I was thinking about creating a separate channel or group to share all the resources I find useful.
What do you guys think?

@AfroSec

heeyaa fam
happy epiphany for those who are celebrating 😇😇

and btw here is the channel i created for file sharing purpose check it out : @Afr0Files

@AfroSec

sup fam
how is everything going' ?

me > digging into websocket vuln and donig bb on the side, as a matter of luck and good methodology i found info disclosure 😊

i'll share the methodology i used and there is a lot to come

@AfroSec

methodology that i used

subfinder -d example.com -all -recursive > subdomain.txt
for subdomain

cat subdomain.txt | httpx-toolkit -ports 80,443,8080,8000,8888 -threads 200 > subdomains_alive.txt
live subdomain

katana -u subdomains_alive.txt -d 5 -ps -pss waybackarchive,commoncrawl,alienvault -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
to fetch passive urls

cat allurls.txt | grep -E '\.xls|\.xml|\.xlsx|\.json|\.pdf|\.sql|\.doc|\.docx|\.pptx|\.txt|\.zip|\.tar\.gz|\.tgz|\.bak|\.7z|\.rar|\.log|\.cache|\.secret|\.db|\.backup|\.yml|\.gz|\.config|\.csv|\.yaml|\.md|\.md5'
search for sensetive file

credit: lostsec.xyz

@AfroSec

I hope this isn't gonna be a duplicate 🙏🏼😊
@AfroSec

Tip: Feeling bored sometimes on your hacking journey?
Try switching topics,learn something different from what you're currently focused on.

It worked for me 😊

@AfroSec

😂😂 imposter

@AfroSec

didn't want to miss the view
The night is looking good ( Perks of being an AASTU student 😂)

@AfroSec

nighty night fam 😊💤💤
@AfroSec

[how to approach a certain target ]

@AfroSec

https://youtu.be/Ifo1vIdfyhg?si=EP0YNDqNVzP2_J2-

[RUST]

@AfroSec

holla fam😊

Sorry for the disappearance. I've been a bit busy with some family stuff lately. I hope you're all doing well

@AfroSec

So true 😂😂
✉️@xavierzone 🤩

what web vuln is this ?

@AfroSec

simple and handy way to find original ip of a target website

1. censys search example.com | grep "ip" | egrep -v "description" | cut -d ":" -f2 | tr -d \"\, | tee ip.txt | httpx
2. uncover -q "example.com" -e censys,fofa,shodan,shodan-idb | httpx (preferable)

u can also check this vid on u tube : [vid]
blog : [check this blog]

@AfroSec

check out this resource for OSCE3-Complete-Guide
[OSCE3 ]

@AfroSec

Damn

@AfroSec

https://youtu.be/0VQngRA9dZI?si=2K6a-8GONYpUJtHH

🔥🔥 🥰

@AfroSec

[ADS]

i just love this concept 👌
@AfroSec

Learning and trying to find bugs is a great skill in the cybersecurity world, but it's also essential to understand how your target actually works before hacking it.

Take time to analyze the workflow first—know what the system does, how it interacts with users, and its purpose. This can give you better insights and help you find more impactful vulnerabilities.

This video might give you a clearer idea of how real-world Active Directory works : [AD ]

@AfroSec