AwesomeXSS
bugbounty-cheatsheet
AwesomeXSS | bugbounty-cheatsheet | |
---|---|---|
2 | 3 | |
4,655 | 5,576 | |
- | - | |
2.7 | 0.0 | |
28 days ago | 8 months ago | |
JavaScript | ||
MIT License | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
AwesomeXSS
-
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
AwesomeXSS https://github.com/s0md3v/AwesomeXSS
-
Filter bypass
You don't need to use alert. You can try using confirm(). If the website is blocking javascript, you can try to capitalize some letters, something like jAvAscRiPt:confirm(1). You can check this repo, it's a gold mine of xss content.
bugbounty-cheatsheet
What are some alternatives?
OneListForAll - Rockyou for web fuzzing
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
sql-injection-payload-list - 🎯 SQL Injection Payload List
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
command-injection-payload-list - 🎯 Command Injection Payload List
ssti-payloads - 🎯 Server Side Template Injection Payloads
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Application-Security-Engineer-Interview-Questions - Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer