Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wh0ale/src-experience

工欲善其事,必先利其器
https://github.com/wh0ale/src-experience

Last synced: 29 days ago
JSON representation

工欲善其事,必先利其器

Awesome Lists containing this project

README 

        
# SRC-experience

工欲善其事,必先利其器



~~最近收集到的一些src挖掘奇技淫巧,然后还有一些国外新技术的学习网站分享给大家。~~



2021.10.20: 时隔两年更新下文章。



**Bug Bounty trick website**



**hackerone-reports**



[hackerone-reports](https://github.com/reddelexc/hackerone-reports)



[bug-bounty-reference 按漏洞性质分类的漏洞赏金记录列表](https://github.com/ngalongc/bug-bounty-reference)



[BUG BOUNTY HUNTING](https://medium.com/bugbountywriteup/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65)



[bounty-targets-data 赏金目标数据](https://github.com/arkadiyt/bounty-targets-data)



[6000多份HackerOne漏洞公开报告](https://www.uedbox.com/post/65763/)



[https://github.com/ngalongc/bug-bounty-reference](https://github.com/ngalongc/bug-bounty-reference)



[Awesome-Bugbounty-Writeups](https://github.com/devanshbatham/Awesome-Bugbounty-Writeups)



[https://github.com/w181496/Web-CTF-Cheatsheet](https://github.com/w181496/Web-CTF-Cheatsheet)



[collection-of-bug-bounty-tip-will-be-updated-daily](https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248)



**Web-CTF-Cheatsheet**



```java

https://github.com/w181496/Web-CTF-Cheatsheet

https://github.com/harsh-bothra/learn365/

https://github.com/carlospolop/hacktricks

```



**Penetration**



```java

BugBountyHunting Search Engine

https://www.bugbountyhunting.com/



Bug Bounty Collection

https://github.com/ngalongc/bug-bounty-reference

https://github.com/djadmin/awesome-bug-bounty

https://github.com/Muhammd/awesome-bug-bounty

https://github.com/djadmin/awesome-bug-bounty

https://github.com/dwisiswant0/awesome-oneliner-bugbounty

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

https://github.com/m4ll0k/Bug-Bounty-Toolz

https://github.com/EdOverflow/bugbounty-cheatsheet

https://github.com/KingOfBugbounty/KingOfBugBountyTips

https://github.com/EdOverflow/bugbountyguide

https://github.com/AlexisAhmed/BugBountyToolkit

https://github.com/e11i0t4lders0n/Bugbounty-Resources



https://github.com/sushiwushi/bug-bounty-dorks

https://github.com/devanshbatham/Awesome-Bugbounty-Writeups

https://github.com/1ndianl33t/Bug-Bounty-Roadmaps

https://github.com/1ndianl33t/Bugbounty-Resources

https://github.com/1ndianl33t/BugBounty_Profile

https://github.com/KathanP19/HowToHunt

https://github.com/vaib25vicky/awesome-mobile-security

https://github.com/Voorivex/pentest-guide

https://github.com/Hack-with-Github/Awesome-Hacking



https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

https://github.com/0xedward/awesome-infosec

https://github.com/victoni/Bug-Bounty-Scripts

https://github.com/ujjwal96/arsenal

https://github.com/Sambal0x/Recon-tools

https://github.com/bobby-lin/bug-bounty-guide

https://github.com/vavkamil/awesome-bugbounty-tools

https://book.hacktricks.xyz



https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups

https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

https://github.com/0xedward/awesome-infosec

https://github.com/victoni/Bug-Bounty-Scripts

https://github.com/ujjwal96/arsenal

https://github.com/Sambal0x/Recon-tools

https://github.com/bobby-lin/bug-bounty-guide

https://github.com/vavkamil/awesome-bugbounty-tools

https://book.hacktricks.xyz



https://github.com/infoslack/awesome-web-hacking

https://github.com/jaredthecoder/awesome-vehicle-security

https://github.com/trimstray/the-book-of-secret-knowledge

https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet

https://github.com/The404Hacking/AndroRAT

https://github.com/sundaysec/Android-Exploits

https://github.com/AzimsTech/Android_Hacking

https://github.com/hahwul/MobileHackersWeapons



Cheat Sheet collection

https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

https://github.com/OlivierLaflamme/Cheatsheet-God

https://github.com/baumanab/cheat_sheets

https://github.com/detailyang/awesome-cheatsheet

https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets

https://github.com/coreb1t/awesome-pentest-cheat-sheets

https://gist.github.com/jeremypruitt/c435aefa2c2abaec02985d77fb370ec5

https://github.com/PeterSufliarsky/pentesting-cheat-sheet



Penetration Testing Checklist collection

https://github.com/oxr463/pentesting-checklist

https://github.com/netbiosX/Checklists

https://github.com/harsh-kk/web-pentesting-checklist

https://github.com/chennylmf/OWASP-Web-App-Pentesting-checklists

https://github.com/MahdiMashrur/Awesome-Application-Security-Checklist

https://github.com/Probely/security_checklist

https://github.com/sderosiaux/checklists



Pentesters Roadmap collection

https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

https://github.com/GrandGarcon/Complete_Cybersecurity_Path

https://github.com/CSIRT-MU/edu-resources

https://github.com/argowang/cyber-security-roadmap

https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap

https://github.com/nairuzabulhul/RoadMap

https://github.com/nairuzabulhul/RoadMap/blob/master/PTS/Pentesting.md

https://github.com/sundowndev/hacker-roadmap

```



**Payloads Collection**



```java

Payloads Collection

https://github.com/omurugur/SQL_Injection_Payload

https://github.com/omurugur/XSS_Payload_List

https://github.com/omurugur/OS_Command_Payload_List

https://github.com/omurugur/Open_Redirect_Payload_List

https://github.com/cujanovic/SSRF-Testing

https://github.com/swisskyrepo/PayloadsAllTheThings



https://github.com/akalankauk/XSS-SQL-Master-Payloads

https://github.com/austinsonger/payloadsandlists

https://github.com/BrodieInfoSec/BIG_XSS

https://github.com/pgaijin66/XSS-Payloads

https://github.com/sh377c0d3/Payloads

https://github.com/omurugur/SQL_Injection_Payload

https://github.com/RedVirus0/LFI-Payloads

https://github.com/emadshanab/LFI-Payload-List

https://github.com/secf00tprint/payloadtester_lfi_rfi



https://github.com/foospidy/payloads

https://github.com/payloadbox/command-injection-payload-list

https://github.com/payloadbox/sql-injection-payload-list

https://github.com/payloadbox/open-redirect-payload-list

https://github.com/payloadbox/xxe-injection-payload-list

https://github.com/payloadbox/rfi-lfi-payload-list

https://github.com/payloadbox/csv-injection-payloads

https://github.com/terjanq/Tiny-XSS-Payloads

https://github.com/hahwul/XSS-Payload-without-Anything

```



**Awesome Electron.js hacking**



```java

https://github.com/doyensec/awesome-electronjs-hacking

```



**从别的地方扒来一些案例和知识点**



[浅析通过"监控"来辅助进行漏洞挖掘](https://bbs.ichunqiu.com/thread-28591-1-1.html)



[威胁情报-生存在SRC平台中的刷钱秘籍](https://bbs.ichunqiu.com/article-921-1.html)



[威胁情报](https://mp.weixin.qq.com/s/v2MRx7qs70lpnW9n-mJ7_Q)



[YSRC众测之我的漏洞挖掘姿势](https://bbs.ichunqiu.com/article-655-1.html)



[SRC的漏洞分析](https://bbs.ichunqiu.com/thread-19745-1-1.html)



[众测备忘手册](https://mp.weixin.qq.com/s/4XPG37_lTZDzf60o3W_onA)



[挖洞技巧:如何绕过URL限制](https://www.secpulse.com/archives/67064.html)



[挖洞技巧:APP手势密码绕过思路总结](https://www.secpulse.com/archives/67070.html)



[挖洞技巧:支付漏洞之总结](https://www.secpulse.com/archives/67080.html)



[挖洞技巧:绕过短信&邮箱轰炸限制以及后续](http://mp.weixin.qq.com/s/5OSLC2GOeYere9_lT2RwHw)



[挖洞技巧:信息泄露之总结](https://www.secpulse.com/archives/67123.html)



[OSS对象存储上传解析漏洞](https://xianzhi.aliyun.com/forum/topic/2078)



[任意文件下载引发的思考](https://www.secpulse.com/archives/68522.html)



[两种密码重置之综合利用](http://www.freebuf.com/articles/network/166520.html)



[任意用户密码重置](http://www.freebuf.com/articles/web/166667.html)



[通用性业务逻辑组合拳劫持你的权限](https://www.anquanke.com/post/id/106961)



**收藏的 src 工具**



[Scanners-Box 安全行业从业者自研开源扫描器合辑](https://github.com/We5ter/Scanners-Box)



[hakrawler-快速地发现Web应用程序中的端点和资产](https://github.com/hakluke/hakrawler)



[Voyager-安全工具集合平台](https://github.com/ody5sey/Voyager)



[bayonet-src资产管理系统](https://github.com/CTF-MissFeng/bayonet)



[wayback-machine-downloader](https://github.com/hartator/wayback-machine-downloader)



[ApkAnalyser-一键提取安卓应用中可能存在的敏感信息](https://github.com/TheKingOfDuck/ApkAnalyser)



[Diggy-从apk文件中提取端点](https://github.com/s0md3v/Diggy)



**新的一年祝大家挖洞必高危。**