uk
Feedback
Bug bounty Tips

Bug bounty Tips

Відкрити в Telegram

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Показати більше
5 948
Підписники
+1324 години
+947 днів
+34930 день
Архів дописів
What is Hound? Hound is a tool that can remotely capture the exact GPS coordinates of a target device using a PHP server, and can also grab basic information about the system and ISP. This tool can be very helpful in information gathering. you can get following information of the target device Longitude Latitude Device Model Operating System Number of CPU Cores Screen Resolution User agent Public IP Address Browser Name ISP Information Features The tool offers a wide range of features and functionality, including: Capture Exact GPS Location Automated Data Collection User-friendly Interface This Tool Tested On : Kali Linux Windows(WSL) Termux MacOS Ubuntu Parrot Sec OS Installing and requirements This tool require PHP for webserver, wget & unzip for download and extract cloudflare. First run following command on your terminal apt-get -y install php unzip git wget Installing (Kali Linux/Termux): git clone https://github.com/techchipnet/hound cd hound bash hound.sh

Web Hacking Tip: - jhaddix When using ffuf change the user agent string as the default one "Fuzz Faster U Fool" is commonly b
Web Hacking Tip: - jhaddix When using ffuf change the user agent string as the default one "Fuzz Faster U Fool" is commonly blocked. -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"

photo content

Bug Bounty Tip XSS WAF Bypass by multi-char HTML entities fj translates to fj >⃒ translates to > + [?] <⃒ translates
Bug Bounty Tip XSS WAF Bypass by multi-char HTML entities fj translates to fj >⃒ translates to > + [?] <⃒ translates to < + [?] [?] - Unicode symbol Cheers!

- (function(x){this[x+`ert`](1)})`al` - window[`al`+/e/[`ex`+`ec`]`e`+`rt`](2) - document['default'+'View'][`\u0061lert`](3)
- (function(x){this[x+`ert`](1)})`al` - window[`al`+/e/[`ex`+`ec`]`e`+`rt`](2) - document['default'+'View'][`\u0061lert`](3) #XSS

60 BugBounty Dorks inurl:responsible-disclosure-policy inurl:/security ext:txt "contact" 0. inurl: responsible disclosure $1,000 1. site:.example.com inurl:security filetype:pdf 2. site:example.com intext:security intitle:report 3. intext:”bug bounty” site:example.com ext:doc 4. intitle:”bug bounty” site:example.com inurl:docs 5. site:example.com intext:”security policy” 6. site:example.com inurl:bug bounty ext:csv 7. site:example.com intext:disclosure inurl:policy 8. site:example.com intext:reward program intitle:”vulnerability” 9. site:example.com inurl:security intext:”reward” ext:xml 10. site:example.com intitle:”responsible disclosure” intext:reward -site:hackerone -site:bugcrowd 11. intext:”bug bounty” site:example.com inurl:archives 12. site:example.com intext:security ext:log 13. site:example.com inurl:disclosure ext:php 14. site:example.com intitle:”white hat program” 15. site:example.com inurl:security ext:json 16. site:example.com intext:”vulnerability report” intitle:”submit” 17. intext:”bug bounty” site:example.com intitle:”report” 18. site:example.com inurl:vulnerability intext:program filetype:json 19. site:example.com intext:responsible disclosure intitle:acknowledgement 20. site:example.com intext:”security concern” ext:html -inurl:blog 21. site:example.com inurl:bug inurl:bounty 22. site:example.com inurl:security intext:bounty 23. site:example.com inurl:security ext:txt 24. site:example.com inurl:responsible-disclosure 25. site:example.com inurl:/.well-known/security 26. site:example.com intext:bug bounty program 27. site:example.com intext:responsible disclosure program 28. site:example.com intext:vulnerability disclosure program 29. site:example.com intext:security rewards 30. site:example.com intext:bug bounty payout 31. site:example.com inurl:security ext:txt -inurl:hackerone -inurl:bugcrowd -inurl:synack 32. site:example.com inurl:responsible-disclosure -inurl:hackerone -inurl:bugcrowd -inurl:synack 33. site:example.com intext:bug bounty -inurl:hackerone -inurl:bugcrowd -inurl:synack 34. inurl:/security 35. inurl:/responsible-disclosure/ swag 36. inurl:’/responsible disclosure’ hoodie 37. responsible disclosure hall of fame 38. inurl:responsible disclosure $50 39. responsible disclosure europe 40. responsible disclosure white hat 41. white hat program 42. responsible disclosure r=h:nl 43. responsible disclosure r=h:uk 44. responsible disclosure r=h:eu 45. responsible disclosure bounty r=h:nl 46. responsible disclosure bounty r=h:uk 47. responsible disclosure bounty r=h:eu 48. responsible disclosure swag r=h:nl 49. responsible disclosure swag r=h:uk 50. responsible disclosure swag r=h:eu 51. responsible disclosure reward r=h:nl 52. responsible disclosure reward r=h:uk 53. responsible disclosure reward r=h:eu 54. “powered by bugcrowd” -site:bugcrowd.com 55. “submit vulnerability report” 56. “submit vulnerability report” | “powered by bugcrowd” | “powered by hackerone” 57. intext:”we take security very seriously” 58. site:responsibledisclosure.com 59. inurl:’vulnerability-disclosure-policy’ reward 60. site:..nl intext: security report reward

95% from hunters remove pics from endpoint, but... 1. Gathering all target endpoints 2. Filter the results just for pic exten
95% from hunters remove pics from endpoint, but... 1. Gathering all target endpoints 2. Filter the results just for pic extensions
cat endpoints.txt | egrep 'jpg|jpeg|png' > results.txt
3. Filter to live
httpx -l results.txt -mc 200 -o alive.txt
4. Found a passport on specific endpoint => app.com/xxxx/cdn/file/xxx.jpg 5. Visit app.com/xxxx/cdn/ ==> dir listing open and the results is tons of PII 💡Don't forget checking (jpg/jpeg/etc..) all the time by @GodfatherOrwa #bugbountytips

Mass hunting exposed git with hednsextractor: Tools: hednsextractor + httpx + DotGit Plugin hednsextractor -target "target" -
Mass hunting exposed git with hednsextractor: Tools: hednsextractor + httpx + DotGit Plugin
hednsextractor -target "target" -silent | httpx -path /.git/config -mc 200 -silent
#bugbountytips