Skip to content

ducnp/tbhm

1 Branch0 Tags
This branch is 56 commits behind jhaddix/tbhm:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

jhaddixjhaddix
Update 8_CSRF.markdown
Nov 4, 2015
4b384d9 · Nov 4, 2015

History

48 Commits
10_Mobile.markdown
10_Mobile.markdown
Oct 8, 2015
11_Auxiliary_Info.markdown
11_Auxiliary_Info.markdown
Oct 8, 2015
1_Philosophy.markdown
1_Philosophy.markdown
Oct 8, 2015
2_Discovery.markdown
2_Discovery.markdown
Oct 8, 2015
3_Mapping.markdown
3_Mapping.markdown
Oct 8, 2015
4_Authorization_and_Session.markdown
4_Authorization_and_Session.markdown
Oct 8, 2015
5_XSS.markdown
5_XSS.markdown
Oct 8, 2015
6_SQLi.markdown
6_SQLi.markdown
Oct 8, 2015
7_File_Upload.markdown
7_File_Upload.markdown
Oct 8, 2015
8_CSRF.markdown
8_CSRF.markdown
Nov 4, 2015
9_Privledge_Logic_Transport.markdown
9_Privledge_Logic_Transport.markdown
Oct 8, 2015
How Do I shot Web-.pdf
How Do I shot Web-.pdf
Sep 5, 2015
README.md
README.md
Oct 8, 2015

Repository files navigation

The Bug Hunters Methodology

Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.

These methodology pieces are presented as an abbreviated testing methodology for use in bug bounties. It is based off of the research gathered for the Defcon 23 talk "How to shot Web: better hacking in 2015".

The current sections are divided as follows:

  • philosophy
  • discovery
  • mapping
  • tactical fuzzing
  • XSS
  • SQLi
  • LFI
  • CSRF
  • web services
  • mobile vulnerabilities

The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during thier day-to-day work.

@jhaddix

Defcon Video

ScreenShot

About

The Bug Hunters Methodology

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published