🔰 Updated Bug Bounty tool List!
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer
Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
Retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
Extra Tools
http://projectdiscovery.io
====================
Hacking Telegram Groups
https://BugCrowd.t.me
https://HackerTrain.t.me
https://BugCrowdChat.t.me
Hacking Telegram Channel
https://t.me/hackersHandbook
https://t.me/HackTheBox_Training
https://t.me/ZishanAdThandarChannel
My LinkedIN:
https://www.linkedin.com/in/zishanadthandar/
My Link Tree:
https://zishanadthandar.github.io/linktree/
WhatsApp Community:
https://chat.whatsapp.com/GR2RD11phmy7mTWlGiALNE
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer
Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
Retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
Extra Tools
http://projectdiscovery.io
====================
Hacking Telegram Groups
https://BugCrowd.t.me
https://HackerTrain.t.me
https://BugCrowdChat.t.me
Hacking Telegram Channel
https://t.me/hackersHandbook
https://t.me/HackTheBox_Training
https://t.me/ZishanAdThandarChannel
My LinkedIN:
https://www.linkedin.com/in/zishanadthandar/
My Link Tree:
https://zishanadthandar.github.io/linktree/
WhatsApp Community:
https://chat.whatsapp.com/GR2RD11phmy7mTWlGiALNE
GitHub
GitHub - rbsec/dnscan
Contribute to rbsec/dnscan development by creating an account on GitHub.
Client Side Template Injection to Cross Site Scripting
via Vulnerable AngularJS dependencies exploit
https://youtu.be/Ayfh93tqAgw
Must SUBSCRIBE for future update
via Vulnerable AngularJS dependencies exploit
https://youtu.be/Ayfh93tqAgw
Must SUBSCRIBE for future update
YouTube
Coinjar XSS PoC | Client side Template Injection to Reflected XSS [Rewarded NOTHING]
Coinjar | Client side Template Injection to Reflected XSS
Vulnerability on AngularJS
Reported on 2 February, 19
Fixed on March, 19
They Never replied (they claimed falsely on there program page that they replied in three days) and they fixed it.
When I contacted…
Vulnerability on AngularJS
Reported on 2 February, 19
Fixed on March, 19
They Never replied (they claimed falsely on there program page that they replied in three days) and they fixed it.
When I contacted…
⚠️⚠️⚠️ Cyber Security Job Post Scam (Must Watch)
https://youtu.be/T7STBch1N0w
https://youtu.be/T7STBch1N0w
YouTube
Sophisticated Job Post Scam [ EXPOSED ]! How Phishing SCAM Leads to Cryptocurrency Loss (MUST WATCH)
🚨 WARNING: A new, sophisticated job post scam is targeting job seekers with the potential for devastating cryptocurrency losses! In this video, we uncover the shocking details behind a modern phishing scheme that uses fake job advertisements to steal your…
Active Directory
TryHackMe CTF WriteUp
https://github.com/ZishanAdThandar/WriteUps/blob/main/CTF/tryhackme.com/attacktivedirectory.md
#ActiveDirectory #Pentesting #AD #Windows #forest
TryHackMe CTF WriteUp
https://github.com/ZishanAdThandar/WriteUps/blob/main/CTF/tryhackme.com/attacktivedirectory.md
#ActiveDirectory #Pentesting #AD #Windows #forest
GitHub
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
Get a SPONSOR Badge on your GitHub profile
https://github.com/sponsors/ZishanAdThandar/sponsorships?email_opt_in=off&privacy_level=public&sponsor=ZishanAdThandar&tier_id=424620
Just pay $1 to get the badge.
#GitHub #Badge
https://github.com/sponsors/ZishanAdThandar/sponsorships?email_opt_in=off&privacy_level=public&sponsor=ZishanAdThandar&tier_id=424620
Just pay $1 to get the badge.
#GitHub #Badge
GitHub
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
<:OSCP1:1114251734823473232> OSCP Exam Changes: Effective on November 1, 2024<:OSCP1:1114251734823473232>
The current OSCP exam will be replaced with a new version that includes the following key changes:
- Enhanced Active Directory (AD) Portion: The AD section will now involve an "assumed compromise" scenario, where learners start with a standard user account on the AD domain and work toward full domain compromise. This update is designed to better reflect the modern penetration testing landscape.
- Removal of Bonus Points: To ensure consistency across all OffSec exams, bonus points will no longer be available. This change aligns the OSCP with other OffSec certifications and emphasizes the skills needed to succeed as a cybersecurity professional.
Introducing the OSCP+ Certification:
When you pass the updated exam, you'll earn the new OSCP+ certification, which differs from the existing OSCP in one significant way—it will expire three (3) years from the date of issuance. You can maintain the “+” designation by completing one of the following Continuing Professional Education (CPE) paths:
- Retake and pass the updated OSCP+ exam before your OSCP+ expires.
- Take and pass another qualifying OffSec certification exam (OSEP, OSWA, OSED, or OSEE).
- Successfully complete OffSec’s new CPE program (details to be announced in late 2024-early 2025).
Note:
If you pass the OSCP exam before November 1, 2024, you will receive the OSCP certification, which does not expire and remains valid indefinitely. If your OSCP+ certification expires after three years, it will revert to a standard OSCP.
OSCP Exam Changes: https://help.offsec.com/hc/en-us/articles/29865898402836-OSCP-Exam-Changes
Changes to the OSCP: https://help.offsec.com/hc/en-us/articles/29840452210580-Changes-to-the-OSCP
The current OSCP exam will be replaced with a new version that includes the following key changes:
- Enhanced Active Directory (AD) Portion: The AD section will now involve an "assumed compromise" scenario, where learners start with a standard user account on the AD domain and work toward full domain compromise. This update is designed to better reflect the modern penetration testing landscape.
- Removal of Bonus Points: To ensure consistency across all OffSec exams, bonus points will no longer be available. This change aligns the OSCP with other OffSec certifications and emphasizes the skills needed to succeed as a cybersecurity professional.
Introducing the OSCP+ Certification:
When you pass the updated exam, you'll earn the new OSCP+ certification, which differs from the existing OSCP in one significant way—it will expire three (3) years from the date of issuance. You can maintain the “+” designation by completing one of the following Continuing Professional Education (CPE) paths:
- Retake and pass the updated OSCP+ exam before your OSCP+ expires.
- Take and pass another qualifying OffSec certification exam (OSEP, OSWA, OSED, or OSEE).
- Successfully complete OffSec’s new CPE program (details to be announced in late 2024-early 2025).
Note:
If you pass the OSCP exam before November 1, 2024, you will receive the OSCP certification, which does not expire and remains valid indefinitely. If your OSCP+ certification expires after three years, it will revert to a standard OSCP.
OSCP Exam Changes: https://help.offsec.com/hc/en-us/articles/29865898402836-OSCP-Exam-Changes
Changes to the OSCP: https://help.offsec.com/hc/en-us/articles/29840452210580-Changes-to-the-OSCP
OffSec Support Portal
OSCP Exam Changes
Starting November 1, 2024, the OffSec's current OSCP exam will be replaced with an updated version. The updated exam will feature the following changes:
Enhancements to the Active Directory portio...
Enhancements to the Active Directory portio...
Forwarded from CTF Training
OffSec Live | Walkthrough of a PEN-200 AD Set
with Student Mentor, Siddicky
https://youtu.be/2NLi4wzAvTw
#oscp #offsec
with Student Mentor, Siddicky
https://youtu.be/2NLi4wzAvTw
#oscp #offsec
YouTube
OffSec Live | Walkthrough of a PEN-200 AD Set
Welcome to our OffSec Live recorded session on a PEN-200 AD set with Student Mentor, Siddicky.
Join our OffSec Live Twitch streams on Fridays: https://www.twitch.tv/offsecofficial.
We do demonstrations and walkthroughs of course Topics and Proving Grounds…
Join our OffSec Live Twitch streams on Fridays: https://www.twitch.tv/offsecofficial.
We do demonstrations and walkthroughs of course Topics and Proving Grounds…
Beeper operation by Mossad, Israel on 17th Sept, 24
Israel used advance device hacking to hack pagers of Hezbullah militias, because they were not using phone for security.
Thousands of pagers blasted across Lebanon.
5,000 pagers exploded, injuring over 3,000 militants.
More than 3000 suspected Hezbullah members are died or severely injured by the blast.
Note: This is a non political, informational post.
#security #cyberSec #radioHacking #WesternBlackHatHackers
Israel used advance device hacking to hack pagers of Hezbullah militias, because they were not using phone for security.
Thousands of pagers blasted across Lebanon.
5,000 pagers exploded, injuring over 3,000 militants.
More than 3000 suspected Hezbullah members are died or severely injured by the blast.
Note: This is a non political, informational post.
#security #cyberSec #radioHacking #WesternBlackHatHackers
Burp suite proxy toggler firefox addOn
Install | Source Code
Pros:
1. Open Source, FOSS
2. Totally Free
3. Just one click to switch (Saves a lot of time)
4. Easy to use
5. Very Lite Weight, Takes almost no RAM, Saves Memory
6. Pre-configured for Burp Suite Proxy
7. Specially made for Pentesters and Bug Bounty Hunters
Source Code | Firefox AddON Install»
Join Our Discord»
Install | Source Code
Pros:
1. Open Source, FOSS
2. Totally Free
3. Just one click to switch (Saves a lot of time)
4. Easy to use
5. Very Lite Weight, Takes almost no RAM, Saves Memory
6. Pre-configured for Burp Suite Proxy
7. Specially made for Pentesters and Bug Bounty Hunters
Source Code | Firefox AddON Install»
Join Our Discord»
addons.mozilla.org
Burp Proxy Switch Toggle Lite by ZishanAdThandar – Get this Extension for 🦊 Firefox (en-US)
Download Burp Proxy Switch Toggle Lite by ZishanAdThandar for Firefox. Ethical Hackers|Bug Hunters|Pentesters|Cyber Security Researcher.
Lightweight Burp Proxy switch.
Note: Goto "about:addons" > "Extensions > Click on Burp >"Allow" "Run in Private Windows"…
Lightweight Burp Proxy switch.
Note: Goto "about:addons" > "Extensions > Click on Burp >"Allow" "Run in Private Windows"…
Instagram IDOR
Broken Access Control
owasp top 10 2021 A1
40 Lakh Rupees Bounty
https://www.instagram.com/reel/DAygW3Bh2yN/?igsh=MThzZjgxN2tlNHZ0Zg==
Broken Access Control
owasp top 10 2021 A1
40 Lakh Rupees Bounty
https://www.instagram.com/reel/DAygW3Bh2yN/?igsh=MThzZjgxN2tlNHZ0Zg==
SQL injection
Explained
#cybersecurity #infosec #hack #hacker #bugbounty
https://www.instagram.com/reel/DBNpdKEhUA6/?igsh=N2F5bHhsanp0MXM0
Explained
#cybersecurity #infosec #hack #hacker #bugbounty
https://www.instagram.com/reel/DBNpdKEhUA6/?igsh=N2F5bHhsanp0MXM0
Forwarded from Bug Bounty Hunter Pro (Zishan Ahamed Thandar 🇮🇳)