🔥 Bug Bounty Recon Tip: Find forgotten / hidden APIs & endpoints devs left behind! 🔥
Chain these 2 awesome free tools by @xnl-h4ck3r:
💡 Pro combo (most people run):
waymore -i example.com -oU urls.txt && xnLinkFinder -i urls.txt -sf example.com -o cli -sp
You’ll often discover undocumented /admin-api/v2, debug endpoints, old GraphQL paths, forgotten params with IDORs, leaked keys etc. → pure passive recon gold!
Install both via pip:
pip install waymore
pip install git+https://github.com/xnl-h4ck3r/xnLinkFinder.git
Repos:
→ https://github.com/xnl-h4ck3r/waymore
→ https://github.com/xnl-h4ck3r/xnLinkFinder
Happy hunting & don’t forget to chain → gau + katana + waymore + xnLinkFinder = monster recon list 😈
#BugBounty #Recon #WebHacking #APIHunting #CyberSecurity
Chain these 2 awesome free tools by @xnl-h4ck3r:
1️⃣ waymore → pulls massive archived URLs + responses from Wayback, Common Crawl, VirusTotal, URLScan, OTX & more
Basic command:
waymore -i target.com -oU waymore-urls.txt
2️⃣ xnLinkFinder → parses those responses / JS / pages and extracts juicy endpoints, parameters, secrets & even generates a target-specific wordlist
Chain it like this:
xnLinkFinder -i waymore-urls.txt -sf target.com -o results/💡 Pro combo (most people run):
waymore -i example.com -oU urls.txt && xnLinkFinder -i urls.txt -sf example.com -o cli -sp
You’ll often discover undocumented /admin-api/v2, debug endpoints, old GraphQL paths, forgotten params with IDORs, leaked keys etc. → pure passive recon gold!
Install both via pip:
pip install waymore
pip install git+https://github.com/xnl-h4ck3r/xnLinkFinder.git
Repos:
→ https://github.com/xnl-h4ck3r/waymore
→ https://github.com/xnl-h4ck3r/xnLinkFinder
Happy hunting & don’t forget to chain → gau + katana + waymore + xnLinkFinder = monster recon list 😈
#BugBounty #Recon #WebHacking #APIHunting #CyberSecurity
❤13👍6🔥2
Please open Telegram to view this post
VIEW IN TELEGRAM
👍8👏1
Hey Hunter's,
DarkShadow is here back again, and dropping again a RCE method!
💀Steps to reproduce:☠️
1. Collect all possible js endpoints.
You can use my DarkEndFinder for quick js find.
2. Grep .map files from js files.
3. Use jsmap-inspector to debug clearly
4. Read manually one by one js logics and note down all the critical endpoints
5. Now play in your burp also use curl
AND I HOPE YOU KNOW WHAT SHOULD YOU DO NEXT... ALSO READ THE IMAGES.
Tip:
To collect more js use wayback machine urls.
So guy's if you really enjoyed to read methods then show your love❤️
#bugbountytip #rce
DarkShadow is here back again, and dropping again a RCE method!
💀Steps to reproduce:☠️
1. Collect all possible js endpoints.
You can use my DarkEndFinder for quick js find.
2. Grep .map files from js files.
3. Use jsmap-inspector to debug clearly
4. Read manually one by one js logics and note down all the critical endpoints
5. Now play in your burp also use curl
AND I HOPE YOU KNOW WHAT SHOULD YOU DO NEXT... ALSO READ THE IMAGES.
Tip:
To collect more js use wayback machine urls.
So guy's if you really enjoyed to read methods then show your love❤️
#bugbountytip #rce
❤13🔥3👏3🫡2
Hey Hunter's,
DarkShadow is hare back again!
Well this is Not releted any POC or Method, This is a burp suite Ai extension which is really really awesome. So don't forget to try it 💀
https://github.com/six2dez/burp-ai-agent
#bugbountytip #tool
DarkShadow is hare back again!
Well this is Not releted any POC or Method, This is a burp suite Ai extension which is really really awesome. So don't forget to try it 💀
https://github.com/six2dez/burp-ai-agent
#bugbountytip #tool
❤19
Xnip2026-02-05_00-59-55.png
643.3 KB
Hey Hunter’s,
DarkShadow is here back again, dropping a SSFR bypass method.
if you ever test SSRF, and there any parameter passing url with a fixed endpoint then try like:
burpcollab.com/anything/endpoint/../../
#ssrf #bugbountytips
DarkShadow is here back again, dropping a SSFR bypass method.
if you ever test SSRF, and there any parameter passing url with a fixed endpoint then try like:
burpcollab.com/anything/endpoint/../../
#ssrf #bugbountytips
❤6🗿3
Media is too big
VIEW IN TELEGRAM
#AD
⭕️ WordPress Testing Tool + Auto Upload (2026)
• Extracts usernames using multiple methods
• Tests ~395 passwords per user with smart patterns
• Intelligent WP detection with multi-login support
• WAF-aware headers
• 100 concurrent threads for fast scanning
• Multi-language support
⚡️ Covers one site completely before moving to the next for maximum results.
🐶 DM: @Mm_fit
⚠️ Limited access for 3 users only
Channel: https://t.me/cve0day
#AD
⭕️ WordPress Testing Tool + Auto Upload (2026)
• Extracts usernames using multiple methods
• Tests ~395 passwords per user with smart patterns
• Intelligent WP detection with multi-login support
• WAF-aware headers
• 100 concurrent threads for fast scanning
• Multi-language support
⚡️ Covers one site completely before moving to the next for maximum results.
🐶 DM: @Mm_fit
⚠️ Limited access for 3 users only
Channel: https://t.me/cve0day
#AD
1🔥9❤4👏3
Hey Hunter's,
DarkShadow is here back again!
OpenCode RCE POC (CVE-2026-22182)
in this CVE the interesting part is, you can execute arbitrary command on the Ai agent but not using any traditional prompting just pure command injection in json💀
So guy's if you really enjoy to read POCs then show your love in react ❤️
#bugbountytips #rce #cve
DarkShadow is here back again!
OpenCode RCE POC (CVE-2026-22182)
in this CVE the interesting part is, you can execute arbitrary command on the Ai agent but not using any traditional prompting just pure command injection in json💀
So guy's if you really enjoy to read POCs then show your love in react ❤️
#bugbountytips #rce #cve
❤11🔥8