Bug bounty Tips

How Hackers Perform Device Scans on a Network with Nmap Posted by @TheGodEye

Sql Injection HOST: cutm.ac.in ENDPOINT: https://cutm.ac.in/payu/skill/index.php?id=1 SEVERITY: Critical IMPACT: Critical

☄️Want to learn how to hack? First, you'll need to get a good grip on these basics: ✔️Networking: Figure out how computers talk to each other. ✔️Coding: Learn to build and break stuff with code. ✔️Linux: Master this operating system – it's a hacker's playground. 🛡The better you understand these, the faster you'll pick up hacking skills.

Hey Hackers ! PentestList is a fantastic resource for the cybersecurity and ethical hacking community! Key Features of PentestList 🌟: • Comprehensive Directory 📂 • Search & Filter 🔍 • Verified Listings ✅ • User Reviews & Ratings ⭐️ • Up-to-Date Information 🕒 • Easy Comparison ⚖️ • Resource Hub 🛠 PentestList is designed to be your go-to resource for finding the best penetration testing services and staying ahead in the cybersecurity world! Go : https://pentestlist.com/

Starting with API testing

Plaaning to do something in 2024 ## Advanced Recon - Advanced Recon - Sniffing HTTP and HTTPS - MITM ## Dorking - SQL Injection - XSS - HTML Injection ## Pen Testing Tools and Techniques - Burpsuite and Tools - SSH Enumeration and Brute Forcing - Buffer Overflow - Active Directory Enumeration - S3 Bucket Enumeration and Exploitation and more

something is coming up guys, check this out and let me know your thoughts

⚠️New BBP Target⚠️ 🚀https://security.embracecloud.nl/.well-known/security.txt

🔰 Updated Bug Bounty tool List! dnscan https://github.com/rbsec/dnscan Knockpy https://github.com/guelfoweb/knock Sublist3r https://github.com/aboul3la/Sublist3r massdns https://github.com/blechschmidt/massdns nmap https://nmap.org masscan https://github.com/robertdavidgraham/masscan EyeWitness https://github.com/ChrisTruncer/EyeWitness DirBuster https://sourceforge.net/projects/dirbuster/ dirsearch https://github.com/maurosoria/dirsearch Gitrob https://github.com/michenriksen/gitrob git-secrets https://github.com/awslabs/git-secrets sandcastle https://github.com/yasinS/sandcastle bucket_finder https://digi.ninja/projects/bucket_finder.php GoogD0rker https://github.com/ZephrFish/GoogD0rker/ Wayback Machine https://web.archive.org waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/ XRay https://github.com/evilsocket/xray wfuzz https://github.com/xmendez/wfuzz/ patator https://github.com/lanjelot/patator datasploit https://github.com/DataSploit/datasploit hydra https://github.com/vanhauser-thc/thc-hydra changeme https://github.com/ztgrace/changeme MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/ Apktool https://github.com/iBotPeaches/Apktool dex2jar https://sourceforge.net/projects/dex2jar/ sqlmap http://sqlmap.org/ oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ XXE Injector https://github.com/enjoiz/XXEinjector The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool ground-control https://github.com/jobertabma/ground-control ssrfDetector https://github.com/JacobReynolds/ssrfDetector LFISuit https://github.com/D35m0nd142/LFISuite GitTools https://github.com/internetwache/GitTools dvcs-ripper https://github.com/kost/dvcs-ripper tko-subs https://github.com/anshumanbh/tko-subs HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web ysoserial https://github.com/GoSecure/ysoserial PHPGGC https://github.com/ambionics/phpggc CORStest https://github.com/RUB-NDS/CORStest Retire-js https://github.com/RetireJS/retire.js getsploit https://github.com/vulnersCom/getsploit Findsploit https://github.com/1N3/Findsploit bfac https://github.com/mazen160/bfac WPScan https://wpscan.org/ CMSMap https://github.com/Dionach/CMSmap Amass https://github.com/OWASP/Amass Extra Tools http://projectdiscovery.io ==================== Hacking Telegram Groups https://BugCrowd.t.me https://HackerTrain.t.me https://BugCrowdChat.t.me Hacking Telegram Channel https://t.me/hackersHandbook https://t.me/HackTheBox_Training https://t.me/ZishanAdThandarChannel My LinkedIN: https://www.linkedin.com/in/zishanadthandar/ My Link Tree: https://zishanadthandar.github.io/linktree/

Motivation time 🖤

Add 'app/config/config.local.neon' to the wordlist, and maybe you will get juicy data. By: @NoRed0x #bugbountytips #bugbountytip

Hi everyone, I have recently found an interesting vulnerability which allowed me to get all the exposed log files that contains juicy information like hidden directories, credentials etc Here's the methodology: 1. Did initial content discovery and found /system endpoint (It was giving 403 error) 2. Then i went to discover content inside the "/system" directory and found "/system/logs" 3. Finally, Got the log files!!!