

浅析通过"监控"来辅助进行漏洞挖掘

威胁情报-生存在SRC平台中的刷钱秘籍

威胁情报

YSRC众测之我的漏洞挖掘姿势

SRC的漏洞分析

众测备忘手册

挖洞技巧:如何绕过URL限制

挖洞技巧:APP手势密码绕过思路总结

挖洞技巧:支付漏洞之总结

挖洞技巧:绕过短信&邮箱轰炸限制以及后续

挖洞技巧:信息泄露之总结

OSS对象存储上传解析漏洞

任意文件下载引发的思考

两种密码重置之综合利用

任意用户密码重置

通用性业务逻辑组合拳劫持你的权限

收藏的 src 工具

Scanners-Box 安全行业从业者自研开源扫描器合辑

hakrawler-快速地发现Web应用程序中的端点和资产

Voyager-安全工具集合平台

bayonet-src资产管理系统

wayback-machine-downloader

ApkAnalyser-一键提取安卓应用中可能存在的敏感信息

Diggy-从apk文件中提取端点

新的一年祝大家挖洞必高危。

About

工欲善其事,必先利其器

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 100.0%