Ghauri - An Advanced SQL Injection Automation Plugin-In By Security Foster. 💫💫 Latest Acunetix VS Ghauri 🧐🧐 Coded By: r0ot h3x49 🎩 #Cybersecurity #automationtesting #BugBounty #bugbountytips

"Don't ignore 403 subdomains" Try to bypass or fuzz more. Also, always check Symfony targets for these directories: /_profiler. You might find phpinfo containing Symfony secrets, which can lead to RCE. Great tip by Godfather Orwa 🇯🇴! ❤️❤️ #BugBounty #SecurityTips

I'm thrilled to introduce Recon88r, a Python script designed to streamline and automate the reconnaissance process # Features: Subdomain Enumeration Live Results in Discord Perform XSS scans JS Exposures Port scanning Full nuclei scanning Panels #bugbounty t.ly/FfmSP

A less known CVE-2023-3793 - Weaver E-Cology SQL Injection. Nuclei Template Link Link: github.com/UltimateSec/ul… #BugBounty #SQLInjection

1/7 Web Application Recon Tips 1 : Resolution # github.com/projectdiscove… cat subdomains/subdomains.txt | httpx -follow-redirects -random-agent -status-code -silent -retries 2 -title -web-server -tech-detect -location -no-color -o websites.txt #bugbountytips #BugBounty #Hacking

To who asked about the vulnerability type, i wrote this writeup about it before period of time, enjoy reading it :- medium.com/@wadqamar10/ho…

Ok, here is another #bugbountytip You can find this issue with “login with Google ” too, or any other Idp providers During the signup process, delete the email value from the scope 💣

Wanna know How I prevented a Mass Data Breach? Go Read: medium.com/@bxmbn/how-i-p… Wanna know How a Bank offer led to PII Leak? Go Read: medium.com/@bxmbn/i-recei… More writeups coming soon 🖤

This tool ( unisub ) , its one of the best option for you to bypass WAF's and filters .🙂 by TomNomNom #bugbountytips #bugbounty #Hackingtime

Some Shodan Dorks that might be useful in Bug Bounty. 1. org:"http://target. com" 2. http.status:"<status_code>" 3. product:"<Product_Name>" 4. port:<Port_Number> “Service_Message” 5. port:<Port_Number> “Service_Name” 6. http.component:"<Component_Name>" 7.

🔖Penetration Testing, Beginner To Expert! Massive Web Application Penetration Testing & Bug Bounty Notes📚 github: github.com/xalgord/Massiv… #web #pentest

شكرًا لعبدالرحمن ذكي، لخص فيديو الرود ماب ف تكست ❤️ للي مش حيقدر يتفرج عالفيديو او معندهوش وقت، دقيقه اقرا الاتي: ——————————— 1. html | elzero.org 2. css ازاي تعمل تزيين بس كدا وخلاص | elzero.org 3. js | elzero.org 4. php |

THREAD How did I find 2 DOM XSS by hacking Swagger-UI? 1-Do a subdomain enum to find subs that use Swagger Ui 2-Get the live subs 3-Run Nuclei in all the live subs using the (-tags swagger) 4-Find Swagger Ui endpoints #BugBounty #bugbountytip #bugbountytips #Cybersecurity

- Simple tip for port scan 1) after enumerat your subdomains save in subs.txt 2) run this command "cat subs.txt | dnsx -a -ro | naabu -silent -top-ports 1000 -exclude-ports 80,443,21,22,25 -o ports.txt" #bugbountytips #bugbounty #infosec #cybersec

Thanks to Allah always and forever ♥️ First Triage in 2024, HTML Injection on Login Page #Tips :- 1- site:*[.]redacted[.]com login.php 2- arjun -u .../login.php -> parameters with body length reflection (username) 3- Test for :- SQLi, LFI, XSS, HTML inj,..etc #bugbountytips

📍Scanning APK file for URIs, endpoints & secrets. أداة لتحليل ملفات apk 🖇️github.com/dwisiswant0/ap…

🌟Subdominator🌟 is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. 📥github.com/sanjai-AK47/Su… #bugbountytip #bugbountytips #ethicalhacking #CyberSecurity #Pentesting #sqli #xss #CyberSecurityAwareness #bugbounty #GitHub #offsec

An automation tool for enumerating subdomains, filtering out XSS, SQLI, Open Redirect, LFI, SSRF, and RCE parameters, and scanning for vulnerabilities. github.com/h4r5h1t/webcop…

🚀Bug Bounty Tips: Act quickly to report issues related to CVE-2020-27838, as many vulnerable instances are still out there. I've identified over 100+ instances vulnerable to CVE-2020-27838 so far. A flaw was found in Keycloak in versions prior to 13.0.0. The client registration

🚨 I convinced my team to do one last giveaway! Options: hhub.io/eu2wxGj 🏆 Full Access: $199 💻 Lifetime Course: $39 (includes updates) 🎯 1-Month trial (no updates): $19 TWO WINNERS (1 each): - Full cert bundle - Lifetime access Enter: ↪️ RT + Reply with 🎯