2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Comolho.com is a great bug bounty platform, only if you want to hack on Indian websites.
- Low bounty
- Slow response
- Bad UI
- Indian programs
- Good for beginners
Here you can hunt for learning not for big bounties.
https://x.com/CtPrecious/status/1900288792356913315?s=35
Читать полностью…
// Extract all IPs from Shodan search resultsЧитать полностью…
var ipElements = document.querySelectorAll("strong");
var ips = [];
ipElements.forEach(function (e) {
ips.push(e.innerHTML.replace(/["']/g, ""));
});
var ipsString = ips.join("\n");
var a = document.createElement("a");
a.href = "data:text/plain;charset=utf-8," + encodeURIComponent(ipsString);
a.download = "ip.txt";
document.body.appendChild(a);
a.click();
A Huge Collection of Cybersecurity Tools and Resources!🛡️
🔗: https://inventory.raw.pm/resources.html
https://github.com/zapstiko/Hacking-PDF/blob/main/Bug%20Bounty%20Hunting%20Essentials.pdf
Читать полностью…
anyone looking for a job in freshers and experienced check this out
https://www.hcltech.com/careers/careers-in-india
🔖Find hidden Endpoints:
javascript:(async function(){let scanningDiv=document.createElement("div");scanningDiv.style.position="fixed",scanningDiv.style.bottom="0",scanningDiv.style.left="0",scanningDiv.style.width="100%",scanningDiv.style.maxHeight="50%",scanningDiv.style.overflowY="scroll",scanningDiv.style.backgroundColor="white",scanningDiv.style.color="black",scanningDiv.style.padding="10px",scanningDiv.style.zIndex="9999",scanningDiv.style.borderTop="2px solid black",scanningDiv.innerHTML="<h4>Scanning...</h4>",document.body.appendChild(scanningDiv);let e=[],t=new Set;async function n(e){try{const t=await fetch(e);return t.ok?await t.text():(console.error(`Failed to fetch ${e}: ${t.status}`),null)}catch(t){return console.error(`Error fetching ${e}:`,t),null}}function o(e){return(e.startsWith("/")||e.startsWith("./")||e.startsWith("../"))&&!e.includes(" ")&&!/[^\x20-\x7E]/.test(e)&&e.length>1&&e.length<200}function s(e){return[...e.matchAll(/['"]((?:\/|\.\.\/|\.\/)[^'"]+)['"]/g)].map(e=>e[1]).filter(o)}async function c(o){if(t.has(o))return;t.add(o),console.log(`Fetching and processing: ${o}`);const c=await n(o);if(c){const t=s(c);e.push(...t)}}const l=performance.getEntriesByType("resource").map(e=>e.name);console.log("Resources found:",l);for(const e of l)await c(e);const i=[...new Set(e)];console.log("Final list of unique paths:",i),console.log("All scanned resources:",Array.from(t)),scanningDiv.innerHTML=`<h4>Unique Paths Found:</h4><ul>${i.map(e=>`<li>${e}</li>`).join("")}</ul>`})();Читать полностью…
👻👻👻Nuclei AI Prompts for @pdnuclei
Nuclei v3.3.9 (@pdiscoveryio) has -ai option to generate and run nuclei templates on the fly in natural language.
This is a list of prompts for this option:
- sensitive data exposure
- SQLi
- XSS
- SSRF
https://github.com/reewardius/Nuclei-AI-Prompts
Want to learn more about Oauth bugs?
Here's a detailed writeup by @Doyensec on Oauth vulns like:
- Redirect Scheme Hijacking
- Scope Upgrade
- Client Confusion
- Mutable Claims
https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html
#bugbounty #bugbountytips
https://x.com/Cipher0ps_tech/status/1887034544542396703?t=VR5I9yvHBD4G3DNAdWLMaQ&s=35
Читать полностью…
https://x.com/Cipher0ps_tech/status/1886320139223568875?t=00pP2DNgH2df_JHwQmUnGg&s=35
Читать полностью…
https://x.com/Cipher0ps_tech/status/1884490778371842240
Читать полностью…
Extract all endpoints from a JS File and take your bug 🐞
✅Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
☄️IDOR Cheat Sheet
▶️https://jasper-join-7e5.notion.site/IDOR-Cheat-Sheet-9f7c9e3285bf4c7cae5ea38243cd0391
Anyone looking for a internship in USA try this..
Читать полностью…
https://ishaqmohammed.me/posts/application-security-knowledgebase/
Читать полностью…
LazyHunter Tool - Automated Bug Hunting Recon Tool.
Link: https://github.com/iamunixtz/Lazy-Hunter
🚨 CVE-2025-1094: PostgreSQL psql SQL injection
🔥PoC:https://github.com/rapid7/metasploit-framework/pull/19877
🧐Deep Dive :https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
👇Dorks:
HUNTER : protocol="postgresql"
FOFA : product="PostgreSQL"
SHODAN : "port:5432 PostgreSQL"
📰Refer:https://thecyberthrone.in/2025/02/15/cve-2025-1094-impacts-postgresql-with-sql-injection/
⚡️One Million Dorks - A repository with text files containing a million dorks for finding potentially vulnerable web pages and sensitive data (in Google and other search engines). Can be used with various automation tools.
🎯https://github.com/HackShiv/OneDorkForAll/tree/main/dorks/1M_dork
#bugbounty #cybersecurity
🚀Preparing for a Linux interview? Don't go in unprepared!
If you're looking for real-world, scenario-based Linux interview questions, this document is a goldmine. With 250 practical questions and answers, it covers everything from:
✔ Troubleshooting commands
File & process management
Networking & security configurations
System performance monitoringl
Scripting and automation
Whether you're an aspiring Linux admin, DevOps engineer, or security specialist, this resource will boost your confidence and sharpen your skills before your next interview.
Download the document below and start practicing!
#Linux #DevOps #SysAdmin #InterviewPreparation #TechCareers #LinuxCommands #ITJobs
⚡️Exclusive Collection of Private Nuclei Templates
1. Akokonunes
2. Emadshanab
3. BoobooHQ
4. SirBugs
5. Linuxadi
6. 0xKayala
7. Bhataasim1
8. H0tak88r
🔥 CRTO Aspirants & Red Teamers – Must-Check Resource!
⚡If you're preparing for the Certified Red Team Operator (CRTO) or want to refine your red teaming skills, this GitHub repo is a goldmine.
https://github.com/h3ll0clar1c3/CRTO
https://x.com/Cipher0ps_tech/status/1886089478747652176?t=C06iwoofXZRrmEYaDdZEMQ&s=19
Читать полностью…
🔖Essential Browser Extensions for Bug Bounty Hunters
⬇️FireFox
🔍 Link Gopher
🔍 Adblock Plus
🔍 FoxyProxy Standard
🔍 Video Speed Controller
🔍 Check XSS
🔍 HackTools
🔍 Bulk URL Opener
🔍 Temp Mail
🔍 JS Beautify CSS HTML
🔍 Multi-Account Containers
🌐
TruffleHog
🌐
Code Formatter
🌐
Freedium Extension
🌐
BuiltWith
🌐
Wappalyzer
🌐
WhatRuns
🌐
Retire.js
🌐
Cookie Extractor
🌐
Wayback Machine
🌐
EXIF Data Viwer
🌐
Shodan
🌐
S3 Bucket List
🌐
Ublock Origin
🌐
Resources Saver
🌐
Dot Git
🌐
EndPointerЧитать полностью…
https://x.com/Cipher0ps_tech/status/1884132830747464168?t=dgFCLHP8SamEbKHR_UOyOw&s=35
Читать полностью…
🖱Private Anonymous site For Residential Proxy 🖱
Link:- https://legionproxy.io/l/telegram
It offers
residential proxy,unlimited residential,datacenter proxies, ipv6 proxies and even static proxies at affordable rate you can use it in cashout, cracking,dumping and more
it's one of the best proxy service provider out there in whole market guyz even top pro spammer and cracker use it as it implement world class security for it proxies so you can use it without getting tracked
Posted by @BugSpy