/SRC-experience

工欲善其事,必先利其器

SRC-experience

工欲善其事,必先利其器

最近收集到的一些src挖掘奇技淫巧,然后还有一些国外新技术的学习网站分享给大家。

2021.10.20: 时隔两年更新下文章。

Bug Bounty trick website

https://www.bugbountynotes.com/training

https://pentester.land/newsletter/2019/02/12/the-5-hacking-newsletter-40.html

https://www.openbugbounty.org/

hackerone-reports

hackerone-reports

bug-bounty-reference 按漏洞性质分类的漏洞赏金记录列表

BUG BOUNTY HUNTING

bounty-targets-data 赏金目标数据

6000多份HackerOne漏洞公开报告

https://github.com/ngalongc/bug-bounty-reference

Awesome-Bugbounty-Writeups

https://github.com/w181496/Web-CTF-Cheatsheet

collection-of-bug-bounty-tip-will-be-updated-daily

Web-CTF-Cheatsheet

https://github.com/w181496/Web-CTF-Cheatsheet
https://github.com/harsh-bothra/learn365/
https://github.com/carlospolop/hacktricks

Penetration

BugBountyHunting Search Engine
https://www.bugbountyhunting.com/

Bug Bounty Collection
https://github.com/ngalongc/bug-bounty-reference
https://github.com/djadmin/awesome-bug-bounty
https://github.com/Muhammd/awesome-bug-bounty
https://github.com/djadmin/awesome-bug-bounty
https://github.com/dwisiswant0/awesome-oneliner-bugbounty
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/m4ll0k/Bug-Bounty-Toolz
https://github.com/EdOverflow/bugbounty-cheatsheet
https://github.com/KingOfBugbounty/KingOfBugBountyTips
https://github.com/EdOverflow/bugbountyguide
https://github.com/AlexisAhmed/BugBountyToolkit
https://github.com/e11i0t4lders0n/Bugbounty-Resources

https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
https://github.com/1ndianl33t/Bugbounty-Resources
https://github.com/1ndianl33t/BugBounty_Profile
https://github.com/KathanP19/HowToHunt
https://github.com/vaib25vicky/awesome-mobile-security
https://github.com/Voorivex/pentest-guide
https://github.com/Hack-with-Github/Awesome-Hacking

https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/0xedward/awesome-infosec
https://github.com/victoni/Bug-Bounty-Scripts
https://github.com/ujjwal96/arsenal
https://github.com/Sambal0x/Recon-tools
https://github.com/bobby-lin/bug-bounty-guide
https://github.com/vavkamil/awesome-bugbounty-tools
https://book.hacktricks.xyz

https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/0xedward/awesome-infosec
https://github.com/victoni/Bug-Bounty-Scripts
https://github.com/ujjwal96/arsenal
https://github.com/Sambal0x/Recon-tools
https://github.com/bobby-lin/bug-bounty-guide
https://github.com/vavkamil/awesome-bugbounty-tools
https://book.hacktricks.xyz

https://github.com/infoslack/awesome-web-hacking
https://github.com/jaredthecoder/awesome-vehicle-security
https://github.com/trimstray/the-book-of-secret-knowledge
https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet
https://github.com/The404Hacking/AndroRAT
https://github.com/sundaysec/Android-Exploits
https://github.com/AzimsTech/Android_Hacking
https://github.com/hahwul/MobileHackersWeapons

Cheat Sheet collection
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://github.com/OlivierLaflamme/Cheatsheet-God
https://github.com/baumanab/cheat_sheets
https://github.com/detailyang/awesome-cheatsheet
https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://gist.github.com/jeremypruitt/c435aefa2c2abaec02985d77fb370ec5
https://github.com/PeterSufliarsky/pentesting-cheat-sheet

Penetration Testing Checklist collection
https://github.com/oxr463/pentesting-checklist
https://github.com/netbiosX/Checklists
https://github.com/harsh-kk/web-pentesting-checklist
https://github.com/chennylmf/OWASP-Web-App-Pentesting-checklists
https://github.com/MahdiMashrur/Awesome-Application-Security-Checklist
https://github.com/Probely/security_checklist
https://github.com/sderosiaux/checklists

Pentesters Roadmap collection
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
https://github.com/GrandGarcon/Complete_Cybersecurity_Path
https://github.com/CSIRT-MU/edu-resources
https://github.com/argowang/cyber-security-roadmap
https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap
https://github.com/nairuzabulhul/RoadMap
https://github.com/nairuzabulhul/RoadMap/blob/master/PTS/Pentesting.md
https://github.com/sundowndev/hacker-roadmap

Payloads Collection

Payloads Collection
https://github.com/omurugur/SQL_Injection_Payload
https://github.com/omurugur/XSS_Payload_List
https://github.com/omurugur/OS_Command_Payload_List
https://github.com/omurugur/Open_Redirect_Payload_List
https://github.com/cujanovic/SSRF-Testing
https://github.com/swisskyrepo/PayloadsAllTheThings

https://github.com/akalankauk/XSS-SQL-Master-Payloads
https://github.com/austinsonger/payloadsandlists
https://github.com/BrodieInfoSec/BIG_XSS
https://github.com/pgaijin66/XSS-Payloads
https://github.com/sh377c0d3/Payloads
https://github.com/omurugur/SQL_Injection_Payload
https://github.com/RedVirus0/LFI-Payloads
https://github.com/emadshanab/LFI-Payload-List
https://github.com/secf00tprint/payloadtester_lfi_rfi

https://github.com/foospidy/payloads
https://github.com/payloadbox/command-injection-payload-list
https://github.com/payloadbox/sql-injection-payload-list
https://github.com/payloadbox/open-redirect-payload-list
https://github.com/payloadbox/xxe-injection-payload-list
https://github.com/payloadbox/rfi-lfi-payload-list
https://github.com/payloadbox/csv-injection-payloads
https://github.com/terjanq/Tiny-XSS-Payloads
https://github.com/hahwul/XSS-Payload-without-Anything

Awesome Electron.js hacking

https://github.com/doyensec/awesome-electronjs-hacking

从别的地方扒来一些案例和知识点

浅析通过"监控"来辅助进行漏洞挖掘

威胁情报-生存在SRC平台中的刷钱秘籍

威胁情报

YSRC众测之我的漏洞挖掘姿势

SRC的漏洞分析

众测备忘手册

挖洞技巧:如何绕过URL限制

挖洞技巧:APP手势密码绕过思路总结

挖洞技巧:支付漏洞之总结

挖洞技巧:绕过短信&邮箱轰炸限制以及后续

挖洞技巧:信息泄露之总结

OSS对象存储上传解析漏洞

任意文件下载引发的思考

两种密码重置之综合利用

任意用户密码重置

通用性业务逻辑组合拳劫持你的权限

收藏的 src 工具

Scanners-Box 安全行业从业者自研开源扫描器合辑

hakrawler-快速地发现Web应用程序中的端点和资产

Voyager-安全工具集合平台

bayonet-src资产管理系统

wayback-machine-downloader

ApkAnalyser-一键提取安卓应用中可能存在的敏感信息

Diggy-从apk文件中提取端点

新的一年祝大家挖洞必高危。