Media is too big
VIEW IN TELEGRAM
Our bot telegram is FREE but limited access,
even you not used subscription, you still possible do scan by click the adds,
or if u not want to have limit access you can subscription.
for 1 month $10 or 7 days $3
for more detail, you can chat directly with @CMSAssistant_bot
even you not used subscription, you still possible do scan by click the adds,
or if u not want to have limit access you can subscription.
for 1 month $10 or 7 days $3
for more detail, you can chat directly with @CMSAssistant_bot
👍3
New update BOT for 2 modules:
1. SSRF (Server-side request forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location. In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure.)
- this module cover with blind ssrf
2. Open Redirect
this bug allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.
1. SSRF (Server-side request forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location. In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure.)
- this module cover with blind ssrf
2. Open Redirect
this bug allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.
❤3
Our bot now support for Brute forcing JWT Weak Signing Key
in these case, if attacker know the secret key will is able to create the valid JWT token then is possible to
escalated bug Insecure Direct Object Reference (IDOR) by manipulate the JWT payload.
as you can see, the sample JWT the payload are cracked also you can changed the role as admin
or you can manipulate the id.
in these case, if attacker know the secret key will is able to create the valid JWT token then is possible to
escalated bug Insecure Direct Object Reference (IDOR) by manipulate the JWT payload.
as you can see, the sample JWT the payload are cracked also you can changed the role as admin
or you can manipulate the id.
👍2
what most feature you used in bot?
Anonymous Poll
41%
sqli
1%
lfi
10%
xss
0%
ssrf
6%
laravel
0%
drupal
0%
magento
19%
wordpress
22%
scanall
We present you our new search engine service lynpawz
Lynpawz is an advanced cyber security search engine,it's dedicated to mapping the cyberspace
also able to scaning vulnerable especially web based with possibility CVE.
https://lynpwn.com
for more detail, you can chat directly with @CMSAssistant_bot
Lynpawz is an advanced cyber security search engine,it's dedicated to mapping the cyberspace
also able to scaning vulnerable especially web based with possibility CVE.
https://lynpwn.com
for more detail, you can chat directly with @CMSAssistant_bot
❤5
We want survey for payment method, what you're prefer ?
Anonymous Poll
39%
Crypto
18%
Paypal
18%
Credit Card
25%
Qris
Media is too big
VIEW IN TELEGRAM
Testing using the Lynpawz engine to find specific services, then scanning with CMS Bot
👏4🔥1
Media is too big
VIEW IN TELEGRAM
Testing SQL injection with new modules , more fast and efficient
❤2
This media is not supported in your browser
VIEW IN TELEGRAM
We build new modules for CVE , this modules loaded 1500 new CVE with range year 2023- 2024 mostly LFI & RCE. (The module will always be updated)
You can chat directly with @CMSAssistant_bot
You can chat directly with @CMSAssistant_bot
👍2🔥2
Media is too big
VIEW IN TELEGRAM
Our Security Search Engine lynpwn (lynpwn.com)
has new updates , such as :
1. Update the UI & style
2. Display CVE for each host
3. Add 404 page
soon, we will add a new feature to a single / list scan in our search engine .So stay tune 😄
has new updates , such as :
1. Update the UI & style
2. Display CVE for each host
3. Add 404 page
soon, we will add a new feature to a single / list scan in our search engine .So stay tune 😄
👍4
Media is too big
VIEW IN TELEGRAM
We depvelop new feature in our new domain
https://lynpwn.com/scanning
you can scan CVE,SQL,XSS,LFI. ( will update more modules )
Before you used that need to login and make sure you have an point.
give some feedback or you can chat @CMSAssistant_bot
Soon will update to mass scanning. So stay tune 🤩
https://lynpwn.com/scanning
you can scan CVE,SQL,XSS,LFI. ( will update more modules )
Before you used that need to login and make sure you have an point.
give some feedback or you can chat @CMSAssistant_bot
Soon will update to mass scanning. So stay tune 🤩
❤5🔥1
Media is too big
VIEW IN TELEGRAM
We decided to add module sqlmap in our bot with some custom code like automated dump by
detected any sensitive table & column.
You can use some commands like sqlmap, but We do not set all options, only a few options such as:
1. --cookie
2. --os-shell
3. --tamper
4. --risk
5. --level
6. --hex
7. --technique
also before you re-scan a new target, make sure to check the process by this command, then stop the proc MANUALY
8. --status
9. --stop
(Don't spam the command /sqlmap; if you do, we will not tolerate you being banned!!! So make sure to read all the examples before scanning and enjoy . . . )
* What is different from the /sql? ( /sql is our first module SQL injection code by myself, I put all WAF & DIOS. It's faster to dump data but in some cases, this bot does not support blind-SQL, Time-Based, or router-SQL (if I have time, I will continue to add this module, so for this moment you can use /sqlmap))
detected any sensitive table & column.
You can use some commands like sqlmap, but We do not set all options, only a few options such as:
1. --cookie
2. --os-shell
3. --tamper
4. --risk
5. --level
6. --hex
7. --technique
also before you re-scan a new target, make sure to check the process by this command, then stop the proc MANUALY
8. --status
9. --stop
(Don't spam the command /sqlmap; if you do, we will not tolerate you being banned!!! So make sure to read all the examples before scanning and enjoy . . . )
* What is different from the /sql? ( /sql is our first module SQL injection code by myself, I put all WAF & DIOS. It's faster to dump data but in some cases, this bot does not support blind-SQL, Time-Based, or router-SQL (if I have time, I will continue to add this module, so for this moment you can use /sqlmap))
🔥4👍2❤1
Media is too big
VIEW IN TELEGRAM
We present you a multiple scan, this is only for
the max
https://lynpwn.com/scanning
Updates:
- Multiple scanning
- Notification to your telegram for both scan single / list.
* make sure you connect your telegram account. you can login and check https://lynpwn.com/settings
you will see
We are still improving our product, so stay tuned, give your feedback, and if you find any trouble
you can chat with @CMSAssistant_bot. Thank you.
SUBSCRIPTION, not for FREEthe max
30 List for each scan, and will deduct your -1 point, from your account.https://lynpwn.com/scanning
Updates:
- Multiple scanning
- Notification to your telegram for both scan single / list.
* make sure you connect your telegram account. you can login and check https://lynpwn.com/settings
you will see
Telegram Connect : ACTIVE We are still improving our product, so stay tuned, give your feedback, and if you find any trouble
you can chat with @CMSAssistant_bot. Thank you.
❤2👍1🔥1
We present you a type scan
Such as : Laravel, CodeIgniter, Symfony, Yii, Zend
and other exploitation such as : Prototype pollution & CVE.
https://lynpwn.com/scanning
*note : with chose list you able do mass scanning.
framework, this will handle exploit some framework Such as : Laravel, CodeIgniter, Symfony, Yii, Zend
and other exploitation such as : Prototype pollution & CVE.
https://lynpwn.com/scanning
*note : with chose list you able do mass scanning.
🔥4
Media is too big
VIEW IN TELEGRAM
I removed Bing from our search engine, but I already fixing the Google search engine.
You can use that engine to search with any keyword. It uses the Google domain directly without any third party.
So if the search takes some time, it causes us to try to solve the captcha.
*These new modules include rotating proxy & bypass captcha
You can use that engine to search with any keyword. It uses the Google domain directly without any third party.
So if the search takes some time, it causes us to try to solve the captcha.
*These new modules include rotating proxy & bypass captcha
👍1