The Bug Hunters Methodology

Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments.

These methodology pieces are presented as an abbreviated testing methodology for use in bug bounties. It is based off of the research gathered for the Defcon 23 talk "How to shot Web: better hacking in 2015".

The current sections are divided as follows:

philosophy
discovery
mapping
tactical fuzzing
XSS
SQLi
LFI
CSRF
web services
mobile vulnerabilities

The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during thier day-to-day work.

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
How Do I shot Web-.pdf		How Do I shot Web-.pdf
README.md		README.md
SQLi.markdown		SQLi.markdown
authsession.markdown		authsession.markdown
auxiliary.markdown		auxiliary.markdown
discovery.markdown		discovery.markdown
fiupload.markdown		fiupload.markdown
login.markdown		login.markdown
mapping.markdown		mapping.markdown
mobile.markdown		mobile.markdown
philosophy.markdown		philosophy.markdown
xss.markdown		xss.markdown

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

The Bug Hunters Methodology

About

Releases

Packages

xsuperbug/tbhm

Folders and files

Latest commit

History

Repository files navigation

The Bug Hunters Methodology

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages