Bug bounty Tips
Відкрити в Telegram
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Показати більше5 948
Підписники
+1324 години
+947 днів
+34930 день
Архів дописів
5 948
What is Hound?
Hound is a tool that can remotely capture the exact GPS coordinates of a target device using a PHP server, and can also grab basic information about the system and ISP. This tool can be very helpful in information gathering. you can get following information of the target device
Longitude
Latitude
Device Model
Operating System
Number of CPU Cores
Screen Resolution
User agent
Public IP Address
Browser Name
ISP Information
Features
The tool offers a wide range of features and functionality, including:
Capture Exact GPS Location
Automated Data Collection
User-friendly Interface
This Tool Tested On :
Kali Linux
Windows(WSL)
Termux
MacOS
Ubuntu
Parrot Sec OS
Installing and requirements
This tool require PHP for webserver, wget & unzip for download and extract cloudflare. First run following command on your terminal
apt-get -y install php unzip git wget
Installing (Kali Linux/Termux):
git clone https://github.com/techchipnet/hound
cd hound
bash hound.sh
5 948
Web Hacking Tip: - jhaddix
When using ffuf change the user agent string as the default one "Fuzz Faster U Fool" is commonly blocked.
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"5 948
IF YOU DON.T HAVE money, SELL YOUR CROSS SITE SCRIPTING: https://medium.com/@1daytosee/if-you-don-t-have-money-sell-your-cross-site-scripting-dc4b6bdd046f?source=rss------bug_bounty-5
5 948
What is prototype pollution?: https://cyberw1ng.medium.com/what-is-prototype-pollution-76694f0db76a?source=rss------bug_bounty-5
5 948
Web App Sec RECON — Black Box Foundations and TTPs: https://medium.com/cyberpower-telenoia/web-app-sec-recon-black-box-foundations-and-ttps-4bf095b7c004?source=rss------bug_bounty-5
5 948
Unlocking the Future of Web Security with the #IBRAHIMXSS Tool: https://ibrahimxss.medium.com/unlocking-the-future-of-web-security-with-the-ibrahimxss-tool-a33843cdc259?source=rss------bug_bounty-5
5 948
A Place for Cybersecurity and Bug Bounty Content Creators to Shine: https://medium.com/@turvsec/a-place-for-cybersecurity-and-bug-bounty-content-creators-to-shine-fa0096ce2559?source=rss------bug_bounty-5
5 948
Mastering Bug Bounty: Tips and Strategies for Success: https://medium.com/@cyber_catz/mastering-bug-bounty-tips-and-strategies-for-success-df27b24f2009?source=rss------bug_bounty-5
5 948
5 948
How ChatGPT Turned Me into a Hacker: https://medium.com/@jonathanmondaut/how-chatgpt-turned-me-into-a-hacker-7469d5b43026?source=rss------bug_bounty-5
5 948
Bug Bounty Hunting — Complete Guide (Part-5): https://medium.com/@rafid19/bug-bounty-hunting-complete-guide-part-5-efb95db2210b?source=rss------bug_bounty-5
5 948
Bug Bounty Hunting — Complete Guide (Part -4): https://medium.com/@rafid19/bug-bounty-hunting-complete-guide-part-4-00e815fa8026?source=rss------bug_bounty-5
5 948
Subdomains Enumeration: Tools, Techniques, and Tips: https://medium.com/@Kaizen2977/subdomains-enumeration-tools-techniques-and-tips-4d43ea31dc0f?source=rss------bug_bounty-5
5 948
Bug Bounty Tip
XSS WAF Bypass by multi-char HTML entities
fj translates to fj
>⃒ translates to > + [?]
<⃒ translates to < + [?]
[?] - Unicode symbol
Cheers!
