🚀 Extract All URLs, SRCs, and HREFs from Any Website!

Want to grab all URLs, src attributes, and href links from a webpage? Just open DevTools (F12) and run this JavaScript snippet in the console!


💻 JavaScript Code:

urls = []
$$('*').forEach(element => {
  urls.push(element.src);
  urls.push(element.href);
  urls.push(element.url);
});
console.log(...new Set(urls));

🔥 How It Works?

✅ Selects all HTML elements using $$('*').
✅ Extracts values from src, href, and url attributes.
✅ Stores them in an array and removes duplicates with new Set().
✅ Prints all found URLs in the console.

🛠 Use Cases:

🔹 Bug Bounty: Find hidden endpoints, JS files, API calls.
🔹 OSINT: Extract links for reconnaissance.
🔹 Web Scraping: Collect assets from web pages.
🔹 Security Testing: Identify exposed resources.

📢 Stay updated with @cybersecplayground for more infosec tips, bug bounty tricks, and hacking techniques!

#Infosec #CyberSec #BugBounty #OSINT #EthicalHacking #Pentesting #JavaScript

🚀 Extract All Images from a Web Page

Want to quickly list all images on a website? Use this JavaScript snippet in your browser’s DevTools or as a bookmarklet to extract image URLs instantly!

🔥 JavaScript Code:

javascript:console.log('Images on this Page:\n' + Array.from(document.querySelectorAll('img')).map(img => img.src).join('\n'));

🎯 How It Works?

✅ document.querySelectorAll('img') selects all <img> elements on the page.
✅ .map(img => img.src) extracts the source URLs of the images.
✅ .join('\n') formats the output for easy readability in the console.

📌 How to Use?

1️⃣ Open the browser DevTools (F12 → Console).
2️⃣ Copy and paste the JavaScript code into the console.
3️⃣ Press Enter to list all image URLs on the page!

🔹 Bonus: Save it as a bookmarklet for quick access!
👉 Bookmark Name: Extract Images
👉 URL:

javascript:(function(){console.log('Images on this Page:\n' + Array.from(document.querySelectorAll('img')).map(img => img.src).join('\n'));})();

📢 Stay ahead in bug bounty & web scraping! Follow @cybersecplayground for more hacking tips & automation tricks!

#BugBounty #WebScraping #EthicalHacking #JavaScript #CyberSecurity

Here’s the upgraded script that extracts images (img), videos (mp4), JavaScript files (script), and links (a tags) from a webpage:

(() => {
    try {
        let media = [
            ...Array.from(document.querySelectorAll('img')).map((el, index) => `${index + 1}: [IMG] ${el.src}`),
            ...Array.from(document.querySelectorAll('video source')).map((el, index) => `${index + 1}: [MP4] ${el.src}`),
            ...Array.from(document.querySelectorAll('script[src]')).map((el, index) => `${index + 1}: [JS] ${el.src}`),
            ...Array.from(document.querySelectorAll('a[href]')).map((el, index) => `${index + 1}: [LINK] ${el.href}`)
        ].filter(src => src); // Remove empty src/href values

        if (media.length === 0) {
            console.log("No images, videos, JS files, or links found on this page.");
        } else {
            console.log("📸🎥📜🔗 Extracted Media & Links:\n" + media.join("\n"));
        }
    } catch (error) {
        console.error("Error extracting data:", error);
    }
})();

🔥 New Features:
✅ Extracts Images (img), MP4 Videos (video source), JavaScript Files (script[src]), and Links (a[href])
✅ Labels each entry as [IMG], [MP4], [JS], or [LINK] for easy identification
✅ Filters out empty values to avoid clutter
✅ Error handling ensures smooth execution

📢 Stay ahead in bug bounty & web scraping! Follow @cybersecplayground for more hacking tips & automation tricks!

#BugBounty #WebScraping #EthicalHacking #JavaScript #CyberSecurity

🔍 Bug Bounty Tip: Testing for JavaScript Prototype Pollution!

