bugbounty技巧聚合20220221 - 火线 Zone-安全攻防社区

bugbounty技巧聚合20220221

43999

漏洞报告

Self- XSS 50$
https://hackerone.com/reports/1442017
Android应用漏洞 3000$
https://hackerone.com/reports/1343528

挖洞技巧

API漏洞案例研究
https://monke.ie/api-vulns-casestudy/
Bug Bounty — Bypassing Endpoints
https://aaryanapex.medium.com/bug-bounty-bypassing-endpoints-55254df2cbff
Bypass Cloudflares Waf
https://medium.com/@friendly_/bypassing-cloudflares-waf-b1b83a50fb2f

挖洞工具

快速分析文件中的所有 IP，并查看哪些具有开放端口/漏洞
https://gitlab.com/shodan-public/nrich
Burpsuite插件，提取JS文件
https://github.com/0xDexter0us/uproot-JS
漏洞扫描框架
https://github.com/gokulapap/Reconator