14334
🔻 Welcome to HideClub! 🐞 Bug Bounty tools & tips 💉 Vulnerability exploits 💻 Web App Security 🔐 Hunting insights & Write-up analysis
🔖How could you get hacked at a coffee shop?
Imagine that you’ve come to your favourite coffee shop along with your laptop. You grab a Latte and switch on your laptop. You see that FREE OPEN WIFI and instantly connect to it and do your regular browsing — logging in onto websites or doing your banking transactions.What if i tell you, that there is a sneaky hacker hiding on the same network? Read the writeup to know how a hacker can spy on all your activities.
✅ Cyber Security Sharks channels are one of the most updated channels in the field of cybersecurity and publish everything related to the field. ⭐️News ⭐️Events ⭐️ Jobs, training, advice, and resources to start in the field and specialize in it as well, etc. etc. 🌐 Channel links
/channel/CyberSecurityforall24 /channel/cybersecurityforall77
🔖Secure Coding Learning Resources
Secure coding is critical for building resilient software and protecting systems against vulnerabilities. Here’s a list of top resources for mastering secure coding and secure code reviews to aid your journey.
⬇️Secure Coding Learning References
🟣 Introduction to secure coding
🟣 Secure code review
🟣 OWASP Code Review Guide v2
🟣 Secure coding practice guidelines
🟣 Secure coding from Cybrary
🟣 Common API Security pitfalls
🟣 Micro-services, let’s secure them
🟣 OAuth, OpenID connect for microservices
🟣 OAth and OpenID connect in plain English
🟣 OAuth2.0, overview
🟣 Nut & Bolts of API Security
🟣 Web Security Fundamentals course from edx
🟣 SSL and HTTPS from MIT
🟣 GitLab security secure coding page
🟣 Secure Coding Guide by Apple
🟣 Secure by design principles by UK Government, Security
🟠 Hidden in Plain Site: Disclosing Information via Your APIs
🟠 Targeting for Bug Bounty Research
⏺ Node.js security checklist
⏺ Application Threat Modeling
🟢 Secure Coding Principles
🟢 JavaScript Secure Coding
🟢 Secure Coding with Python
🟢 From Secure Coding to Secure Software
🟢 CERT Secure Coding Standards
📱 Writeup-Miner is live again on this channel: @Daily_Writeups.
Special thanks to "The Hacker's Choice" team for providing a server to run my script.🤝 You can also use their servers for cybersecurity and related activities.
THC Website: https://www.thc.org/
THC Group: @thcorg
🔖Penetration Testing Tools – The basics
⬇️Open Source Intelligence Gathering Tools
🔴Whois
🔴Nslookup
🔴FOCA
🔴Maltego
🔴TheHarvester
🔴Shodan
🔴Recon-ng
🔴Nmap
🔴Nikto
🔴OpenVAS
🔴SQLMap
🔴Nessus
🔴John
🔴Hashcat
🔴Medusa
🔴THC-Hydra
🔴CeWL
🔴Cain and Abel
🔴Mimikatz
🔴Patator
🔴Dirbuster
🔴W3AF
🔴OLLYDBG
🔴Immunity debugger
🔴Gdb
🔴WinDBG
🔴IDA
🔴FindBugs
🔴FindSecBugs
🔴Peach
🔴AFL (American Fuzzy Lop)
🔴SonarQube
🔴YASCA
🔴Aircrack-ng
🔴Kismet
🔴WiFite
🔴WiFi-Pumpkin
🔴OWASP ZAP
🔴Burp Suite
🔴Caido
🔴Social Engineering Toolkit
🔴BeEF
🔴SSH
🔴Ncat
🔴Netcat
🔴Proxychains
🔴Wireshark
🔴Hping
🔴Drozer
🔴APKX
🔴APK Studio
🔴Powersploit
🔴Searchsploit
🔴Responder
🔴Impacket
🔴Empire (C2)
🔴Metasploit
🔖Nuclei Community Templates
Nuclei-Community-Templates is a collaborative repository dedicated to collecting and organizing the best Nuclei templates from the security research community.This repository is designed to be a one-stop hub for bug bounty hunters, penetration testers, and cybersecurity enthusiasts to access and contribute powerful Nuclei templates for vulnerability detection, fuzzing, and CVE-specific scans.
Today we don't have any posts, but tomorrow we have a super post! Unmute the channel to get alerted.🔔🔈
Читать полностью…
It was on my methodology and I didn't test it again. I'm sorry it's down....
However you can use Jldc:
curl -s "https://jldc.me/anubis/subdomains/target.com"Читать полностью…
🔖Sudomain Enumeration - Using api.recon.dev
curl -s -w "\n%{http_code}" https://api.recon.dev/search?domain=HOST | jg .[].domain
🔖Robots.txt File And Reconnaissance
⬇️What is a robots.txt file?
The robots.txt file is designed to restrict web crawlers from accessing certain parts of a website. However, it often inadvertently reveals sensitive directories that the site owner prefers to keep unindexed. This can lead to the disclosure of hidden paths, parameters, and files.
I’d like to introduce you to a tool called RoboFinder, which can be invaluable for security assessments. This tool allows you to locate historical robots.txt files. It's possible that the site you are investigating had numerous paths listed in its robots.txt file that were subsequently removed in later updates. Despite their removal, those paths, files, and parameters may still be accessible.
🔖Subdomain Enumeration - TLS, CSP, CNAME Probing using 📱 Cero
⬇️Installation
go install github.com/glebarez/cero@latest
#tls
cero in.search.yahoo.com | sed 's/^*.//' | grep -e "\." | sort -u
#cls
cat subdomains.txt | httpx -csp-probe -status-code -retries 2 -no-color | anew csp_probed.txt | cut -d ' ' -f1 | unfurl -u domains | anew -q csp_subdomains.txt
# cname
dnsx -retry 3 -cname -l subdomains.txt
🔖Sudomain Enumeration - PTR Records
You can use 📱 dnsx and 📱 mapcidr:
cat ip_anges.txt | mapcidr -silent | dnsx -ptr -resp-only -o ptr_recrds.txt
Has anyone purchased the Bug Bounty Reports Explained Premium?
