Cross Origin Resource Sharing (CORS)🔥

Include :
Blogs / Articles , Tools and Mind Maps

Link :
https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/cors

PWK – Penetration Testing With Kali Linux Penetration Testing With Kali Linux . This ebook teaches not only the skills, but also the mindset required for successful penetration testing.

It's Equivalent to bible in Penetration Testing Field

Link : https://abhishekmeena.gumroad.com/l/oscp

☝🏻 USE DISCOUNT CODE : Awesome

🏹AWS S3 Bucket Tools 💢

• s3brute - s3 brute force tool

• s3-bucket-finder - Find aws s3 buckets and extract datas.

• bucket-stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs.

• slurp - Enumerate S3 buckets via certstream, domain, or keywords.

• lazys3 - A Ruby script to bruteforce for AWS s3 buckets using different permutations.

• cred_scanner - A simple file-based scanner to look for potential AWS access and secret keys in files

• DumpsterDiver - A tool used to analyze big volumes of various file types in search of harcoded secrets like keys (AWS Access Key, Azuer Share Key or SSH keys) or passwords.

• S3Scanner - Scan for open AWS S3 buckets and dump the contents

Top Disclosed HackerOne reports 😀

Link : https://github.com/reddelexc/hackerone-reports

#bugbounty #Infosec #Hacked

APi Pentesting Writeup or Trick #bugbounty #infosec

Link : https://drive.google.com/file/d/1iMGqUUpaiQrEys4IOETwgxti8AiShomZ/view

Security headers 🔥

Learn more about headers that can keep your site safe and quickly look up the most important details.

Link : https://web.dev/security-headers/

#bugbounty #infosec

Huge Bugbounty Mindmap 🌵

Download : https://2003700811-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-MG33U1tPKkztqqfsks0%2F-MG33dIgvN3YUZUMnKCs%2Fimage.png?alt=media&token=b9e7d007-78ff-4f6f-9b9b-03c39dd5cffa

#bugbounty #Infosec

Accidental $70k Google Pixel Lock Screen Bypass

https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

#Security #Pentesting #SecurityEveryday #bugbounty

Subdomain Extraction from huge Domain List using regex

• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 2nd level domains only ]

• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains only ]

• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains or higher ]

• grep -P '^(?:[a-z0-9]+.){2,3}[^.]*$' [ 4th level domains or higher ]

• grep -P '^(?:[a-z0-9]+.){3,}[^.]*$' [ 4th level domains or higher ]

#bugbounty #infosec #cybersecurity

Top 25 SSRF parameters 📃

• ?dest={target}
• ?redirect={target}
• ?uri={target}
• ?path={target}
• ?continue={target}
• ?url={target}
• ?window={target}
• ?next={target}
• ?data={target}
• ?reference={target}
• ?site={target}
• ?html={target}
• ?val={target}
• ?validate={target}
• ?domain={target}
• ?callback={target}
• ?return={target}
• ?page={target}
• ?feed={target}
• ?host={target}
• ?port={target}
• ?to={target}
• ?out={target}
• ?view={target}
• ?dir={target}

#bugbounty #infosec #cybersecurity

All About hunting on the main application

by: @tabaahi_

#bugbountytips #infosecurity #cybersecurity #bughunting

Types of SQL Injection :

1. In-band SQLi
2. Error-based SQLi
3. Union-band SQLi
4. Inferential SQLi
5. Boolean-based SQLi
6. Time-based SQLi
7. Out-of-band SQLi

#bugbountytips #cybersecuritytips #infosecurity

🖥️ 13 resources to learn ethical hacking:

1. PortSwigger Web Academy
2. Pentester Land Writeups
3. Vuln Machines
4. TryHackMe
5. OverTheWire
6. Cybrary
7. Root Me
8. Try2Hack
9. CyberSecLabs
10. Pentester labs
11. Pico CTF
12. Hack The Box
13. Vuln Hub

#bugbountytips #bugbounty

I'll Tag Seller in Today's post

Cookie Based Authentication Vulnerabilities🔥

Link : github.com/imran-parray/M…

#bugbounty #infosec