You guys always ask me how do I find SQL injections, its just simple. Avoid what everyone does and make your own methodology. Here is mine: 1. I don't normally go if the target is just target.com. I always prefer the target with wide scope. 1/n #BugBounty

Great weekend on H1 HackerOne Found /.git/config while fuzzing ( medium ) used GitTools : github.com/internetwache/… to dump whole .git directory form server Found DB creds in dumped files which are not accessible directly ( Critical ) #bugbountytip #bugbountytips

🚨 Top 30 Recon Tools for Ethical Hackers / Pentesters 🧑‍💻 Nmap Shodan Recon-ng theHarvester Maltego Metasploit Framework Wireshark Netcat dnsrecon Nikto Whois Hping ReconFTW THC Hydra Aircrack-ng DNSenum Masscan Snort OSINT Framework SpiderFoot Wfuzz DirBuster Subfinder

⚒️It’s #ToolThursday and today I am going to share an amazing open source tool that I came across recently - Scilla Unique Features: 🛠️ Open Source & Easy to Use 🚀 Fast & Go-based 📊 Versatile Enumeration 📝 Automated Report Generation ➡️ Scilla is an information

bugcrowd Who’s asking about what wordlist I use I use mostly github.com/orwagodfather/… and github.com/six2dez/OneLis… Important note all the time update your wordlist manually by adding interesting endpoints / dirs that you have

We earned $35,000 in total with Godfather Orwa 🇯🇴 for submissions on @bugcrowd #ItTakesACrowd #Tip: command `ffuf -w /subdomain_megalist.txt -u 'https://XXXFUZZ[.]target[.]com/' -c -t 350 -mc all -fs 0` also `https://FUZZXXX[.]target[.]com/`

Bluetooth Eavesdropping Threat Exposed: New “BlueSpy” Exploit Targets Popular Headsets securityonline.info/bluetooth-eave…

#Vulnerability #CVE20242389 CVE-2024-2389 (CVSS 10): Critical Security Flaw Discovered in Progress Flowmon Network Monitoring Tool securityonline.info/cve-2024-2389-…

Happy Hunting !!!! Curated collection of powerful one-liners tailored for bug bounty hunting, crafted with ♥ by the community. Contribute and enhance your bounty hunting arsenal! ## Quick Guide - **HOST:** Refers to a single hostname, domain, or IP address. - **HOSTS.txt:**

Happy Hunting!!!😎😎🚨🚨 SSTI (Server Side Template Injection) Generic ${{<%[%'"}}%\. {% debug %} {7*7} {{ '7'*7 }} {2*2}[[7*7]] <%= 7 * 7 %> #{3*3} #{ 3 * 3 } [[3*3]] ${2*2} @(3*3) ${= 3*3} {{= 7*7}} ${{7*7}} #{7*7} [=7*7] {{ request }} {{self}} {{dump(app)}} {{ []

🔍 #BugBountyTip: Found a JS file that's hard to read? Try deobfuscating it at obf-io.deobfuscate.io. Learn the obfuscation techniques used, as some methods might not be reversible by this tool. 🛠️ Key JS obfuscation techniques: - Reordering - Encoding - Splitting - Renaming

Excited to share my journey on discovering my first Remote Code Execution (RCE)! Check out the article here: mchklt.medium.com/how-i-found-my… #BugBounty #bugbountytips #cybersecuritytips #CyberSecurity

GIVEAWAY 🎁🎁 It's simple, here are the rules: 🧑‍💻 Be a hacker 🔁 Retweet ❤️ Like 📝 Fill out the survey 👇 Drop an emoji when done You could win an entire swag bundle just by filling out the survey 😱 surveymonkey.com/r/WBRQLGX

Always test the :83 default port on servers, maybe there is Telerik Report Server, you can take advantage of the newly revealed vulnerability. #BugBounty #BugBountyTip #CVE-2024-4358 / #CVE-2024-1800 github.com/sinsinology/CV…

The only recon methodology you need to know an0nbil.medium.com/the-only-recon… #bugbountytips #bugbounty #cybersecurity

CVE-2024-4177: SSRF Vulnerability Patched in Bitdefender GravityZone Console On-Premise securityonline.info/cve-2024-4177-…

🚨Alert🚨CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol! ⚠They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted

⚠️⚠️ CVE-2023-52251 and CVE-2024-32030: Remote code execution(RCE) in UI for Apache Kafka 🎯5.8k+ Results are found on the en.fofa.info nearly year. FOFA Link🔗: en.fofa.info/result?qbase64… FOFA Query: app="UI-for-Apache-Kafka" PoC🔖: securitylab.github.com/advisories/GHS… #OSINT

🚨 Critical — CVE-2025-10035 (CVSS 10.0): Fortra has disclosed a deserialization flaw in the GoAnywhere MFT License Servlet that can allow remote command-injection. I've created a #nuclei script to detect vulnerable instances at scale: github.com/rxerium/CVE-20…