Bug Bounty Tools & Writeups | Hide Club

This course is focused on learning by doing. We are going to teach you how penetration testing works, by actually practicing the techniques and methods used by bug bounty hunters today. We will start off by creating our virtual hacking lab to make sure we keep your computers safe throughout the course, as well as doing things legally, and having our computers set up for penetrations testing.

Our Virtual Lab Setup
Website Enumeration & Information Gathering
Introduction To Burpsuite
HTML Injection
Command Injection/Execution
Broken Authentication
Bruteforce Attacks
Sensitive Data Exposure
Broken Access Control
Security Misconfiguration
Cross Site Scripting – XSS
SQL Injection
XML, XPath Injection, XXE
Components With Known Vulnerabilities
Insufficient Logging And Monitoring
Monetizing Bug Hunting
Extra – Web Developer Fundamentals
Extra – Linux Terminal
Extra – Networking

📱 Javascript for bug bounty hunters — Part 1
📱 Javascript for bug bounty hunters — Part 2
📱 Javascript for bug bounty hunters — Part 3
📱 Bugs & JS :A Closer Look at JavaScript for ...
📱 All About JavaScript Analysis For Bug Bounty Hunting
📱 JS for Bug Bounties 2.0 Extreme Edition 2024
📱 Hunting JavaScript File for Bug Hunters
📱 JavaScript: Hunting And Analyzing
📱 My Javascript Recon Process - BugBounty
🔗 Art of Bug Bounty A Way From JS File Analysis to XSS

🖤  Hunting for Javascript! Bug bounty, scripthunter,more
🖤  JavaScript For Bug Bounty Hackers
🖤  #NahamCon2024: .js Files Are Your Friends

📕JavaScript for hackers: Learn to think like a hacker

This technique is only useful when your target has a large number of multi-level subdomains(not effective for small & medium scope targets). Execute this technique as the final step.

Read the list of subdomains from the file "subdomains.txt".

Process the subdomains in two steps:
a) Find the Top-10 most frequent occuring Second-Level Domain names with the help of tools like cut, sort, rev, uniq, etc.
b) Find the Top-10 most frequent occuring Third-Level domains.

Now run passive subdomain enumeration on these 10 Second-level domain names and 10 Third-level domain names using tools like amass, subfinder, assetfinder, findomain.

Keep appending the results to passive_recursive.txt file.

Now after finding out the a list of domain names, run puredns to DNS resolve them and find the alive subdomains.
Replace subdomains.txt with the filename of your subdomains list.

A Complete List of Directory Traversal/LFI Payloads Scraped from the Internet

GraphQL pentesting focuses on identifying security vulnerabilities in applications that use GraphQL for data querying. Unlike REST APIs, GraphQL allows clients to request specific data, which can expose underlying issues if not properly secured. Key areas of concern include improper authorization checks, excessive data exposure, and insufficient input validation. Pentesters should look for flaws such as introspection queries revealing sensitive schema details, or complex queries leading to denial of service. Ensuring robust input validation, implementing strict authorization checks, and limiting query complexity are essential practices to secure GraphQL endpoints.

🔗 Hacktricks - GraphQL and Security
🔗 Five easy ways to hack GraphQL targets
🔗 Portswigger - Graphql
🔗 ApiSecurity

📱 PayloadsAllTheThings
📱 hacking graphql
📱 Awesome Graphql Security
📱 Hack-graphql

🖤  NahamCon2024: GraphQL is the New PHP
🖤  Finding Your Next Bug: GraphQL
🖤  GraphQL API Pentesting

📕 Black Hat GraphQL
📕 Hacking APIs - Breaking Web Application ...
📕 API Security in Action

🔍 Link Gopher
🔍 Adblock Plus
🔍 FoxyProxy Standard
🔍 Video Speed Controller
🔍 Check XSS
🔍 HackTools
🔍 Bulk URL Opener
🔍 Temp Mail
🔍 JS Beautify CSS HTML
🔍 Multi-Account Containers

🌐 TruffleHog
🌐 Code Formatter
🌐 Freedium Extension
🌐 BuiltWith
🌐 Wappalyzer
🌐 WhatRuns
🌐 Retire.js
🌐 Cookie Extractor
🌐 Wayback Machine
🌐 EXIF Data Viwer
🌐 Shodan
🌐 S3 Bucket List
🌐 Ublock Origin
🌐 Resources Saver
🌐 Dot Git
🌐 EndPointer

All these GitHub Repositories contains 1000+ Hackerone reports to read from which you can learn how bug bounty hunters did recon to find IDOR Vulnerability, I suggest read atleast 300 reports to get your own unique perspective on IDOR Vulnerability.