💎ACD helps you download Adobe Connect Sessions Videos and Audios, download files from FTP server, transfer files using Shift I/O
🔗link
📡@infosectube
📌youtube channel
☣️instagram page

🔥Best Websites For Free Proxy List

1. https://www.httptunnel.ge/ProxyListForFree.aspx
2. https://hidemyna.me/en/proxy-list/
3. https://FreeProxy.ru
4. https://Free-Proxy-List.net
5. https://Proxynova.com
6. https://ProxyLists.net
7. https://Gatherproxy.com
8. https://www.freeproxylists.net/
9. https://free-proxy.cz/en/
10. https://spys.one/en/

📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_34
🛡BugBounty_Tips
🌀 Here are the top 25 parameters that could be vulnerable to server-side request forgery (SSRF) vulnerability:
SSRF is a critical vulnerability that may allow you to:
💢Access services on the loopback interface of the remote server
💢Scan internal network an potentially interact with internal services
💢Read local files on the server using file:// protocol handler
💢Move laterally / pivoting into the internal environment

📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_35
🛡BugBounty_Tips
🌀 Sensitive data leakage using .json
Notice the added .json extension in our request which resulted in obtaining the secret token!

📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_36
🛡BugBounty_Tips
🌀 HTTP recon automation with httpx
Did you know that you can use httpx tool to request any URL path and see the status code and length and other details on the go, filter, or even perform exact matching on them?
Here’s an example:

cat domains.txt | httpx -path /swagger-api/ -status-code -content-length

📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_36 #BugBounty
🛡BugBounty_Tips
🌀 Easy wins with Shodan dorks
With these dorks we are looking for access credentials and credentials related to FTP, perhaps in a log file exposed online or elsewhere, and also for protected areas such as administrative consoles related to our target organization.


📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_37 #BugBounty
🛡BugBounty_Tips
🌀 Simple ffuf bash one-liner helper
First Simply add this into your ~/.bashrc:

ffufr() {
  ffuf -c -w "/path/to/SecLists/Discovery/Web-Content/$1" -u "$2/FUZZ" -recursion
}

🔰Also make sure you have the latest https://github.com/danielmiessler/SecLists and the correct path in the function above.

🔰Now you can perform recursive directory searching (dirbusting) of your target domain easily like this:

ffufr WORDLISTNAME.txt DOMAIN.com

🔰Use this with any of the wordlist that is in the ‘SecLists/Discovery/Web-Content/’ directory. Here’s an example using the ‘tomcat.txt’ wordlist:



📡@infosectube
📌youtube channel
☣️instagram page

🛡Types of InfoSec Paper
😀Just For Fun

📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_38 #BugBounty

🛡BugBounty_Tips
🌀 GitHub dorks for finding secrets

With these dorks we can identify all kinds of secrets. use KeyHacks to identify and validate found secrets.

📡@infosectube
📌youtube channel
☣️instagram page

🛡 دریافت شش ماه استفاده رایگان از محصولات BitDefender Total Security
VPN + ANTIVIRUS

💡 برای دریافت لایسنس و فعالسازی وارد لینک زیر بشید و ایملتون رو وارد کنید.

🔗 https://www.bitdefender.de/media/html/consumer/new/get-your-180-day-trial-opt/index.html
📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_39 #BugBounty

🛡BugBounty_Tips
🌀 Trick to find more IDOR vulnerabilities
Protip: Use the following wordlist for identifying different endpoint versions (use with ffuf or Burp Intruder):



📡@infosectube
📌youtube channel
☣️instagram page

#linux
📡@infosectube
📌youtube channel
☣️instagram page

#golang
📡@infosectube
📌youtube channel
☣️instagram page

pass: 311138

README inside, plz read it before run BS.

Happy Hacking! 🥳
📡@infosectube
📌youtube channel
☣️instagram page

#Bug_Bounty_Tips_39 #BugBounty

🛡BugBounty_Tips
🌀Valid email addresses with evil payloads
One not-so-well-known attack vector when testing web applications with email address fields is to use the comment section of an email address. This is a feature of email addresses defined in RFC822 specification.

This means that we can provide an arbitrary comment as part of an email address and it is still going to be a perfectly valid email address. Here is how it may look:

“payload”@domain.com
name@”payload”domain.com
name(payload)@domain.com
name@(payload)domain.com
[email protected](payload)

These are all valid email addresses (you check them in an email address validator, e.g. here). As a payload, we can provide something interesting like SQLi, XSS or even a RCE payload.



📡@infosectube
📌youtube channel
☣️instagram page

🦅Some Useful Websites that you should must use

📎1. Screenr.com: This website helps you Record movies on your computer and send them straight to YouTube.

📎2. Bounceapp.com: For capturing full length screenshots of a web pages.

📎3. Goo.gl: Shorten long URLs and convert URLs into QR codes.

📎4. untiny.me: Find the original URLs that's hiding behind a short URLs.

📎5. localti.me: Know more than just the local time of a city

📎6. copypastecharacter.com: Copy-paste special characters that are not on your keyboard.

📎7. topsy.com: A better search engine for twitter.

📎8. fb.me/AppStore: Search iOS apps without launching iTunes.

📎9. iconfinder.com: The best place to find icons of all sizes.

📎10. office.com: Download templates, clipart and images for your Office documents.

📎11. woorank.com: everything you wanted to know about a website.

📎12. virustotal.com: Scan any suspicious file or email attachment for viruses.

📎13. wolframalpha.com: Gets answers directly without searching .

📎14. printwhatyoulike.com: Print web pages without the clutter.

📎15. joliprint.com: Reformats news articles and blog content as a newspaper.

📎16. isnsfw.com: When you wish to share a NSFW page but with a warning.

📎17. eggtimer.com: A simple online timer for your daily needs.

📎18. coralcdn.org: If a site is down due to heavy traffic, try accessing it through coral CDN.

📎19. random.org: Pick random numbers, flip coins, and more.

📎20. mywot.com: Check the trust level of any website .

📎21. viewer.zoho.com: Preview PDFs and Presentations directly in the browser.

📎22. tubemogul.com: Simultaneously upload videos to YouTube and other video sites.

📎23. truveo.com: The best place for searching web videos.

📎24. scr.im: Share your email address online without worrying about spam.

📎25. spypig.com: Now get read receipts for your email.

📎26. sizeasy.com: Visualize and compare the size of any product.

📎27. whatfontis.com: quickly determine the font name from an image.

📎28. fontsquirrel.com: A good collection of fonts free for personal and commercial use.

📎29. regex.info: Find data hidden in your photographs .

📎30. tineye.com: This is like an online version of Google Googles.

📎31. iwantmyname.com: Helps you search domains across allTLDs.

📎32. tabbloid.com: Your favorite blogs delivered as PDFs.

📎33. join.me: Share your screen with anyone over the web.

📎34. onlineocr.net: Recognize text from scanned PDFs and images “ see other OCR tools.

📎35. flightstats.com: Track flight status at airports worldwide.

📎36. wetransfer.com: For sharing really big files online.

📎37. pastebin.com: A temporary online clipboard for your text and code snippets.

📎38. polishmywriting.com: Check your writing for spelling or grammatical errors.

📎39. awesomehighlighter.com: Easily highlight the important parts of a web page.

📎40. typewith.me: Work on the same document with multiple people.

📎41. whichdateworks.com: Planning an event? Find a date that works for all.

📎42. everytimezone.com: A less confusing view of the world time zones.

📎43. warrick.cs.odu.edu: You'll need this when your bookmarked web pages are deleted.

📎44. gtmetrix.com: The perfect tool for measuring your site performance online.

📎45. imo.im: Chat with your buddies on Skype,Facebook, GoogleTalk, etc from one place.

📎46. translate.google.com: Translate web pages,PDFs and Office documents.

📎47. youtube.com/leanback: Sit back and enjoy YouTube videos in full-screen mode.

📎48. similarsites.com: Discover new sites that are similar to what you like already.

📎49. wordle.net: Quick summarize long pieces of text with tag clouds.

📎50. bubbl.us: Create mind-maps, brainstorm ideas in the browser.

📎51. kuler.adobe.com: Get color ideas, also extract colors from photographs.

📎52. followupthen.com: Setup quick reminders via email itself.

📎53. lmgtfy.com: When your friends are too lazy to use Google on their own.

📎54. tempalias.com: Generate temporary email aliases, better than disposable email.

💎@infosectube

🔰Shodan.io Alternatives

1. fofa.so
2. zoomeye.org
3. viz.greynoise.io
4. leakix.net
5. censys.io
6. onyphe.io
7. app.binaryedge.io
8. hunter.io
9. wigle.net
10. ghostproject.fr
11. ivre.rocks
12. natlas.io

📡@infosectube
📌youtube channel
☣️instagram page