Bug Bounty Cheat Sheet
Reference 🔎 Vulnerabilities Bug Bounty Platforms XSS Books SQLi Special Tools SSRF Recon CRLF Injection Practice Platforms CSV Injection Bug Bounty Tips LFI XXE RCE Open Redirect Crypto Template Injection Content Injection XSLT Injection Contributing We welcome contributions from the public. Using the issue tracker 💡 The issue tracker is the preferred channel for bug reports and features requests. Issues and labels 🏷 Our bug tracker utilizes several labels to help organize and identify issues. Guidelines for bug reports 🐛 Use the GitHub issue search — check if the issue has already been reported. Style Guide We like to keep our Markdown files as uniform as possible. So if you submit a PR, make sure to follow this style guide (we will not be angry if you do not). Cheat sheet titles should start with ##. Subheadings should be made bold. (**Subheading**) Add newlines after subheadings and code blocks. Code blocks should use three backticks. (```) Make sure to use syntax highlighting whenever possible. Contributors EdOverflow GerbenJavado jon_bottarini sp1d3r yasinS neutrinoguy kuromatae And many more ...
FEATURES
ALTERNATIVES
A compilation of Red Teaming resources including cheatsheets, notes, scripts, and practice platforms for cybersecurity learning and skill development.
Comprehensive documentation for ThreatConnect's REST API and SDKs.
The SOC Academy offers official VirusTotal certification courses to help cybersecurity professionals maximize its functionalities and advance their careers.
A guide on how to contribute to the Ayehu Custom Activities Repository
A guide outlining security considerations for using OpenLDAP Software, including selective listening and IP firewall capabilities.
A comprehensive guide to memory forensics, covering tools, techniques, and procedures for analyzing volatile memory.
A workshop offering resources for local privilege escalation on Windows and Linux systems.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.