JavaScript Prototype Pollution can lead to:
⚠️ Privilege escalation 🔥
⚠️ Application-wide XSS 🚀
⚠️ Bypassing security controls 🕵️

✅ How to Test?
1️⃣ Inject payloads in JSON requests, query parameters, or headers:

{
  "__proto__": { "isAdmin": true }
}

2️⃣ Common parameters to test:

__proto__[key]=value
constructor.prototype.key=value
prototype.key=value
Object.prototype.key=value

3️⃣ Test for impact:

- Look for modified global objects
- Check access control bypass (e.g., user → admin)
- Inspect DOM-based XSS triggers

💡 Tools for Detection:
🔹 Burp Suite Intruder – Automate payload injection
🔹 JS libraries scanners – Find affected dependencies (H1PP or ppfuzz)
🔹 Manual testing – Debug in browser console

⚠️ Watch out! Some frameworks like Express.js, AngularJS, and Lodash are vulnerable by default!

🔔 Stay updated on security techniques!
🔗 @cybersecplayground for more bug bounty tips.

#BugBounty #JavaScript #PrototypePollution #XSS #Security

🚨 Advanced XSS WAF Bypass in JavaScript Context

💡 This clever payload uses template literals and method hijacking to bypass WAF filters that look for standard alert() calls or <script> tags.

💣 Payload:

''.replace.call`1${/.../}${alert}`
\

🧠 How It Works:
1️⃣ Uses template literals (...) with function interpolation, rarely detected by basic WAFs.

2️⃣ .replace.call is a method hijack that tricks the JavaScript engine into executing expressions.

3️⃣ The ${/.../} part is a placeholder—you can inject anything benign or control flow code here (e.g., regex).

4️⃣ ${alert} dynamically refers to the global alert function in modern browsers.

🧪 Example Use:
When injected in an environment where inline JS context is allowed:

<script>
  let x = ''.replace.call`1${/.*/}${alert}`
</script>

✅ This triggers an alert popup—without using parentheses or a direct alert() call, which many WAFs try to block.

📛 Why This Matters:

Standard filters often catch:

<script>alert(1)</script>

But not this obfuscated version:

''.replace.call`1${/.*/}${alert}`

📍 Used effectively in bug bounty and pentest scenarios involving tough WAFs.

🔐 Always test in safe environments (e.g., XSS Hunter, Burp Collaborator, or JSFiddle with CSP disabled).

📢 For more payloads, bypass techniques, and real-world CVEs →
Join 👉 @cybersecplayground

👍 Like & Share to help more researchers!

#bugbounty #xss #wafbypass #javascript #infosec #thelilnix #cybersecurity #payloads #cybersecplayground #websecurity

📁 File Upload XSS – Beyond SVGs

Attackers are getting creative by going beyond basic payloads. Here's how to achieve stored XSS using PDF and image metadata 👇

🔹 1. PDF with Embedded JavaScript

You can embed a malicious link inside a PDF and trigger XSS in certain PDF viewers like Foxit Reader or older Adobe Reader versions:

// Create a PDF that triggers XSS on open
var doc = new jsPDF();
doc.text(20, 20, 'Legit Document');
doc.addPage();
doc.addLink(0, 0, 100, 100, "javascript:alert(document.domain)");
doc.save('invoice.pdf');

📤 Upload this crafted PDF to features like resume uploads or document verification portals.

⚠️ Test in offline environments first. Modern browsers/viewers block this, but older clients may still be vulnerable.

🔹 2. XSS via EXIF Metadata (Image Upload Bypass)
Target applications that read and render image metadata without sanitizing it.

💣 Payload:

exiftool -Comment='"><img src=x onerror=alert(1)>' innocent.jpg

Then upload the image.
✅ If the platform displays EXIF comments in a gallery or report → XSS triggered.

🔐 Defense Tips:

🛡Sanitize metadata and user-supplied EXIF fields
🛡Disallow javascript: links in PDFs
🛡Strip scripts from uploaded documents and images


💡 Keep exploring file upload abuse techniques – many web apps blindly trust file metadata and document structure.

🛰 Follow us at @cybersecplayground for advanced bug bounty tips, bypasses, and CVE tactics.


#bugbounty #xss #fileupload #infosec #cybersecplayground #javascript #exifxss #pentest