I prefer below available resources to succeed in Bug Bounty Hunting. I'll update this monthly with new techniques.
- OpenBugBounty - (XSS/CSRF/IDOR)(Will accept report from any site)
- BugCrowd
- HackerOne
- Cobalt.io
- SynAck (Only invited researchers)
- Other self hosted programs by different domains (Facebook Whitehat/Google VRP/ AT&T BB)
- Enumall
- Massdns
- Sublist3r
- Knock
- VirusTotal
- Shodan
- Censys
- Eye witness
- DNS Dumpster
- Google Dorking (site:sony.com -www)
- Virus Total
- BugCrowd LevelUp
- DNSScan
- Altdns
- dns-parallel-prober
- brutesubs
- dirsearch
- Aquatone
- ride.uber.com - cname - cloudfront.com
- xxxx.ubnt.com - cname - cloudfront.com
- rubyci.s3.amazonaws.com
- hackerone
- uber
- ubiquitinetworks
- twitter etc.
- Cname: unbouncepages.com
- Name: landing.udemy.com
- Type: CNAME
- Class: IN
- TTL: 300
- 216.58.203.243 moderator.ubnt.com
- 216.58.203.243 ghs.google.com
- 216.58.203.243 ghs.l.google.com
- autoSubTakeover [Github]
- HostileSubBruteforcer
- tko-subs
- Aws Extender
- gitrob
- git-all-secrets
- trufflehog
- git-secrets
- repo-supervisor
- Crunchbase
- crt.sh
- Censys
- Google Cert Repo
- Wappalyzer
- Retire.js
- Built With
- Vulners CVE Scanner
- Patator
- GoBuster
- WPScan
- CMSMap
- Robots Disallowed
- Burp Content Discovery
- CMSExplorer
- BlindElephant
- Adobe Cold Fusion - (Famous RCE/Admin Salt Leakage/SQL Vuln)
- Drupal CMS - (RCE)
- Wordpress - (Plenty of Bugs)
- Jenkins Automation Server
- Parameth
- Back Slash Powered Scanner [Burp]
- Polyglot
- FlashScanner
- Common Input Vectors
- Blind XSS Frameworks
- Sleepy Puppy [Python]
- XSS Hunter [Python]
- Ground Control [Ruby/Smail]
- XSS MindMap
- XSS Hunter
- Flash XSS (FFDec-ompiler, https://github.com/riusksk/FlashScanner, https://cure53.de/flashbang)
- Target is Accepting on JSON format data and Blocking Cross Domain requests with CORS.
-
Blind SSRF
- Google PoC.
- Twitter PoC.
- AWS metadata acquiring
-
Full SSRF
-
Out of Band
Validation missing on State/Token/Code (Open Redirection on Google Acquisition)
- Email Verification Check fails
- Money Rounding Issues.
- Via Large input.
- Via Images.
- Via XLS/PDF/TXT.
- Via Out of Band Blind SSRF.
- Decompile app --> Look for /assets/ or /res/raw [AWS Prod Keys, Dev Leftovers]
- Check for External Storage - Binary Info/Code without validation, Sandbox leak, GPS Info, Log Files
- Detecting Read/Write External Storage - FileObserver
- Obfuscation - Proguard
- Webview Checks
- setAllowContent
- setAllowFileAccess
- setAllowFileAccessFromURLs
- setJavaScriptEnabled
- setPluginState
- setSavePassword
- JavaScriptInterfaces - "jsvar" -------> RCE CVE-2012-6636 (SDK<=17 supported apps vulnerable)
- Ron Chan Ref
- bugbounty.community/tools