SRC-experience

工欲善其事，必先利其器

~~最近收集到的一些src挖掘奇技淫巧，然后还有一些国外新技术的学习网站分享给大家。~~

2021.10.20: 时隔两年更新下文章。

Bug Bounty trick website

https://www.bugbountynotes.com/training

https://pentester.land/newsletter/2019/02/12/the-5-hacking-newsletter-40.html

https://www.openbugbounty.org/

hackerone-reports

hackerone-reports

bug-bounty-reference 按漏洞性质分类的漏洞赏金记录列表

BUG BOUNTY HUNTING

bounty-targets-data 赏金目标数据

6000多份HackerOne漏洞公开报告

https://github.com/ngalongc/bug-bounty-reference

Awesome-Bugbounty-Writeups

https://github.com/w181496/Web-CTF-Cheatsheet

collection-of-bug-bounty-tip-will-be-updated-daily

Web-CTF-Cheatsheet

https://github.com/w181496/Web-CTF-Cheatsheet
https://github.com/harsh-bothra/learn365/
https://github.com/carlospolop/hacktricks

Penetration

BugBountyHunting Search Engine
https://www.bugbountyhunting.com/

Bug Bounty Collection
https://github.com/ngalongc/bug-bounty-reference
https://github.com/djadmin/awesome-bug-bounty
https://github.com/Muhammd/awesome-bug-bounty
https://github.com/djadmin/awesome-bug-bounty
https://github.com/dwisiswant0/awesome-oneliner-bugbounty
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/m4ll0k/Bug-Bounty-Toolz
https://github.com/EdOverflow/bugbounty-cheatsheet
https://github.com/KingOfBugbounty/KingOfBugBountyTips
https://github.com/EdOverflow/bugbountyguide
https://github.com/AlexisAhmed/BugBountyToolkit
https://github.com/e11i0t4lders0n/Bugbounty-Resources

https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
https://github.com/1ndianl33t/Bugbounty-Resources
https://github.com/1ndianl33t/BugBounty_Profile
https://github.com/KathanP19/HowToHunt
https://github.com/vaib25vicky/awesome-mobile-security
https://github.com/Voorivex/pentest-guide
https://github.com/Hack-with-Github/Awesome-Hacking

https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/0xedward/awesome-infosec
https://github.com/victoni/Bug-Bounty-Scripts
https://github.com/ujjwal96/arsenal
https://github.com/Sambal0x/Recon-tools
https://github.com/bobby-lin/bug-bounty-guide
https://github.com/vavkamil/awesome-bugbounty-tools
https://book.hacktricks.xyz

https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://github.com/0xedward/awesome-infosec
https://github.com/victoni/Bug-Bounty-Scripts
https://github.com/ujjwal96/arsenal
https://github.com/Sambal0x/Recon-tools
https://github.com/bobby-lin/bug-bounty-guide
https://github.com/vavkamil/awesome-bugbounty-tools
https://book.hacktricks.xyz

https://github.com/infoslack/awesome-web-hacking
https://github.com/jaredthecoder/awesome-vehicle-security
https://github.com/trimstray/the-book-of-secret-knowledge
https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet
https://github.com/The404Hacking/AndroRAT
https://github.com/sundaysec/Android-Exploits
https://github.com/AzimsTech/Android_Hacking
https://github.com/hahwul/MobileHackersWeapons

Cheat Sheet collection
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://github.com/OlivierLaflamme/Cheatsheet-God
https://github.com/baumanab/cheat_sheets
https://github.com/detailyang/awesome-cheatsheet
https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://gist.github.com/jeremypruitt/c435aefa2c2abaec02985d77fb370ec5
https://github.com/PeterSufliarsky/pentesting-cheat-sheet

Penetration Testing Checklist collection
https://github.com/oxr463/pentesting-checklist
https://github.com/netbiosX/Checklists
https://github.com/harsh-kk/web-pentesting-checklist
https://github.com/chennylmf/OWASP-Web-App-Pentesting-checklists
https://github.com/MahdiMashrur/Awesome-Application-Security-Checklist
https://github.com/Probely/security_checklist
https://github.com/sderosiaux/checklists

