One-liner Bugbounty Tips 📌
Find Subdomains TakeOver
subfinder -d HOST >> FILE; assetfinder --subs-only HOST >> FILE; amass enum -norecursive -noalts -d HOST >> FILE; subjack -w FILE -t 100 -timeout 30 -ssl -c $GOPATH/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ;
#bugbounty #infosec
Find Subdomains TakeOver
subfinder -d HOST >> FILE; assetfinder --subs-only HOST >> FILE; amass enum -norecursive -noalts -d HOST >> FILE; subjack -w FILE -t 100 -timeout 30 -ssl -c $GOPATH/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ;
#bugbounty #infosec
👍11🔥3
Gather Domains from Content-Security-Policy
#bugbounty #Infosec
curl -vs URL --stderr - | awk '/^content-security-policy:/' | grep -Eo "[a-zA-Z0-9./?=_-]*" | sed -e '/\./!d' -e '/[^A-Za-z0-9._-]/d' -e 's/^\.//' | sort -u
Look : 👆
#bugbounty #Infosec
curl -vs URL --stderr - | awk '/^content-security-policy:/' | grep -Eo "[a-zA-Z0-9./?=_-]*" | sed -e '/\./!d' -e '/[^A-Za-z0-9._-]/d' -e 's/^\.//' | sort -u
Look : 👆
👍6👌1
👍6🔥2❤1🥰1
Complete OSCP Guide With Active Directory
Amazing Article Contains :
• lots of tips
• Recommended Tools For Active Directory
• Recommended Labs To Solve For Active Directory
• Cheatsheet
• Resources
Take 👇 : Look
https://bugbountyguide.org/index.php/2022/11/29/oscp-preparation-with-active-directory/
#bugbounty #infosec #oscp
Amazing Article Contains :
• lots of tips
• Recommended Tools For Active Directory
• Recommended Labs To Solve For Active Directory
• Cheatsheet
• Resources
Take 👇 : Look
https://bugbountyguide.org/index.php/2022/11/29/oscp-preparation-with-active-directory/
#bugbounty #infosec #oscp
🔥10❤🔥5👍3🤩1
Bug Bounty Tips 👌
#bugbounty #infosec
It explains what tool you can use for whatever bug is it is
Credit: Patrik
Take a look :☝️
Wait for some time, if not clear
#bugbounty #infosec
It explains what tool you can use for whatever bug is it is
Credit: Patrik
Take a look :☝️
Wait for some time, if not clear
👍7🤩2🥰1
Unique Rate limit bypass worth 1800$ 👍
https://medium.com/@manavbankatwala29/unique-rate-limit-bypass-worth-1800-6e2947c7d972
#hacking #bugbounty #cybersecurity
https://medium.com/@manavbankatwala29/unique-rate-limit-bypass-worth-1800-6e2947c7d972
#hacking #bugbounty #cybersecurity
❤6👍2🔥2👏1
image.png
118.9 KB
The Bug Hunter's Methodology v4.0 - Recon Edition Breakdown ,thanks to @jhaddix
Check This Out :
https://www.linkedin.com/pulse/bug-hunters-methodology-v40-recon-edition-breakdown-henry-osias/?trackingId=IsAm3if31xPE2Ib6fCS02g%3D%3D
#bugbounty #infosec
Check This Out :
https://www.linkedin.com/pulse/bug-hunters-methodology-v40-recon-edition-breakdown-henry-osias/?trackingId=IsAm3if31xPE2Ib6fCS02g%3D%3D
#bugbounty #infosec
🔥3❤2
On a serious Note : Are you guys really enjoying my posts | Love you all ♥
Anonymous Poll
79%
Yes 😀
2%
No 😒
7%
Little bit
12%
So much 👌
❤16
Bug bounty Tips ☘
#bugbounty #infosec
If you Forget the subdomains for recon! go directly for the ASN & hit the network-range organization:
• A new world arises without waf’s, a lot of messy SSL certs, unprotected hosts & private hidden scopes!
#bugbounty #infosec
If you Forget the subdomains for recon! go directly for the ASN & hit the network-range organization:
• A new world arises without waf’s, a lot of messy SSL certs, unprotected hosts & private hidden scopes!
🤩8
An Amazing Tool : Meg
#bugbounty #Infosec
by
@TomNomNom
• Tool for fetching lots of URLs but still being 'nice' to servers.
• It can be used to fetch many paths for many hosts;
Git Repo :
https://github.com/tomnomnom/meg
#bugbounty #Infosec
by
@TomNomNom
• Tool for fetching lots of URLs but still being 'nice' to servers.
• It can be used to fetch many paths for many hosts;
Git Repo :
https://github.com/tomnomnom/meg
👍8😱1🤩1
😃 bug bounty Tips ⭐
Keep all your directory brute force results so when a CVE like Drupalgeddon2 comes out, you can look for previously found instances (cat dirsearch/reports// | grep INSTALL.mysql.txt | grep 200 | less)/
#bugbounty #Infosec
Keep all your directory brute force results so when a CVE like Drupalgeddon2 comes out, you can look for previously found instances (cat dirsearch/reports// | grep INSTALL.mysql.txt | grep 200 | less)/
#bugbounty #Infosec
🤔6👌2⚡1👍1
🤩4👍3🥰3❤1
Active and Passive Subdomain Enumeration
Amazing Article 📜 Contains :
Both Methods :
• Active Subdomain Enumeration
• Passive Subdomain Enumeration
Check This Out : 👇
https://bugbountyguide.org/index.php/2022/12/02/active-and-passive-subdomain-enumeration-technique/
#bugbounty #infosec
Amazing Article 📜 Contains :
Both Methods :
• Active Subdomain Enumeration
• Passive Subdomain Enumeration
Check This Out : 👇
https://bugbountyguide.org/index.php/2022/12/02/active-and-passive-subdomain-enumeration-technique/
#bugbounty #infosec
🔥8👍4🥰3
Exploiting File Uploads Pt. 2
A Tale of a $3k worth RCE 👌 ✔
https://anotherhackerblog.com/exploiting-file-uploads-pt-2/
#bugbounty #infosec #cybersecurity
A Tale of a $3k worth RCE 👌 ✔
https://anotherhackerblog.com/exploiting-file-uploads-pt-2/
#bugbounty #infosec #cybersecurity
👌5👍2🔥2
🔰All Google Dorks
#bugbounty #infosec
• Operators
• Purposes
• Can be Mixed with other operators ?
• Can be used alone ?
• Does Search Work in ? : Web, Image, Groups, News
Download In More Clarity : https://bugbountyguide.org/index.php/mindmaps-cheatsheets/
Check this Out : 👆
#bugbounty #infosec
• Operators
• Purposes
• Can be Mixed with other operators ?
• Can be used alone ?
• Does Search Work in ? : Web, Image, Groups, News
Download In More Clarity : https://bugbountyguide.org/index.php/mindmaps-cheatsheets/
Check this Out : 👆
❤4👍4🤯2