APi Pentesting Writeup or Trick #bugbounty #infosec
Link : https://drive.google.com/file/d/1iMGqUUpaiQrEys4IOETwgxti8AiShomZ/view
Link : https://drive.google.com/file/d/1iMGqUUpaiQrEys4IOETwgxti8AiShomZ/view
👍2🔥2
Best Time to Post 🤗 ( with Respect to IST )
Anonymous Poll
29%
Early Morning
18%
Morning
15%
Afternoon
28%
Night
10%
Late Night
❤4👏2👍1😁1
Security headers 🔥
Learn more about headers that can keep your site safe and quickly look up the most important details.
Link : https://web.dev/security-headers/
#bugbounty #infosec
Learn more about headers that can keep your site safe and quickly look up the most important details.
Link : https://web.dev/security-headers/
#bugbounty #infosec
🔥5👍2
Subdomain Extraction from huge Domain List using regex
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 2nd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){2,3}[^.]*$' [ 4th level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){3,}[^.]*$' [ 4th level domains or higher ]
#bugbounty #infosec #cybersecurity
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 2nd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains only ]
• grep -P '^(?:[a-z0-9]+.){1}[^.]*$ [ 3rd level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){2,3}[^.]*$' [ 4th level domains or higher ]
• grep -P '^(?:[a-z0-9]+.){3,}[^.]*$' [ 4th level domains or higher ]
#bugbounty #infosec #cybersecurity
🔥5👍4🥰2
Top 25 SSRF parameters 📃
• ?dest={target}
• ?redirect={target}
• ?uri={target}
• ?path={target}
• ?continue={target}
• ?url={target}
• ?window={target}
• ?next={target}
• ?data={target}
• ?reference={target}
• ?site={target}
• ?html={target}
• ?val={target}
• ?validate={target}
• ?domain={target}
• ?callback={target}
• ?return={target}
• ?page={target}
• ?feed={target}
• ?host={target}
• ?port={target}
• ?to={target}
• ?out={target}
• ?view={target}
• ?dir={target}#bugbounty #infosec #cybersecurity
👍13🔥5👏1
All About hunting on the main application
by: @tabaahi_
#bugbountytips #infosecurity #cybersecurity #bughunting
by: @tabaahi_
#bugbountytips #infosecurity #cybersecurity #bughunting
👍6❤3👏1🤯1
Types of SQL Injection :
1. In-band SQLi
2. Error-based SQLi
3. Union-band SQLi
4. Inferential SQLi
5. Boolean-based SQLi
6. Time-based SQLi
7. Out-of-band SQLi
#bugbountytips #cybersecuritytips #infosecurity
1. In-band SQLi
2. Error-based SQLi
3. Union-band SQLi
4. Inferential SQLi
5. Boolean-based SQLi
6. Time-based SQLi
7. Out-of-band SQLi
#bugbountytips #cybersecuritytips #infosecurity
👏10👍2😱1
🖥️ 13 resources to learn ethical hacking:
1. PortSwigger Web Academy
2. Pentester Land Writeups
3. Vuln Machines
4. TryHackMe
5. OverTheWire
6. Cybrary
7. Root Me
8. Try2Hack
9. CyberSecLabs
10. Pentester labs
11. Pico CTF
12. Hack The Box
13. Vuln Hub
#bugbountytips #bugbounty
1. PortSwigger Web Academy
2. Pentester Land Writeups
3. Vuln Machines
4. TryHackMe
5. OverTheWire
6. Cybrary
7. Root Me
8. Try2Hack
9. CyberSecLabs
10. Pentester labs
11. Pico CTF
12. Hack The Box
13. Vuln Hub
#bugbountytips #bugbounty
❤🔥11👍2🔥2👏2
XML EXTERNAL ENTITY (XXE) Vulnerability 🌵
by @cyph3r_asr
In More Detail :
smoggy-mozzarella-076.notion.site/XXE-9d5d3f12a5…
#bugbounty #infosec
by @cyph3r_asr
In More Detail :
smoggy-mozzarella-076.notion.site/XXE-9d5d3f12a5…
#bugbounty #infosec
👍2😢2🍾2
Bug Bounty
XML EXTERNAL ENTITY (XXE) Vulnerability 🌵 by @cyph3r_asr In More Detail : smoggy-mozzarella-076.notion.site/XXE-9d5d3f12a5… #bugbounty #infosec
These are the notion Notes. It will help you a lot to clear your basic as well as advance
👍2😁2
I finally got ffuf to output to a text file in a decent way for automation:
ffuf -w /tmp/wordlists.txt -u URL/FUZZ -r -ac -v &>> /tmp/output.txt ; sed -i 's/\:\: Progress.*Errors.*\:\://g' /tmp/output.txt ; sed -i 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' /tmp/output.txt
#bugbounty #infosec #SecurityEveryday #Pentesting
ffuf -w /tmp/wordlists.txt -u URL/FUZZ -r -ac -v &>> /tmp/output.txt ; sed -i 's/\:\: Progress.*Errors.*\:\://g' /tmp/output.txt ; sed -i 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' /tmp/output.txt
#bugbounty #infosec #SecurityEveryday #Pentesting
👍5👏4👌3
A simple bypass for XXE
To avoid XXE Injections, some web applications have custom filters that will block requests which contain "application/xml" Content-Type, to bypass these filters, we can set the Content-Type to wildcard "*/*"
#bugbounty #Infosec #securitytips
To avoid XXE Injections, some web applications have custom filters that will block requests which contain "application/xml" Content-Type, to bypass these filters, we can set the Content-Type to wildcard "*/*"
#bugbounty #Infosec #securitytips
👨💻5❤1