#PmG - Extract parameters/paths from urls github.com/knassar702/pmg #bugbountytips #recon

We just released a blog post about our Python Static analyser tool (Pysa) It is very similar to Zoncolan, but open sourced with configurations ready for you to use in your Django, Tornado or flask projects :) Give it a try! Let us know your feedback engineering.fb.com/security/pysa/

Are you an #OSCP student that, like me, couldn't find any decent buffer overflow binaries with badchars other that \x00, \x0a, and \x0d? Want to practice for the exam without setting up your own VM? Well here's a new (free) @RealTryHackMe room for you: tryhackme.com/jr/oscpbuffero…

Here is how #subfinder can be used to quickly extract the low-level subdomains of any given subdomain. ./subfinder -d news.yahoo.com -recursive #bugbountytips #recon

A collection of over 300 Penetration Testing POC #CN #IOT #Mobile #WebAPP #Windows #Linux #Tool#Tutorials github.com/Mr-xn/Penetrat…

My write up for BugPoC challenge featuring a filter bypass without any encoding 😉 blog.fadyothman.com/solving-a-bugp… #bugbountytip

🙈

ScanT3r - Scans all URLs with multiple HTTP Methods and Tries to look for bugs with basic exploits as XSS - SQLI - RCE - SSTI from Headers and URL Parameters By chaining waybackurls or gau github.com/knassar702/sca… #bugbountytips #recon #gau #waybackurls

subfinder -d tesla.com -silent | httpx -timeout 3 -threads 300 --follow-redirects -silent | xargs -I% -P10 sh -c 'hakrawler -plain -linkfinder -depth 5 -url %' | grep "tesla" @b51b5b43 Luke Stephens (hakluke) JS0N Haddix STÖK ✌️ ProjectDiscovery #bugbountytip #bugbounty

./github-subdomains.py -t APIKEY -d att.com | httpx -silent | xargs -I@ -P20 sh -c 'gospider -a -s "@" -d 2' | grep -Eo "(http|https)://[^/\"].*.js+" | sed "s#\] \- #\n#g" | anew | grep "att.com" github.com/gwen001/github… @b51b5b43 STÖK ✌️

Extract URL .apk 💀 🔥 apktool d com.uber -o uberApk;grep -Phro "(https?://)[\w\.-/]+[\"'\`]" uberApk/ | sed 's#"##g' | anew | grep -v "w3\|android\|github\|schemas.android\|google\|goo.gl" 🔥 @b51b5b43 STÖK ✌️ JS0N Haddix Ben Sadeghipour TomNomNom

I wrote a post on Assetnote's blog about hacking in bug bounties for the last four years. This should give you a good idea on what I've been reporting and how I find bugs and incorporate them back into our platform. blog.assetnote.io/2020/09/15/hac…

I'm happy to announce that I'm now officially Attify Certified IoT Security Pentester. I've spent the last few months studying and kicking off my journey into this amazing exclusive field. (IoT , SDR, Hardware, Embedded Systems, Binary reversing..etc) #IoTSecurity #GeneralEG

I have published Arbitrary code execution on Facebook for Android's write up, Enjoy reading! medium.com/@dPhoeniixx/ar…

Github org:Target "bucket_name" org:Target "aws_access_key" org:Target "aws_secret_key" org:Target "S3_BUCKET" org:Target "S3_ACCESS_KEY_ID" org:Target "S3_SECRET_ACCESS_KEY" org:Target "S3_ENDPOINT" org:Target "AWS_ACCESS_KEY_ID" org:Target "list_aws_accounts"

Hey, Interested in mobile application security? You should read the following topic about request forgery in mobile applications! dphoeniixx.com/2020/12/13-2/

When you apply for a red team role but they say you'd fit better in the blue team.

!!

Giveaway time! We are going to send a t-shirt and few goodies to one person who follows PentesterLab and likes this tweet !! And we are going to give a 1-year voucher to someone who RT this tweet!