2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
a simple dork that find every VDP in worl wide 😎
body="/responsible-disclosure" || body="/.well-known/security.txt") && port="443"
credit: http://x.com/darkshadow2bd
▶️Fresh BB Target - https://lormadetails.com/.well-known/security.txt
Читать полностью…
🔖Sorting subdomains into different files based on status code, server type, and vhosts.
cat domains.txt | httpx -server -vhost -sc > httpx-output.txt
awk '{gsub(/\x1b\[[0-9;]*m/, ""); status=$2; gsub(/[\[\]]/, "", status); server=$3; gsub(/[\[\]]/, "", server); safe_server=server; gsub(/[^a-zA-Z0-9_-]/, "_", safe_server); main_server=server; sub(/\/.*/, "", main_server); gsub(/[^a-zA-Z0-9_-]/, "_", main_server); vhost=$4; gsub(/[\[\]]/, "", vhost); if (server=="") print > "server-not-specified.txt"; else {print > (safe_server ".txt"); print > (main_server ".txt");} if (vhost=="vhost") print > "vhost.txt";}' httpx-output.txt
🔐 Breaking APIs: An Offensive API Pentesting Course
🎓 Course Content:
1. 🚀 Introduction
2. 📚 What is API Pentesting?
3. 🧪 Lab Setup
4. 🛠 Tools Setup
5. 🔍 Active and Passive Recon
6. 🔑 API Endpoint Analysis
7. ⚔️ BOLA
8. 🔓 Broken Authentication
9. 🛡 BFLA
10. 🕵️ SSRF
11. 📊 Excessive Data Exposure
12. 📈 Lack of Resource and Rate Limiting
13. 📦 Mass Assignment
14. 💉 Injection Attacks
15. 🏗 Improper Asset Management
16. 🔧 Security Misconfigurations
17. 📝 Insufficient Logging and Monitoring
18. 🎁 Bonus Lecture
✅ Why Enroll?
- ⏰ 5+ hours of in-depth content, including labs.
- 🔬 Hands-on exercises to reinforce key concepts and techniques.
- 📝 Quizzes and tasks to ensure you master API pentesting skills.
🔗 Link :- https://www.udemy.com/course/breaking-apis-an-offensive-api-pentesting-course/?referralCode=F7408590E13C6D21428B
💵 30-day money-back guarantee!
🧑🎓Keep Learning and Exploring
https://gowsundar.gitbook.io/book-of-bugbounty-tips
Читать полностью…
Burp Suite Professional v2024.5 + BurpBounty_Pro 2.8.0 + JDK 22
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java SE JDK 22
A simple Python script to scan multiple targets for SQL Injection via HTTP headers like User-Agent, X-Forwarded-For, and X-Client-IP.
https://github.com/ifconfig-me/SQLi-Scanner
👻New BB Target - https://www.brilliantdirectories.com/security-bounty
Читать полностью…
Anyone looking for a internship in USA try this..
Читать полностью…
https://ishaqmohammed.me/posts/application-security-knowledgebase/
Читать полностью…
LazyHunter Tool - Automated Bug Hunting Recon Tool.
Link: https://github.com/iamunixtz/Lazy-Hunter
🚨 CVE-2025-1094: PostgreSQL psql SQL injection
🔥PoC:https://github.com/rapid7/metasploit-framework/pull/19877
🧐Deep Dive :https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
👇Dorks:
HUNTER : protocol="postgresql"
FOFA : product="PostgreSQL"
SHODAN : "port:5432 PostgreSQL"
📰Refer:https://thecyberthrone.in/2025/02/15/cve-2025-1094-impacts-postgresql-with-sql-injection/
⚡️One Million Dorks - A repository with text files containing a million dorks for finding potentially vulnerable web pages and sensitive data (in Google and other search engines). Can be used with various automation tools.
🎯https://github.com/HackShiv/OneDorkForAll/tree/main/dorks/1M_dork
#bugbounty #cybersecurity
https://soltanali0.medium.com/bypassing-origin-checks-using-trailing-dot-trick-a65007041d3a
http://GitBook_s.t.me
↳ Nuclei template to find outdated software:
id: outdated-software-detectioninfo:
name: Outdated Software Detection
author: pentester_x
severity: low
description: |
Detects outdated software versions by extracting version information from headers, scripts, and stylesheets.reference:
- https://nvd.nist.gov/vuln/search
- https://www.cvedetails.com
- https://www.exploit-db.com
- https://cve.mitre.orgtags: outdated,software,vulnerable,version,cverequests:
- method: GET
path:
- "{{BaseURL}}" - "{{BaseURL}}/version" - "{{BaseURL}}/status" - "{{BaseURL}}/server-info" - "{{BaseURL}}/api/version" - "{{BaseURL}}/v1/info" - "{{BaseURL}}/robots.txt"matchers:- type: regex
part: header
regex:
- '(?i)(Server|X-Powered-By|Version):.*?(Apache|nginx|PHP|WordPress|Tomcat|MySQL)/(\d+\.\d+\.\d+)'
- '(?i)(\b\d+\.\d+\.\d+\b)'extractors:
- type: regex
name: software_version
group: 3
part: header
regex:
- '(?i)(Server|X-Powered-By|Version):.*?(Apache|nginx|PHP|WordPress|Tomcat|MySQL)/(\d+\.\d+\.\d+)'
- type: regex
name: software_version
regex:
- '(?i)v?(?:ersion)?[\s:]*(\d+\.\d+\.\d+)'- method: GET
path:
- "{{BaseURL}}/static/main.js" - "{{BaseURL}}/css/styles.css" - "{{BaseURL}}/app/build.js" - "{{BaseURL}}/assets/scripts.js"matchers:- type: regex
regex:
- '(?i)v?\d+\.\d+\.\d+'
- '@version\s+\d+\.\d+\.\d+'extractors:
- type: regex
name: software_version
regex:
- '(?i)v?(\d+\.\d+\.\d+)'
- '@version\s+(\d+\.\d+\.\d+)'
one of the best blog to use for bugbounty and make it more better with AI
if you guys liked it give me a reaction
https://blog.ethiack.com/blog/supercharging-bug-bounty-hunting-with-ai
🐲 Kali Linux Cheat Sheet.
➡Recon and Enumeration;
➡Python Local Web Server;
➡Mounting File Shares;
➡Basic FingerPrinting;
➡SNMP Enumeration;
➡DNS Zone Transfers;
➡DNSRecon;
➡HTTP / HTTPS Webserver Enumeration;
➡Packet Inspection;
➡Username Enumeration;
➡Passwords;
➡Brute Forcing Services;
➡Password Cracking;
➡Exploit Research;
➡Compiling Exploits;
➡SUID Binary;
➡TTY Shells;
➡Metasploit;
➡Networking;
➡IPv4;
➡ASCII Table Cheat Sheet;
➡Cisco IOS Commands.
➡️ https://github.com/NoorQureshi/kali-linux-cheatsheet
➡Linux Network Commands Cheat Sheet;
➡RedHat Linux Commands Cheat Sheet;
➡Linux Ubuntu Commands Cheat Sheet;
➡Oracle Linux Cheat Sheet;
➡Centos Cheat Sheet;
➡Arch Linux Cheat Sheet;
➡Basic Linux Commands Cheat Sheet;
➡Advanced Linux Commands Cheat Sheet;
➡Linux Commands Cheat Sheet for DevOps;
➡Kali Linux Commands Cheat Sheet;
➡Linux Network Commands Cheat Sheet;
➡Linux to Windows Commands Cheat Sheet.
●▬۩❁ @geeekgirl ❁۩▬●
🌀Download all bug bounty programs domains in scope items 🎯
😉Get a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more – all in one place!💥
👇🏼Step 1: Download the domains.txt file
📂step 2: Extract only main/root domains
`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`
📂Step 3: Extract all IP addresses:
`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`
Don't forget to give reactions❤️
Challenge: Identify 2 security risks and improve error handling.
Читать полностью…
Comolho.com is a great bug bounty platform, only if you want to hack on Indian websites.
- Low bounty
- Slow response
- Bad UI
- Indian programs
- Good for beginners
Here you can hunt for learning not for big bounties.
https://x.com/CtPrecious/status/1900288792356913315?s=35
Читать полностью…
// Extract all IPs from Shodan search resultsЧитать полностью…
var ipElements = document.querySelectorAll("strong");
var ips = [];
ipElements.forEach(function (e) {
ips.push(e.innerHTML.replace(/["']/g, ""));
});
var ipsString = ips.join("\n");
var a = document.createElement("a");
a.href = "data:text/plain;charset=utf-8," + encodeURIComponent(ipsString);
a.download = "ip.txt";
document.body.appendChild(a);
a.click();
A Huge Collection of Cybersecurity Tools and Resources!🛡️
🔗: https://inventory.raw.pm/resources.html
https://github.com/zapstiko/Hacking-PDF/blob/main/Bug%20Bounty%20Hunting%20Essentials.pdf
Читать полностью…
anyone looking for a job in freshers and experienced check this out
https://www.hcltech.com/careers/careers-in-india
🔖Find hidden Endpoints:
javascript:(async function(){let scanningDiv=document.createElement("div");scanningDiv.style.position="fixed",scanningDiv.style.bottom="0",scanningDiv.style.left="0",scanningDiv.style.width="100%",scanningDiv.style.maxHeight="50%",scanningDiv.style.overflowY="scroll",scanningDiv.style.backgroundColor="white",scanningDiv.style.color="black",scanningDiv.style.padding="10px",scanningDiv.style.zIndex="9999",scanningDiv.style.borderTop="2px solid black",scanningDiv.innerHTML="<h4>Scanning...</h4>",document.body.appendChild(scanningDiv);let e=[],t=new Set;async function n(e){try{const t=await fetch(e);return t.ok?await t.text():(console.error(`Failed to fetch ${e}: ${t.status}`),null)}catch(t){return console.error(`Error fetching ${e}:`,t),null}}function o(e){return(e.startsWith("/")||e.startsWith("./")||e.startsWith("../"))&&!e.includes(" ")&&!/[^\x20-\x7E]/.test(e)&&e.length>1&&e.length<200}function s(e){return[...e.matchAll(/['"]((?:\/|\.\.\/|\.\/)[^'"]+)['"]/g)].map(e=>e[1]).filter(o)}async function c(o){if(t.has(o))return;t.add(o),console.log(`Fetching and processing: ${o}`);const c=await n(o);if(c){const t=s(c);e.push(...t)}}const l=performance.getEntriesByType("resource").map(e=>e.name);console.log("Resources found:",l);for(const e of l)await c(e);const i=[...new Set(e)];console.log("Final list of unique paths:",i),console.log("All scanned resources:",Array.from(t)),scanningDiv.innerHTML=`<h4>Unique Paths Found:</h4><ul>${i.map(e=>`<li>${e}</li>`).join("")}</ul>`})();Читать полностью…
👻👻👻Nuclei AI Prompts for @pdnuclei
Nuclei v3.3.9 (@pdiscoveryio) has -ai option to generate and run nuclei templates on the fly in natural language.
This is a list of prompts for this option:
- sensitive data exposure
- SQLi
- XSS
- SSRF
https://github.com/reewardius/Nuclei-AI-Prompts