Pentesters Roadmap collection
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
https://github.com/GrandGarcon/Complete_Cybersecurity_Path
https://github.com/CSIRT-MU/edu-resources
https://github.com/argowang/cyber-security-roadmap
https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap
https://github.com/nairuzabulhul/RoadMap
https://github.com/nairuzabulhul/RoadMap/blob/master/PTS/Pentesting.md
https://github.com/sundowndev/hacker-roadmap

Payloads Collection

Payloads Collection
https://github.com/omurugur/SQL_Injection_Payload
https://github.com/omurugur/XSS_Payload_List
https://github.com/omurugur/OS_Command_Payload_List
https://github.com/omurugur/Open_Redirect_Payload_List
https://github.com/cujanovic/SSRF-Testing
https://github.com/swisskyrepo/PayloadsAllTheThings

https://github.com/akalankauk/XSS-SQL-Master-Payloads
https://github.com/austinsonger/payloadsandlists
https://github.com/BrodieInfoSec/BIG_XSS
https://github.com/pgaijin66/XSS-Payloads
https://github.com/sh377c0d3/Payloads
https://github.com/omurugur/SQL_Injection_Payload
https://github.com/RedVirus0/LFI-Payloads
https://github.com/emadshanab/LFI-Payload-List
https://github.com/secf00tprint/payloadtester_lfi_rfi

https://github.com/foospidy/payloads
https://github.com/payloadbox/command-injection-payload-list
https://github.com/payloadbox/sql-injection-payload-list
https://github.com/payloadbox/open-redirect-payload-list
https://github.com/payloadbox/xxe-injection-payload-list
https://github.com/payloadbox/rfi-lfi-payload-list
https://github.com/payloadbox/csv-injection-payloads
https://github.com/terjanq/Tiny-XSS-Payloads
https://github.com/hahwul/XSS-Payload-without-Anything

Awesome Electron.js hacking

https://github.com/doyensec/awesome-electronjs-hacking

从别的地方扒来一些案例和知识点

收藏的 src 工具

Scanners-Box 安全行业从业者自研开源扫描器合辑

hakrawler-快速地发现Web应用程序中的端点和资产

Voyager-安全工具集合平台

bayonet-src资产管理系统

wayback-machine-downloader

ApkAnalyser-一键提取安卓应用中可能存在的敏感信息

Diggy-从apk文件中提取端点

新的一年祝大家挖洞必高危。

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
Security Assessment Mindset		Security Assessment Mindset
Fuzz大法之挖掘潜在的逻辑越权.pdf		Fuzz大法之挖掘潜在的逻辑越权.pdf
GET来的漏洞 _ WooYun知识库.pdf		GET来的漏洞 _ WooYun知识库.pdf
README.md		README.md
SRC混子是怎样练成的.pdf		SRC混子是怎样练成的.pdf
SSRF Bypass and Exploit.pptx		SSRF Bypass and Exploit.pptx
XS-Search.pptx		XS-Search.pptx
XSS-Cheat-Sheet-2019-Edition-2 翻译版本.pdf		XSS-Cheat-Sheet-2019-Edition-2 翻译版本.pdf
nmap_cheet_sheet_0.6_2.pdf		nmap_cheet_sheet_0.6_2.pdf
众测漏洞榜之脑洞篇.pptx		众测漏洞榜之脑洞篇.pptx
众测经验谈.pptx		众测经验谈.pptx
信息收集.pptx		信息收集.pptx
区块链src.txt		区块链src.txt
国内SRC漏洞挖掘技巧与经验分享.pdf		国内SRC漏洞挖掘技巧与经验分享.pdf
我是如何挖各SRC漏洞的.pdf		我是如何挖各SRC漏洞的.pdf
某SRC从源码泄露到getshell.pdf		某SRC从源码泄露到getshell.pdf
给开发者的终极XSS防护备忘录.pdf		给开发者的终极XSS防护备忘录.pdf
网盘泄露.docx		网盘泄露.docx
论src漏洞挖掘的前期信息收集 .pptx		论src漏洞挖掘的前期信息收集 .pptx
边界渗透中的小技巧.pdf		边界渗透中的小技巧.pdf
面向企业src的漏洞挖掘.pdf		面向企业src的漏洞挖掘.pdf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SRC-experience

About

Releases

Packages

Languages

Wh0ale/SRC-experience

Folders and files

Latest commit

History

Repository files navigation

SRC-experience

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages