๋ด๊ฐ ์ข์ํ ๋งํ ์ฝํ ์ธ
๐จ I convinced my team to do one last giveaway! Options: hhub.io/eu2wxGj ๐ Full Access: $199 ๐ป Lifetime Course: $39 (includes updates) ๐ฏ 1-Month trial (no updates): $19 TWO WINNERS (1 each): - Full cert bundle - Lifetime access Enter: โช๏ธ RT + Reply with ๐ฏ
๐Bug Bounty Tips: Act quickly to report issues related to CVE-2020-27838, as many vulnerable instances are still out there. I've identified over 100+ instances vulnerable to CVE-2020-27838 so far. A flaw was found in Keycloak in versions prior to 13.0.0. The client registrationโฆ
An automation tool for enumerating subdomains, filtering out XSS, SQLI, Open Redirect, LFI, SSRF, and RCE parameters, and scanning for vulnerabilities. github.com/h4r5h1t/webcopโฆ
๐Subdominator๐ is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. ๐ฅgithub.com/sanjai-AK47/Suโฆ #bugbountytip #bugbountytips #ethicalhacking #CyberSecurity #Pentesting #sqli #xss #CyberSecurityAwareness #bugbounty #GitHub #offsec
๐Scanning APK file for URIs, endpoints & secrets. ุฃุฏุงุฉ ูุชุญููู ู ููุงุช apk ๐๏ธgithub.com/dwisiswant0/apโฆ
THREAD How did I find 2 DOM XSS by hacking Swagger-UI? 1-Do a subdomain enum to find subs that use Swagger Ui 2-Get the live subs 3-Run Nuclei in all the live subs using the (-tags swagger) 4-Find Swagger Ui endpoints #BugBounty #bugbountytip #bugbountytips #Cybersecurity
Thanks to Allah always and forever โฅ๏ธ First Triage in 2024, HTML Injection on Login Page #Tips :- 1- site:*[.]redacted[.]com login.php 2- arjun -u .../login.php -> parameters with body length reflection (username) 3- Test for :- SQLi, LFI, XSS, HTML inj,..etc #bugbountytips
![wadgamaraldeen's tweet image. Thanks to Allah always and forever โฅ๏ธ
First Triage in 2024, HTML Injection on Login Page
#Tips :-
1- site:*[.]redacted[.]com login.php
2- arjun -u .../login.php -> parameters with body length reflection (username)
3- Test for :- SQLi, LFI, XSS, HTML inj,..etc
#bugbountytips](https://pbs.twimg.com/media/GDk1lATXIAINsSh.jpg)
- Simple tip for port scan 1) after enumerat your subdomains save in subs.txt 2) run this command "cat subs.txt | dnsx -a -ro | naabu -silent -top-ports 1000 -exclude-ports 80,443,21,22,25 -o ports.txt" #bugbountytips #bugbounty #infosec #cybersec
ุดูุฑูุง ูุนุจุฏุงูุฑุญู ู ุฐููุ ูุฎุต ููุฏูู ุงูุฑูุฏ ู ุงุจ ู ุชูุณุช โค๏ธ ููู ู ุด ุญููุฏุฑ ูุชูุฑุฌ ุนุงูููุฏูู ุงู ู ุนูุฏููุด ููุชุ ุฏูููู ุงูุฑุง ุงูุงุชู: โโโโโโโโโโโ 1. html | elzero.org 2. css ุงุฒุงู ุชุนู ู ุชุฒููู ุจุณ ูุฏุง ูุฎูุงุต | 3. js | 4. php |โฆ
ุงูู ู ู ููู ู ุงูุงู ุฑุ ูุฒูุช ููุฏูู ุฌุฏูุฏ ููู ุจูุฏูุฑ ุนูู ุฑูุฏ ู ุงุจ ูู ุณุชูููุง ู ุฎุตูุต ุนุดุงู ูุจุฏุฃ ๐ฅน youtu.be/ea-VT5mOknc?siโฆ #cyberbugs #roadmap
๐Penetration Testing, Beginner To Expert! Massive Web Application Penetration Testing & Bug Bounty Notes๐ github: github.com/xalgord/Massivโฆ #web #pentest
I'm thrilled to introduce Recon88r, a Python script designed to streamline and automate the reconnaissance process # Features: Subdomain Enumeration Live Results in Discord Perform XSS scans JS Exposures Port scanning Full nuclei scanning Panels #bugbounty t.ly/FfmSP
"Don't ignore 403 subdomains" Try to bypass or fuzz more. Also, always check Symfony targets for these directories: /_profiler. You might find phpinfo containing Symfony secrets, which can lead to RCE. Great tip by @GodfatherOrwa! โค๏ธโค๏ธ #BugBounty #SecurityTips
Ghauri - An Advanced SQL Injection Automation Plugin-In By @SecurityFoster. ๐ซ๐ซ Latest Acunetix VS Ghauri ๐ง๐ง Coded By: @r0oth3x49 ๐ฉ #Cybersecurity #automationtesting #BugBounty #bugbountytips
Some Shodan Dorks that might be useful in Bug Bounty. 1. org:"http://target. com" 2. http.status:"<status_code>" 3. product:"<Product_Name>" 4. port:<Port_Number> โService_Messageโ 5. port:<Port_Number> โService_Nameโ 6. http.component:"<Component_Name>" 7.โฆ
This tool ( unisub ) , its one of the best option for you to bypass WAF's and filters .๐ by @TomNomNom #bugbountytips #bugbounty #Hackingtime
Wanna know How I prevented a Mass Data Breach? Go Read: medium.com/@bxmbn/how-i-pโฆ Wanna know How a Bank offer led to PII Leak? Go Read: medium.com/@bxmbn/i-receiโฆ More writeups coming soon ๐ค
1/7 Web Application Recon Tips 1 : Resolution # github.com/projectdiscoveโฆ cat subdomains/subdomains.txt | httpx -follow-redirects -random-agent -status-code -silent -retries 2 -title -web-server -tech-detect -location -no-color -o websites.txt #bugbountytips #BugBounty #Hacking
Ok, here is another #bugbountytip You can find this issue with โlogin with Google โ too, or any other Idp providers During the signup process, delete the email value from the scope ๐ฃ
๐Secrets no one will share with you - Here's a technique that might grant you access to takeover other users' accounts using "Login with Facebook": Are you working on a target site that supports "Login with Facebook"? Disable email sharing during Facebook login and be readyโฆ
To who asked about the vulnerability type, i wrote this writeup about it before period of time, enjoy reading it :- medium.com/@wadqamar10/hoโฆ
ุจุชูููู ู ู ุงููู ุณุจุญุงูู ู ุชุนุงูู โฅ๏ธ One of my most notable achievements in 2023 is that I received my biggest Bounty and discovered security vulnerabilities in different companies, and if Allah willing, in 2024 I aim become a professional Security Researcher and get Security Certs
A less known CVE-2023-3793 - Weaver E-Cology SQL Injection. Nuclei Template Link Link: github.com/UltimateSec/ulโฆ #BugBounty #SQLInjection
United States ํธ๋ ๋
- 1. DโAngelo 187K posts
- 2. Brown Sugar 15.6K posts
- 3. Black Messiah 7,401 posts
- 4. Voodoo 15.5K posts
- 5. Happy Birthday Charlie 121K posts
- 6. #PortfolioDay 9,877 posts
- 7. Powell 37.1K posts
- 8. How Does It Feel 7,154 posts
- 9. Osimhen 121K posts
- 10. Young Republicans 3,948 posts
- 11. Pentagon 98.1K posts
- 12. #BornOfStarlightHeeseung 81.8K posts
- 13. Alex Jones 27.9K posts
- 14. Neo-Soul 17.2K posts
- 15. Sandy Hook 11.1K posts
- 16. CJGJ N/A
- 17. Jill Scott 1,263 posts
- 18. Untitled 6,246 posts
- 19. Nothing Even Matters 3,748 posts
- 20. Really Love 72.1K posts
๋ด๊ฐ ์ข์ํ ๋งํ ์ฝํ ์ธ
-
JustinBmz
@Justin85563950 -
Mohamed Sayed (ret2flex) ๐ต๐ธ
@FlEx0Geek -
mehrab opi๐ง๐ฉ
@mehrab_opi33500 -
katsec
@katsec23 -
Praveen Kumar
@Pax_Hiro -
Ahmad Asaad
@Asaad0x -
ู ูุงูููููู
@AhmedElmalky00 -
ู ูุตูุทูู | Kaiser
@hackieng -
Sabir Ali โก
@0xSabir -
๐ต๐ธAyaa Hamed
@AyaaHam82030201 -
MrBotce๐งโบ
@DangerEnd3 -
Wajid Ahadpoor
@WajidAhadpoor -
Mohamed Fadul
@Mohameedmoniem
Something went wrong.
Something went wrong.