💎✔️ Website Mirroring Tools
> HTTrack
> Surf offline Professional
>Black Widow
> NCollector Studio
> Website Ripper Copier
> Teleport Pro
>Portable Offline Browse
> PageNest
> Backstreet Browser
> Offline Explorer Enterprise
> GNU wget
> Hooeey Webprint
☢️@infosectube
> HTTrack
> Surf offline Professional
>Black Widow
> NCollector Studio
> Website Ripper Copier
> Teleport Pro
>Portable Offline Browse
> PageNest
> Backstreet Browser
> Offline Explorer Enterprise
> GNU wget
> Hooeey Webprint
☢️@infosectube
💎✔️Password Cracking Tools:
pwdump7
fgdump
L0phtCrack
Ophcrack
RainbowCrack
Cain and Abel
John the Ripper
Hydra
Patator
Ncrack
Metasploit modules
Medusa
Nmap NSE
wpscan
HashCat
aircrack-ng
acccheck
CAT
PAC
☢️@infosectube
pwdump7
fgdump
L0phtCrack
Ophcrack
RainbowCrack
Cain and Abel
John the Ripper
Hydra
Patator
Ncrack
Metasploit modules
Medusa
Nmap NSE
wpscan
HashCat
aircrack-ng
acccheck
CAT
PAC
☢️@infosectube
💎✔️Recon Methodology
1. Passive enumeration
👉SubFinder
👉AssetFinder
👉Amass
2. Active enumeration - bruteforce
👉ShuffleDNS
3. Resolve domains
👉ShuffleDNS
4. Looking for http/https domains
👉httpx
5. Scan HTTP/HTTPS results with nuclei
👉Nuclei - cve,Vulnerabilities,files,technologies
6. Fetch wayback data
👉waybackurls
7. Filter valid URLs from wayback data
👉ffuf
8. filter results with "gf"
👉gf xss , gf ssrf...
9. Custom wordlist from wayback data
👉unfurl
10. Domains to IP resolve
👉massdns
11. list of domains to be scanned
👉recon.sh scope.txt
☢️@infosectube
1. Passive enumeration
👉SubFinder
👉AssetFinder
👉Amass
2. Active enumeration - bruteforce
👉ShuffleDNS
3. Resolve domains
👉ShuffleDNS
4. Looking for http/https domains
👉httpx
5. Scan HTTP/HTTPS results with nuclei
👉Nuclei - cve,Vulnerabilities,files,technologies
6. Fetch wayback data
👉waybackurls
7. Filter valid URLs from wayback data
👉ffuf
8. filter results with "gf"
👉gf xss , gf ssrf...
9. Custom wordlist from wayback data
👉unfurl
10. Domains to IP resolve
👉massdns
11. list of domains to be scanned
👉recon.sh scope.txt
☢️@infosectube
🔥1
🔺A curated list of Android Security materials and resources For Pentesters and Bug Hunters(Will be updated)
💎link
☢️@infosectube
💎link
☢️@infosectube
GitHub
GitHub - saeidshirazi/awesome-android-security: A curated list of Android Security materials and resources For Pentesters and Bug…
A curated list of Android Security materials and resources For Pentesters and Bug Hunters - saeidshirazi/awesome-android-security
#Bug_Bounty_Tips_28
🛡BugBounty_Tips
🌀Price manipulation methods
Method #1:
If the product price parameter cannot be changed, change the quantity of products:
Method #2:
Add 2 products to the basket – let’s consider a single product is $40
If the request is processed in this way:
Select any item to purchase
Select PayPal as a payment method, intercept all the requests
Until you got a parameter called ‘amount’ from PayPal
Manipulate with the price and change it to 0.01$
Pay, and wait for the confirmation
☣️@InfoSecTube
🛡BugBounty_Tips
🌀Price manipulation methods
Method #1:
If the product price parameter cannot be changed, change the quantity of products:
items[1][quantity]= 1 –> 234 EURCongratulations, you bought the order for 10% of the price!
items[1][quantity]= 0.1 –> 23.4 EUR
Method #2:
Add 2 products to the basket – let’s consider a single product is $40
If the request is processed in this way:
{“items”:{“laptop”:1,”mobile”:1}}
Change the JSON body to:{“items”:{“laptop”:4,”mobile”:-2}}
The cost will become $20 for 2 items:4 * $40 – 2 * $70 = $160 – $140 = $20Method #3:
Select any item to purchase
Select PayPal as a payment method, intercept all the requests
Until you got a parameter called ‘amount’ from PayPal
Manipulate with the price and change it to 0.01$
Pay, and wait for the confirmation
☣️@InfoSecTube