Forwarded from digMeMore (r00t98)
مبحث JWT Security خودش یک مبحث جدا و بنظر من جذاب هست که بزودی در سایت مموری لیکز در موردش مینویسم ، ابزاری وجود داره به نام jwtear ، ما میتونیم برای همین مبحث ازش استفاده کنیم ، از ساخت خود JWT گرفته تا Brute Force کلیدش ، اما در بعضی مواقع ما حتی میتونیم داخل JWT از پیلود های Injection استفاده کنیم مثل عکس که داریم عمل Authentication Bypass انجام میدیم البته ناگفته نمونه که بیشتر در مسابقات و چالش های CTF همچین مواردی پیش میاد.
#CTF
#JWT
#Tool
@digmemore
#CTF
#JWT
#Tool
@digmemore
Atlas - Quick SQLMap Tamper Suggester
https://github.com/m4ll0k/Atlas
#SQLi
#Bypass
#WAF
#Tool
@web_priv8
https://github.com/m4ll0k/Atlas
#SQLi
#Bypass
#WAF
#Tool
@web_priv8
اگر میخواید به طور کامل و پیشرفته طریقه استفاده از ابزار Sqlmap رو یاد بگیرید لینک زیر منبع خوبی هست.
https://github.com/sqlmapproject/sqlmap/wiki/Usage
#SQLi
#Sqlmap
#Tool
@web_priv8
https://github.com/sqlmapproject/sqlmap/wiki/Usage
#SQLi
#Sqlmap
#Tool
@web_priv8
Find vulnerabilities using Nmap
https://twitter.com/scspcommunity/status/1255478128375365632
#Nmap
#Tool
@web_priv8
https://twitter.com/scspcommunity/status/1255478128375365632
#Nmap
#Tool
@web_priv8
Forwarded from digMeMore (r00t98)
DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang
https://amp.kitploit.com/2020/05/dalfox-finder-of-xss-parameter-analysis.html
#XSS
#Tool
@digmemore
https://amp.kitploit.com/2020/05/dalfox-finder-of-xss-parameter-analysis.html
#XSS
#Tool
@digmemore
unicode abnormalizer to takes a unicode string and abnormalizes it by character replacment
https://github.com/JesseClarkND/abnormalizer
#Tool
#Unicode
#BugBounty
@web_priv8
https://github.com/JesseClarkND/abnormalizer
#Tool
#Unicode
#BugBounty
@web_priv8
SwiftnessX
A cross-platform note-taking & target-tracking app for penetration testers built on ElectronJS.
https://github.com/ehrishirajsharma/SwiftnessX
#Tool
#NoteTaking
@web_priv8
A cross-platform note-taking & target-tracking app for penetration testers built on ElectronJS.
https://github.com/ehrishirajsharma/SwiftnessX
#Tool
#NoteTaking
@web_priv8
Notable
The Markdown-based note-taking app that doesn't suck.
https://github.com/notable/notable
#Tool
#NoteTaking
@web_priv8
The Markdown-based note-taking app that doesn't suck.
https://github.com/notable/notable
#Tool
#NoteTaking
@web_priv8
Notion
The all-in-one workspace for your notes, tasks, wikis, and databases.
https://www.notion.so
#Tool
#NoteTaking
@web_priv8
The all-in-one workspace for your notes, tasks, wikis, and databases.
https://www.notion.so
#Tool
#NoteTaking
@web_priv8
Web_Priv8
Notion The all-in-one workspace for your notes, tasks, wikis, and databases. https://www.notion.so #Tool #NoteTaking @web_priv8
Media is too big
VIEW IN TELEGRAM
Note-Taking for Bug Bounty Hunters - How I Use Notion and How You Can Too
#Tool
#NoteTaking
#BugBountyTip
@web_priv8
#Tool
#NoteTaking
#BugBountyTip
@web_priv8
Sub-Drill
A very (very) simple subdomain finder based on online, free and API-less services.
https://github.com/Fadavvi/Sub-Drill
#Tool
#Recon
#Subdomain
@web_priv8
A very (very) simple subdomain finder based on online, free and API-less services.
https://github.com/Fadavvi/Sub-Drill
#Tool
#Recon
#Subdomain
@web_priv8
GitHub
GitHub - Fadavvi/Sub-Drill: A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration…
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements. - GitHub - Fadavvi/Sub-Drill: A very (very) FAST and simple subdomai...
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Demo https://youtu.be/WLurj5Lg8cI
https://github.com/r3curs1v3-pr0xy/vajra
#Tool
#Recon
#BugBounty
@web_priv8
Demo https://youtu.be/WLurj5Lg8cI
https://github.com/r3curs1v3-pr0xy/vajra
#Tool
#Recon
#BugBounty
@web_priv8
Hidden parameters discovery suite
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
command line version: https://github.com/Sh1Yo/x8
burp extention version: https://github.com/Impact-I/x8-Burp
#Tool
#Extension
#BurpSuite
@web_priv8
GitHub
GitHub - Sh1Yo/x8: Hidden parameters discovery suite
Hidden parameters discovery suite. Contribute to Sh1Yo/x8 development by creating an account on GitHub.
Generates combination of domain names from the provided input.
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
https://github.com/ProjectAnte/dnsgen
#Tool
#Recon
#Subdomain
@web_priv8
GitHub
GitHub - AlephNullSK/dnsgen: Generates combination of domain names from the provided input.
Generates combination of domain names from the provided input. - AlephNullSK/dnsgen
Soon I will published my tool in github for detect http request smuggling vulnerability.
https://twitter.com/r00t98/status/1605330608372453376
#Tool
#Smuggling
#BugBounty
#BugBountyTip
@web_priv8
https://twitter.com/r00t98/status/1605330608372453376
#Tool
#Smuggling
#BugBounty
#BugBountyTip
@web_priv8