Link : https://members.bugbountyexplained.com/premium/
DM if you want help community! not to make money :))
DM: @Luis_Garavito
Who's got the latest guide for android and a way to intercept traffic without the app knowing?
Читать полностью…
🔖IVRE - Network recon framework
Build your own, self-hosted and fully-controlled alternatives to #Shodan / #ZoomEye / #Censys and #GreyNoise, run your Passive #DNS service, build your taylor-made EASM tool, collect and analyze network intelligence from your sensors, and much more! Uses #Nmap, #Masscan, #Zeek, #p0f, #ProjectDiscovery tools, etc.
🎄⭐️ Merry Christmas to all the clever hackers!❄️🍭
🤞I hope your targets have lots of bugs, your tricks work easily, and the firewalls are weak!
🔒 T.me/Hide_Club
To hack a thing, first learn to build it.Читать полностью…
EASY BUG BOUNTY TIPS TO EARN EASY DOLLARS
UPLOADED : HERE
I have a surprise for you!🎩
(More details in the next post)
🟢First of all, no one should be using SSH passwords instead of keys.
⬇️Why the correct answer is "Yes, now stored in the logs"?
Because your password wasn't leaked during transit (due to SSH encryption), but /var/log/auth.log on the server side definitely has an entry leaking in plaintext!
2024-12-21T15:15:55.530694+01:00 lily sshd[229807]: Failed password for invalid user <username here> from 172.16.0.33 port 50654 ssh2
🔖Common TCP ports that you should scan first:
🔴21 - FTP
🔴22 - SSH
🔴23 - Telnet
🔴25 - SMTP
🔴53 - DNS
🔴80 - HTTP
🔴110 - POP3
🔴135 - RPC
🔴139 - NetBIOS
🔴143 - IMAP
🔴443 - HTTPS
🔴445 - SMB
🔴3306 - MySQL
🔴3389 - RDP
🔴5432 - PostgreSQL
🔴5900 - VNC
🔴6379 - Redis
🔴8080 - HTTP Proxy
🔴8443 - HTTPS Proxy
nmap -p21,22,23,25,53,80,110,135 ,139,143,443,445,3306,3389,5432,5900,6379,8080,8443 T4 --open -Pn
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-07
📱 Chapter-7 Routing: 🔗 Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
Where are your reactions?👀🩸
Читать полностью…
🔖Sudomain Enumeration - Synapsint Provider
curl --silent -X POST https://synapsint.com/report.php -d "name=https%3A%2F%2FHOST" | grep -oE "[a-zA-Z0-9._-]+\.HOST" | sort -u
🔖Sudomain Enumeration - Google Analytics
The 📱 AnalyticsRelationships tool is used to find subdomains associated with a target domain based on Google Analytics tracking codes.
⬇️Installation & Usage
## Installation
git clone https://github.com/Josue87/AnalyticsRelationships.git
cd AnalyticsRelationships/Python
sudo pip3 install -r requirements.txt
## Usage
python3 analyticsrelationships.py -u https://www.example.com
🔖Sudomain Enumeration - Favicon Search
This Python tool calculates the hash of a given image (a favicon file or url) and then performs a search on Shodan to find webapps that use the same favicon. This is very useful to find subdomains during the recon process.
git clone https://github.com/gwen001/favicon-hashtrick
cd favicon-hashtrick
pip3 install -r requirements.txt
$ python3 favicon-hashtrick.py -f <favicon_file>
$ python3 favicon-hashtrick.py -k xxxxxxxxxxxxxxxxxxxxx -v ip_str,hostnames -u <favicon_url>
Can you drop every useful resources about Hacking wordpress websites? 👇🏻
Читать полностью…
🔖Useful #Wordlists For Bug Bounty Hunters
⬇️Popular Repositories
📱 Assetnote
📱 Seclists
📱 Rockyou
📱 Dirb Wordlists
📱 Wfuzz Wordlists
📱 kkrypt0nn - wordlists
📱 gmelodie - awesome-wordlists
📱 xajkep - wordlists
📱 jeanphorn - wordlist
📱 Cewl - Extracts potential passwords from website text.
📱 CUPP - Common User Passwords Profiler.
📱 Crunch - Generates wordlists with defined character sets and lengths.
You can use tools like 📱 clean_wordlists to remove duplicates and noisy entries. You can also use tools like 📱 DyMerge to combine multiple lists dynamically.
🔖EC Council - Certified Network Defender v3 2024
⬇️Syllabus
🔴Network Attacks and Defense Strategies
🔴Administrative Network Security
🔴Technical Network Security
🔴Network Perimeter Security
🔴Endpoint Security-Windows Systems
🔴Endpoint Security-Linux Systems
🔴Endpoint Security- Mobile Devices
🔴Endpoint Security-IoT Devices
🔴Administrative Application Security
🔴Data Security
🔴Enterprise Virtual Network Security
🔴Enterprise Cloud Network Security
🔴Enterprise Wireless Network Security
🔴Network Traffic Monitoring and Analysis
🔴Network Logs Monitoring and Analysis
🔴Incident Response and Forensic Investigation
🔴Business Continuity and Disaster Recovery
🔴Risk Anticipation with Risk Management
🔴Threat Assessment with Attack Surface Analysis
🔴Threat Prediction with Cyber Threat Intelligence
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-06
📱 Chapter 6 - Ethernet Basics: 🔗 Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