You can Spider a website with the SpiderFoot Web Spider Module!(Tongue twister much) 😅 🕷️ Web spidering is a great way to find hidden endpoints that brute forcing tools might miss. Check out how we got all of these results from tesla[.]com. CLI & GUI demo 👇 🧵 1/3

Introducing "Smap", a drop-in replacement for Nmap powered by shodan.io Github: github.com/s0md3v/Smap Features: - no shodan account required - mimics nmap's arguments and output - supports oX/oG/oN outputs (and more) - fully passive, just 1 http request per host

Instead of letting Palestinians pray in peace

🔥 I've just released cdnstrip - a simple CLI that strips out CDN IPs from a list of IP Addresses to make your port scan much faster and cleaner. github.com/j3ssie/cdnstrip And of course, it's already added in Osmedeus default workflow #bugbounty #bugbountytips #infosec

🏰 CSRF in the age of JSON? It may be possible! If you can manipulate the Content-Type, then maybe this PoC can help you out! 😎 Thank you Oliver Rickfors for providing this one! 💪 #bugbounty #bugbountytips 👇

I have created a lot of useful little hacking tools over the last few years, sometimes I tweet about them, sometimes I don't. Here's a list of some of the most useful ones, and a brief explanation of what they do! 🧵👇

Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click medium.com/@h4x0r_dz/vuln…

Working it 🔋 👊 MR14 #MUFC

Useful Google Dorks for WebSecurity and Bug Bounty github.com/Proviesec/goog…

"GraphQL Security Testing Without a Schema" blog.forcesunseen.com/graphql-securi…

With the latest version of Uncover, now easily search for exposed assets using multiple search engines at once. → Shodan → Censys → FOFA → Hunter → Quake GitHub Release: github.com/projectdiscove… #hackwithautomation #recon #assetdiscovery #security #bugbounty #bugbountytips

Google's privacy settings cannot be trusted. They're settling a lawsuit over allegations of misleading users, secretly recording their movements even after location tracking had been turned off, and offering that data to marketers to sell advertisements. npr.org/2022/11/14/113…

Super excited to release our car hacking research discussing vulnerabilities affecting hundreds of millions of vehicles, dozens of different car companies: samcurry.net/web-hackers-vs… Contributors: ꙅɿɘƚɔɘqꙅ Brett Buerhaus xEHLE Ian Carroll, sshell shubs Ben Sadeghipour Joseph Thacker

Only with a Company name enumerate cloud resources (AWS, Azure, GCP...) easily with a Trickest workflow! Learn how in a new blog post with @carlospolopm ⏬ eu1.hubs.ly/H02DlPK0

You guys always ask me how do I find SQL injections, its just simple. Avoid what everyone does and make your own methodology. Here is mine: 1. I don't normally go if the target is just target.com. I always prefer the target with wide scope. 1/n #BugBounty

Xavi: "Dembélé? He is fine, yesterday he trained well. He looks fine, but is not 100% ready yet. He's about to be back with the team, but it depends on his recovery. We trust his instincts, he's fine and that's important."

No player has scored more goals (33) than Erling Haaland in their first 25 Champions League matches. Cristiano Ronaldo, the all-time goalscorer (140) in the competition didn't score in his first 25 matches. Haaland is coming for ALL the records 😳

Use Vanta to automate and elevate your compliance. Trusted by more than 7,000 companies including the likes of Atlassian, Flo Health, and Quora, Vanta can help your team recoup time that would otherwise be lost to compliance efforts. Compatible with some of the most

Hansi Flick: "I understand Spanish much more than I speak, I'm improving. It's not easy, but my teachers are lovely. I'm learning little by little."

France Football has revealed that there were 6,633 points voted for in total with Rodri earning just 41 more than Vinicius to win the Ballon d'Or 😮