5 948
- (function(x){this[x+`ert`](1)})`al`
- window[`al`+/e/[`ex`+`ec`]`e`+`rt`](2)
- document['default'+'View'][`\u0061lert`](3)
#XSS
5 948
60 BugBounty Dorks
inurl:responsible-disclosure-policy
inurl:/security ext:txt "contact"
0. inurl: responsible disclosure $1,000
1. site:.example.com inurl:security filetype:pdf
2. site:example.com intext:security intitle:report
3. intext:”bug bounty” site:example.com ext:doc
4. intitle:”bug bounty” site:example.com inurl:docs
5. site:example.com intext:”security policy”
6. site:example.com inurl:bug bounty ext:csv
7. site:example.com intext:disclosure inurl:policy
8. site:example.com intext:reward program intitle:”vulnerability”
9. site:example.com inurl:security intext:”reward” ext:xml
10. site:example.com intitle:”responsible disclosure” intext:reward -site:hackerone -site:bugcrowd
11. intext:”bug bounty” site:example.com inurl:archives
12. site:example.com intext:security ext:log
13. site:example.com inurl:disclosure ext:php
14. site:example.com intitle:”white hat program”
15. site:example.com inurl:security ext:json
16. site:example.com intext:”vulnerability report” intitle:”submit”
17. intext:”bug bounty” site:example.com intitle:”report”
18. site:example.com inurl:vulnerability intext:program filetype:json
19. site:example.com intext:responsible disclosure intitle:acknowledgement
20. site:example.com intext:”security concern” ext:html -inurl:blog
21. site:example.com inurl:bug inurl:bounty
22. site:example.com inurl:security intext:bounty
23. site:example.com inurl:security ext:txt
24. site:example.com inurl:responsible-disclosure
25. site:example.com inurl:/.well-known/security
26. site:example.com intext:bug bounty program
27. site:example.com intext:responsible disclosure program
28. site:example.com intext:vulnerability disclosure program
29. site:example.com intext:security rewards
30. site:example.com intext:bug bounty payout
31. site:example.com inurl:security ext:txt -inurl:hackerone -inurl:bugcrowd -inurl:synack
32. site:example.com inurl:responsible-disclosure -inurl:hackerone -inurl:bugcrowd -inurl:synack
33. site:example.com intext:bug bounty -inurl:hackerone -inurl:bugcrowd -inurl:synack
34. inurl:/security
35. inurl:/responsible-disclosure/ swag
36. inurl:’/responsible disclosure’ hoodie
37. responsible disclosure hall of fame
38. inurl:responsible disclosure $50
39. responsible disclosure europe
40. responsible disclosure white hat
41. white hat program
42. responsible disclosure r=h:nl
43. responsible disclosure r=h:uk
44. responsible disclosure r=h:eu
45. responsible disclosure bounty r=h:nl
46. responsible disclosure bounty r=h:uk
47. responsible disclosure bounty r=h:eu
48. responsible disclosure swag r=h:nl
49. responsible disclosure swag r=h:uk
50. responsible disclosure swag r=h:eu
51. responsible disclosure reward r=h:nl
52. responsible disclosure reward r=h:uk
53. responsible disclosure reward r=h:eu
54. “powered by bugcrowd” -site:bugcrowd.com
55. “submit vulnerability report”
56. “submit vulnerability report” | “powered by bugcrowd” | “powered by hackerone”
57. intext:”we take security very seriously”
58. site:responsibledisclosure.com
59. inurl:’vulnerability-disclosure-policy’ reward
60. site:..nl intext: security report reward
5 948
95% from hunters remove pics from endpoint, but...
1. Gathering all target endpoints
2. Filter the results just for pic extensions
cat endpoints.txt | egrep 'jpg|jpeg|png' > results.txt
3. Filter to live
httpx -l results.txt -mc 200 -o alive.txt
4. Found a passport on specific endpoint => app.com/xxxx/cdn/file/xxx.jpg
5. Visit app.com/xxxx/cdn/ ==> dir listing open and the results is tons of PII
💡Don't forget checking (jpg/jpeg/etc..) all the time
by @GodfatherOrwa
#bugbountytips5 948
Mass hunting exposed git with hednsextractor:
Tools: hednsextractor + httpx + DotGit Plugin
hednsextractor -target "target" -silent | httpx -path /.git/config -mc 200 -silent
#bugbountytips
Вже доступно! Дослідження Telegram за 2025 — головні інсайти року 
