Termux All Command [Telegram Group]

💥OSINT: Database Search on a Website! Check out Exposed.lol for a database search for data leaks, including 14,453,524,741 compromised accounts' emails. 🔗 https://exposed.lol/

High demanding course TCM Security Courses Content - TCM Security - Linux 101 TCM Security - Linux Privilege Escalation for Beginners TCM Security - Windows Privilege Escalation for Beginners TCM Security - Python 101 For Hackers TCM Security - Python 201 For Hackers TCM Security - Movement, Pivoting and Persistence TCM Security - Open-Source Intelligence (OSINT) Fundamentals TCM Security - Practical Ethical Hacking - The Complete Course TCM Security - Practical Web Application Security and Testing TCM Security - Practical Windows Forensics TCM Security - Practical Malware Analysis & Triage https://mega.nz/folder/yIhmiTKR#Jgrd9KLScfBUN7PQu_LkGw Collected

⚡ Reflected XSS on help.shopify.com 👨🏻‍💻 ssilvass ➟ Shopify 🟨 Low 💰 $500 🔗 hackerone.com/reports/1940245 #bugbounty #bugbountytips #cybersecurity #infosec

are you licking or clicking

API Testing Full Course https://lnkd.in/gWvAEf7E

Case Study: Password Reset Token Leak Recently, while working with one of Germany's largest banks, we came across a simple bug that can lead to a high-impact account takeover vulnerability. The important part is that such a bug can easily be missed by automated scanners or tools-based testing. The vulnerability lies in the handling of the "X-Forwarded-Host" header during password reset requests. Attackers can exploit this by injecting a crafted header containing their domain. Subsequently, the reset link sent via email to the victim will be manipulated to point to the attacker's domain. Exploitation Scenario: 1. The attacker crafts a malicious "X-Forwarded-Host" header, initiating a password reset request on the victim's behalf. - See Screenshot 1: Intercepted HTTP request in Burp Suite from the "Forget password" functionality. The custom "X-Forwarded-Host" HTTP request header is added by the attacker, pointing to an attacker-controlled malicious domain. 2. The password reset email containing the manipulated link is sent to the victim. Upon clicking the link, the victim is redirected to the attacker's site instead of Bank's. - See Screenshot 2: Password reset link received by the victim, displaying the attacker-controlled domain embedded within the link. 3. The attacker intercepts the password reset token, allowing him to execute a full account takeover. - See Screenshot 3: Password reset token leaked on the attacker-controlled server, allowing password change which leads to full account takeover. 4. See Screenshot 4: Visual representation of the attack flow, illustrating the critical steps. Key Takeaways: - The exploit, rooted in header manipulation, can potentially be manipulated at various points in the multitier architecture systems, where requests may traverse multiple layers or tiers of servers. - Similar issues have been identified on many web domains, mostly in cases where reverse proxies or load balancers are involved. Recommendation: My advice to CISOs, CSOs, and CTOs: Do not, or never, allow your dev team to trust header values coming from intermediary systems or users, specifically the host header. Most IT leaders think Host header injection is a low or informational bug and do not recognize its greater impact. However, potential exploitation may lead to severe consequences, allowing attackers to compromise user accounts. Disclaimer: This case study is provided to help improve the security of your system and is shared for educational purposes only. No unauthorized access was performed.

Bug Bounty Tips ✨✨ To bypass the rate limit, attempt to identify the origin IP, as it may reveal any rate limit-related bugs. While testing on example.com, I discovered an option to check the balance of coupon codes. I had coupon codes ranging from 10 to 20+ for that company, and I noticed the first 5 or 6 digits were identical. I attempted to brute-force them but was unsuccessful. Later, on Censys, I found an IP address. After logging in through that IP, I attempted to brute-force the coupon code again. Burp Pro returned a 429 rate limit error. Subsequently, I tried Burp Community Edition and successfully sent over 10,000 requests. And I found 3 valid coupon code each worth of 5k 😅 and after reporting this issue I got coupon code without of 3k ₹🤣🤣🤣 #bug #bugs #bugbounty #bugbountytips #bugbountytip

Bug bounty tips ✨✨ Everyone is aware that sensitive information disclosure bugs can be obtained using tools like waybackurls or the Wayback Machine. Utilizing the Wayback Machine allows access to previously available data on a target. For instance, if a company had a subdomain like admin.example.com before, and later removed it or added security measures like a 403 protection, the old URL can still be accessed if archived by the Wayback Machine. Let's assume the target backs up data on admin.example.com/backup. Even if you don't have direct access to this URL, it might be accessible through the Wayback Machine, allowing you to download the files. Now, onto the second part: visit https://lnkd.in/gUr2FmjR and search for subdomains related to your target. At the bottom of the page, previously searched subdomains for your target will be listed. Explore them and search for any old subdomains that are now inactive. Open these inactive subdomains in the Wayback Machine, as they might contain sensitive information. Last night, I reported several bugs using this methodology. #bug #bugs #bugbounty #bugbountytips #bugbountytip #bughunter

👩‍💻 SQL Injection (SQLi) Complete Premium Course 👩‍💻 🔴 What is SQL Injection ❓

~ SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This can allow an attacker to view data that they are not normally able to retrieve. This might include data that belongs to other users, or any other data that the application can access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior. In some situations, an attacker can escalate a SQL injection attack to compromise the underlying server or other back-end infrastructure. It can also enable them to perform denial-of-service attacks.

⬇️Course Link 🔗 :

https://mega.nz/folder/ksYAXR5S#Oy9DapBfBrV2UyM_cksYhw

Give Reaction's 💕For More Hacking Tips, Trick's And Video's 🎬 ┣🔹@PakistanCyberHunters ♚ ❤️

To all #cybersecurity enthusiasts, I've listed below the free training programs offered by Cybrary: #Courses 🎮 Incident Response Lifecycle • https://lnkd.in/gkWJTKuy Penetration Testing and Ethical Hacking • https://lnkd.in/ghWzTJza Linux Fundamentals for Security Practitioners • https://lnkd.in/g3dFUGBa Identifying Web Attacks Through Logs • https://lnkd.in/geAxdjms #VirtualLabs 🎮 OSINT Basics • https://lnkd.in/gP3WAcag PowerShell Basics • https://lnkd.in/gUEPbKv5 BASH Scripting Basics • https://lnkd.in/gegyXBPi Python Basics • https://lnkd.in/gyzFMbsX Firewall Basics • https://lnkd.in/gJgQiREW VPN Basics • https://lnkd.in/gVNZvyEx Antivirus Basics • https://lnkd.in/gFXk6WSq Windows File System Basics • https://lnkd.in/g4N39-DZ Linux File System Basics • https://lnkd.in/gGr9AwpE Vulnerability Scanner Basics • https://lnkd.in/grgs7EpW #Assessments 🎮 Network Fundamentals • https://lnkd.in/gf27FGBk Cybersecurity Fundamentals • https://lnkd.in/gU_iUMhj Defensive Security Fundamentals • https://lnkd.in/g2Ffj_YC Log Analysis • https://lnkd.in/gF9RfUQn Digital Forensics • https://lnkd.in/gr-pctAB #AssesmentPaths 🎮 SOC Analyst • https://lnkd.in/gVqkuYkg IT and Cybersecurity Foundations • https://lnkd.in/gYHU_NvE Penetration Tester • https://lnkd.in/gnQn4bvP

𝗖𝗥𝗟𝗙 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗕𝘆𝗽𝗮𝘀𝘀 𝘂𝘀𝗶𝗻𝗴 𝗚𝗕𝗞 𝗘𝗻𝗰𝗼𝗱𝗶𝗻𝗴 GET /Cybertix ==> 404 Not Found GET /%0D%0A%20Set-Cookie:cybertix=1 ==> 400 Bad Request GET /%E5%98%8D%E5%98%8Set-Cookie:cybertix-1 ==> 𝟮𝟬𝟬 𝗢𝗞

𝐋𝐢𝐬𝐭 𝐨𝐟 𝟓𝟎 𝐓𝐨𝐩 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬 𝐓𝐎𝐎𝐋𝐒 . 1. Autopsy: https://www.autopsy.com/ 2. EnCase: https://lnkd.in/dRwh9VwZ 3. AccessData Forensic Toolkit (FTK): https://lnkd.in/dwhkAFKt 4. X-Ways Forensics: https://www.x-ways.net/ 5. Sleuth Kit: https://www.sleuthkit.org/ 6. Volatility: https://lnkd.in/dXX7-Vwc 7. Wireshark: https://www.wireshark.org/ 8. Cellebrite UFED: https://lnkd.in/dqm7x8cs 9. Forensic Email Collector: https://lnkd.in/dc-MeV7b 10. Digital Forensics Framework (DFF): https://lnkd.in/dmzfPdSa 11. Magnet AXIOM: https://lnkd.in/daQVh6nu 12. Oxygen Forensic Detective: https://lnkd.in/dAMRE7MQ 13. OSForensics: https://lnkd.in/dGmC8ZYC 14. NetworkMiner: https://lnkd.in/dF5S8tmM 15. RegRipper: https://lnkd.in/d2Katt9M 16. Bulk Extractor: https://lnkd.in/dA4_KWke 17. Ghiro: https://lnkd.in/dtaC3zbq 18. Scalpel: https://lnkd.in/dcauiS8p 19. HxD: https://lnkd.in/ddZC5tSJ 20. TestDisk: https://lnkd.in/dzbwsMQU 21. PhotoRec: https://lnkd.in/dCG9pKRs 22. CAINE (Computer Aided INvestigative Environment): https://lnkd.in/deNCZe9J 23. Axiom Cyber: https://lnkd.in/dVnkMpDn 24. Belkasoft Evidence Center: https://belkasoft.com/ec 25. Fibratus: https://lnkd.in/dhvrGykB 26. Autopsy Browser: https://www.autopsy.com/ 27. Kali Linux: https://www.kali.org/ 28. DEFT (Digital Evidence & Forensic Toolkit): http://www.deftlinux.net/ 29. Volatility Framework: https://lnkd.in/dXX7-Vwc 30. PyFlag: https://lnkd.in/dfMVnnPJ 31. Plaso (log2timeline): https://lnkd.in/dDwJvrEy 32. TSK (The Sleuth Kit): https://lnkd.in/d9rCryMN 33. Redline: https://lnkd.in/dqfpFzz7 34. Snort: https://www.snort.org/ 35. Tcpdump: https://www.tcpdump.org/ 36. Ngrep: https://lnkd.in/dagkZm-r 37. dcfldd: https://lnkd.in/dPm5Hha2 38. Wireshark: https://www.wireshark.org/ 39. SIFT (SANS Investigative Forensic Toolkit): https://lnkd.in/dc7b3vvU 40. Paladin: https://lnkd.in/dyK6iXCj 41. CAINE Live: http://www.caine-live.net/ 42. XRY (XAMN): https://lnkd.in/dv5c_Wmi 43. BlackLight: https://lnkd.in/dMxsBbEi 44. WinHex: https://lnkd.in/dS7vJn-c 45. AccessData FTK Imager: https://lnkd.in/dzFdb-bv 46. DC3DD: https://lnkd.in/dKwBPyP4 47. Raptor: https://lnkd.in/dq8hHget 48. EnCase Imager: https://lnkd.in/dRwh9VwZ 49. Guymager: https://lnkd.in/dHKMxxFY 50. Scalpel: https://lnkd.in/dcauiS8p

🔰 Tools for CTF Bruteforcers Tools used for various kind of bruteforcing (passwords etc.) Hashcat — Password Cracker John The Jumbo — Community enhanced version of John the Ripper John The Ripper — Password Cracker Nozzlr — Nozzlr is a bruteforce framework, trully modular and script-friendly. Ophcrack — Windows password cracker based on rainbow tables. Patator — Patator is a multi-purpose brute-forcer, with a modular design. Exploits Tools used for solving Exploits challenges DLLInjector — Inject dlls in processes libformatstr — Simplify format string exploitation. Metasploit — Penetration testing software one_gadget — A tool to find the one gadget Pwntools — CTF Framework for writing exploits Qira — QEMU Interactive Runtime Analyser ROP Gadget — Framework for ROP exploitation V0lt — Security CTF Toolkit Forensics Tools used for solving Forensics challenges Aircrack-Ng — Crack 802.11 WEP and WPA-PSK keys Audacity — Analyze sound files (mp3, m4a, whatever) Bkhive and Samdump2 — Dump SYSTEM and SAM files CFF Explorer — PE Editor Creddump — Dump windows credentials DVCS Ripper — Rips web accessible (distributed) version control systems Exif Tool — Read, write and edit file metadata Extundelete — Used for recovering lost data from mountable images Fibratus — Tool for exploration and tracing of the Windows kernel Foremost — Extract particular kind of files using headers Fsck.ext4 — Used to fix corrupt filesystems Malzilla — Malware hunting tool NetworkMiner — Network Forensic Analysis Tool PDF Streams Inflater — Find and extract zlib files compressed in PDF files ResourcesExtract — Extract various filetypes from exes Shellbags — Investigate NT_USER.dat files UsbForensics — Contains many tools for usb forensics Volatility — To investigate memory dumps Registry Viewers RegistryViewer — Used to view windows registries Windows Registry Viewers — More registry viewers #ctf #tool

♂️ Network Tools ♂️ NetworkMiner - A Network Forensic Analysis Tool (NFAT) Paros - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability pig - A Linux packet crafting tool findsubdomains - really fast subdomains scanning service that has much greater opportunities than simple subs finder(works using OSINT). cirt-fuzzer - A simple TCP/UDP protocol fuzzer. ASlookup - a useful tool for exploring autonomous systems and all related info (CIDR, ASN, Org...) ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications mitmsocks4j - Man-in-the-middle SOCKS Proxy for Java ssh-mitm - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords. nmap - Nmap (Network Mapper) is a security scanner Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program Nipe - A script to make Tor Network your default gateway. Habu - Python Network Hacking Toolkit Wifi Jammer - Free program to jam all wifi clients in range Firesheep - Free program for HTTP session hijacking attacks. Scapy - A Python tool and library for low level packet creation and manipulation Amass - In-depth subdomain enumeration tool that performs scraping, recursive brute forcing, crawling of web archives, name altering and reverse DNS sweeping sniffglue - Secure multithreaded packet sniffer Netz - Discover internet-wide misconfigurations, using zgrab2 and others. RustScan - Extremely fast port scanner built with Rust, designed to scan all ports in a couple of seconds and utilizes nmap to perform port enumeration in a fraction of the time.

🔰 Complete Bug Bounty tool List! dnscan https://github.com/rbsec/dnscan Knockpy https://github.com/guelfoweb/knock Sublist3r https://github.com/aboul3la/Sublist3r massdns https://github.com/blechschmidt/massdns nmap https://nmap.org masscan https://github.com/robertdavidgraham/masscan EyeWitness https://github.com/ChrisTruncer/EyeWitness DirBuster https://sourceforge.net/projects/dirbuster/ dirsearch https://github.com/maurosoria/dirsearch Gitrob https://github.com/michenriksen/gitrob git-secrets https://github.com/awslabs/git-secrets sandcastle https://github.com/yasinS/sandcastle bucket_finder https://digi.ninja/projects/bucket_finder.php GoogD0rker https://github.com/ZephrFish/GoogD0rker/ Wayback Machine https://web.archive.org waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050 Sn1per https://github.com/1N3/Sn1per/ XRay https://github.com/evilsocket/xray wfuzz https://github.com/xmendez/wfuzz/ patator https://github.com/lanjelot/patator datasploit https://github.com/DataSploit/datasploit hydra https://github.com/vanhauser-thc/thc-hydra changeme https://github.com/ztgrace/changeme MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/ Apktool https://github.com/iBotPeaches/Apktool dex2jar https://sourceforge.net/projects/dex2jar/ sqlmap http://sqlmap.org/ oxml_xxe https://github.com/BuffaloWill/oxml_xxe/ XXE Injector https://github.com/enjoiz/XXEinjector The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool ground-control https://github.com/jobertabma/ground-control ssrfDetector https://github.com/JacobReynolds/ssrfDetector LFISuit https://github.com/D35m0nd142/LFISuite GitTools https://github.com/internetwache/GitTools dvcs-ripper https://github.com/kost/dvcs-ripper tko-subs https://github.com/anshumanbh/tko-subs HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web ysoserial https://github.com/GoSecure/ysoserial PHPGGC https://github.com/ambionics/phpggc CORStest https://github.com/RUB-NDS/CORStest Retire-js https://github.com/RetireJS/retire.js getsploit https://github.com/vulnersCom/getsploit Findsploit https://github.com/1N3/Findsploit bfac https://github.com/mazen160/bfac WPScan https://wpscan.org/ CMSMap https://github.com/Dionach/CMSmap Amass https://github.com/OWASP/Amass Extra Tools http://projectdiscovery.io