This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
Sec0zp
Sec0zp
/ chaos.py
Created
January 5, 2022 06:51
— forked from m4ll0k/chaos.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github.com/m4ll0k (@m4ll0k2) | |
| ''' | |
| Steps: | |
| 0. Make dir like chaos 'mkdir chaos' | |
| 1. Download this script in choas dir 'wget https://..' | |
| 2. Now: 'python3 choas.py |sort -u > dns_wordlist.txt' | |
| ''' |
Sec0zp
/ open-redirect.md
Created
October 11, 2021 12:19
— forked from 0xblackbird/open-redirect.md
Open redirect bypasses
-
Simply try to change the domain
Example: ?redirect=https://example.com --> ?redirect=https://evil.com
-
Bypass the filter when protocol is blacklisted using
//Example: ?redirect=https://example.com --> ?redirect=//evil.com
Sec0zp
/ List of API endpoints & objects
Created
March 23, 2020 06:28
— forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |