bugbounty-cheatsheet
AwesomeXSS
Our great sponsors
bugbounty-cheatsheet | AwesomeXSS | |
---|---|---|
3 | 2 | |
5,561 | 4,645 | |
- | - | |
0.0 | 2.7 | |
8 months ago | 5 days ago | |
JavaScript | ||
Creative Commons Attribution Share Alike 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bugbounty-cheatsheet
AwesomeXSS
-
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
AwesomeXSS https://github.com/s0md3v/AwesomeXSS
-
Filter bypass
You don't need to use alert. You can try using confirm(). If the website is blocking javascript, you can try to capitalize some letters, something like jAvAscRiPt:confirm(1). You can check this repo, it's a gold mine of xss content.
What are some alternatives?
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
OneListForAll - Rockyou for web fuzzing
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
sql-injection-payload-list - 🎯 SQL Injection Payload List
xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
command-injection-payload-list - 🎯 Command Injection Payload List
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
ssti-payloads - 🎯 Server Side Template Injection Payloads
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Application-Security-Engineer-Interview-Questions - Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer