[NEW-PROJECT] 🥳🥳 Katana –– A next-generation crawling and spidering framework. → Standard / Headless → Customizable Config → Scope control → Output Filters GitHub Project –– github.com/projectdiscove… #hackwithautomation #cybersecurity #crawler #opensource #bugbounty

Parshu - A tool for filtering URLs based on specific parameters. Filters out custom results from Web App Pentesting using regex. » github.com/R0X4R/Parshu #cybersecurity #bugbountytips #infosec #bugbounty #bugbountytip

Time for another giveaway! We are going to send a t-shirt and a few goodies to one person who follows PentesterLab and retweets this tweet!! And we are going to give a 12-month voucher to someone who follows PentesterLab and likes this tweet!!

🌟 Exciting News! 🌟 Check out the brand new look of our website at kongsec.io! 🎉🎈✨

Pyscan Python dependency vulnerability scanner, written in Rust. github.com/aswinnnn/pyscan #infosec #pentesting #redteam t.me/hackgit/9124

You can now discover vulnerabilities with HackerGPT.

🔍GitLab CVE-2023-7028 - Uncover account takeover potential with a simple password reset method. Known POC: user[email][][email protected]&user[email][][email protected] Identifying vulnerable targets: 1️⃣ Utilize the nuclei template at github.com/projectdiscove… to spot exposed

🚨Tool Alert !! 🚨 For the past few days I have been playing with Streamlit and I must say it's awesome to spin up quick prototypes I created this BugBounty Helper Tool Kit & it merely took 10 minutes, check out👇 tools.hackinsec.com #bugbounty #bugbountytips #cybersecurity

First tool added in ReconSage ⚡️ by Ravindra Lakhara 🇮🇳 Join the waitlist to get access to the new generation reconnaissance platform reconsage.com/tools/scan-gmap #bugbounty #bugbountytips #bugbountytip

Extract JS files from your Target. jsmon.rashahacks.com

what an incredible auth bypass! /foo?jsp=/authenticated-endpoint;.jsp CVE-2024-27198 TeamCity authentication bypass rapid7.com/blog/post/2024…

Congrats For Huge Bounty ):

Thanks @scidsg

Are your excited for 2.0 version of "How to JS for Bug Bounties" kongsec.medium.com/how-to-js-for-… #kongsec #bugbounty

NucleiScanner = Nuclei + Subfinder + Gau + Paramspider + httpx (Automation) Link: github.com/0xKayala/Nucle… #NucleiScanner #NucleiFuzzer #Automation

Advanced IDORs - 9 Techniques by Intigriti: 1. Exploiting Basic IDORs How to: Modify a predictable numeric ID in the request URL or parameters. Example: GET /user/email?userId=1002 (change userId to another value). 2. Exploiting IDORs via Parameter Pollution How to: Inject

In the past few months, I've been making a subdomains database containing 1.6 billion subdomains scrapped from multiple public (and private) sources. This database is now public and FREE and can be queried on the following website. dash.pugrecon.celes.in Enjoy!

We launched the Full-Time Hunters' Guild this week via the Critical Thinking - Bug Bounty Podcast community. Accountability, collaboration, data, and support staff for full-time hunters (or part-time w/ 100k+/year). Very excited to see how this boosts my BB performance in 2025. ctbb.show/full-time-rhyn…

bugcrowd HackerOne Why not hire people like who have seen the struggle of real hunting? Why not hire people who are working day/night for years, These people are Gems, They know what are the real problems and how to overcome them. Hire bug hunters instead of Pentesters,

For heavy recon bug bounty hunters: - if you go wide, connect the dots. (Bálint Magyar, BSidesBUD 🇭🇺)