{"id":18942335,"url":"https://github.com/bugcrowd/templates","last_synced_at":"2025-05-15T17:01:30.178Z","repository":{"id":37385715,"uuid":"279213314","full_name":"bugcrowd/templates","owner":"bugcrowd","description":"Repository to house markdown templates for researchers","archived":false,"fork":false,"pushed_at":"2025-03-11T09:36:27.000Z","size":2292,"stargazers_count":197,"open_issues_count":22,"forks_count":50,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-03-31T21:46:03.384Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bugcrowd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-13T04:50:27.000Z","updated_at":"2025-03-14T20:10:50.000Z","dependencies_parsed_at":"2023-10-16T16:18:23.459Z","dependency_job_id":"7996fadb-a646-4e62-8f91-ff27293d0ffb","html_url":"https://github.com/bugcrowd/templates","commit_stats":{"total_commits":890,"total_committers":20,"mean_commits":44.5,"dds":0.2629213483146068,"last_synced_commit":"f9aa713612443aa3cb9e669b4a1d2884e7ac613d"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Ftemplates","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Ftemplates/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Ftemplates/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bugcrowd%2Ftemplates/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bugcrowd","download_url":"https://codeload.github.com/bugcrowd/templates/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247737788,"owners_count":20987721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T12:32:27.011Z","updated_at":"2025-04-07T22:07:13.312Z","avatar_url":"https://github.com/bugcrowd.png","language":"Ruby","readme":"# Report Templates\n\n![Markdown Linter](https://github.com/bugcrowd/templates/workflows/Markdown%20Linter/badge.svg)\n\nDirectory Structure notes:\n\nScript `generate-directories.py` grabs the current latest version of the VRT structure from GitHub and creates any missing directories. Does not remove or rename directories based on items removed from VRT.\n\nScript follows standard entry names and keeps underscores / case as provided by VRT `id` field.\n\n---\n\n## Working with this repo\n\nThis repo has 'Protected Master' enabled; which means that only project admins can commit to the master branch, via Pull Requests. All updates need to come via pull request to ensure integrity.\n\nThe following is written assuming SSH access is correctly configured.\n\nFirst, check out the master branch:\n\n`git clone git@github.com:bugcrowd/templates.git ## n.b. using SSH aliases can make this much simpler`\n\nOnce you have master on your system, you will need to create a branch for the work you are about to perform:\n\n`git checkout -b \u003cbranch-name\u003e` \n\nExample branch names could be `XXE-templates` `XSS-templates`, something that denotes what the parcel of work is. These should be kept small, preferrably a group of templates and not much more. Commit and push often!\n\n`git commit -am \"Comments about what you changed go here\"` saves your changes in the *local* git repo. *Always* leave a descriptive commit message.\n\nWhen you have completed your templates, you can push them to the repo. These will still be their own branch, but when you push the linter will run and validate the markdown against a set of rules. If you followed the example template and didn't deviate much, the templates should pass.\n\n`git push --set-upstream origin \u003cbranch-name\u003e` This will create the branch on the origin server (github) and push your changes. This only needs to be done once for the branch, and subsequent pushes for the branch can be performed with `git push`.\n\nOnce the linter has run successfully, you can then create a Pull Request (PR)\n\nSelect the branch in the GitHub interface. You should see a 'Pull request' button above the code.\n\nSelect that button, then fill out some details about what changed for the project admins to review, then click 'Create pull request'.\n\nAt that point, you're done! We'll review the PR and merge or reject as appropriate.\n\nOnce the PR is accepted, you're free to delete the branch\n\n`git branch -d \u003cbranch-name\u003e`\n\n---\n\n## Template Structure\n\nBelow is an example template. All sections should be updated to include correct information.\n\n```markdown\n\n## Overview of the Vulnerability\n\nProvide a 1-2 sentence description of the vulnerability.\n\nThis format is a good guide:\n[VULNTYPE] in [COMPONENT] in [APPLICATION] allows [ATTACKER] to [IMPACT] via [VECTOR] \n\n## Business Impact\n\nProvide an example of the impact to the business. This could be reputational damage, financial loss, a loss in customer trust, etc.\n\n## Steps to Reproduce\n\nProvide a step-by-step walkthrough on how to access the vulnerable injection point, and how to exploit the vulnerability.\n\nExample:\n\n1. Login to in-scope asset at \u003cwww.bugcrowd.com/login\u003e\n1. Browse to account page\n1. Modify ID token to add single quote\n1. View error which states 'SQL Syntax Error'\n1. Replace ID value with `1' waitfor delay '00:00:10'; `\n\n\n## Proof of Concept (PoC)\n\nYour submission must include evidence of the vulnerability and not be theoretical in nature.\nYou may present your evidence as output from a tool, such as SQLMap, unless the program forbids the use of these tools. Evidence may also be in the format of terminal output, screenshots, or video.\nUse this section to demonstrate clearly the effect of the vulnerability. However, do not access Personally Identifiable Information (PII).\n\n```\n\n## Example\n\nThis is an example template:\n\n````markdown\n# Reflected Cross-Site Scripting (Non-self)\n\n## Overview of the Vulnerability\n\nReflected Cross-Site Scripting (XSS) is a type of injection attack where malicious JavaScript code is injected into a website. When a user visits the affected web page, the JavaScript code executes and its input is reflected in the user’s browser. Reflected XSS can be found on this domain which allows an attacker to create a crafted URL. When opened by a user,  this URL will execute arbitrary Javascript within that user’s browser in the context of this domain.\n\nWhen an attacker can control code that is executed within a user’s browser, they are able to carry out any actions that the user is able to perform, including accessing any of the user's data and modifying information within the user’s permissions. This can result in modification, deletion, or theft of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session.\n\n## Business Impact\n\nReflected XSS could lead to data theft through the attacker’s ability to manipulate data through their access to the application, and their ability to interact with other users, including performing other malicious attacks, which would appear to originate from a legitimate user. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.\n\n## Steps to Reproduce\n\n1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP\n1. Use a browser to navigate to: {{URL}}\n1. Forward the following request to the endpoint:\n\n```HTTP Request\n{{request}}\n```\n\n1. Observe the JavaScript payload being executed\n\n## Proof of Concept (PoC)\n\nBelow is a screenshot demonstrating the injected JavaScript executing at the vulnerable endpoint:\n\n{{screenshot}}\n\n````\n\n## Style Guide\n\n### Voice\n\nWhere possible, use passive voice. For example:\n\nCorrect:\n\n\u003e An SQL injection vulnerability was discovered in the web application.\n\nIncorrect:\n\n\u003e I discovered an SQL injection vulnerability in the web application.\n\nIncorrect:\n\n\u003e Bugcrowd discovered an SQL injection vulnerability in the web application.\n\nIncorrect:\n\n\u003e We discovered an SQL injection in the web application.\n\n## Concision\n\n### Eliminate Redundancy\n\nIncorrect:\n\n\u003e Throughout the course of the engagement, a critical severity SQL injection was discovered in the web application (\u003cwww.example.com\u003e) which could be used by an attacker to exfiltrate personally identifiable information from the backend database.\n\nCorrect:\n\n\u003e An SQL injection was discovered in \u003cwww.example.com\u003e allowing a malicious attacker to exfiltrate personally identifiable information.\n\n### Split Up Long Sentences\n\nIncorrect:\n\n\u003e An SQL injection was discovered in \u003cwww.example.com\u003e allowing a malicious attacker to exfiltrate personally identifiable information including email addresses which would be considered a GDPR violation and poses a considerable business risk.\n\nCorrect:\n\u003e An SQL injection was discovered in \u003cwww.example.com\u003e allowing a malicious attacker to exfiltrate personally identifiable information. The retrievable data includes passwords, email addresses and full names. This poses a GDPR violation and considerable business risk.\n\n## Acronyms\n\nWhen using an acronym, always spell out the full version first with the acronym in brackets. Once it has been spelled out in full, subsequent uses can just use the acronym.\n\nFor example:\n\n\u003e Cross-Site Scripting (XSS) is a client-side attack which allows a malicious attacker to execute JavaScript in a victim's browser. XSS occurs when user input is reflected back to the browser without encoding.\n\n\u003e Cross-Site Request Forgery (CSRF) was discovered in example.com. This CSRF allows you to update the victim user's address without their knowledge.\n\n## Spelling and capitalisation of common words\n\nCorrect: Bugcrowd\nIncorrect: BugCrowd, bugcrowd, Bug Crowd, Bug crowd and bug crowd.\n\nCorrect: pentest (or Pentest if grammatically required)\nIncorrect: pen test, PenTest, Pen Test\n\n## A vs. An\n\n\"An\" should be used when the next word starts with a consonant *sound*. Otherwise, \"A\" should be used.\n\nCorrect:\n\n- An apple\n- An SQL injection\n- An XSS\n- An easy life\n- A pineapple\n- A vulnerability\n\nIncorrect:\n\n- An server\n- A SQL injection\n\n## Emotive language\n\nLanguage used should always be unemotive and impartial.\n\n- Correct: Seven critical vulnerabilities were discovered.\n- Incorrect: Seven concerning vulnerabilities were discovered.\n- Incorrect: The overall security posture was very poor.\n\n## Researcher / Hacker / Attacker\n\n- Use the word \"researcher\" when referring to a person who presents submissions to Bugcrowd.\n- Use the words \"attacker\" when walking through an attack scenario, for example: \"an attacker is able to exfiltrate customer data and perform arbitrary SQL queries\".\n- Never use the word \"hacker\".\n\n## Use of \"victim\"\n\n- Don't use the word \"victim\".\n- A good alternative is to refer to that person's role.\n\nExamples:\n\n- Incorrect: The vulnerability can be used to exploit the victim.\n- Correct: The vulnerability can be used to exploit the user.\n- Correct: The vulnerability can be used to exploit administrative users.\n\n## Placeholders\n\n- `{{target}}`: Name of the in scope target listed on the program page (for example, `*.bugcrowd.com`)\n- `{{application}}`: A specific application within the target (for example, Acme Inc. Employee Portal)\n- `{{type}}`: Type of testing performed listed next to the target on the program page (for example website testing, API testing, mobile application testing, hardware testing, etc.)\n- `{{url}}`: Placeholder for a URL (for example, `https://bugcrowd.com/vulnerability-rating-taxonomy`)\n- `{{version}}`: The specific version number of software tested (for example, 13.3.7)\n- `{{program}}`: The program name (for example, Bugcrowd)\n- `{{screenshot}}`: Photo or video evidence displaying an execued proof of concept.\n- `{{action}}`: The action that a malicious attacker could perform if they exploit it (for example, exfiltrate session tokens, take full control of administrative account, dump PII, etc.)\n- `{{parameter}}`: A variable that transmits data from the client to the server which can have different types of data stored within them. The handling is determined by the server-side code. (for example `id=1337`)\n- `{{hardware}}`: A specific piece of hardware used to exploit an IoT or Automotive asset \n- `{{software}}`: A specific software used to exploit an asset (for example burp, nessus, nikto, etc.)\n- `{{payload}}`: A command or payload that is executed on an asset \n- `{{value}}`: A specific metric value (seconds, milliseconds, frequencies, etc.)\n\n## BugcrowdTemplates Rubygem\n\nThis repo has `bugcrowd_templates` gem. This gem is used to fetch the `templates` for submission description and methodologies notes based on VRT selections. It is used and maintained by [Bugcrowd Engineering](https://bugcrowd.com).\n\n## Getting Started\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'bugcrowd_templates'\n```\n\n## Usage\n\nFor convenience in development, we provide a utility for spinning up a\nplayground for playing with the gem. You can invoke it with:\n\n```bash\nbin/console\n```\n\n## File structure\n\nBelow is an example to call `BugcrowdTemplates` for fetching `templates` in submission description \u0026 methodologies notes fields.\n\n```ruby\nBugcrowdTemplates.get(\n  type: 'any_value', # type can be submissions or methodologies\n  field: 'any_value', # field name of the type\n  category: 'any_value', # any category name from VRT option\n  subcategory: 'any_value', # any subcategory name from VRT option\n  item: 'any_value', # any item name from VRT option\n  file_name: 'any_value' # file_name can be 'template' or 'guidance'\n)\n```\n\n## Example for templates\n\nBelow is an example to call `BugcrowdTemplates` for fetching `template` in submission description field.\n\n```ruby\nBugcrowdTemplates.get(\n  type: 'submissions',\n  field: 'description', # field name of the submissions\n  category: 'server_security_misconfiguration', # category name from VRT option\n  subcategory: 'clickjacking', # subcategory name from VRT option\n  item: 'non_sensitive_action', # item name from VRT option\n  file_name: 'template' # template\n)\n=\u003e '# Clickjacking on a non-sensitive action\\n\\n## Overview\\n\\n' # template fetched from templates path\n```\n\nExample for fetching `guidance` template\n\n```ruby\nBugcrowdTemplates.get(\n  type: 'submissions',\n  field: 'description',\n  category: 'using_components_with_known_vulnerabilities',\n  subcategory: 'outdated_software_version',\n  file_name: 'guidance'\n)\n```\n\nBelow is an example to call `BugcrowdTemplates` for fetching `templates` in methodologies notes field.\n\n```ruby\nBugcrowdTemplates.get(\n  type: 'methodology',\n  field: 'notes', # field name of the methodologies\n  category: 'website_testing',\n  file_name: 'information'\n)\n=\u003e '# Information gathering and Reconnaisance\\n\\n##' # template fetched from templates path\n```\n\n\n\n\n\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugcrowd%2Ftemplates","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbugcrowd%2Ftemplates","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbugcrowd%2Ftemplates/lists"}