#bugbounty
https://mokhansec.medium.com/full-account-takeover-worth-1000-think-out-of-the-box-808f0bdd8ac7
https://mokhansec.medium.com/full-account-takeover-worth-1000-think-out-of-the-box-808f0bdd8ac7
Medium
Full account takeover worth $1000 Think out of the box
Hi everyone how are you doing today? I hope you are doing great and scoring lots of bounties. Today's story is about a bug I found on…
APT
Do you have problems with security requirements related to any business feature?
#Tools
For those 18% who checked
"Yes. I want to find a complete set of them"
ASVS (eng) Link
For those 19% who wanted a "classified set of requirements with references to test-cases" we did this tool:
- Github repo
- Cloud version
For those 18% who checked
"Yes. I want to find a complete set of them"
ASVS (eng) Link
For those 19% who wanted a "classified set of requirements with references to test-cases" we did this tool:
- Github repo
- Cloud version
#tools
Worth its own post :)
Security requirements generator service
https://requirements.whitespots.io/en
Worth its own post :)
Security requirements generator service
https://requirements.whitespots.io/en
#education
Check this out. A free module for developers about limits from whitespots.io
https://appsec-learning.whitespots.io/
Check this out. A free module for developers about limits from whitespots.io
https://appsec-learning.whitespots.io/
#Tools
Divide full port scan results and use it for targeted Nmap runs
https://github.com/snovvcrash/DivideAndScan
Divide full port scan results and use it for targeted Nmap runs
https://github.com/snovvcrash/DivideAndScan
GitHub
GitHub - snovvcrash/DivideAndScan: Divide full port scan results and use it for targeted Nmap runs
Divide full port scan results and use it for targeted Nmap runs - snovvcrash/DivideAndScan
#BugBounty
#Tools
if you're looking for great tool in web recon
check these out
https://github.com/Cyber-Guy1/BlackDragon
#Tools
if you're looking for great tool in web recon
check these out
https://github.com/Cyber-Guy1/BlackDragon
#bugbounty One of the largest security testing checklist
Один из самых больших чеклистов в интернете по тестированию веб-приложений.
Один из самых больших чеклистов в интернете по тестированию веб-приложений.
#android #mindmap
Android Application Penetration Testing Mindmap
https://www.xmind.net/m/paUMuU/
UPD:
https://www.xmind.net/m/GkgaYH/
Android Application Penetration Testing Mindmap
UPD:
https://www.xmind.net/m/GkgaYH/
#tools
Check live webapps from domain list
Check live webapps from domain list
cat subdomains.txt | sed -E 's#https?://##I' | sed -E 's#/.*##' | sed -E 's#^\*\.?##' | sed -E 's#,#\n#g' | tr '[:upper:]' '[:lower:]' | uniq | sed -e 's/^/https:\/\//' | httpx -silent -timeout 2 -threads 100 -status-code -mc 200,302 |anewThis media is not supported in your browser
VIEW IN TELEGRAM
#Tools
#Extension
mitaka: A browser extension for OSINT search
Source code: https://github.com/ninoseki/mitaka
Chrome: https://chrome.google.com/webstore/detail/mitaka/bfjbejmeoibbdpfdbmbacmefcbannnbg
Firefox: https://addons.mozilla.org/en-US/firefox/addon/mitaka/
#Extension
mitaka: A browser extension for OSINT search
Source code: https://github.com/ninoseki/mitaka
Chrome: https://chrome.google.com/webstore/detail/mitaka/bfjbejmeoibbdpfdbmbacmefcbannnbg
Firefox: https://addons.mozilla.org/en-US/firefox/addon/mitaka/
#bugbounty
XSS in AWS console by
@Frichette_n with AngularJS CSP Bypass
https://frichetten.com/blog/xss_in_aws_console/
XSS in AWS console by
@Frichette_n with AngularJS CSP Bypass
https://frichetten.com/blog/xss_in_aws_console/