1728
ᴍᴏʀᴇ ʏᴏᴜ sᴇᴀʀᴄʜ ᴍᴏʀᴇ ʏᴏᴜ ᴋɴᴏᴡ instagram.com/technical_devang Founder 🌐 protoncybersec.in ¯\_(ツ)_/¯ @Technicaldevang_bot
Top 9 HACKING eBooks 📚
Books
Hacking Web Applications - Hacking Exposed 🕯
https://mega.nz/file/LCYWWRYI#QQ8O9k6lp7vmYWzrbxbs8ItSVbYpSluYfktCxWURZGs
Hacking for Dummies 🤑
https://mega.nz/file/iKQ2jZSQ#ur1W05ChW7_ipTYtEK6QKpIlyoqLyS82RGsEUEzFQDQ
Network Security Bible 💻
https://mega.nz/file/mLAUEbDQ#PXzqsNN2PPc-PUVyAwbfknTHEA-QBvjwvpjjQgZnYMo
Ethical Hacking and Countermeasures 🛡️
https://mega.nz/file/2fAyRb4C#tpFivx91Ips2rR3UnVdtlgvx1oOmi-qEtCu29DlO9uQ
The Little Black Book of Computer Viruses 🧙
https://mega.nz/file/SDICALSJ#3r2oy2AsGXR3P7f8K7xvL2kEVjR6ccze83cAmz9VIBc
XSS Attacks - Cross Site Scripting Exploits and Defense 💼
https://mega.nz/file/3XJCyD5C#qAda14pWUjd5u4wjOYmzCI52UMa1rUFulh7V0kBGZk8
The Shellcoder's Handbook 🏥
https://mega.nz/file/3OZgwT6Z#8yNyiuSHVQ3gOib4rKJYtwsCwSfqAfoFj2lQtwUyI8o
Wireshark for Security Professionals 💻
https://mega.nz/file/7TRUCZCZ#ZPFmeFnccvR4ltf_2lwTdi8PqHIArRx_bkqRP9wwq4k
CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices.
PoC: https://github.com/win3zz/CVE-2025-5777
RCE through Path Traversal
https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/:
1. Security engineer by day While testing a web application as part of a bug bounty program, I uncovered a critical RCE vulnerability by chaining directory traversal with a subtle CSV parsing abuse.
2. The exploit chain involved a combination of directory traversal and subtle abuse of how the application used the pandas CSV parser, ultimately allowing me to overwrite the wsgi.py file and execute arbitrary code server-side.
3. The traceback included a path like: This nested layout is exactly what you get when a Django app is created using django-admin startproject backend — where the outer backend/ is the project root and the inner one holds settings, wsgi.py, and other core files.
reel Insta Likes and Followers
https://www.mixx.com/free-instagram-followers
https://www.easygetinnta.com/
https://poprey.com/free-ig-followers
https://instamoda.org/
https://www.idigic.net/trial/
https://skweezer.net/free-instagram-followers
https://megafamous.com/free-instagram-followers
https://boostgrams.com/free-instagram-followers/
https://twicsy.com/free-instagram-followers
https://ca.mrpopular.net/get-free-instag...lowers.php
https://www.socialplug.io/free-services/...-followers
https://www.qqtube.com/free-instagram-followers
https://expressfollowers.com/free-instagram-followers/
https://instume.com/free-instagram-followers/
https://www.followeryab.com/en/free
https://www.getinsfollowers.com/
https://gwaa.net/free-instagram-followers
https://www.getafollower.com/free-instag...lowers.php
https://www.like4like.org/free-instagram...-followers
https://instantviews.net/freefollowers-cpa/
https://www.famety.com/get-free-instagram-followers
Link. https://avatarapi.com/
This tool reveals the profile picture and name associated with an email address.
No sign-up is necessary to use this site.
Link. https://castrickclues.com/
The free version of this website provides information about the owner’s name, profile picture, Google reviews, Google ID, and Skype username associated with an email.
No sign-up is required on this site.
Link. https://epieos.com/
The free version of Epieos provides access to a profile picture, name, Skype account details, data breaches, and checks for social networks or websites linked to an email address.
Sign-up is required for this site.
Link. https://scamsearch.io/
This open-source database allows you to check if an email has been involved in scam activities.
No sign-up is required to access this database.
Link. https://osint.rocks/
The Holehe tool verifies if an email is registered on platforms like Twitter, Flickr, Instagram, and others.
It gathers information from sites that use a “forgot password” feature.
No sign-up is needed to use this tool.
You can find additional information in the tool’s GitHub repository.
CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
🔰 Resources To Crack PDF Files Ultimately 🔰
https://soft.rubypdf.com/software/pdfcrypt
https://www.4dots-software.com/free-pdf-password-remover/
https://www.systoolsgroup.com/pdf-unlocker.html
GpxExpeditor 3D Sattelite View
gpxeditor.co.uk/map
Stealing HttpOnly cookies with the cookie sandwich technique
https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique
SearchPof
Google CSE to quick search profiles in:
Facebook
Twitter
Instagram
YouTube
Pinterest
Snapchat
https://searchpof.com/
All About Dorking
dorki.io
taksec.github.io/google-dorks-bug-bounty/dorksearch.com
dorkme.com
dorkgenius.com
Grabbing target country domains by Subfinder.
Link Download:
https://github.com/projectdiscovery/subfinder/releases/download/v2.6.7/subfinder_2.6.7_windows_arm64.zip
URLFinder
URLFinder is a high-speed, passive URL discovery tool designed to simplify and accelerate web asset discovery, ideal for penetration testers, security researchers, and developers looking to gather URLs without active scanning.
— Passive source discovery
— JSON/file/stdout output
— Optimized speed & efficiency
https://github.com/projectdiscovery/urlfinder
GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487).
https://projectdiscovery.io/blog/github-enterprise-saml-authentication-bypass
🎣 Top 13 Public Phishing Tools in 2024
🔹 1. Phishing Frenzy: github.com/pentestgeek/phishing-frenzy 🎉
🔹 2. Ghost Phisher: github.com/savio-code/ghost-phisher 👻
🔹 3. King Phisher: github.com/rsmusllp/king-phisher 👑
🔹 4. WiFiPhisher: github.com/wifiphisher/wifiphisher 📶
🔹 5. GoPhish: github.com/gophish/gophish 🚀
🔹 6. Zphisher: github.com/htr-tech/zphisher ⚡
🔹 7. BlackPhish: github.com/iinc0gnit0/BlackPhish 🖤
🔹 8. OhMyQR: github.com/cryptedwolf/ohmyqr 🤳
🔹 9. SayCheese: github.com/hangetzzu/saycheese 📸
🔹 10. I-See-You: github.com/Viralmaniar/I-See-You 👀
🔹 11. Social Engineer Toolkit (SET): github.com/trustedsec/social-engineer-toolkit 🛠️
🔹 12. Evilginx: github.com/kgretzky/evilginx 😈
🔹 13. SocialFish: github.com/UndeadSec/SocialFish 🐟
IDCrawl
Search social media profiles by username:
Instagram, Twitter, Facebook, YouTube etc (results with profile pics and additional data) + email addresses
https://www.idcrawl.com/username-search
FBack - A lightning-fast CLI tool for generating target-specific wordlists to fuzz backup files
Github: https://github.com/Spix0r/fback
■■■■□ Cable – A Post-Exploitation Toolkit For Active Directory Reconnaissance & Exploitation.
🔡🔡🔡🔡🔡https://cybersecuritynews.com/cable-active-directory-toolkit/
SSL-bypass: Root Detection & SSL Bypass Script - It utilizes Frida's powerful JavaScript injection capabilities to bypass both root detection and SSL certificate pinning in Android applications.
https://github.com/0xCD4/SSL-bypass
Bypassing character blocklists with unicode overflows
https://portswigger.net/research/bypassing-character-blocklists-with-unicode-overflows
Introducing GhostGPT—The New Cybercrime AI Used By Hackers.
https://www.forbes.com/sites/daveywinder/2025/01/23/introducing-ghostgpt-the-new-cybercrime-ai-used-by-hackers/
Wishing you all a very Happy 76th Republic Day!
Читать полностью…
THE ART OF WEB RECONNAISSANCE BUG BOUNTY ETHICAL HACKING COURSE
https://mega.nz/folder/Qn5CibIC#JRmgMNgy9BqjrVNBq6VyUQ
Tool for OSINT: 🔍 Searching people's digital footprint and leaked passwords across various social networks, written in Go.
https://github.com/ibnaleem/gosearch
Awesome AI Web Search
List of open source and proprietary web search tools
https://github.com/felladrin/awesome-ai-web-search
ODIN
IP search engine.
Search by ip, domain name, ASN, geolocation, BGP prefix, ASN number, WHOIS updated date and other parameters.
search.odin.io
100 Hacking Tools and Resources
https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources
Google advanced video search
When you search for videos on search engines, don't forget that there, as on and YouTube, there are advanced search filters. For example, #Google has filters for language, duration, subtitles, and domain.
https://www.google.com/advanced_video_search