Day044

今日重点:子域名劫持与自动化扫描

hackerone漏洞列表:

https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md

漏洞原理

1.web 安全系列-15-subdomain takeover 子域劫持

https://houbb.github.io/2020/08/09/web-safe-15-subdomain-takeover

2.深入解析子域名接管(Subdomain Takeover)漏洞

https://www.secpulse.com/archives/94973.html

3.HackerOne | 子域名劫持漏洞的挖掘指南

https://www.freebuf.com/articles/web/183254.html

4.技术分析 | 我们来“劫持”个GitHub自定义域名玩吧!

https://www.freebuf.com/articles/web/171952.html

5.Domain takeover

https://book.hacktricks.xyz/pentesting-web/domain-subdomain-takeover

6.A GUIDE TO SUBDOMAIN TAKEOVERS

https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

7.Subdomain takeovers

https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers

8.How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes

https://medium.com/@hakluke/how-to-setup-an-automated-sub-domain-takeover-scanner-for-all-bug-bounty-programs-in-5-minutes-3562eb621db3

漏洞分析

1.挖洞经验 | 通过域名劫持实现Azure DevOps账户劫持

https://www.freebuf.com/articles/web/242727.html

2.挖洞经验 | 看我如何通过子域名接管绕过Uber单点登录认证机制

https://www.freebuf.com/news/141630.html

3.挖洞经验 | 看我如何在前期踩点过程中发现价值$4500的漏洞

https://www.freebuf.com/articles/network/171219.html

4.挖洞经验 | 看我如何在短时间内对Shopify五万多个子域名进行劫持

https://www.freebuf.com/articles/web/186411.html

5.Exploiting Subdomain Takeover on S3

https://gupta-bless.medium.com/exploiting-subdomain-takeover-on-s3-6115730d01d7

自动化工具

1.Osmedeus

https://github.com/j3ssie/Osmedeus

2.OneForAll

https://github.com/shmilylty/OneForAll

3.second-order

https://github.com/mhmdiaa/second-order

4.SubOver

https://github.com/Ice3man543/SubOver

5.more

https://github.com/search?q=Subdomain+Takeover&type=

视频教程

1.Live Stream Subdomain Takeovers for Bug Bounties

2.Subdomain Takeover Step by Step | Bug Bounty 2020

重点:开发自动化工具

开发进度: https://pxiaoer.blog/2020/12/01/subdomain-takeover/

Day042

今日重点:

1.Bheem 侦察平台,聚合了很多的工具

https://github.com/harsh-bothra/Bheem

漏洞挖掘资源

1.bug-bounty-dorks

https://github.com/sushiwushi/bug-bounty-dorks

2.dirsearch

https://github.com/maurosoria/dirsearch

3.gin – a Git index file parser

https://github.com/sbp/gin

4.KingOfBugBountyTips

https://github.com/KingOfBugbounty/KingOfBugBountyTips

漏洞报告学习

1.The YouTube bug that allowed unlisted uploads to any channel

https://medium.com/bugbountywriteup/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a

2.Subdomain Takeovers, beyond the basics for Pentesters and Bug Bounty Hunters

3.Account Takeover(ATO) and Email verification bypass in 2mins

https://medium.com/@karthiksoft007/account-takeover-ato-and-email-verification-bypass-in-2mins-5a6c8cb692a7

4.Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata

https://hackerone.com/reports/530974

5.Bcrypt — Account TakeOver Due To Weak Encryption — #HR51KDB

https://medium.com/bugbountywriteup/bcrypt-account-takeover-due-to-weak-encryption-hr51kdb-4418f6e65907

Day041

今日重点:

1.侦查工具 3klCon

https://github.com/eslam3kl/3klCon

漏洞挖掘资源

1.Bug Hunting Tactics

https://speakerdeck.com/harshbothra/bug-hunting-tactics

2.Bounty Thursdays – Wordlists for content discovery and API bugs!

3.Beginner’s Guide to CTFs

https://medium.com/bugbountywriteup/beginners-guide-to-ctfs-c934a0d7f5f9

漏洞报告学习

1.My bug bounty journey. The middle-class boy who wanted everything for free.

https://vivekps143.medium.com/my-bug-bounty-journey-the-mind-of-a-middle-class-boy-who-wanted-everything-for-free-1456e160817c