π¨Subdominator - Unleash the Power of Subdomain Enumerationπ¨
π’Subdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.
πLink- https://github.com/RevoltSecurities/Subdominator
π’Subdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.
πLink- https://github.com/RevoltSecurities/Subdominator
π₯6β€3π3π1
β¨οΈOne-liner to find sensitive PDF fileβ¨οΈ
for i in `cat apex-domains.txt | gau --subs --threads 16 | grep -Ea '\.pdf' | httpx -silent -mc 200`; do if curl -s "$i" | pdftotext -q - - | grep -Eaiq 'internal use|classified'; then echo $i; fi; done
β€21π1
π¨Gourlexπ¨
π’It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.
πLink https://github.com/trap-bytes/gourlex
π’It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.
πLink https://github.com/trap-bytes/gourlex
β€4π4πΏ1
shodan dorks for recon :
1. http://ssl.cert.subject.CN:"*.target.com" http.title:"index of/"
2. http://ssl.cert.subject.CN:"*.target.com" http.title:"gitlab"
3. http://ssl.cert.subject.CN:"*. http://target.com" http.title:"gitlab"
4. http://ssl.cert.subject.CN:"*.target.com" "230 login successful" port:"21"
5. http://ssl.cert.subject.CN:"*. http://target.com" +200 http.title:"Admin"
1. http://ssl.cert.subject.CN:"*.target.com" http.title:"index of/"
2. http://ssl.cert.subject.CN:"*.target.com" http.title:"gitlab"
3. http://ssl.cert.subject.CN:"*. http://target.com" http.title:"gitlab"
4. http://ssl.cert.subject.CN:"*.target.com" "230 login successful" port:"21"
5. http://ssl.cert.subject.CN:"*. http://target.com" +200 http.title:"Admin"
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
π4π₯2β€1
π¨CVE-2024-34351:Next.js SSRF in Server Actionsπ¨
π’ Security researchers at Assetnote have identified a SSRF vulnerability in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.
πDorks--->
Hunter:/product.name="Next.js"
FOFA:app="Next.js"
SHODAN:http.component:"Next.js"
πPoC: https://lnkd.in/gKbjiHVY
β Stay vigilant and take necessary precautions to protect your applications.
π’ Security researchers at Assetnote have identified a SSRF vulnerability in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.
πDorks--->
Hunter:/product.name="Next.js"
FOFA:app="Next.js"
SHODAN:http.component:"Next.js"
πPoC: https://lnkd.in/gKbjiHVY
β Stay vigilant and take necessary precautions to protect your applications.
β€2π1
demo.gif
10.9 MB
π¨SQLMC - SQL Injection Massive Checkerπ¨
π’SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.
πDownload https://github.com/malvads/sqlmc
π’SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.
πDownload https://github.com/malvads/sqlmc
π8
Brut Security pinned Β«Keep checking my old Posts to continue your learning Process!Β»