├── Fuzz大法之挖掘潜在的逻辑越权.pdf
├── GET来的漏洞 _ WooYun知识库.pdf
├── README.md
├── SRC混子是怎样练成的.pdf
├── SSRF Bypass and Exploit.pptx
├── Security Assessment Mindset
    ├── API Testing MindMap.html
    ├── Bug Bountry Note.png
    ├── Finding Server Side Issues.png
    ├── IDOR.png
    ├── Oauth 2.0 Pentest Checklist.png
    ├── Patrik's Bug Bounty Tools.png
    ├── Recon Map.png
    ├── Recon-Masterplan.original.png
    ├── SSRF.png
    ├── Scope Based Recon Methodology Mindmap.png
    ├── Server_Side_Template injection Roadmap.png
    ├── The Bug Hunter’s Methodology v4 Roadmap.png
    ├── Web Penetration Tester Roadmap.png
    └── WindowsServer Mindmap.png
├── XS-Search.pptx
├── XSS-Cheat-Sheet-2019-Edition-2 翻译版本.pdf
├── nmap_cheet_sheet_0.6_2.pdf
├── 众测漏洞榜之脑洞篇.pptx
├── 众测经验谈.pptx
├── 信息收集.pptx
├── 区块链src.txt
├── 国内SRC漏洞挖掘技巧与经验分享.pdf
├── 我是如何挖各SRC漏洞的.pdf
├── 某SRC从源码泄露到getshell.pdf
├── 给开发者的终极XSS防护备忘录.pdf
├── 网盘泄露.docx
├── 论src漏洞挖掘的前期信息收集 .pptx
├── 边界渗透中的小技巧.pdf
└── 面向企业src的漏洞挖掘.pdf


/Fuzz大法之挖掘潜在的逻辑越权.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Fuzz大法之挖掘潜在的逻辑越权.pdf


--------------------------------------------------------------------------------
/GET来的漏洞 _ WooYun知识库.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/GET来的漏洞 _ WooYun知识库.pdf


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # SRC-experience
  2 | 工欲善其事，必先利其器
  3 | 
  4 | ~~最近收集到的一些src挖掘奇技淫巧，然后还有一些国外新技术的学习网站分享给大家。~~
  5 | 
  6 | 2021.10.20: 时隔两年更新下文章。
  7 | 
  8 | **Bug Bounty trick website**
  9 | 
 10 | <https://www.bugbountynotes.com/training>
 11 | 
 12 | <https://pentester.land/newsletter/2019/02/12/the-5-hacking-newsletter-40.html>
 13 | 
 14 | <https://www.openbugbounty.org/>
 15 | 
 16 | 
 17 | **hackerone-reports**
 18 | 
 19 | [hackerone-reports](https://github.com/reddelexc/hackerone-reports)
 20 | 
 21 | [bug-bounty-reference 按漏洞性质分类的漏洞赏金记录列表](https://github.com/ngalongc/bug-bounty-reference)
 22 | 
 23 | [BUG BOUNTY HUNTING](https://medium.com/bugbountywriteup/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65)
 24 | 
 25 | [bounty-targets-data 赏金目标数据](https://github.com/arkadiyt/bounty-targets-data)
 26 | 
 27 | [6000多份HackerOne漏洞公开报告](https://www.uedbox.com/post/65763/)
 28 | 
 29 | [https://github.com/ngalongc/bug-bounty-reference](https://github.com/ngalongc/bug-bounty-reference)
 30 | 
 31 | [Awesome-Bugbounty-Writeups](https://github.com/devanshbatham/Awesome-Bugbounty-Writeups)
 32 | 
 33 | [https://github.com/w181496/Web-CTF-Cheatsheet](https://github.com/w181496/Web-CTF-Cheatsheet)
 34 | 
 35 | [collection-of-bug-bounty-tip-will-be-updated-daily](https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248)
 36 | 
 37 | **Web-CTF-Cheatsheet**
 38 | 
 39 | ```java
 40 | https://github.com/w181496/Web-CTF-Cheatsheet
 41 | https://github.com/harsh-bothra/learn365/
 42 | https://github.com/carlospolop/hacktricks
 43 | ```
 44 | 
 45 | **Penetration**
 46 | 
 47 | ```java
 48 | BugBountyHunting Search Engine
 49 | https://www.bugbountyhunting.com/
 50 | 
 51 | Bug Bounty Collection
 52 | https://github.com/ngalongc/bug-bounty-reference
 53 | https://github.com/djadmin/awesome-bug-bounty
 54 | https://github.com/Muhammd/awesome-bug-bounty
 55 | https://github.com/djadmin/awesome-bug-bounty
 56 | https://github.com/dwisiswant0/awesome-oneliner-bugbounty
 57 | https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
 58 | https://github.com/m4ll0k/Bug-Bounty-Toolz
 59 | https://github.com/EdOverflow/bugbounty-cheatsheet
 60 | https://github.com/KingOfBugbounty/KingOfBugBountyTips
 61 | https://github.com/EdOverflow/bugbountyguide
 62 | https://github.com/AlexisAhmed/BugBountyToolkit
 63 | https://github.com/e11i0t4lders0n/Bugbounty-Resources
 64 | 
 65 | https://github.com/sushiwushi/bug-bounty-dorks
 66 | https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
 67 | https://github.com/1ndianl33t/Bug-Bounty-Roadmaps
 68 | https://github.com/1ndianl33t/Bugbounty-Resources
 69 | https://github.com/1ndianl33t/BugBounty_Profile
 70 | https://github.com/KathanP19/HowToHunt
 71 | https://github.com/vaib25vicky/awesome-mobile-security
 72 | https://github.com/Voorivex/pentest-guide
 73 | https://github.com/Hack-with-Github/Awesome-Hacking
 74 | 
 75 | https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
 76 | https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
 77 | https://github.com/0xedward/awesome-infosec
 78 | https://github.com/victoni/Bug-Bounty-Scripts
 79 | https://github.com/ujjwal96/arsenal
 80 | https://github.com/Sambal0x/Recon-tools
 81 | https://github.com/bobby-lin/bug-bounty-guide
 82 | https://github.com/vavkamil/awesome-bugbounty-tools
 83 | https://book.hacktricks.xyz
 84 | 
 85 | https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
 86 | https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
 87 | https://github.com/0xedward/awesome-infosec
 88 | https://github.com/victoni/Bug-Bounty-Scripts
 89 | https://github.com/ujjwal96/arsenal
 90 | https://github.com/Sambal0x/Recon-tools
 91 | https://github.com/bobby-lin/bug-bounty-guide
 92 | https://github.com/vavkamil/awesome-bugbounty-tools
 93 | https://book.hacktricks.xyz
 94 | 
 95 | https://github.com/infoslack/awesome-web-hacking
 96 | https://github.com/jaredthecoder/awesome-vehicle-security
 97 | https://github.com/trimstray/the-book-of-secret-knowledge
 98 | https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet
 99 | https://github.com/The404Hacking/AndroRAT
100 | https://github.com/sundaysec/Android-Exploits
101 | https://github.com/AzimsTech/Android_Hacking
102 | https://github.com/hahwul/MobileHackersWeapons
103 | 
104 | Cheat Sheet collection
105 | https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
106 | https://github.com/OlivierLaflamme/Cheatsheet-God
107 | https://github.com/baumanab/cheat_sheets
108 | https://github.com/detailyang/awesome-cheatsheet
109 | https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
110 | https://github.com/coreb1t/awesome-pentest-cheat-sheets
111 | https://gist.github.com/jeremypruitt/c435aefa2c2abaec02985d77fb370ec5
112 | https://github.com/PeterSufliarsky/pentesting-cheat-sheet
113 | 
114 | Penetration Testing Checklist collection
115 | https://github.com/oxr463/pentesting-checklist
116 | https://github.com/netbiosX/Checklists
117 | https://github.com/harsh-kk/web-pentesting-checklist
118 | https://github.com/chennylmf/OWASP-Web-App-Pentesting-checklists
119 | https://github.com/MahdiMashrur/Awesome-Application-Security-Checklist
120 | https://github.com/Probely/security_checklist
121 | https://github.com/sderosiaux/checklists
122 | 
123 | Pentesters Roadmap collection
124 | https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
125 | https://github.com/GrandGarcon/Complete_Cybersecurity_Path
126 | https://github.com/CSIRT-MU/edu-resources
127 | https://github.com/argowang/cyber-security-roadmap
128 | https://github.com/Kennyslaboratory/Ultimate-Hacker-Roadmap
129 | https://github.com/nairuzabulhul/RoadMap
130 | https://github.com/nairuzabulhul/RoadMap/blob/master/PTS/Pentesting.md
131 | https://github.com/sundowndev/hacker-roadmap
132 | ```
133 | 
134 | **Payloads Collection**
135 | 
136 | ```java
137 | Payloads Collection
138 | https://github.com/omurugur/SQL_Injection_Payload
139 | https://github.com/omurugur/XSS_Payload_List
140 | https://github.com/omurugur/OS_Command_Payload_List
141 | https://github.com/omurugur/Open_Redirect_Payload_List
142 | https://github.com/cujanovic/SSRF-Testing
143 | https://github.com/swisskyrepo/PayloadsAllTheThings
144 | 
145 | https://github.com/akalankauk/XSS-SQL-Master-Payloads
146 | https://github.com/austinsonger/payloadsandlists
147 | https://github.com/BrodieInfoSec/BIG_XSS
148 | https://github.com/pgaijin66/XSS-Payloads
149 | https://github.com/sh377c0d3/Payloads
150 | https://github.com/omurugur/SQL_Injection_Payload
151 | https://github.com/RedVirus0/LFI-Payloads
152 | https://github.com/emadshanab/LFI-Payload-List
153 | https://github.com/secf00tprint/payloadtester_lfi_rfi
154 | 
155 | https://github.com/foospidy/payloads
156 | https://github.com/payloadbox/command-injection-payload-list
157 | https://github.com/payloadbox/sql-injection-payload-list
158 | https://github.com/payloadbox/open-redirect-payload-list
159 | https://github.com/payloadbox/xxe-injection-payload-list
160 | https://github.com/payloadbox/rfi-lfi-payload-list
161 | https://github.com/payloadbox/csv-injection-payloads
162 | https://github.com/terjanq/Tiny-XSS-Payloads
163 | https://github.com/hahwul/XSS-Payload-without-Anything
164 | ```
165 | 
166 | **Awesome Electron.js hacking**
167 | 
168 | ```java
169 | https://github.com/doyensec/awesome-electronjs-hacking
170 | ```
171 | 
172 | **从别的地方扒来一些案例和知识点**
173 | 
174 | [浅析通过"监控"来辅助进行漏洞挖掘](https://bbs.ichunqiu.com/thread-28591-1-1.html)
175 | 
176 | [威胁情报-生存在SRC平台中的刷钱秘籍](https://bbs.ichunqiu.com/article-921-1.html)
177 | 
178 | [威胁情报](https://mp.weixin.qq.com/s/v2MRx7qs70lpnW9n-mJ7_Q)
179 | 
180 | [YSRC众测之我的漏洞挖掘姿势](https://bbs.ichunqiu.com/article-655-1.html)
181 | 
182 | [SRC的漏洞分析](https://bbs.ichunqiu.com/thread-19745-1-1.html)
183 | 
184 | [众测备忘手册](https://mp.weixin.qq.com/s/4XPG37_lTZDzf60o3W_onA)
185 | 
186 | [挖洞技巧：如何绕过URL限制](https://www.secpulse.com/archives/67064.html)
187 | 
188 | [挖洞技巧：APP手势密码绕过思路总结](https://www.secpulse.com/archives/67070.html)
189 | 
190 | [挖洞技巧：支付漏洞之总结](https://www.secpulse.com/archives/67080.html)
191 | 
192 | [挖洞技巧：绕过短信&邮箱轰炸限制以及后续](http://mp.weixin.qq.com/s/5OSLC2GOeYere9_lT2RwHw)
193 | 
194 | [挖洞技巧：信息泄露之总结](https://www.secpulse.com/archives/67123.html)
195 | 
196 | [OSS对象存储上传解析漏洞](https://xianzhi.aliyun.com/forum/topic/2078)
197 | 
198 | [任意文件下载引发的思考](https://www.secpulse.com/archives/68522.html)
199 | 
200 | [两种密码重置之综合利用](http://www.freebuf.com/articles/network/166520.html)
201 | 
202 | [任意用户密码重置](http://www.freebuf.com/articles/web/166667.html)
203 | 
204 | [通用性业务逻辑组合拳劫持你的权限](https://www.anquanke.com/post/id/106961)
205 | 
206 | **收藏的 src 工具**
207 | 
208 | [Scanners-Box 安全行业从业者自研开源扫描器合辑](https://github.com/We5ter/Scanners-Box)
209 | 
210 | [hakrawler-快速地发现Web应用程序中的端点和资产](https://github.com/hakluke/hakrawler)
211 | 
212 | [Voyager-安全工具集合平台](https://github.com/ody5sey/Voyager)
213 | 
214 | [bayonet-src资产管理系统](https://github.com/CTF-MissFeng/bayonet)
215 | 
216 | [wayback-machine-downloader](https://github.com/hartator/wayback-machine-downloader)
217 | 
218 | [ApkAnalyser-一键提取安卓应用中可能存在的敏感信息](https://github.com/TheKingOfDuck/ApkAnalyser)
219 | 
220 | [Diggy-从apk文件中提取端点](https://github.com/s0md3v/Diggy)
221 | 
222 | 
223 | **新的一年祝大家挖洞必高危。**
224 | 


--------------------------------------------------------------------------------
/SRC混子是怎样练成的.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/SRC混子是怎样练成的.pdf


--------------------------------------------------------------------------------
/SSRF Bypass and Exploit.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/SSRF Bypass and Exploit.pptx


--------------------------------------------------------------------------------
/Security Assessment Mindset/API Testing MindMap.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 | <head>
 4 | <meta charset="UTF-8">
 5 | <meta name="viewport" content="width=device-width, initial-scale=1.0">
 6 | <meta http-equiv="X-UA-Compatible" content="ie=edge">
 7 | <title>Markmap</title>
 8 | <style>
 9 | * {
10 |   margin: 0;
11 |   padding: 0;
12 | }
13 | #mindmap {
14 |   display: block;
15 |   width: 100vw;
16 |   height: 100vh;
17 | }
18 | </style>
19 | 
20 | </head>
21 | <body>
22 | <svg id="mindmap"></svg>
23 | <script src="https://cdn.jsdelivr.net/npm/d3@6.6.0"></script><script src="https://cdn.jsdelivr.net/npm/markmap-view@0.2.6"></script><script>((e,r,t)=>{const{Markmap:n}=e();window.mm=n.create("svg#mindmap",null==r?void 0:r(),t)})(()=>window.markmap,null,{"t":"heading","d":1,"p":{"lines":[0,1]},"v":"MindAPI","c":[{"t":"heading","d":2,"p":{"lines":[2,3]},"v":"Reconnaissance","c":[{"t":"heading","d":3,"p":{"lines":[4,5]},"v":"Identify architecture","c":[{"t":"heading","d":4,"p":{"lines":[6,7]},"v":"Architecture","c":[{"t":"list_item","d":6,"p":{"lines":[7,8]},"v":"REST APIs","c":[{"t":"list_item","d":8,"p":{"lines":[8,9]},"v":"RESTful"},{"t":"list_item","d":8,"p":{"lines":[9,10]},"v":"OData"}]},{"t":"list_item","d":6,"p":{"lines":[10,11]},"v":"GraphQL"},{"t":"list_item","d":6,"p":{"lines":[11,12]},"v":"SOAP","c":[{"t":"list_item","d":8,"p":{"lines":[12,13]},"v":"Transfered data in XML format"}]},{"t":"list_item","d":6,"p":{"lines":[13,14]},"v":"XML-RPC","c":[{"t":"list_item","d":8,"p":{"lines":[14,15]},"v":"Transfered data in simpler XML format <code>&lt;users&gt;&lt;user&gt;&lt;firstName&gt;David&lt;/firstName&gt;</code>"}]},{"t":"list_item","d":6,"p":{"lines":[15,16]},"v":"JSON-RPC","c":[{"t":"list_item","d":8,"p":{"lines":[16,17]},"v":"Transfered data similar to XML-RPC but in JSON format <code>{&quot;users&quot;:[{&quot;firstName&quot;:&quot;David&quot;}]</code>"}]},{"t":"list_item","d":6,"p":{"lines":[17,18]},"v":"gRPC-Protobuf","c":[{"t":"list_item","d":8,"p":{"lines":[18,19]},"v":"Identify <code>grpc</code>","c":[{"t":"list_item","d":10,"p":{"lines":[19,20]},"v":"Accept request header"},{"t":"list_item","d":10,"p":{"lines":[20,21]},"v":"Content-Type request header"},{"t":"list_item","d":10,"p":{"lines":[21,22]},"v":"Access-control-expose-headers in the response header"}]}]}]},{"t":"heading","d":4,"p":{"lines":[23,24]},"v":"Documentation","c":[{"t":"list_item","d":6,"p":{"lines":[24,25]},"v":"<a href=\"https://smartbear.com/blog/soap-vs-rest-whats-the-difference/\">https://smartbear.com/blog/soap-vs-rest-whats-the-difference/</a>"},{"t":"list_item","d":6,"p":{"lines":[25,26]},"v":"<a href=\"https://www.odata.org/documentation/\">https://www.odata.org/documentation/</a>"},{"t":"list_item","d":6,"p":{"lines":[26,27]},"v":"<a href=\"https://www.howtographql.com/basics/1-graphql-is-the-better-rest/\">https://www.howtographql.com/basics/1-graphql-is-the-better-rest/</a>"},{"t":"list_item","d":6,"p":{"lines":[27,28]},"v":"<a href=\"https://www.smashingmagazine.com/2016/09/understanding-rest-and-rpc-for-http-apis/\">https://www.smashingmagazine.com/2016/09/understanding-rest-and-rpc-for-http-apis/</a>"},{"t":"list_item","d":6,"p":{"lines":[28,29]},"v":"<a href=\"https://www.soapui.org/docs/rest-testing/working-with-rest-services/\">https://www.soapui.org/docs/rest-testing/working-with-rest-services/</a>"},{"t":"list_item","d":6,"p":{"lines":[29,30]},"v":"<a href=\"https://cloud.google.com/blog/products/api-management/understanding-grpc-openapi-and-rest-and-when-to-use-them\">https://cloud.google.com/blog/products/api-management/understanding-grpc-openapi-and-rest-and-when-to-use-them</a>"}]}]},{"t":"heading","d":3,"p":{"lines":[31,32]},"v":"Check for documentation","c":[{"t":"heading","d":4,"p":{"lines":[33,34]},"v":"Automatic","c":[{"t":"heading","d":5,"p":{"lines":[35,36]},"v":"Swagger","c":[{"t":"list_item","d":7,"p":{"lines":[36,37]},"v":"<a href=\"https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/swagger.txt\">https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/swagger.txt</a>"},{"t":"list_item","d":7,"p":{"lines":[37,38]},"v":"<code>/openapi.json</code>"}]},{"t":"heading","d":5,"p":{"lines":[39,40]},"v":"OData","c":[{"t":"list_item","d":7,"p":{"lines":[40,41]},"v":"<code>/$metadata</code>"}]},{"t":"heading","d":5,"p":{"lines":[42,43]},"v":"WADL","c":[{"t":"list_item","d":7,"p":{"lines":[43,44]},"v":"<code>/application.wadl</code>"},{"t":"list_item","d":7,"p":{"lines":[44,45]},"v":"<code>/application.wadl?detail=true</code>"},{"t":"list_item","d":7,"p":{"lines":[45,46]},"v":"<code>/api/application.wadl</code>"}]},{"t":"heading","d":5,"p":{"lines":[47,48]},"v":"WSDL","c":[{"t":"list_item","d":7,"p":{"lines":[48,49]},"v":"?wsdl or ?singleWsdl","c":[{"t":"list_item","d":9,"p":{"lines":[49,50]},"v":"<a href=\"https://github.com/portswigger/wsdl-wizard\">wsdl-wizard</a>"},{"t":"list_item","d":9,"p":{"lines":[50,51]},"v":"<a href=\"https://www.soapui.org/\">SoapUI</a>"},{"t":"list_item","d":9,"p":{"lines":[51,52]},"v":"<a href=\"https://github.com/NetSPI/Wsdler\">Wsdler</a>"},{"t":"list_item","d":9,"p":{"lines":[52,53]},"v":"<code>/_vti_bin/lists.asmx?WSDL</code>"}]}]},{"t":"heading","d":5,"p":{"lines":[54,55]},"v":"GraphQL","c":[{"t":"list_item","d":7,"p":{"lines":[55,56]},"v":"<a href=\"https://graphql.org/learn/introspection/\">https://graphql.org/learn/introspection/</a>"},{"t":"list_item","d":7,"p":{"lines":[56,57]},"v":"<a href=\"https://github.com/prisma-labs/get-graphql-schema\">https://github.com/prisma-labs/get-graphql-schema</a>"}]}]},{"t":"heading","d":4,"p":{"lines":[58,59]},"v":"Manual","c":[{"t":"list_item","d":6,"p":{"lines":[59,60]},"v":"site:target.tld intitle:api | developer"}]}]},{"t":"heading","d":3,"p":{"lines":[61,62]},"v":"Search for APIs","c":[{"t":"heading","d":4,"p":{"lines":[65,66]},"v":"Traffic Analysis","c":[{"t":"list_item","d":6,"p":{"lines":[66,67]},"v":"REST","c":[{"t":"list_item","d":8,"p":{"lines":[67,68]},"v":"<a href=\"https://portswigger.net/burp/communitydownload\">Burp CE</a>"},{"t":"list_item","d":8,"p":{"lines":[68,69]},"v":"<a href=\"https://www.zaproxy.org/\">ZAP</a>"},{"t":"list_item","d":8,"p":{"lines":[69,70]},"v":"<a href=\"https://mitmproxy.org/\">mitmproxy</a>"}]},{"t":"list_item","d":6,"p":{"lines":[70,71]},"v":"OData","c":[{"t":"list_item","d":8,"p":{"lines":[71,72]},"v":"<a href=\"https://portswigger.net/burp/communitydownload\">Burp CE</a>"},{"t":"list_item","d":8,"p":{"lines":[72,73]},"v":"<a href=\"https://www.zaproxy.org/\">ZAP</a>"},{"t":"list_item","d":8,"p":{"lines":[73,74]},"v":"<a href=\"https://mitmproxy.org/\">mitmproxy</a>"}]},{"t":"list_item","d":6,"p":{"lines":[74,75]},"v":"GraphQL","c":[{"t":"list_item","d":8,"p":{"lines":[75,76]},"v":"<a href=\"https://portswigger.net/burp/communitydownload\">Burp CE</a>"},{"t":"list_item","d":8,"p":{"lines":[76,77]},"v":"<a href=\"https://www.zaproxy.org/\">ZAP</a>"}]},{"t":"list_item","d":6,"p":{"lines":[77,78]},"v":"SOAP","c":[{"t":"list_item","d":8,"p":{"lines":[78,79]},"v":"<a href=\"https://portswigger.net/burp/communitydownload\">Burp CE</a>"}]},{"t":"list_item","d":6,"p":{"lines":[79,80]},"v":"XML-RPC","c":[{"t":"list_item","d":8,"p":{"lines":[80,81]},"v":"<a href=\"https://portswigger.net/burp/communitydownload\">Burp CE</a>"},{"t":"list_item","d":8,"p":{"lines":[81,82]},"v":"<a href=\"https://mitmproxy.org/\">mitmproxy</a>"}]},{"t":"list_item","d":6,"p":{"lines":[82,83]},"v":"JSON-RPC","c":[{"t":"list_item","d":8,"p":{"lines":[83,84]},"v":"<a href=\"https://portswigger.net/burp/communitydownload\">Burp CE</a>"},{"t":"list_item","d":8,"p":{"lines":[84,85]},"v":"<a href=\"https://mitmproxy.org/\">mitmproxy</a>"}]},{"t":"list_item","d":6,"p":{"lines":[85,86]},"v":"gRPC-Protobuf","c":[{"t":"list_item","d":8,"p":{"lines":[86,87]},"v":"<a href=\"https://mitmproxy.org/\">mitmproxy</a>"},{"t":"list_item","d":8,"p":{"lines":[87,88]},"v":"<a href=\"https://www.wireshark.org/\">Wireshark</a>","c":[{"t":"list_item","d":10,"p":{"lines":[88,89]},"v":"<code>echo HEX_STREAM | xxd -r -p | protoc --decode_raw</code>"},{"t":"list_item","d":10,"p":{"lines":[89,90]},"v":"<a href=\"https://google.github.io/proto-lens/installing-protoc.html\">protoc</a>"},{"t":"list_item","d":10,"p":{"lines":[90,91]},"v":"<a href=\"https://github.com/128technology/protobuf_dissector\">Wireshark Protobuf Dissector</a>"}]}]}]},{"t":"heading","d":4,"p":{"lines":[92,93]},"v":"Android apps","c":[{"t":"list_item","d":6,"p":{"lines":[93,94]},"v":"<a href=\"https://github.com/dwisiswant0/apkleaks\">apkleaks</a>"}]},{"t":"heading","d":4,"p":{"lines":[95,96]},"v":"Wayback Machine","c":[{"t":"list_item","d":6,"p":{"lines":[96,97]},"v":"<a href=\"https://archive.org/web/\">https://archive.org/web/</a>"},{"t":"list_item","d":6,"p":{"lines":[97,98]},"v":"<a href=\"https://github.com/tomnomnom/waybackurls\">waybackurls</a>"},{"t":"list_item","d":6,"p":{"lines":[98,99]},"v":"<a href=\"https://github.com/lc/gau\">gau</a>"}]},{"t":"heading","d":4,"p":{"lines":[100,101]},"v":"Path Manipulation","c":[{"t":"list_item","d":6,"p":{"lines":[101,102]},"v":"/api/v1"},{"t":"list_item","d":6,"p":{"lines":[102,103]},"v":"/api/v2"},{"t":"list_item","d":6,"p":{"lines":[103,104]},"v":"/api/v3"}]},{"t":"heading","d":4,"p":{"lines":[105,106]},"v":"Dorks","c":[{"t":"heading","d":5,"p":{"lines":[107,108]},"v":"Google","c":[{"t":"list_item","d":7,"p":{"lines":[108,109]},"v":"<code>site:target.tld inurl:api</code>"},{"t":"list_item","d":7,"p":{"lines":[109,110]},"v":"<code>intitle:&quot;index of&quot; &quot;api.yaml&quot; site:target.tld</code>"},{"t":"list_item","d":7,"p":{"lines":[110,111]},"v":"WADL","c":[{"t":"list_item","d":9,"p":{"lines":[111,112]},"v":"<code>inurl:/application.wadl</code>"},{"t":"list_item","d":9,"p":{"lines":[112,113]},"v":"<code>user filetype:wadl</code>"},{"t":"list_item","d":9,"p":{"lines":[113,114]},"v":"<code>ext:wadl</code>"}]},{"t":"list_item","d":7,"p":{"lines":[114,115]},"v":"WSDL","c":[{"t":"list_item","d":9,"p":{"lines":[115,116]},"v":"<code>user filetype:wsdl</code>"},{"t":"list_item","d":9,"p":{"lines":[116,117]},"v":"<code>ext:wsdl</code>"}]},{"t":"list_item","d":7,"p":{"lines":[117,118]},"v":"Odata","c":[{"t":"list_item","d":9,"p":{"lines":[118,119]},"v":"inurl:/%24metadata"}]}]},{"t":"heading","d":5,"p":{"lines":[120,121]},"v":"Github","c":[{"t":"list_item","d":7,"p":{"lines":[121,122]},"v":"<a href=\"https://github.com/search?q=target.tld+%252Bapi\">https://github.com/search?q=target.tld+%2Bapi</a>"},{"t":"list_item","d":7,"p":{"lines":[122,123]},"v":"WADL","c":[{"t":"list_item","d":9,"p":{"lines":[123,124]},"v":"<a href=\"https://github.com/search?q=target.tld+application.wadl&amp;type=code\">https://github.com/search?q=target.tld+application.wadl&amp;type=code</a>"}]},{"t":"list_item","d":7,"p":{"lines":[124,125]},"v":"WSDL","c":[{"t":"list_item","d":9,"p":{"lines":[125,126]},"v":"<a href=\"https://github.com/search?q=target.tld+*.wsdl&amp;type=code\">https://github.com/search?q=target.tld+%2A.wsdl&amp;type=code</a>"}]}]}]},{"t":"heading","d":4,"p":{"lines":[127,128]},"v":"Secrets","c":[{"t":"list_item","d":6,"p":{"lines":[128,129]},"v":"<code>intitle:&quot;index of&quot; intext:&quot;apikey.txt&quot; site:target.tld</code>"},{"t":"list_item","d":6,"p":{"lines":[129,130]},"v":"<code>allintext:&quot;API_SECRET*&quot; ext:env | ext:yml site:target.tld</code>"},{"t":"list_item","d":6,"p":{"lines":[130,131]},"v":"<a href=\"https://github.com/dxa4481/truffleHog\">truffleHog</a>"},{"t":"list_item","d":6,"p":{"lines":[131,132]},"v":"<a href=\"https://github.com/eth0izzle/shhgit\">shhgit</a>"}]},{"t":"heading","d":4,"p":{"lines":[133,134]},"v":"API Directories","c":[{"t":"list_item","d":6,"p":{"lines":[135,136]},"v":"<a href=\"https://apilist.fun/\">API list</a>"},{"t":"list_item","d":6,"p":{"lines":[136,137]},"v":"<a href=\"https://apiharmony-open.mybluemix.net/public\">API Harmony</a>"},{"t":"list_item","d":6,"p":{"lines":[137,138]},"v":"<a href=\"https://www.programmableweb.com/\">ProgrammableWeb</a>"},{"t":"list_item","d":6,"p":{"lines":[138,139]},"v":"<a href=\"https://rapidapi.com/hub\">RapidAPI Hub</a>"},{"t":"list_item","d":6,"p":{"lines":[139,140]},"v":"<a href=\"http://apis.io/\">APIs.io</a>"},{"t":"list_item","d":6,"p":{"lines":[140,141]},"v":"<a href=\"https://app.swaggerhub.com/search\">SwaggerHub</a>"},{"t":"list_item","d":6,"p":{"lines":[141,142]},"v":"<a href=\"https://apis.guru/\">APIs.guru</a>"},{"t":"list_item","d":6,"p":{"lines":[142,143]},"v":"<a href=\"https://www.postman.com/explore/apis\">Postman Public API Network</a>"},{"t":"list_item","d":6,"p":{"lines":[143,144]},"v":"<a href=\"https://any-api.com/\">Any API</a>"},{"t":"list_item","d":6,"p":{"lines":[144,145]},"v":"<a href=\"https://smart-api.info/registry\">SmartAPI Registry</a>"},{"t":"list_item","d":6,"p":{"lines":[145,146]},"v":"<a href=\"https://www.apistack.io/\">API Stack</a>"},{"t":"list_item","d":6,"p":{"lines":[146,147]},"v":"<a href=\"https://public-apis.xyz/\">Public APIs</a>"}]}]},{"t":"heading","d":3,"p":{"lines":[148,149]},"v":"Enumerate endpoints / methods","c":[{"t":"heading","d":4,"p":{"lines":[150,151]},"v":"Endpoints","c":[{"t":"heading","d":5,"p":{"lines":[152,153]},"v":"GraphQL","c":[{"t":"list_item","d":7,"p":{"lines":[153,154]},"v":"<a href=\"https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/graphql.txt\">https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/graphql.txt</a>"}]},{"t":"heading","d":5,"p":{"lines":[155,156]},"v":"Swagger","c":[{"t":"list_item","d":7,"p":{"lines":[156,157]},"v":"<a href=\"https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/swagger.txt\">https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/swagger.txt</a>"}]},{"t":"heading","d":5,"p":{"lines":[158,159]},"v":"Other","c":[{"t":"list_item","d":7,"p":{"lines":[159,160]},"v":"<a href=\"https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/api_endpoints.txt\">https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/api_endpoints.txt</a>"},{"t":"list_item","d":7,"p":{"lines":[160,161]},"v":"<a href=\"https://s3.amazonaws.com/assetnote-wordlists/data/automated/httparchive_apiroutes_2020_11_20.txt\">https://s3.amazonaws.com/assetnote-wordlists/data/automated/httparchive_apiroutes_2020_11_20.txt</a>"}]},{"t":"heading","d":5,"p":{"lines":[162,163]},"v":"WADL","c":[{"t":"list_item","d":7,"p":{"lines":[163,164]},"v":"<a href=\"https://github.com/dwisiswant0/wadl-dumper\">https://github.com/dwisiswant0/wadl-dumper</a>"}]}]},{"t":"heading","d":4,"p":{"lines":[165,166]},"v":"Tools","c":[{"t":"heading","d":5,"p":{"lines":[167,168]},"v":"ffuf","c":[{"t":"list_item","d":7,"p":{"lines":[168,169]},"v":"<code>ffuf -w wordlists/WORDLIST -u https://TARGET.TLD/FUZZ</code>"},{"t":"list_item","d":7,"p":{"lines":[169,170]},"v":"<a href=\"https://github.com/ffuf/ffuf\">https://github.com/ffuf/ffuf</a>"}]},{"t":"heading","d":5,"p":{"lines":[171,172]},"v":"Amass","c":[{"t":"list_item","d":7,"p":{"lines":[172,173]},"v":"<code>amass enum -active -d TARGET.TLD -config /root/amass/config.ini</code>"},{"t":"list_item","d":7,"p":{"lines":[173,174]},"v":"<a href=\"https://github.com/OWASP/Amass\">https://github.com/OWASP/Amass</a>"}]},{"t":"heading","d":5,"p":{"lines":[175,176]},"v":"nuclei","c":[{"t":"list_item","d":7,"p":{"lines":[176,177]},"v":"<code>nuclei -target TARGET.TLD -t exposures/apis/</code>"},{"t":"list_item","d":7,"p":{"lines":[177,178]},"v":"<a href=\"https://github.com/projectdiscovery/nuclei\">https://github.com/projectdiscovery/nuclei</a>"}]},{"t":"heading","d":5,"p":{"lines":[179,180]},"v":"Jaeles","c":[{"t":"list_item","d":7,"p":{"lines":[180,181]},"v":"<code>jaeles scan -s /jaeles-signatures/sensitive/swagger-ui-probing.yaml -u TARGET.TLD</code>"},{"t":"list_item","d":7,"p":{"lines":[181,182]},"v":"<a href=\"https://github.com/jaeles-project/jaeles\">https://github.com/jaeles-project/jaeles</a>"}]},{"t":"heading","d":5,"p":{"lines":[183,184]},"v":"Arjun","c":[{"t":"list_item","d":7,"p":{"lines":[184,185]},"v":"<code>arjun -u https://api.TARGET.TLD/endpoint</code>"},{"t":"list_item","d":7,"p":{"lines":[185,186]},"v":"<a href=\"https://github.com/s0md3v/Arjun\">https://github.com/s0md3v/Arjun</a>"}]},{"t":"heading","d":5,"p":{"lines":[187,188]},"v":"ParamSpider","c":[{"t":"list_item","d":7,"p":{"lines":[188,189]},"v":"<code>python3 paramspider.py --domain TARGET.TLD</code>"},{"t":"list_item","d":7,"p":{"lines":[189,190]},"v":"<a href=\"https://github.com/devanshbatham/ParamSpider\">https://github.com/devanshbatham/ParamSpider</a>"}]},{"t":"heading","d":5,"p":{"lines":[191,192]},"v":"param-miner","c":[{"t":"list_item","d":7,"p":{"lines":[192,193]},"v":"<a href=\"https://github.com/PortSwigger/param-miner\">https://github.com/PortSwigger/param-miner</a>"}]},{"t":"heading","d":5,"p":{"lines":[194,195]},"v":"TnT-Fuzzer","c":[{"t":"list_item","d":7,"p":{"lines":[195,196]},"v":"<code>tntfuzzer --url https://TARGET.TLD/v2/swagger.json --iterations 100 --log_all</code>"},{"t":"list_item","d":7,"p":{"lines":[196,197]},"v":"<a href=\"https://github.com/Teebytes/TnT-Fuzzer\">https://github.com/Teebytes/TnT-Fuzzer</a>"}]},{"t":"heading","d":5,"p":{"lines":[198,199]},"v":"Kiterunner","c":[{"t":"list_item","d":7,"p":{"lines":[199,200]},"v":"<code>kr scan TARGET.TLD -w routes.kite -A=apiroutes-210228:20000 -x 10 --ignore-length=34</code>"},{"t":"list_item","d":7,"p":{"lines":[200,201]},"v":"<a href=\"https://github.com/assetnote/kiterunner\">https://github.com/assetnote/kiterunner</a>"}]},{"t":"heading","d":5,"p":{"lines":[202,203]},"v":"graphw00f","c":[{"t":"list_item","d":7,"p":{"lines":[203,204]},"v":"<code>python3 main.py -f -d -t http://localhost:5000</code>"},{"t":"list_item","d":7,"p":{"lines":[204,205]},"v":"<a href=\"https://github.com/dolevf/graphw00f\">https://github.com/dolevf/graphw00f</a>"}]}]}]},{"t":"heading","d":3,"p":{"lines":[206,207]},"v":"Supported Content Types","c":[{"t":"list_item","d":5,"p":{"lines":[208,209]},"v":"Play with request URL","c":[{"t":"list_item","d":7,"p":{"lines":[209,210]},"v":"Requested resource extension e.g. replacing <code>.json</code> by <code>.xml</code>"},{"t":"list_item","d":7,"p":{"lines":[210,211]},"v":"Query string e.g. replacing <code>?json</code> by <code>?xml</code> or <code>?format=json</code> by <code>?format=xml</code>"}]},{"t":"list_item","d":5,"p":{"lines":[211,212]},"v":"Play with <code>Content-Type</code> request header and payload","c":[{"t":"list_item","d":7,"p":{"lines":[212,213]},"v":"Without <code>Content-Type</code>, submit either <code>json</code>, <code>xml</code>, ..."},{"t":"list_item","d":7,"p":{"lines":[213,214]},"v":"Changing <code>Content-Type</code> and payload accordingly"}]}]}]},{"t":"heading","d":2,"p":{"lines":[215,216]},"v":"Testing","c":[{"t":"heading","d":3,"p":{"lines":[217,218]},"v":"Broken Object Level Authorization","c":[{"t":"heading","d":4,"p":{"lines":[219,220]},"v":"Endpoint receives an ID?","c":[{"t":"heading","d":5,"p":{"lines":[221,222]},"v":"Understand the pattern","c":[{"t":"list_item","d":7,"p":{"lines":[222,223]},"v":"Sequential"},{"t":"list_item","d":7,"p":{"lines":[223,224]},"v":"Encoded"},{"t":"list_item","d":7,"p":{"lines":[224,225]},"v":"Other"}]},{"t":"heading","d":5,"p":{"lines":[226,227]},"v":"Tamper","c":[{"t":"heading","d":6,"p":{"lines":[228,229]},"v":"Change","c":[{"t":"list_item","d":8,"p":{"lines":[229,230]},"v":"Next value"},{"t":"list_item","d":8,"p":{"lines":[230,231]},"v":"Previous value"},{"t":"list_item","d":8,"p":{"lines":[231,232]},"v":"Data Type","c":[{"t":"list_item","d":10,"p":{"lines":[232,233]},"v":"Is it a number? Change it to a string"},{"t":"list_item","d":10,"p":{"lines":[233,234]},"v":"Is it a string? Change it to a number"}]},{"t":"list_item","d":8,"p":{"lines":[234,235]},"v":"Method -&gt; GET to POST"}]},{"t":"heading","d":6,"p":{"lines":[236,237]},"v":"Duplicate","c":[{"t":"list_item","d":8,"p":{"lines":[237,238]},"v":"?id=1&amp;id=2"}]},{"t":"heading","d":6,"p":{"lines":[239,240]},"v":"Add as an array","c":[{"t":"list_item","d":8,"p":{"lines":[240,241]},"v":"?id[]=1&amp;id[]=2"}]},{"t":"heading","d":6,"p":{"lines":[242,243]},"v":"Wildcard","c":[{"t":"list_item","d":8,"p":{"lines":[243,244]},"v":"GET /users/id -&gt; GET /users/*"}]},{"t":"heading","d":6,"p":{"lines":[245,246]},"v":"cross-deployments IDs","c":[{"t":"list_item","d":8,"p":{"lines":[246,247]},"v":"Identify other deployments (hosts) of your target API"},{"t":"list_item","d":8,"p":{"lines":[247,248]},"v":"Enumerate resources IDs (often non- numerical/sequential ones)"},{"t":"list_item","d":8,"p":{"lines":[248,249]},"v":"Test those IDs on your target API host"}]}]}]},{"t":"heading","d":4,"p":{"lines":[250,251]},"v":"Check the response"},{"t":"heading","d":4,"p":{"lines":[252,253]},"v":"Tools","c":[{"t":"list_item","d":6,"p":{"lines":[253,254]},"v":"REST APIs","c":[{"t":"list_item","d":8,"p":{"lines":[254,255]},"v":"<a href=\"https://github.com/flipkart-incubator/Astra\">Astra</a>"},{"t":"list_item","d":8,"p":{"lines":[255,256]},"v":"<a href=\"https://github.com/bncrypted/apidor\">apidor</a>"},{"t":"list_item","d":8,"p":{"lines":[256,257]},"v":"<a href=\"https://github.com/SecurityInnovation/AuthMatrix\">AuthMatrix</a>"},{"t":"list_item","d":8,"p":{"lines":[257,258]},"v":"<a href=\"https://github.com/PortSwigger/autorize\">Autorize</a>"},{"t":"list_item","d":8,"p":{"lines":[258,259]},"v":"<a href=\"https://github.com/portswigger/auth-analyzer\">Auth Analyzer</a>"},{"t":"list_item","d":8,"p":{"lines":[259,260]},"v":"<a href=\"https://github.com/ant4g0nist/Susanoo\">Susanoo</a>"}]},{"t":"list_item","d":6,"p":{"lines":[260,261]},"v":"GraphQL","c":[{"t":"list_item","d":8,"p":{"lines":[261,262]},"v":"<a href=\"https://github.com/doyensec/inql\">InQL</a>"},{"t":"list_item","d":8,"p":{"lines":[262,263]},"v":"<a href=\"https://gitlab.com/dee-see/graphql-path-enum\">graphql-path-enum</a>"},{"t":"list_item","d":8,"p":{"lines":[263,264]},"v":"<a href=\"https://graphql-dashboard.herokuapp.com/\">AutoGraphQL</a>"}]},{"t":"list_item","d":6,"p":{"lines":[264,265]},"v":"gRPC-protobuf","c":[{"t":"list_item","d":8,"p":{"lines":[265,266]},"v":"<a href=\"https://github.com/trailofbits/protofuzz\">ProtoFuzz</a>"}]}]}]},{"t":"heading","d":3,"p":{"lines":[267,268]},"v":"Broken Authentication","c":[{"t":"heading","d":4,"p":{"lines":[269,270]},"v":"Test","c":[{"t":"heading","d":5,"p":{"lines":[271,272]},"v":"URL sensitive data","c":[{"t":"list_item","d":7,"p":{"lines":[272,273]},"v":"Passwords"},{"t":"list_item","d":7,"p":{"lines":[273,274]},"v":"Tokens"}]},{"t":"heading","d":5,"p":{"lines":[275,276]},"v":"Brute force attacks","c":[{"t":"list_item","d":7,"p":{"lines":[276,277]},"v":"Login"},{"t":"list_item","d":7,"p":{"lines":[277,278]},"v":"Forget Password"},{"t":"list_item","d":7,"p":{"lines":[278,279]},"v":"Forget Username"}]},{"t":"heading","d":5,"p":{"lines":[280,281]},"v":"Authenticity of tokens"},{"t":"heading","d":5,"p":{"lines":[282,283]},"v":"Password","c":[{"t":"heading","d":6,"p":{"lines":[284,285]},"v":"Strength","c":[{"t":"list_item","d":8,"p":{"lines":[285,286]},"v":"Changing Password"},{"t":"list_item","d":8,"p":{"lines":[286,287]},"v":"Registration"}]},{"t":"heading","d":6,"p":{"lines":[288,289]},"v":"Type","c":[{"t":"list_item","d":8,"p":{"lines":[289,290]},"v":"Plain text"},{"t":"list_item","d":8,"p":{"lines":[290,291]},"v":"Weak encryption"},{"t":"list_item","d":8,"p":{"lines":[291,292]},"v":"Weak hash algorithm"}]},{"t":"heading","d":6,"p":{"lines":[293,294]},"v":"API Keys","c":[{"t":"list_item","d":8,"p":{"lines":[294,295]},"v":"Predictable"},{"t":"list_item","d":8,"p":{"lines":[295,296]},"v":"Weak hash algorithm"}]}]}]},{"t":"heading","d":4,"p":{"lines":[297,298]},"v":"Types of Authentication","c":[{"t":"heading","d":5,"p":{"lines":[299,300]},"v":"JWT","c":[{"t":"heading","d":6,"p":{"lines":[301,302]},"v":"Test JWT secret brute-forcing","c":[{"t":"list_item","d":8,"p":{"lines":[302,303]},"v":"jwt_tool","c":[{"t":"list_item","d":10,"p":{"lines":[303,304]},"v":"<code>python3 jwt_tool.py &lt;JWT&gt; -C -d &lt;Wordlist&gt;</code>"},{"t":"list_item","d":10,"p":{"lines":[304,305]},"v":"<a href=\"https://github.com/ticarpi/jwt_tool\">https://github.com/ticarpi/jwt_tool</a>"}]},{"t":"list_item","d":8,"p":{"lines":[305,306]},"v":"jwt_cracker","c":[{"t":"list_item","d":10,"p":{"lines":[306,307]},"v":"<code>jwt-cracker &lt;JWT&gt; &lt;Alphabet&gt; &lt;Max length&gt;</code>"},{"t":"list_item","d":10,"p":{"lines":[307,308]},"v":"<a href=\"https://github.com/lmammino/jwt-cracker\">https://github.com/lmammino/jwt-cracker</a>"},{"t":"list_item","d":10,"p":{"lines":[308,309]},"v":"jwtcat","c":[{"t":"list_item","d":12,"p":{"lines":[309,310]},"v":"<code>python jwcat.py brute-force &lt;JWT&gt;</code>"},{"t":"list_item","d":12,"p":{"lines":[310,311]},"v":"<a href=\"https://github.com/aress31/jwtcat\">https://github.com/aress31/jwtcat</a>"}]},{"t":"list_item","d":10,"p":{"lines":[311,312]},"v":"jwtcat","c":[{"t":"list_item","d":12,"p":{"lines":[312,313]},"v":"<code>python jwcat.py wordlist -w &lt;Wordlist&gt; &lt;JWT&gt;</code>"},{"t":"list_item","d":12,"p":{"lines":[313,314]},"v":"<a href=\"https://github.com/aress31/jwtcat\">https://github.com/aress31/jwtcat</a>"}]}]},{"t":"list_item","d":8,"p":{"lines":[314,315]},"v":"<a href=\"https://github.com/wallarm/jwt-heartbreaker\">JWT Heartbreaker</a>"}]},{"t":"heading","d":6,"p":{"lines":[316,317]},"v":"Abusing JWT Public Keys Without knowing the Public Key","c":[{"t":"list_item","d":8,"p":{"lines":[317,318]},"v":"<a href=\"https://github.com/silentsignal/rsa_sign2n\">rsa_sig2n</a>"}]},{"t":"heading","d":6,"p":{"lines":[319,320]},"v":"Test if algorithm could be changed","c":[{"t":"list_item","d":8,"p":{"lines":[320,321]},"v":"Change algorithm to None","c":[{"t":"list_item","d":10,"p":{"lines":[321,322]},"v":"jwt_tool","c":[{"t":"list_item","d":12,"p":{"lines":[322,323]},"v":"<code>python3 jwt_tool.py &lt;JWT&gt; -X a</code>"},{"t":"list_item","d":12,"p":{"lines":[323,324]},"v":"<a href=\"https://github.com/ticarpi/jwt_tool\">https://github.com/ticarpi/jwt_tool</a>"}]},{"t":"list_item","d":10,"p":{"lines":[324,325]},"v":"jwtcat","c":[{"t":"list_item","d":12,"p":{"lines":[325,326]},"v":"<code>python jwcat.py vulnerable &lt;JWT&gt;</code>"},{"t":"list_item","d":12,"p":{"lines":[326,327]},"v":"<a href=\"https://github.com/aress31/jwtcat\">https://github.com/aress31/jwtcat</a>"}]}]},{"t":"list_item","d":8,"p":{"lines":[327,328]},"v":"Change algorithm from RS256 to HS256","c":[{"t":"list_item","d":10,"p":{"lines":[328,329]},"v":"jtw_tool","c":[{"t":"list_item","d":12,"p":{"lines":[329,330]},"v":"<code>python3 jwt_tool.py &lt;JWT&gt; -S hs256 -k public.pem</code>"},{"t":"list_item","d":12,"p":{"lines":[330,331]},"v":"<a href=\"https://github.com/ticarpi/jwt_tool\">https://github.com/ticarpi/jwt_tool</a>"}]},{"t":"list_item","d":10,"p":{"lines":[331,332]},"v":"jwtcat","c":[{"t":"list_item","d":12,"p":{"lines":[332,333]},"v":"<code>python jwcat.py vulnerable &lt;JWT&gt;</code>"},{"t":"list_item","d":12,"p":{"lines":[333,334]},"v":"<a href=\"https://github.com/aress31/jwtcat\">https://github.com/aress31/jwtcat</a>"}]}]},{"t":"list_item","d":8,"p":{"lines":[334,335]},"v":"<a href=\"https://jwt.io/#debugger-io\">jwt.io</a>"},{"t":"list_item","d":8,"p":{"lines":[335,336]},"v":"<a href=\"https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61\">JSON Web Token Attacker</a>"}]},{"t":"heading","d":6,"p":{"lines":[337,338]},"v":"Test if signature is being validated","c":[{"t":"list_item","d":8,"p":{"lines":[338,339]},"v":"jwt_tool","c":[{"t":"list_item","d":10,"p":{"lines":[339,340]},"v":"<code>python3 jwt_tool.py &lt;JWT&gt; -I -pc &lt;Key&gt; -pv &lt;Value&gt;</code>"},{"t":"list_item","d":10,"p":{"lines":[340,341]},"v":"<a href=\"https://github.com/ticarpi/jwt_tool\">https://github.com/ticarpi/jwt_tool</a>"}]},{"t":"list_item","d":8,"p":{"lines":[341,342]},"v":"jtwXploiter","c":[{"t":"list_item","d":10,"p":{"lines":[342,343]},"v":"<code>jwtxpl &lt;JWT&gt; -a hs256 -p &lt;key&gt;:&lt;value&gt; --unverified</code>"},{"t":"list_item","d":10,"p":{"lines":[343,344]},"v":"<a href=\"https://github.com/DontPanicO/jwtXploiter\">https://github.com/DontPanicO/jwtXploiter</a>"}]}]},{"t":"heading","d":6,"p":{"lines":[345,346]},"v":"Test token expiration time (TTL, RTTL)"},{"t":"heading","d":6,"p":{"lines":[347,348]},"v":"Test if sensitive data is in the JWT","c":[{"t":"list_item","d":8,"p":{"lines":[348,349]},"v":"<a href=\"https://jwt.io/#debugger-io\">jwt.io</a>"}]},{"t":"heading","d":6,"p":{"lines":[350,351]},"v":"Check for Injection in &quot;kid&quot; element","c":[{"t":"list_item","d":8,"p":{"lines":[351,352]},"v":"jwt_tool","c":[{"t":"list_item","d":10,"p":{"lines":[352,353]},"v":"<code>python3 jwt_tool.py &lt;JWT&gt; -I -hc kid -hv &quot;../../dev/null&quot; -S hs256 -p &quot;&quot;</code>"},{"t":"list_item","d":10,"p":{"lines":[353,354]},"v":"<a href=\"https://github.com/ticarpi/jwt_tool\">https://github.com/ticarpi/jwt_tool</a>"}]},{"t":"list_item","d":8,"p":{"lines":[354,355]},"v":"jwtXploiter","c":[{"t":"list_item","d":10,"p":{"lines":[355,356]},"v":"<code>jwtxpl &lt;JWT&gt; -a hs256 -p &lt;key&gt;:&lt;value&gt; --inject-kid &quot;../../dev/null&quot;</code>"},{"t":"list_item","d":10,"p":{"lines":[356,357]},"v":"<a href=\"https://github.com/DontPanicO/jwtXploiter\">https://github.com/DontPanicO/jwtXploiter</a>"}]}]},{"t":"heading","d":6,"p":{"lines":[358,359]},"v":"Check for time constant verification for HMAC"},{"t":"heading","d":6,"p":{"lines":[360,361]},"v":"Check that keys and secrets are different between ENV"}]},{"t":"heading","d":5,"p":{"lines":[362,363]},"v":"OAuth","c":[{"t":"list_item","d":7,"p":{"lines":[363,364]},"v":"Test redirect_uri","c":[{"t":"list_item","d":9,"p":{"lines":[364,365]},"v":"Open redirects","c":[{"t":"list_item","d":11,"p":{"lines":[365,366]},"v":"Common issues","c":[{"t":"list_item","d":13,"p":{"lines":[366,367]},"v":"<code>?redirect_uri=https://atttacker.com</code>"},{"t":"list_item","d":13,"p":{"lines":[367,368]},"v":"<code>?redirect_uri=https://ATTACKER.TARGET.TLD</code>"},{"t":"list_item","d":13,"p":{"lines":[368,369]},"v":"<code>?redirect_uri=https://ALLOWED_HOST.com/callback?redirectUrl=https://attacker.com</code>"},{"t":"list_item","d":13,"p":{"lines":[369,370]},"v":"<code>?redirect_uri=https://TARGET.TLD.attacker.com</code>"},{"t":"list_item","d":13,"p":{"lines":[370,371]},"v":"<code>?redirect_uri=https://TARGET.TLD%252eattacker.com</code>"},{"t":"list_item","d":13,"p":{"lines":[371,372]},"v":"<code>?redirect_uri=https://TARGET.TLD//attacker.com/</code>"}]},{"t":"list_item","d":11,"p":{"lines":[372,373]},"v":"Fuzz","c":[{"t":"list_item","d":13,"p":{"lines":[373,374]},"v":"<code>?redirect_uri=https://TARGET.TLD§FUZZ§</code>"},{"t":"list_item","d":13,"p":{"lines":[374,375]},"v":"<code>?redirect_uri=https://§FUZZ§TARGET.TLD</code>"}]}]},{"t":"list_item","d":9,"p":{"lines":[375,376]},"v":"XSS"}]},{"t":"list_item","d":7,"p":{"lines":[376,377]},"v":"Test the existence of response_type=token"},{"t":"list_item","d":7,"p":{"lines":[377,378]},"v":"Testing state","c":[{"t":"list_item","d":9,"p":{"lines":[378,379]},"v":"Missing state parameter?","c":[{"t":"list_item","d":11,"p":{"lines":[379,380]},"v":"CSRF","c":[{"t":"list_item","d":13,"p":{"lines":[380,381]},"v":"Generate a valid <code>authorization_code</code> and don't use it","c":[{"t":"list_item","d":15,"p":{"lines":[381,382]},"v":"Send the crafted CSRF page to TARGET"}]}]}]},{"t":"list_item","d":9,"p":{"lines":[382,383]},"v":"Predictable state parameter?"},{"t":"list_item","d":9,"p":{"lines":[383,384]},"v":"Is state parameter being verified?"}]},{"t":"list_item","d":7,"p":{"lines":[384,385]},"v":"If you revocate access, will code be also revocated?"},{"t":"list_item","d":7,"p":{"lines":[385,386]},"v":"Credential leakage","c":[{"t":"list_item","d":9,"p":{"lines":[386,387]},"v":"Check the Referer header"},{"t":"list_item","d":9,"p":{"lines":[387,388]},"v":"Check the browser history"}]}]},{"t":"heading","d":5,"p":{"lines":[389,390]},"v":"Basic Auth"}]}]},{"t":"heading","d":3,"p":{"lines":[391,392]},"v":"Excessive Data Exposure","c":[{"t":"heading","d":4,"p":{"lines":[393,394]},"v":"Check if the API returns full data objects from database with sensitive data","c":[{"t":"list_item","d":6,"p":{"lines":[394,395]},"v":"<a href=\"https://github.com/BBVA/apicheck\">apicheck</a>"}]},{"t":"heading","d":4,"p":{"lines":[396,397]},"v":"Compare client data with the API response to check if the filtering is done by client side"},{"t":"heading","d":4,"p":{"lines":[398,399]},"v":"Sniff the traffic to check for sensitive data returned by the API","c":[{"t":"list_item","d":6,"p":{"lines":[399,400]},"v":"<a href=\"https://portswigger.net/burp/communitydownload\">Burp CE</a>"},{"t":"list_item","d":6,"p":{"lines":[400,401]},"v":"<a href=\"https://www.zaproxy.org/\">ZAP</a>"},{"t":"list_item","d":6,"p":{"lines":[401,402]},"v":"<a href=\"https://mitmproxy.org/\">mitmproxy</a>"}]}]},{"t":"heading","d":3,"p":{"lines":[403,404]},"v":"Lack of Resources &amp; Rate Limiting","c":[{"t":"heading","d":4,"p":{"lines":[405,406]},"v":"Execution timeouts","c":[{"t":"list_item","d":6,"p":{"lines":[406,407]},"v":"<a href=\"https://github.com/doyensec/regexploit\">Regexploit</a>"}]},{"t":"heading","d":4,"p":{"lines":[408,409]},"v":"Test brute-force attacks"},{"t":"heading","d":4,"p":{"lines":[410,411]},"v":"Max allocable memory"},{"t":"heading","d":4,"p":{"lines":[412,413]},"v":"Number of file descriptors"},{"t":"heading","d":4,"p":{"lines":[414,415]},"v":"Number of processes","c":[{"t":"list_item","d":6,"p":{"lines":[415,416]},"v":"<a href=\"https://github.com/racepwn/racepwn\">racepwn</a>"},{"t":"list_item","d":6,"p":{"lines":[416,417]},"v":"<a href=\"https://github.com/TheHackerDev/race-the-web\">Race The Web</a>"}]},{"t":"heading","d":4,"p":{"lines":[418,419]},"v":"Request payload size (e.g. uploads)"},{"t":"heading","d":4,"p":{"lines":[420,421]},"v":"Number of requests per client/resource","c":[{"t":"list_item","d":6,"p":{"lines":[421,422]},"v":"<a href=\"https://github.com/flipkart-incubator/Astra\">Astra</a>"},{"t":"list_item","d":6,"p":{"lines":[422,423]},"v":"<a href=\"https://github.com/Fuzzapi/API-fuzzer\">API Fuzzer</a>"}]},{"t":"heading","d":4,"p":{"lines":[424,425]},"v":"Number of records per page to return in a single request response","c":[{"t":"list_item","d":6,"p":{"lines":[425,426]},"v":"<a href=\"https://github.com/Fuzzapi/API-fuzzer\">API Fuzzer</a>"}]}]},{"t":"heading","d":3,"p":{"lines":[427,428]},"v":"Broken Function Level Authorization","c":[{"t":"list_item","d":5,"p":{"lines":[428,429]},"v":"Can a regular user access administrative endpoints? (MindAPI recon can help you here)"},{"t":"list_item","d":5,"p":{"lines":[429,430]},"v":"Testing different HTTP methods (GET, POST, PUT, DELETE, PATCH) will allow level escalation?"},{"t":"list_item","d":5,"p":{"lines":[430,431]},"v":"Enumerate/Bruteforce endpoints for getting unauthorized requests (MindAPI recon can help you here)"}]},{"t":"heading","d":3,"p":{"lines":[432,433]},"v":"Mass Assignment","c":[{"t":"heading","d":4,"p":{"lines":[434,435]},"v":"Enumerate object properties","c":[{"t":"list_item","d":6,"p":{"lines":[436,437]},"v":"API documentation (Reconnaissance)"},{"t":"list_item","d":6,"p":{"lines":[437,438]},"v":"Inspect available API clients' network traffic","c":[{"t":"list_item","d":8,"p":{"lines":[438,439]},"v":"Desktop"},{"t":"list_item","d":8,"p":{"lines":[439,440]},"v":"Mobile"},{"t":"list_item","d":8,"p":{"lines":[440,441]},"v":"Web"}]},{"t":"list_item","d":6,"p":{"lines":[441,442]},"v":"Exercise data retrieval endpoints","c":[{"t":"list_item","d":8,"p":{"lines":[442,443]},"v":"watch-out for <code>?include=user.addresses,user.cards</code>-like parameters"}]},{"t":"list_item","d":6,"p":{"lines":[443,444]},"v":"Uncover hidden properties","c":[{"t":"list_item","d":8,"p":{"lines":[444,445]},"v":"Guessing, based on API context"},{"t":"list_item","d":8,"p":{"lines":[445,446]},"v":"Reverse engineering available API clients"},{"t":"list_item","d":8,"p":{"lines":[446,447]},"v":"Fuzzing","c":[{"t":"list_item","d":10,"p":{"lines":[447,448]},"v":"GraphQL","c":[{"t":"list_item","d":12,"p":{"lines":[448,449]},"v":"<a href=\"https://github.com/szski/shapeshifter\">ShapeShifter</a> (<a href=\"https://www.youtube.com/watch?v=NPDp7GHmMa0&amp;t=2580\">demo</a>)"}]}]}]}]},{"t":"heading","d":4,"p":{"lines":[450,451]},"v":"Craft request payloads","c":[{"t":"list_item","d":6,"p":{"lines":[452,453]},"v":"Include augmented objects","c":[{"t":"list_item","d":8,"p":{"lines":[453,454]},"v":"One additional property at a time"},{"t":"list_item","d":8,"p":{"lines":[454,455]},"v":"Possible combinations of properties"},{"t":"list_item","d":8,"p":{"lines":[455,456]},"v":"All enumerated properties at once"}]},{"t":"list_item","d":6,"p":{"lines":[456,457]},"v":"Vary properties data types/values","c":[{"t":"list_item","d":8,"p":{"lines":[457,458]},"v":"Number, String, Array, Object"},{"t":"list_item","d":8,"p":{"lines":[458,459]},"v":"State values: <code>to-do</code> -&gt; <code>in-progress</code> -&gt; <code>done</code> (keep in mind possible state transitions)"}]},{"t":"list_item","d":6,"p":{"lines":[459,460]},"v":"Test different operation types","c":[{"t":"list_item","d":8,"p":{"lines":[460,461]},"v":"Create"},{"t":"list_item","d":8,"p":{"lines":[461,462]},"v":"Update"}]}]}]},{"t":"heading","d":3,"p":{"lines":[463,464]},"v":"Security Misconfiguration","c":[{"t":"heading","d":4,"p":{"lines":[465,466]},"v":"The latest security patches are missing, or the systems are out of date."},{"t":"heading","d":4,"p":{"lines":[467,468]},"v":"Can you use other HTTP verbs?"},{"t":"heading","d":4,"p":{"lines":[469,470]},"v":"Test if Transport Layer Security (TLS) is missing","c":[{"t":"list_item","d":6,"p":{"lines":[470,471]},"v":"<a href=\"https://testssl.sh/\">testssl</a>"}]},{"t":"heading","d":4,"p":{"lines":[472,473]},"v":"Test for security headers","c":[{"t":"list_item","d":6,"p":{"lines":[473,474]},"v":"<a href=\"https://github.com/Fuzzapi/API-fuzzer\">API Fuzzer</a>"}]},{"t":"heading","d":4,"p":{"lines":[475,476]},"v":"CORS is well configured?","c":[{"t":"list_item","d":6,"p":{"lines":[476,477]},"v":"<a href=\"https://github.com/flipkart-incubator/Astra\">Astra</a>"},{"t":"list_item","d":6,"p":{"lines":[477,478]},"v":"<a href=\"https://github.com/Fuzzapi/API-fuzzer\">API Fuzzer</a>"}]},{"t":"heading","d":4,"p":{"lines":[479,480]},"v":"Force an error to see if any sensitive information is exposed"},{"t":"heading","d":4,"p":{"lines":[481,482]},"v":"GraphQL","c":[{"t":"list_item","d":6,"p":{"lines":[483,484]},"v":"<a href=\"https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#introspection-graphiql\">Introspection Query and/or GraphiQL is enabled</a>","c":[{"t":"list_item","d":8,"p":{"lines":[484,485]},"v":"<a href=\"https://github.com/assetnote/batchql\">BatchQL</a>"}]},{"t":"list_item","d":6,"p":{"lines":[485,486]},"v":"GraphQL server provides fields name hints"},{"t":"list_item","d":6,"p":{"lines":[486,487]},"v":"<a href=\"https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#batching-attacks\">Query batching is enabled without limit</a>","c":[{"t":"list_item","d":8,"p":{"lines":[487,488]},"v":"<a href=\"https://github.com/assetnote/batchql\">BatchQL</a>"}]},{"t":"list_item","d":6,"p":{"lines":[488,489]},"v":"<a href=\"https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#query-limiting-depth-amount\">Unlimited Depth and/or Amount</a>"}]}]},{"t":"heading","d":3,"p":{"lines":[490,491]},"v":"Injection","c":[{"t":"heading","d":4,"p":{"lines":[492,493]},"v":"Test if user input is validated, filtered, or sanitized by the API","c":[{"t":"list_item","d":6,"p":{"lines":[493,494]},"v":"REST APIs","c":[{"t":"list_item","d":8,"p":{"lines":[494,495]},"v":"<a href=\"https://github.com/flipkart-incubator/Astra\">Astra</a>"},{"t":"list_item","d":8,"p":{"lines":[495,496]},"v":"<a href=\"https://github.com/Fuzzapi/API-fuzzer\">API Fuzzer</a>"},{"t":"list_item","d":8,"p":{"lines":[496,497]},"v":"<a href=\"https://github.com/Teebytes/TnT-Fuzzer\">TnT-Fuzzer</a>"},{"t":"list_item","d":8,"p":{"lines":[497,498]},"v":"<a href=\"https://github.com/KissPeter/APIFuzzer\">APIFuzzer</a>"},{"t":"list_item","d":8,"p":{"lines":[498,499]},"v":"<a href=\"https://github.com/ant4g0nist/Susanoo\">Susanoo</a>"}]},{"t":"list_item","d":6,"p":{"lines":[499,500]},"v":"GraphQL","c":[{"t":"list_item","d":8,"p":{"lines":[500,501]},"v":"<a href=\"https://github.com/swisskyrepo/GraphQLmap\">GraphQLmap</a>"}]},{"t":"list_item","d":6,"p":{"lines":[501,502]},"v":"gRPC-protobuf","c":[{"t":"list_item","d":8,"p":{"lines":[502,503]},"v":"<a href=\"https://github.com/trailofbits/protofuzz\">ProtoFuzz</a>"}]}]},{"t":"heading","d":4,"p":{"lines":[504,505]},"v":"Test if client data is used or concat into DB queries, OS commands, etc","c":[{"t":"list_item","d":6,"p":{"lines":[505,506]},"v":"REST APIs","c":[{"t":"list_item","d":8,"p":{"lines":[506,507]},"v":"<a href=\"https://github.com/flipkart-incubator/Astra\">Astra</a>"},{"t":"list_item","d":8,"p":{"lines":[507,508]},"v":"<a href=\"https://github.com/Fuzzapi/API-fuzzer\">API Fuzzer</a>"},{"t":"list_item","d":8,"p":{"lines":[508,509]},"v":"<a href=\"https://github.com/Teebytes/TnT-Fuzzer\">TnT-Fuzzer</a>"},{"t":"list_item","d":8,"p":{"lines":[509,510]},"v":"<a href=\"https://github.com/KissPeter/APIFuzzer\">APIFuzzer</a>"},{"t":"list_item","d":8,"p":{"lines":[510,511]},"v":"<a href=\"https://github.com/ant4g0nist/Susanoo\">Susanoo</a>"}]},{"t":"list_item","d":6,"p":{"lines":[511,512]},"v":"GraphQL","c":[{"t":"list_item","d":8,"p":{"lines":[512,513]},"v":"<a href=\"https://github.com/swisskyrepo/GraphQLmap\">GraphQLmap</a>"}]},{"t":"list_item","d":6,"p":{"lines":[513,514]},"v":"gRPC-protobuf","c":[{"t":"list_item","d":8,"p":{"lines":[514,515]},"v":"<a href=\"https://github.com/trailofbits/protofuzz\">ProtoFuzz</a>"}]}]},{"t":"heading","d":4,"p":{"lines":[516,517]},"v":"Check if incoming data from external systems is validated, filtered, or sanitized by the API"}]},{"t":"heading","d":3,"p":{"lines":[518,519]},"v":"Improper Assets Management","c":[{"t":"list_item","d":5,"p":{"lines":[519,520]},"v":"Check for the API documentation (MindAPI recon can help you here)"},{"t":"list_item","d":5,"p":{"lines":[520,521]},"v":"Hosts inventory is missing or outdated."},{"t":"list_item","d":5,"p":{"lines":[521,522]},"v":"Integrated services inventory, either first- or third-party, is missing or outdated."},{"t":"list_item","d":5,"p":{"lines":[522,523]},"v":"Old or previous API versions are running unpatched."}]}]}]})</script>
24 | </body>
25 | </html>
26 | 


--------------------------------------------------------------------------------
/Security Assessment Mindset/Bug Bountry Note.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Bug Bountry Note.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Finding Server Side Issues.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Finding Server Side Issues.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/IDOR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/IDOR.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Oauth 2.0 Pentest Checklist.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Oauth 2.0 Pentest Checklist.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Patrik's Bug Bounty Tools.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Patrik's Bug Bounty Tools.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Recon Map.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Recon Map.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Recon-Masterplan.original.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Recon-Masterplan.original.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/SSRF.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/SSRF.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Scope Based Recon Methodology Mindmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Scope Based Recon Methodology Mindmap.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Server_Side_Template injection Roadmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Server_Side_Template injection Roadmap.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/The Bug Hunter’s Methodology v4 Roadmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/The Bug Hunter’s Methodology v4 Roadmap.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/Web Penetration Tester Roadmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/Web Penetration Tester Roadmap.png


--------------------------------------------------------------------------------
/Security Assessment Mindset/WindowsServer Mindmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/Security Assessment Mindset/WindowsServer Mindmap.png


--------------------------------------------------------------------------------
/XS-Search.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/XS-Search.pptx


--------------------------------------------------------------------------------
/XSS-Cheat-Sheet-2019-Edition-2 翻译版本.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/XSS-Cheat-Sheet-2019-Edition-2 翻译版本.pdf


--------------------------------------------------------------------------------
/nmap_cheet_sheet_0.6_2.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/nmap_cheet_sheet_0.6_2.pdf


--------------------------------------------------------------------------------
/众测漏洞榜之脑洞篇.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/众测漏洞榜之脑洞篇.pptx


--------------------------------------------------------------------------------
/众测经验谈.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/众测经验谈.pptx


--------------------------------------------------------------------------------
/信息收集.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/信息收集.pptx


--------------------------------------------------------------------------------
/区块链src.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/区块链src.txt


--------------------------------------------------------------------------------
/国内SRC漏洞挖掘技巧与经验分享.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/国内SRC漏洞挖掘技巧与经验分享.pdf


--------------------------------------------------------------------------------
/我是如何挖各SRC漏洞的.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/我是如何挖各SRC漏洞的.pdf


--------------------------------------------------------------------------------
/某SRC从源码泄露到getshell.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/某SRC从源码泄露到getshell.pdf


--------------------------------------------------------------------------------
/给开发者的终极XSS防护备忘录.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/给开发者的终极XSS防护备忘录.pdf


--------------------------------------------------------------------------------
/网盘泄露.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/网盘泄露.docx


--------------------------------------------------------------------------------
/论src漏洞挖掘的前期信息收集 .pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/论src漏洞挖掘的前期信息收集 .pptx


--------------------------------------------------------------------------------
/边界渗透中的小技巧.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/边界渗透中的小技巧.pdf


--------------------------------------------------------------------------------
/面向企业src的漏洞挖掘.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wh0ale/SRC-experience/e3685c526f2681508a93a6e5c12a0273b4590d94/面向企业src的漏洞挖掘.pdf


--------------------------------------------------------------------------------