This script automates SQL injection testing using SQLMap with AI-powered decision making. github.com/atiilla/sqlmap…

Testing for file upload vulnerabilities? 🧐 Check out Malicious PDF Generator, an open-source toolkit to help you generate tens of malicious PDF files designed to exploit various vulnerabilities and insecure features found in PDF readers! 🤠 🔗 github.com/jonaslejon/mal…

Just released Passive Recon – my Burp Suite extension for recon during manual bug hunting. Give it a try! Automatically scans every request/response for: • Endpoints • Subdomains • GraphQL queries (even meta-GraphQL) • URLs github.com/aditisingh2707…

Just released Wayback-Recon – my Burp Suite extension to pull historical URLs from the Wayback Machine directly into Burp with the better ui. Perfect for recon during manual bug hunting and works seamlessly with my other tools Passive Recon. github.com/aditisingh2707…

Excited to share that I’ll be attending Security BSides Ahmedabad on 12–13 September! If you’re around and want to connect, exchange ideas, or just chat about security & hacking, feel free to say hello at the conference. #BugBounty #hackerone #bugcrowd

Julien | MrTuxracer 🇪🇺 AI slop, layoffs, and budget cuts. Bug bounty seem to have been around so long now that new management either doesn't understand it or has forgotten why they were created. The level of care and attention just isn't what it used to be,despite the quality reports they still receive

When we decompile an APK and see an unreadable index.android.bundle, it could be Hermes bytecode. Using github.com/P1sec/hermes-d… we can make it readable and look for interesting endpoints, keys, or app flows. #bugbounty

“🎯 Secret ChatGPT Prompts That 10x My Bug Bounty Success Rate ⚡” by Qasim Mahmood Khalid #bugbounty #infosec #hacking systemweakness.com/secret-chatgpt…

📲 Bug Hunting in Mobile Apps • Intercept traffic with Burp Suite • Decompile APKs with JADX • Search for hardcoded secrets in smali or XML • Check logs for sensitive info • Monitor mobile APIs for IDORs or weak auth 📱 Mobile apps = unexplored territory. #BugBounty

☄️Photon - Fast web crawler for osint and recon 🚀github.com/s0md3v/Photon

What happened here? 1.I found a subdomain endpoint via DuckDuckGo dorking. 2.I noticed a login endpoint that’s different from the users endpoint (neither allows registration). 3.I fuzzed that endpoint and discovered a user-management endpoint, but the website redirected me, so I

A long time ago, i was using (Frogy Recon Tool) and the results were more than amazing now its back as 2.0 and now i like it so much github.com/iamthefrogy/fr… by the amazing Chintan 'Frogy' Gurjar Just want to share here if someone wants to check it #bugbountytips #bugbountytip

Now you can search keywords/secrets in both HTML+JS files. Also, it shows all URLs with parameters on the page. Already found some open redirects using this extension. #bugbountytips #bugbounty github.com/dirtycoder0124…

Testing GraphQL targets? Make sure to check out GraphQL-wordlist, a complete repository with comprehensive wordlists for enumerating GraphQL API methods, field names, and types! 🤠 Check it out! 👇 github.com/Escape-Technol…

Read more about hacking GraphQL targets! 👇 intigriti.com/researchers/bl…

Sharing my LLM prompt. It makes it so that the LLM states assumptions, is less likely to agree with you and treats you as a peer - not a child or superior. I wrote it by hand and then used Gemini 2.5 Pro to compress it under 1500 words. gist.github.com/s0md3v/2690603…

Exposed secrets can have a devastating impact on any organization 👀 But you have to know where to look for them... 🔍 In our latest article, we explore several methods to search for leaked secrets, such as credential pairs, API keys, and other hard-coded tokens that can expand

🔍 Unlock the secrets of the web with "The Art of Web Reconnaissance: Bug Bounty & Ethical Hacking"! 🌐💻 📌 What you'll learn: - Advanced web reconnaissance techniques - Identifying and exploiting vulnerabilities - Best practices for ethical hacking - Real-world bug bounty

I read this all Two Factor Authentication writeups:-🥹 - link.medium.com/ne4pwoOl05 - link.medium.com/hhdBnCPl05 - link.medium.com/YFLGk4Ql05 - link.medium.com/rml43ESl05 - link.medium.com/ds1k5XTl05 - link.medium.com/35IjaPVl05 - link.medium.com/4l50R4Xl05