Skip to content

AnukarOP/Web-Vulnerabilities

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github
.github
 
 
2FA Bypass
2FA Bypass
 
 
403 Bypass
403 Bypass
 
 
Acount takeover
Acount takeover
 
 
Admin panal
Admin panal
 
 
Aem misconfiguration
Aem misconfiguration
 
 
Api Authentication
Api Authentication
 
 
Api Authorization
Api Authorization
 
 
Authentication
Authentication
 
 
Bussiness Logic
Bussiness Logic
 
 
CSRF
CSRF
 
 
Cookie Attack
Cookie Attack
 
 
File Upload
File Upload
 
 
Hacking Django
Hacking Django
 
 
Hacking Symfony
Hacking Symfony
 
 
IDOR Vulnerability
IDOR Vulnerability
 
 
Jire Vulnerability
Jire Vulnerability
 
 
Json Attack
Json Attack
 
 
Mass Assignment
Mass Assignment
 
 
RCE
RCE
 
 
RXSS
RXSS
 
 
Rate limit
Rate limit
 
 
Sql injection
Sql injection
 
 
exif Vulnerability
exif Vulnerability
 
 
register vulnerability
register vulnerability
 
 
reset password
reset password
 
 
tips from twitter 2
tips from twitter 2
 
 
tips from twitter
tips from twitter
 
 
README.md
README.md
 
 

Repository files navigation

Web Vulnerabilities Checklist — 27 attack-class playbooks for bug bounty hunters and penetration testers

Web Vulnerabilities Checklist

Twenty-seven attack-class playbooks for web application bug bounty hunting and penetration testing.

About

A reference of practical web application vulnerabilities organized by attack class. Each folder contains payloads, bypass tables, exploitation flows and CVE references that you can copy directly into Burp, Caido, ZAP or your terminal. Maintained by @AnukarOP.

Use it on programs hosted by HackerOne, Bugcrowd, Intigriti, YesWeHack or Synack, in penetration tests, in CTFs, or as study material for OSCP / OSWE / eWPTX / PortSwigger Web Security Academy.

Index

# Category Scope
01 AEM Misconfiguration Dispatcher bypass, servlet abuse, SSRF, Groovy console RCE
02 Authentication Auth bypass, captcha bypass, weak password policy, user enumeration
03 IDOR Object-level access, parameter pollution, hashed-ID prediction
04 Business Logic Price tampering, coupon abuse, refund fraud, parameter tricks
05 Jira Vulnerabilities Atlassian Jira / Confluence CVEs and misconfigurations
06 Registration Signup XSS, verification bypass, disposable email, username squatting
07 2FA Bypass OTP brute force, response manipulation, session elevation
08 Admin Panel Default credentials, SQLi auth bypass, parser confusion
09 EXIF Geolocation Image metadata exposure, GPS leakage
10 Cookie Attacks Session fixation, cookie injection, parameter pollution, cookie bomb
11 Password Reset Host header injection, token reuse, race conditions
12 Account Takeover OAuth ATO, pre-ATO, XSS → ATO, CSRF → ATO chains
13 403 Bypass Header injection, URL encoding, path normalization
14 Tips from Twitter — Part 1 Recon one-liners, JWT cheats, CDN-origin bypass
15 Tips from Twitter — Part 2 WAF XSS bypass, file-upload variants, sitemap SQLi
16 SQL Injection Error-based, time-based, UNION, blind, NoSQL, stacked queries
17 Reflected XSS XSStrike, dalfox, gxss, polyglots, WAF bypass
18 File Upload Extension bypass, magic-byte tricks, ImageTragick, ZIP slip, SVG XXE
19 Rate Limit Bypass Null-byte, header rotation, IP spoofing
20 JSON Attacks 95-test fuzzing menu — type juggling, NoSQL operators, HPP
21 CSRF Token bypass, method override, mirrored-cookie tokens
22 RCE Dependency confusion, LFI, SSRF, XXE, deserialization, SSTI
23 API Authorization BOLA patterns, predictable IDs, CRLF in IDs, array smuggling
24 API Authentication 95 JSON-auth payloads for /login, /register, /oauth/token, GraphQL
25 Mass Assignment is_admin, role, user_priv injection, organization escalation
26 Django Django RCE, debug-panel exposure, fuzzing wordlist
27 Symfony Secret-fragment RCE, sensitive-path discovery

Suggested toolchain

recon        subfinder, assetfinder, dnsx, httpx, chaos, amass
crawling     katana, gau, waybackurls, hakrawler, gospider
params       arjun, paramspider, paraminer-ng
scanners     nuclei, dalfox, sqlmap, xsstrike
proxies      Burp Suite, Caido, OWASP ZAP, mitmproxy
js recon     LinkFinder, SecretFinder, jsleak
fuzzing      ffuf, feroxbuster, dirsearch, wfuzz
jwt / auth   jwt_tool, hashcat, john
cloud        pacu, scoutsuite, prowler

Contributing

Pull requests are welcome. New payloads, new CVEs, new bypass techniques and new exploitation chains all belong here. Keep additions:

  • written in clear English
  • backed by a payload, command or PoC
  • free of any private or unauthorized target data

License

MIT — see LICENSE.

Disclaimer

This repository is intended for authorized security testing and education. Use it on systems where you have explicit written permission (your own systems, lab environments such as PortSwigger Web Security Academy, HTB, TryHackMe, or programs that publicly invite testing). Unauthorized access to computer systems is illegal in most jurisdictions. The maintainer is not responsible for misuse.

Maintained by @AnukarOP. If this saved you time, a star helps other hunters find it.

About

27 hands-on web vulnerability playbooks for bug bounty hunters, pentesters, and red teamers. Covers IDOR, SSRF, XSS, RCE, ATO, 2FA bypass, OAuth, JWT, file upload, business logic, rate limit, CSRF, SQLi, and more- with payloads and bypass tables.

Topics

xss owasp cheatsheet cybersecurity rce bug-bounty infosec web-security pentesting appsec payloads bugcrowd ssrf hackerone account-takeover redteam idor vulnerability-checklist

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors