Server Side Request Forgery (SSRF) Tips Resources Tools Writeups Cheatsheets Payloads github.com/JakobTheDev/bu… gowsundar.gitbook.io/book-of-bugbou… github.com/csmali/WebVuln… blog.safebuff.com github.com/NeuronAddict/p… github.com/swisskyrepo/Pa… github.com/cujanovic/SSRF… github.com/giteshnxtlvl/Y…

So it seems like everybody hates hacking GraphQL like me, so lets post some resources so we can all get better at it!

Sharing it again, if anyone finds it useful! 🙌 "Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB" infosecwriteups.com/stored-xss-to-…

After so many requests, here is my clarification on the previous post:

If you want to find domains associated to an organization, you can explore DuckDuckGo's tracker-radar. It's a publicly accesible dataset that stores web tracking information, including domains operated by an organization. github.com/duckduckgo/tra…

My Favourite ones: Autorize Collaborator Everywhere IP Rotate Turbo Intruder JWT Editor Reflector

Tips to find DOM XSS: ⚡️🔥 1. Start Burpsuite Community Edition 2. Click on Open Browser 3. Go and click on the Burp icon in extension tab on browser 4. Click on Turn on DOM Invader 5. Inject a custom canary 6. Open target website, right click, Inspect and go to Invader

Resources/ideas you can use your for GitHub searches: -github.com/zricethezav/gi… -github.com/eth0izzle/shhg… -github.com/pownjs/pown-le… -github.com/hisxo/gitGrabe… -github.com/michenriksen/g… #infosec #bugbountytip #cybersecurite

Looking for open S3 buckets? Use buckets.grayhatwarfare.com 😊 Tip taken from the amazing writeup mikey96.medium.com/cloud-based-st… mikey96.medium.com/cloud-based-st… made by Mikey credit: Michele Romano #bugbountytips #recon #informationsecurity

Website's to practice XSS - (Cross Site Scripting) 📌Check the given thread 🧵:👇 #bugbounty #pentestwithandy

Bug Bounty Tips: Account Hijacking via Invite Flows💰 I've reported 10+ similar issues involving these scenarios, securing me some quick victories! People often overlook straightforward logical issues, rushing to tackle the complex ones. However, these issues are deceptively

🔍Question of the Day: Where to hunt for XXE (XML External Entity) vulnerabilities? XXEs are lurking in unexpected places! When it comes to identifying XXE issues, you'll find these vulnerabilities almost everywhere. Here's my top 5 list of features and areas you should keep

I think it's time for a solution ⏰ To solve this challenge, you had to abuse the DOMPurify namespace misconfiguration to trigger an XSS this way 👇 Solution link: challenges.mizu.re/xss_02.html?ht… 1/6

🔐 Bug Bounty Tips: Reported 15+ XSS Issues on a broad-scoped program leveraging AEM! 🚀 If you stumble upon a target app using AEM, make sure to use these XSS payloads for some quick wins! 💰 1️⃣ https://target[.]com/1<img src=x data'a'onerror=alert(domain)>.childrenlist.htm

🕵️‍♂️🔍🛠️ The Top Hacker Methodologies & Tools Notes 📝 Concrete5 CMS: Identification, Mass Hunting, Nuclei Template Writing & Reporting 🔗 Link: gist.github.com/ruevaughn/8a8e… #bugbounty #infosec #bugbountytip 👾🔒🔧

Hy, aaron. I wan to discuss something about your tool please let me invite to your DM. Thanks

My hero Muhammad ﷺ My role model Muhammad ﷺ My guide Muhammadﷺ My motivation Muhammadﷺ My teacher Muhammadﷺ My leader Muhammadﷺ My Prophet Muhammad ﷺ I follow Muhammad ﷺ I love Muhammad ﷺ I admire Muhammad ﷺ We are Ummah of Muhammad ﷺ #arrest_Narsinghanand

What GPT know about me. Wow so nic.pic😍 #BugBounty

Want to find more vulnerabilities using BurpSuite match & replace rules? 🤑 Open this thread! 🧵 👇

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…