🔗 Webhooks online
http://GitBook_s.t.me
A selection of useful services for testing HTTP requests
🔗webhook.link
🔗webhook.site
🔗 webhook-test.com
🔗 webhook.cool
🔗webhookrelay
Example:
curl -X POST https://gitbook-s.webhook.cool -H "Content-Type: application/json" -d '{"hello": "world", "is_true": true}'
#webhook #http #web
http://GitBook_s.t.me
A selection of useful services for testing HTTP requests
🔗webhook.link
🔗webhook.site
🔗 webhook-test.com
🔗 webhook.cool
🔗webhookrelay
Example:
curl -X POST https://gitbook-s.webhook.cool -H "Content-Type: application/json" -d '{"hello": "world", "is_true": true}'
#webhook #http #web
❤3
وحشتِ تنهایی از همصحبتِ بد خوشترست
سر به صحرا مینهم چون عاقلی پیدا شود
تخم در هر شورهزاری ریختن بیحاصل است
صبر دارم تا زمین قابلی پیدا شود
گوهر خود را مزن صائب به سنگ ناقصان
باش تا جوهرشناس کاملی پیدا شود
از غزلیات صائب - شماره ۲۶۶۰
سر به صحرا مینهم چون عاقلی پیدا شود
تخم در هر شورهزاری ریختن بیحاصل است
صبر دارم تا زمین قابلی پیدا شود
گوهر خود را مزن صائب به سنگ ناقصان
باش تا جوهرشناس کاملی پیدا شود
از غزلیات صائب - شماره ۲۶۶۰
❤8
Sometimes IDOR isn't just about changing 123 to 124
Try changing types.
If there’s an endpoint /api/reset_password that takes {"user_id": 123}
Try :
{"user_id": true}
{"user_id": []}
{"user_id": 0}
{"user_id": “123 “}
true might match the first record in the database which might be admin
http://GitBook_s.t.me
Try changing types.
Try :
{"user_id": true}
{"user_id": []}
{"user_id": 0}
{"user_id": “123 “}
true might match the first record in the database which might be admin
http://GitBook_s.t.me
Telegram
Bug Bounty - GitBook
GitBooks, Notion, medium, Mindmaps, books
bug bounty, pentest, ctf, osint, labs, tools
writeUps, check list, Cheatsheet, tips, GitHub
bug bounty, pentest, ctf, osint, labs, tools
writeUps, check list, Cheatsheet, tips, GitHub
👍9❤3
❤4
@GitBook_s/notion/
Target Template
Reverse-Engineering & Malware-Analysis
Red-Team-Second-Brain
Web-App-Security-Testing-Checklist
A Hacker's Notebook
A Hacker's Notebook Part II
AD-aboud
Red-Team-Certifications-Notes
Recon-Web Language: farsi
zseano Methodology
Final-Collection-of-Advice
Study-Notes
Android-Pentest
#notion #bugbounty
Target Template
Reverse-Engineering & Malware-Analysis
Red-Team-Second-Brain
Web-App-Security-Testing-Checklist
A Hacker's Notebook
A Hacker's Notebook Part II
AD-aboud
Red-Team-Certifications-Notes
Recon-Web Language: farsi
zseano Methodology
Final-Collection-of-Advice
Study-Notes
Android-Pentest
#notion #bugbounty
Telegram
Bug Bounty - GitBook
Android revers engineering and malware analysis notes
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
❤3
https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md
#bugbounty #ssrf #PayloadsAllTheThings #cheat_sheet
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md
#bugbounty #ssrf #PayloadsAllTheThings #cheat_sheet
portswigger.net
URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 Edition | Web Security Academy
This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS ...
❤7
@GitBook_s/Web resources/1
CyberChef - https://gchq.github.io/CyberChef
crt[.]sh - https://crt.sh
JWT[.]io - https://jwt.io
VirusTotal - https://virustotal.com
Shodan - https://shodan.io
Censys - https://search.censys.io
URLScan - https://urlscan.io
SecurityHeaders - https://securityheaders.com
SecurityTrails - https://securitytrails.com
#BugBounty #GitBook
CyberChef - https://gchq.github.io/CyberChef
crt[.]sh - https://crt.sh
JWT[.]io - https://jwt.io
VirusTotal - https://virustotal.com
Shodan - https://shodan.io
Censys - https://search.censys.io
URLScan - https://urlscan.io
SecurityHeaders - https://securityheaders.com
SecurityTrails - https://securitytrails.com
#BugBounty #GitBook
gchq.github.io
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
❤2
@GitBook_s/Web resources/2
DNSDumpster - https://dnsdumpster.com
Wayback Machine - https://web.archive.org
HackTricks - https://book.hacktricks.wiki
RevShells - https://revshells.com
PortSwigger XSS Cheat Sheet - https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
OWASP Testing Guide - https://owasp.org/www-project-web-security-testing-guide
OWASP Cheat Sheets - https://cheatsheetseries.owasp.org
BBRadar - https://bbradar.io
BBScope - https://bbscope.com
ProjectDiscovery Cloud - https://cloud.projectdiscovery.io
#BugBounty #GitBook
DNSDumpster - https://dnsdumpster.com
Wayback Machine - https://web.archive.org
HackTricks - https://book.hacktricks.wiki
RevShells - https://revshells.com
PortSwigger XSS Cheat Sheet - https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
OWASP Testing Guide - https://owasp.org/www-project-web-security-testing-guide
OWASP Cheat Sheets - https://cheatsheetseries.owasp.org
BBRadar - https://bbradar.io
BBScope - https://bbscope.com
ProjectDiscovery Cloud - https://cloud.projectdiscovery.io
#BugBounty #GitBook
DNSDumpster.com
DNSDumpster - Find & lookup dns records for recon & research
Free domain research tool to discover hosts related to a domain. Find visible hosts from the attackers perspective for Red and Blue Teams.
❤2
@GitBook_s/Web resources/3
Webhook[.]site - https://webhook.site
Exploit-DB - https://exploit-db.com
HTTPie - https://httpie.io
FOFA - https://fofa.info
Netlas - https://netlas.io
FullHunt - https://fullhunt.io
Whois Lookup - https://who.is
BuiltWith - https://builtwith.com
Wappalyzer - https://wappalyzer.com
RapidDNS - https://rapiddns.io
#BugBounty #GitBook
Webhook[.]site - https://webhook.site
Exploit-DB - https://exploit-db.com
HTTPie - https://httpie.io
FOFA - https://fofa.info
Netlas - https://netlas.io
FullHunt - https://fullhunt.io
Whois Lookup - https://who.is
BuiltWith - https://builtwith.com
Wappalyzer - https://wappalyzer.com
RapidDNS - https://rapiddns.io
#BugBounty #GitBook
webhook.site
Webhook.site - Test, transform and automate Web requests and emails
Instantly generate a free, unique URL and email address to test, inspect, and automate (with a visual workflow editor and scripts) incoming HTTP requests and emails
❤3
Bug Bounty - GitBook
@GitBook_s https://t.me/failvpn_bot?start=ref_696995741
Support me only by /start this VPN link 🙏
👎6
@GitBook_s/Web resources/4
Pentest-Tools - https://pentest-tools.com
Bug Bounty Daily - https://bugbountydaily.com
Bug Bounty Directory - https://bugbountydirectory.com
Bug Bounty Forum - https://bugbounty.forum
Payload Playground - https://payloadplayground.com
SwiPixel - https://swipixel.com
SecurityToolkits - https://securitytoolkits.com/bug-hunting
Pentestbook Checklist - https://pentestbook.six2dez.com/others/web-checklist
#BugBounty #GitBook
Pentest-Tools - https://pentest-tools.com
Bug Bounty Daily - https://bugbountydaily.com
Bug Bounty Directory - https://bugbountydirectory.com
Bug Bounty Forum - https://bugbounty.forum
Payload Playground - https://payloadplayground.com
SwiPixel - https://swipixel.com
SecurityToolkits - https://securitytoolkits.com/bug-hunting
Pentestbook Checklist - https://pentestbook.six2dez.com/others/web-checklist
#BugBounty #GitBook
Pentest-Tools.com
Pentesting & vulnerability assessment toolkit
Detect and validate vulnerabilities with actual exploits, prioritize real risk, and generate customizable pentest reports with ease.
❤1