Download above Checklist 1 : ☝🏻https://pbs.twimg.com/media/FhGatrsVQAAHrEM?format=jpg&name=medium
Download above Checklist 2 : ☝🏻https://pbs.twimg.com/media/FhGauVWUUAE2xjQ?format=png&name=large
Download above Checklist 2 : ☝🏻https://pbs.twimg.com/media/FhGauVWUUAE2xjQ?format=png&name=large
👍3🎉1
Offensive Security Approved OSCP Notes
Link : https://web.archive.org/web/20221129191056/https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html
#bugbounty #OSCP #infosec #pentest
Link : https://web.archive.org/web/20221129191056/https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html
#bugbounty #OSCP #infosec #pentest
🔥16👍4👏3❤1💯1
Cross Origin Resource Sharing (CORS)🔥
Include :
Blogs / Articles , Tools and Mind Maps
Link :
https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/cors
Include :
Blogs / Articles , Tools and Mind Maps
Link :
https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/cors
🤩4👏2👍1
PWK – Penetration Testing With Kali Linux Penetration Testing With Kali Linux . This ebook teaches not only the skills, but also the mindset required for successful penetration testing.
It's Equivalent to bible in Penetration Testing Field
Link : https://abhishekmeena.gumroad.com/l/oscp
It's Equivalent to bible in Penetration Testing Field
Link : https://abhishekmeena.gumroad.com/l/oscp
👍5❤🔥1🔥1👏1
🏹AWS S3 Bucket Tools 💢
•
•
•
•
•
•
•
•
•
s3brute - s3 brute force tool •
s3-bucket-finder - Find aws s3 buckets and extract datas. •
bucket-stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs.•
slurp - Enumerate S3 buckets via certstream, domain, or keywords. •
lazys3 - A Ruby script to bruteforce for AWS s3 buckets using different permutations. •
cred_scanner - A simple file-based scanner to look for potential AWS access and secret keys in files•
DumpsterDiver - A tool used to analyze big volumes of various file types in search of harcoded secrets like keys (AWS Access Key, Azuer Share Key or SSH keys) or passwords. •
S3Scanner - Scan for open AWS S3 buckets and dump the contents👍11👏4❤2🔥2
Top Disclosed HackerOne reports 😀
Link : https://github.com/reddelexc/hackerone-reports
#bugbounty #Infosec #Hacked
Link : https://github.com/reddelexc/hackerone-reports
#bugbounty #Infosec #Hacked
👍5❤1
APi Pentesting Writeup or Trick #bugbounty #infosec
Link : https://drive.google.com/file/d/1iMGqUUpaiQrEys4IOETwgxti8AiShomZ/view
Link : https://drive.google.com/file/d/1iMGqUUpaiQrEys4IOETwgxti8AiShomZ/view
👍2🔥2
Best Time to Post 🤗 ( with Respect to IST )
Anonymous Poll
29%
Early Morning
18%
Morning
15%
Afternoon
28%
Night
10%
Late Night
❤4👏2👍1😁1
Security headers 🔥
Learn more about headers that can keep your site safe and quickly look up the most important details.
Link : https://web.dev/security-headers/
#bugbounty #infosec
Learn more about headers that can keep your site safe and quickly look up the most important details.
Link : https://web.dev/security-headers/
#bugbounty #infosec
🔥5👍2
Subdomain Extraction from huge Domain List using regex
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 2nd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){2,3}[^.]*$' [ 4th level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){3,}[^.]*$' [ 4th level domains or higher ]
#bugbounty #infosec #cybersecurity
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 2nd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){2,3}[^.]*$' [ 4th level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){3,}[^.]*$' [ 4th level domains or higher ]
#bugbounty #infosec #cybersecurity
🔥5👍4🥰2
Top 25 SSRF parameters 📃
• ?dest={target}
• ?redirect={target}
• ?uri={target}
• ?path={target}
• ?continue={target}
• ?url={target}
• ?window={target}
• ?next={target}
• ?data={target}
• ?reference={target}
• ?site={target}
• ?html={target}
• ?val={target}
• ?validate={target}
• ?domain={target}
• ?callback={target}
• ?return={target}
• ?page={target}
• ?feed={target}
• ?host={target}
• ?port={target}
• ?to={target}
• ?out={target}
• ?view={target}
• ?dir={target}#bugbounty #infosec #cybersecurity
👍13🔥5👏1
All About hunting on the main application
by: @tabaahi_
#bugbountytips #infosecurity #cybersecurity #bughunting
by: @tabaahi_
#bugbountytips #infosecurity #cybersecurity #bughunting
👍6❤3👏1🤯1
Types of SQL Injection :
1. In-band SQLi
2. Error-based SQLi
3. Union-band SQLi
4. Inferential SQLi
5. Boolean-based SQLi
6. Time-based SQLi
7. Out-of-band SQLi
#bugbountytips #cybersecuritytips #infosecurity
1. In-band SQLi
2. Error-based SQLi
3. Union-band SQLi
4. Inferential SQLi
5. Boolean-based SQLi
6. Time-based SQLi
7. Out-of-band SQLi
#bugbountytips #cybersecuritytips #infosecurity
👏10👍2😱1
🖥️ 13 resources to learn ethical hacking:
1. PortSwigger Web Academy
2. Pentester Land Writeups
3. Vuln Machines
4. TryHackMe
5. OverTheWire
6. Cybrary
7. Root Me
8. Try2Hack
9. CyberSecLabs
10. Pentester labs
11. Pico CTF
12. Hack The Box
13. Vuln Hub
#bugbountytips #bugbounty
1. PortSwigger Web Academy
2. Pentester Land Writeups
3. Vuln Machines
4. TryHackMe
5. OverTheWire
6. Cybrary
7. Root Me
8. Try2Hack
9. CyberSecLabs
10. Pentester labs
11. Pico CTF
12. Hack The Box
13. Vuln Hub
#bugbountytips #bugbounty
❤🔥11👍2🔥2👏2