hide_club | Unsorted

Telegram-канал hide_club - Bug Bounty Tools & Writeups | Hide Club

14334

🔻 Welcome to HideClub! 🐞 Bug Bounty tools & tips 💉 Vulnerability exploits 💻 Web App Security 🔐 Hunting insights & Write-up analysis

Subscribe to a channel

Bug Bounty Tools & Writeups | Hide Club

🔖How could you get hacked at a coffee shop?

Imagine that you’ve come to your favourite coffee shop along with your laptop. You grab a Latte and switch on your laptop. You see that FREE OPEN WIFI and instantly connect to it and do your regular browsing — logging in onto websites or doing your banking transactions.What if i tell you, that there is a sneaky hacker hiding on the same network? Read the writeup to know how a hacker can spy on all your activities.


🖥 Write-Up: 🔗 Link

#InfoSec #CyberSecurity #Hacking #ARP #Spoofing
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

✅ Cyber ​​Security Sharks channels are one of the most updated channels in the field of cybersecurity and publish everything related to the field. ⭐️News ⭐️Events ⭐️ Jobs, training, advice, and resources to start in the field and specialize in it as well, etc. etc. 🌐 Channel links

/channel/CyberSecurityforall24 /channel/cybersecurityforall77

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Secure Coding Learning Resources

Secure coding is critical for building resilient software and protecting systems against vulnerabilities. Here’s a list of top resources for mastering secure coding and secure code reviews to aid your journey.

⬇️Secure Coding Learning References

🟣 Introduction to secure coding
🟣 Secure code review
🟣 OWASP Code Review Guide v2
🟣 Secure coding practice guidelines
🟣 Secure coding from Cybrary
🟣 Common API Security pitfalls
🟣 Micro-services, let’s secure them
🟣 OAuth, OpenID connect for microservices
🟣 OAth and OpenID connect in plain English
🟣 OAuth2.0, overview
🟣 Nut & Bolts of API Security
🟣 Web Security Fundamentals course from edx
🟣 SSL and HTTPS from MIT
🟣 GitLab security secure coding page
🟣 Secure Coding Guide by Apple
🟣 Secure by design principles by UK Government, Security


⬇️Bugcrowd YouTube videos for API security
🟠 Hidden in Plain Site: Disclosing Information via Your APIs
🟠 Targeting for Bug Bounty Research


⬇️Security Checklist
Node.js security checklist
Application Threat Modeling


⬇️Secure Coding PDFs
🟢 Secure Coding Principles
🟢 JavaScript Secure Coding
🟢 Secure Coding with Python
🟢 From Secure Coding to Secure Software
🟢 CERT Secure Coding Standards


#InfoSec #CyberSecurity #Hacking #Pentest #SecureCoding
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

📱 Writeup-Miner is live again on this channel: @Daily_Writeups.
Special thanks to "The Hacker's Choice" team for providing a server to run my script.🤝 You can also use their servers for cybersecurity and related activities.

THC Website: https://www.thc.org/
THC Group: @thcorg

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Penetration Testing Tools – The basics

⬇️Open Source Intelligence Gathering Tools

🔴Whois
🔴Nslookup
🔴FOCA
🔴Maltego
🔴TheHarvester
🔴Shodan
🔴Recon-ng


⬇️Network and Vulnerability Scanning Tools
🔴Nmap
🔴Nikto
🔴OpenVAS
🔴SQLMap
🔴Nessus


⬇️Credential Testing Tools
🔴John
🔴Hashcat
🔴Medusa
🔴THC-Hydra
🔴CeWL
🔴Cain and Abel
🔴Mimikatz
🔴Patator
🔴Dirbuster
🔴W3AF


⬇️Debugging Tools
🔴OLLYDBG
🔴Immunity debugger
🔴Gdb
🔴WinDBG
🔴IDA


⬇️Software Assurance Tools
🔴FindBugs
🔴FindSecBugs
🔴Peach
🔴AFL (American Fuzzy Lop)
🔴SonarQube
🔴YASCA


⬇️Wireless Testing
🔴Aircrack-ng
🔴Kismet
🔴WiFite
🔴WiFi-Pumpkin


⬇️Web Proxy Tools
🔴OWASP ZAP
🔴Burp Suite
🔴Caido


⬇️Social Engineering Tools
🔴Social Engineering Toolkit
🔴BeEF


⬇️Remote Access Tools
🔴SSH
🔴Ncat
🔴Netcat
🔴Proxychains


⬇️Network Tools
🔴Wireshark
🔴Hping


⬇️Mobile Tools
🔴Drozer
🔴APKX
🔴APK Studio


⬇️Misc Tools
🔴Powersploit
🔴Searchsploit
🔴Responder
🔴Impacket
🔴Empire (C2)
🔴Metasploit


#InfoSec #CyberSecurity #Hacking #Pentest
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Nuclei Community Templates

Nuclei-Community-Templates is a collaborative repository dedicated to collecting and organizing the best Nuclei templates from the security research community.This repository is designed to be a one-stop hub for bug bounty hunters, penetration testers, and cybersecurity enthusiasts to access and contribute powerful Nuclei templates for vulnerability detection, fuzzing, and CVE-specific scans.


Guys, share your #Nuclei template repositories on nuclei-community-templates! Just submit a PR to get your repo added⤵️

📱 GitHub: 🔗Link

#InfoSec #CyberSecurity #Hacking #bugbounty #bugbountyTools #bugbountytips
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

Today we don't have any posts, but tomorrow we have a super post! Unmute the channel to get alerted.🔔🔈

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

It was on my methodology and I didn't test it again. I'm sorry it's down....

However you can use Jldc:

curl -s "https://jldc.me/anubis/subdomains/target.com"

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Sudomain Enumeration - Using api.recon.dev

curl -s -w "\n%{http_code}" https://api.recon.dev/search?domain=HOST | jg .[].domain


#InfoSec #CyberSecurity #Hacking #bugbounty #bugbountyTools #bugbountytips
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Robots.txt File And Reconnaissance

⬇️What is a robots.txt file?

The robots.txt file is designed to restrict web crawlers from accessing certain parts of a website. However, it often inadvertently reveals sensitive directories that the site owner prefers to keep unindexed. This can lead to the disclosure of hidden paths, parameters, and files.


⬇️How can I access the old robots.txt files data?
I’d like to introduce you to a tool called RoboFinder, which can be invaluable for security assessments. This tool allows you to locate historical robots.txt files. It's possible that the site you are investigating had numerous paths listed in its robots.txt file that were subsequently removed in later updates. Despite their removal, those paths, files, and parameters may still be accessible.


🔗Robofinder on 📱 Github

#InfoSec #CyberSecurity #Hacking #bugbounty #bugbountyTools #bugbountytips #Recon
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Subdomain Enumeration - TLS, CSP, CNAME Probing using 📱 Cero

⬇️Installation

go install github.com/glebarez/cero@latest


⬇️Usage
#tls
cero in.search.yahoo.com | sed 's/^*.//' | grep -e "\." | sort -u

#cls
cat subdomains.txt | httpx -csp-probe -status-code -retries 2 -no-color | anew csp_probed.txt | cut -d ' ' -f1 | unfurl -u domains | anew -q csp_subdomains.txt

# cname
dnsx -retry 3 -cname -l subdomains.txt

#infosec #cybersecurity #bugbounty #pentest #bugbountyTips #bugbountyTools
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Sudomain Enumeration - PTR Records

You can use 📱 dnsx and 📱 mapcidr:

cat ip_anges.txt | mapcidr -silent | dnsx -ptr -resp-only -o ptr_recrds.txt


⬇️What is reverse DNS lookup?
🔗Click Here

#InfoSec #CyberSecurity #Hacking #bugbounty #DNS #bugbountyTools #bugbountytips
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

Has anyone purchased the Bug Bounty Reports Explained Premium?
Link : https://members.bugbountyexplained.com/premium/

DM if you want help community! not to make money :))
DM: @Luis_Garavito

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

Who's got the latest guide for android and a way to intercept traffic without the app knowing?

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖IVRE - Network recon framework

Build your own, self-hosted and fully-controlled alternatives to #Shodan / #ZoomEye / #Censys and #GreyNoise, run your Passive #DNS service, build your taylor-made EASM tool, collect and analyze network intelligence from your sensors, and much more! Uses #Nmap, #Masscan, #Zeek, #p0f, #ProjectDiscovery tools, etc.


📱Github: 🔗Link

#infosec #cybersecurity #bugbounty #Scripting #Recon #bugbountyTools #Automation
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🎄⭐️ Merry Christmas to all the clever hackers!❄️🍭

🤞I hope your targets have lots of bugs, your tricks work easily, and the firewalls are weak!

🔒 T.me/Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

To hack a thing, first learn to build it.

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

EASY BUG BOUNTY TIPS TO EARN EASY DOLLARS

UPLOADED : HERE

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

I have a surprise for you!🎩
(More details in the next post)

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🟢First of all, no one should be using SSH passwords instead of keys.

⬇️Why the correct answer is "Yes, now stored in the logs"?

Because your password wasn't leaked during transit (due to SSH encryption), but /var/log/auth.log on the server side definitely has an entry leaking in plaintext!


⬇️You can see the example logs of the remote server which located at /var/log/auth.log:
2024-12-21T15:15:55.530694+01:00 lily sshd[229807]: Failed password for invalid user <username here> from 172.16.0.33 port 50654 ssh2


#infosec #cybersecurity #SSH
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Common TCP ports that you should scan first:

🔴21 - FTP
🔴22 - SSH
🔴23 - Telnet
🔴25 - SMTP
🔴53 - DNS
🔴80 - HTTP
🔴110 - POP3
🔴135 - RPC
🔴139 - NetBIOS
🔴143 - IMAP
🔴443 - HTTPS
🔴445 - SMB
🔴3306 - MySQL
🔴3389 - RDP
🔴5432 - PostgreSQL
🔴5900 - VNC
🔴6379 - Redis
🔴8080 - HTTP Proxy
🔴8443 - HTTPS Proxy


#Nmap Command:
nmap -p21,22,23,25,53,80,110,135 ,139,143,443,445,3306,3389,5432,5900,6379,8080,8443 T4 --open -Pn

#InfoSec #CyberSecurity #Hacking #bugbounty #bugbountyTools #bugbountytips
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-07

📱 Chapter-7 Routing: 🔗 Link

🔗 Previous Chapter

💡Stay tuned for the next chapter—I’ll post it next Friday!

#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

Where are your reactions?👀🩸

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Sudomain Enumeration - Synapsint Provider

curl --silent -X POST https://synapsint.com/report.php -d "name=https%3A%2F%2FHOST" | grep -oE "[a-zA-Z0-9._-]+\.HOST" | sort -u 


#InfoSec #CyberSecurity #Hacking #bugbounty #bugbountyTools #bugbountytips
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Sudomain Enumeration - Google Analytics

The 📱 AnalyticsRelationships tool is used to find subdomains associated with a target domain based on Google Analytics tracking codes.

⬇️Installation & Usage

## Installation
git clone https://github.com/Josue87/AnalyticsRelationships.git
cd AnalyticsRelationships/Python
sudo pip3 install -r requirements.txt

## Usage
python3 analyticsrelationships.py -u https://www.example.com


#InfoSec #CyberSecurity #Hacking #bugbounty #bugbountyTools #bugbountytips
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Sudomain Enumeration - Favicon Search

This Python tool calculates the hash of a given image (a favicon file or url) and then performs a search on Shodan to find webapps that use the same favicon. This is very useful to find subdomains during the recon process.


🧐Install
git clone https://github.com/gwen001/favicon-hashtrick
cd favicon-hashtrick
pip3 install -r requirements.txt


🧑‍💻Usage
$ python3 favicon-hashtrick.py -f <favicon_file>
$ python3 favicon-hashtrick.py -k xxxxxxxxxxxxxxxxxxxxx -v ip_str,hostnames -u <favicon_url>


📱 Github: 🔗Link

#infosec #cybersecurity #bugbounty #pentest #bugbountyTips #bugbountyTools
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

Can you drop every useful resources about Hacking wordpress websites? 👇🏻

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖Useful #Wordlists For Bug Bounty Hunters

⬇️Popular Repositories

📱 Assetnote
📱 Seclists
📱 Rockyou
📱 Dirb Wordlists
📱 Wfuzz Wordlists
📱 kkrypt0nn - wordlists
📱 gmelodie - awesome-wordlists
📱 xajkep - wordlists
📱 jeanphorn - wordlist


⬇️How to Create your own wordlists?
📱 Cewl - Extracts potential passwords from website text.
📱 CUPP - Common User Passwords Profiler.
📱 Crunch - Generates wordlists with defined character sets and lengths.


⬇️Cleaning and Merging Wordlists
You can use tools like 📱 clean_wordlists to remove duplicates and noisy entries. You can also use tools like 📱 DyMerge to combine multiple lists dynamically.


#InfoSec #CyberSecurity #Hacking #Course #Fuzzing #Ffuf #Fuzz #Pentesting #Pentest #BugBounty #bugbountyTools #bugbountyTips
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🔖EC Council - Certified Network Defender v3 2024

⬇️Syllabus

🔴Network Attacks and Defense Strategies
🔴Administrative Network Security
🔴Technical Network Security
🔴Network Perimeter Security
🔴Endpoint Security-Windows Systems
🔴Endpoint Security-Linux Systems
🔴Endpoint Security- Mobile Devices
🔴Endpoint Security-IoT Devices
🔴Administrative Application Security
🔴Data Security
🔴Enterprise Virtual Network Security
🔴Enterprise Cloud Network Security
🔴Enterprise Wireless Network Security
🔴Network Traffic Monitoring and Analysis
🔴Network Logs Monitoring and Analysis
🔴Incident Response and Forensic Investigation
🔴Business Continuity and Disaster Recovery
🔴Risk Anticipation with Risk Management
🔴Threat Assessment with Attack Surface Analysis
🔴Threat Prediction with Cyber Threat Intelligence


🖥 Description: 🔗Link
📥 Download:    🔗Link

⚠️This banner will be deleted within 24 hours, but the files will still be accessible at @HideClubFiles.

#infosec #cybersecurity #Course
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Читать полностью…

Bug Bounty Tools & Writeups | Hide Club

🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-06

📱 Chapter 6 - Ethernet Basics: 🔗 Link

🔗 Previous Chapter

💡Stay tuned for the next chapter—I’ll post it next Friday!

#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸

Читать полностью…
Subscribe to a channel