explaingit

devanshbatham/awesome-bugbounty-writeups

5,819PythonAudience · developerComplexity · 1/5Setup · easy

TLDR

A curated collection of real-world bug bounty writeups organized by vulnerability type, XSS, CSRF, SQL injection, RCE, SSRF, IDOR, and more, published by security researchers for educational purposes. No code, just links.

Mindmap

mindmap
  root((repo))
    What it does
      Bug bounty writeup links
      Organized by vuln type
      Educational reference
    Vulnerability Types
      XSS and CSRF
      SQL injection and RCE
      SSRF and IDOR
    More Topics
      Subdomain takeover
      Auth bypass
      Android app security
    Audience
      Bug bounty learners
      Security researchers
      CTF practitioners
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Study how real security vulnerabilities were discovered and exploited through researcher writeups

USE CASE 2

Prepare for bug bounty hunting by reading how others found XSS, CSRF, SQL injection, and RCE flaws in real products

USE CASE 3

Learn a specific vulnerability class like SSRF or IDOR by reading multiple real-world examples of it being exploited

USE CASE 4

Use the organized categories as a checklist when auditing a web application for common weaknesses

Tech stack

Markdown

Getting it running

Difficulty · easy Time to first run · 5min
No license information provided, these are links to third-party writeups, check each article's terms before reproducing content.

In plain English

This is a curated collection of blog posts and writeups about security vulnerabilities found in real websites and apps. Security researchers (often called bug bounty hunters) find flaws in companies' systems and report them in exchange for rewards. This repository gathers those reports into one organized reference, sorted by the type of vulnerability involved. The list covers many categories of security weaknesses. Cross-Site Scripting (XSS) is when an attacker tricks a website into running malicious code in another user's browser. Cross-Site Request Forgery (CSRF) is when a user is tricked into performing an action on a site without realizing it. SQL Injection lets an attacker manipulate a database by sneaking in unexpected commands through an input field. Remote Code Execution (RCE) is when an attacker can run their own code on a company's server, which is often considered one of the most serious vulnerabilities. Other categories include SSRF (Server-Side Request Forgery), where a server is tricked into making requests to internal systems it should not be talking to, IDOR (Insecure Direct Object Reference), where a user can access another user's private data by changing a number in a URL, and subdomain takeover, where an unused company subdomain can be hijacked by an outsider. There are also sections on authentication bypass, two-factor authentication weaknesses, and Android app security testing. Each entry in the list is a link to a writeup describing a real vulnerability that was discovered, reported, and usually fixed. These writeups are written by the researchers who found the bugs and published for educational purposes. They typically explain what the researcher noticed, how they confirmed the flaw, and what the impact was. This repository is aimed at people learning security research or practicing bug hunting. It does not include tools or code to run, only links to articles. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
I am learning bug bounty hunting and want to understand IDOR vulnerabilities. Based on how researchers typically find them in writeups, give me a step-by-step methodology for testing an app for IDOR.
Prompt 2
Help me build a web app security testing checklist for XSS, covering reflected, stored, and DOM-based variants, based on patterns seen in real bug bounty reports.
Prompt 3
I want to understand how SSRF attacks work in practice. Walk me through the typical discovery and exploitation chain a researcher follows based on real bug bounty writeups.
Prompt 4
I am studying subdomain takeover vulnerabilities. Explain how they happen, what a researcher looks for, and how to safely verify a takeover is possible without actually exploiting it.
Prompt 5
Create a 3-month self-study plan for going from zero to finding my first bug bounty vulnerability, using real writeup collections as my primary learning material.
Open on GitHub → Explain another repo

← devanshbatham on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.