#Bug_Bounty_Tips_29
🛡BugBounty_Tips
🌀Find javascript files using gau and httpx
Here’s a recon tip to find javascript files hosted on our target using gau and httpx utilities:
In order for this combo to work, we have to install the following tools:
httpx
gau
☣️@InfoSecTube
🛡BugBounty_Tips
🌀Find javascript files using gau and httpx
Here’s a recon tip to find javascript files hosted on our target using gau and httpx utilities:
echo target.com | gau | grep '\.js$' | httpx -status-code -mc 200 -content-type | grep 'application/javascript'What this combo will do is that it will collect all known URLs for our target from the AlienVault’s Open Threat Exchange (OTX), the Wayback Machine and Common Crawl, fetch them using httpx and then display only javascript files.
In order for this combo to work, we have to install the following tools:
httpx
gau
☣️@InfoSecTube
Forwarded from InfoSecTube
🔺A curated list of Android Security materials and resources For Pentesters and Bug Hunters(Will be updated)
💎link
☢️@infosectube
💎link
☢️@infosectube
GitHub
GitHub - saeidshirazi/awesome-android-security: A curated list of Android Security materials and resources For Pentesters and Bug…
A curated list of Android Security materials and resources For Pentesters and Bug Hunters - saeidshirazi/awesome-android-security
#Bug_Bounty_Tips_30
🛡BugBounty_Tips
🌀Extract API endpoints from javascript files
Here’s a quick one-liner for extracting API endpoints from javascript files:
☣️@InfoSecTube
🛡BugBounty_Tips
🌀Extract API endpoints from javascript files
Here’s a quick one-liner for extracting API endpoints from javascript files:
cat file.js | grep -aoP "(?<=(\"|\'|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\`))" | sort -u
☣️@InfoSecTube
#coursera #free #online
🛡100 online courses from Coursera are $0 now through December 31
📡link
☢️@infosectube
🛡100 online courses from Coursera are $0 now through December 31
📡link
☢️@infosectube
🛡This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive.
📡 link
☢️@infosectube
📡 link
☢️@infosectube
GitHub
GitHub - wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick…
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro...
🛎Pentest-Cheat-Sheets
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
📡Link
☢️@infosectube
This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.
📡Link
☢️@infosectube
GitHub
GitHub - Kitsun3Sec/Pentest-Cheat-Sheets: A collection of snippets of codes and commands to make your life easier!
A collection of snippets of codes and commands to make your life easier! - GitHub - Kitsun3Sec/Pentest-Cheat-Sheets: A collection of snippets of codes and commands to make your life easier!
burp_suite_pro_v2020.11.zip
381.8 MB
❇️Burpsuite pro version: 2020.11
pass: 311138
README inside, plz read it before run BS.
Happy Hacking!
🛎 @infosectube
pass: 311138
README inside, plz read it before run BS.
Happy Hacking!
🛎 @infosectube
Media is too big
VIEW IN TELEGRAM
How Get 6 Month Premium KeepSolid #VPN
Code:
1. 6 Protocol
2. Torrent Server
3. GUI App For All OS
4. Fast Connection and Speed
❇️ @Infosectube
Code:
VPNUNLIMITED2020CHIP
1. 6 Protocol
2. Torrent Server
3. GUI App For All OS
4. Fast Connection and Speed
❇️ @Infosectube
#Bug_Bounty_Tips_31
🛡BugBounty_Tips
🌀Access Admin panel by tampering with URI
Here’s a super easy tip to access an admin panel by tampering with the URI in the following way:
🛡BugBounty_Tips
🌀Access Admin panel by tampering with URI
Here’s a super easy tip to access an admin panel by tampering with the URI in the following way:
https://target.com/admin/ –> HTTP 302 (redirect to login page)Try also the following tips, as others have commented on the tweet:
https://target.com/admin..;/ –> HTTP 200 OK
https://target.com/../admin☣️@InfoSecTube
https://target.com/whatever/..;/admin
Tangalanga: the Zoom conference scanner hacking tool
https://github.com/elcuervo/tangalanga
📡 @Infosectube
https://github.com/elcuervo/tangalanga
📡 @Infosectube
GitHub
GitHub - elcuervo/tangalanga: Tangalanga: the Zoom conference scanner hacking tool
Tangalanga: the Zoom conference scanner hacking tool - elcuervo/tangalanga