If you're into generating subdomains quickly 🚀 check out this website: husseinphp.github.io/subdomain/ #bugbountytips #bugbountytip #BugBounty

A curated list wordlists for bruteforcing and fuzzing - by gmelodie github.com/gmelodie/aweso…

Hikvision vulnerability scanner and exploiter: github.com/HexBuddy/Hikvi…

Ali Gotta say man I like the payload, Hope you dont mind I add it to my Github Xss payloads area github.com/shadowByte1/xss

Tip:- Add to your wordlist: auth/jwt/register auth-demo/register/classic auth-demo/register/modern My First P1🥳 #bugbountytips #bugbountytip #bugbounty #hackerone #bugcrowd #h1

Subdomain Takeover Detection with Subfinder & Nuclei -new wordpress takeover detection for nuclei template subfinder -d target -o target && nuclei -t wp-xyz-takeover[.]yaml -l target #bugbountytips #bugbounty github.com/schooldropout1…

Automate xss and sqli vulnerabilities finding #bugbounty #bugbountytip

Nuclei Template : REFLECTION Potential XSS, SSRF, Cache Poisoning, Open URL Redirection & OAUTH Redirection nuclei -t reflection[.]yaml -u target Credit: Gudetama #BugBounty #bugbountytips

Google Dorks - Code Leaks 💧 site:pastebin. com "example. com" site:jsfiddle. net "example. com" site:codebeautify. org "example. com" site:codepen. io "example. com"

Add the file `wp-config.php.txt` to your wordlist, and you might discover some juicy data. Enjoy! 😏 #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

Extracting Credentials From Windows Logs : practicalsecurityanalytics.com/extracting-cre…

Tip:- Do wayback on root domain then get endpoints and add it to your list and fuzz on subdomains or other roots.. $ ~ waybackurls root.com |cut -d "/" -f 4-|sort -u > endpoints.txt #bugbountytips #bugbountytip #bugbounty #hackerone #bugcrowd #h1

How I made $15K in bug bounties from GitHub secret leaks tillsongalloway.com/finding-sensit…

Hello everyone ♥ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look

#Cycatz #cybersecurity Unlock Hidden Backups with wayBackupFinder More.... shorturl.at/andsK #cyberattacksurfacemanagement #darkwebmonitoring #SurfaceWebMonitoring #cloudsecurity #grc #vendorriskmanagement #brandmonitoring #incedentreport #bug #sensitiveinformationexpoture

I earned $xxxxx for my submission on @bugcrowd bugcrowd.com/sh0a1b #ItTakesACrowd #bugboubtytip #bugbounty #bugcrowrd Tip: Always go through every single JS of the scope -> extract all endpoints -> Make your own script and wordlist -> Bruteforce all the endpoints -> P1 IDORs

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add

Just released a simple and easy to use burpsuite extension, it rotates the user agent with every request to bypass WAF which blocks user via User Agent. It was helpful to me, though to share it with community! github.com/sh-o-aib/Burp-… #Bugbounty #bugcrowd #hackerone #burpsuite

A long time ago, i was using (Frogy Recon Tool) and the results were more than amazing now its back as 2.0 and now i like it so much github.com/iamthefrogy/fr… by the amazing Chintan 'Frogy' Gurjar Just want to share here if someone wants to check it #bugbountytips #bugbountytip