#bugbountytips
- Subscribers
- Post coverage
- ER - engagement ratio
Data loading in progress...
Data loading in progress...
hednsextractor -target "target" -silent | httpx -path /.git/config -mc 200 -silent
#bugbountytipscat endpoints.txt | egrep 'jpg|jpeg|png' > results.txt
3. Filter to alive
httpx -l results.txt -mc 200 -o alive.txt
4. Found a passport on specific endpoint => app.com/xxxx/cdn/file/xxx.jpg
5. Visit app.com/xxxx/cdn/ ==> dir listing open and the results is tons of PII
💡Don't forget checking (jpg/jpeg/etc..) all the time
by @GodfatherOrwa
#bugbountytipsModern WAF Bypass Techniques on Large Attack Surfaces 👇 Shubham Shah is a security researcher and entrepreneur, known for co-founding Assetnote - a leading attack surface management platform. He's ranked as the #1 bug bounty hunter in Australia for three consecutive years and #27 in the world on HackerOne. Shubham specializes in discovering complex vulnerabilities in enterprise software and engineering security automation. nowafpls:
https://github.com/assetnote/nowafplsJOIN DISCORD: discord.gg/NahamSec 💬 Social Media -
https://twitter.com/nahamsec-
https://instagram.com/nahamsec-
https://twitch.com/nahamsec-
https://facebook.com/nahamsec1#NahamCon2024: Shodan & WAF Evasion Techniques | @godfatherOrwa ⚒️Tools:
https://github.com/phor3nsic/favicon_hash_shodan🧑🏽💻 Commands: $ shodan download --limit 1000 myresults.json.gz 'DORK' $ shodan parse --fields ip_str,port --separator " " myresults.json.gz | awk '{print$1":"$2}' | httpx 📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training 💵 Support the Channel: You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more! ☕️ Buy Me Coffee:
https://www.buymeacoffee.com/nahamsecJOIN DISCORD:
https://discordapp.com/invite/ucCz7uhYour current plan allows analytics for only 5 channels. To get more, please choose a different plan.