this tool is best for finding openredirect and crlf injection just add you custom wordlist and boom:
https://github.com/r0075h3ll/Oralyzer
https://github.com/r0075h3ll/Oralyzer
GitHub
GitHub - r0075h3ll/Oralyzer: Open Redirection Analyzer
Open Redirection Analyzer . Contribute to r0075h3ll/Oralyzer development by creating an account on GitHub.
🔥2
https://roddytech.medium.com/a-guide-to-twitters-search-operators-osint-%EF%B8%8F-%EF%B8%8F-b617bb7c59a
#Twitter #OSINT
#Twitter #OSINT
Medium
A Guide To Twitter Search Operators: OSINT 🕵️♂️
Whether or not you’ve signed up for Twitter, you have the power to perform detailed queries on the endless stream of Tweets by using the…
🔥1
Twitter Tools
View username, display name and bio history of any Twitter user.
twitter.lolarchiver.com
Partly free. Works well, but not always accurately. Use in combination with other similar tools (like UserSearch etc).
View username, display name and bio history of any Twitter user.
twitter.lolarchiver.com
Partly free. Works well, but not always accurately. Use in combination with other similar tools (like UserSearch etc).
🔥1🗿1
Поиск по почте и никнейму
#ШХ #статья #OSINT
Продолжаем рубрику статей на тему OSINT под названием "ШХ". В статье рассмотрены инструменты, которые неплохо помогут в решении задач сетевой разведки. С их помощью, попробуем автоматизировать поиск по электронной почте и познакомимся с инструментом поиска по никнейму.
#Mail #OSINT
#ШХ #статья #OSINT
Продолжаем рубрику статей на тему OSINT под названием "ШХ". В статье рассмотрены инструменты, которые неплохо помогут в решении задач сетевой разведки. С их помощью, попробуем автоматизировать поиск по электронной почте и познакомимся с инструментом поиска по никнейму.
#Mail #OSINT
🔥1🌚1
Online tools (free or partly free) for automating work with dorks (Google and beyond):
dorki.io
taksec.github.io/google-dorks-bug-bounty/
dorksearch.com
dorkme.com
dorkgenius.com
dorks.faisalahmed.me
#OSINT #GoogleDorking
dorki.io
taksec.github.io/google-dorks-bug-bounty/
dorksearch.com
dorkme.com
dorkgenius.com
dorks.faisalahmed.me
#OSINT #GoogleDorking
🔥1
Great update to EarthKit (Google Street View photo search).
Now when hovering over the found match points you can see not only coordinates, but also street panoramas.
earthkit.app/streetview
(Use with tools such as GeoSpy to determine the most accurate location possible)
#OSINT
Now when hovering over the found match points you can see not only coordinates, but also street panoramas.
earthkit.app/streetview
(Use with tools such as GeoSpy to determine the most accurate location possible)
#OSINT
🔥1
Kali Linux OSINT VM
- bash script for Kali Linux VM that install 100+ #OSINT tools
- list of Chrome and Firefox extensions
- archive of OSINT templates
- a lot of useful bookmarks in JSON file
https://github.com/midnit3Z0mbi3/Kali-Linux-OSINT-VM
Creator twitter.com/midnit3_Z0mbi3
- bash script for Kali Linux VM that install 100+ #OSINT tools
- list of Chrome and Firefox extensions
- archive of OSINT templates
- a lot of useful bookmarks in JSON file
https://github.com/midnit3Z0mbi3/Kali-Linux-OSINT-VM
Creator twitter.com/midnit3_Z0mbi3
🔥1
🛠️Guide to Active Directory Hacking
📝Active Directory (AD) is a directory service developed by Microsoft to manage and store network information, offering a central location for access control and network security.
📰 Read more: https://en.iguru.gr/odigos-gia-active-directory-hacking/
🔖#infosec #cybersecurity #hacking #pentesting #security
📝Active Directory (AD) is a directory service developed by Microsoft to manage and store network information, offering a central location for access control and network security.
📰 Read more: https://en.iguru.gr/odigos-gia-active-directory-hacking/
🔖#infosec #cybersecurity #hacking #pentesting #security
🔥1
Forwarded from SecuriXy.kz
rockyou2024_printable_8-40.7z.002
3.7 GB
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/
Мы его скачали, немного отфильтровали, а теперь делимся с Вами результатами
ZIP-архив в 45 гигов в распакованном виде выдаёт текстовый файл размером 155 ГБ.
При открытии с помощью
less будет уведомление, что он выглядит как бинарный файл. В нём по какой-то причине добавлено приличное количество мусора...Вычистив его, получаем на выходе файл размером в 144 ГБ. Но даже в нём, достаточно бесполезных строк (Хотя если кому надо, можем выложить и его).
Отфильтровали ещё немного, оставив только строки без пробелов длиной от 8 до 40 символов и вуаля - 25 гигабайт приемлемого вордлиста).
Пользуйтесь
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥1
Understanding Bug Bounty Hunting for Newcomers
Bug bounty hunting can seem appealing, but it’s important to know:
High Skill Level Required: Success in bug bounty hunting demands a very high skill level. It's not just about using tools like Nuclei to scan public programs.
Reality Check: Many see bug bounty hunting as a way to financial freedom or a high-paying job. However, if you have the skills to excel here, you can probably find other well-paying jobs in cybersecurity.
Consider Your Location: Bug bounty hunting might be more attractive if you live in a country with a low average salary. Otherwise, it’s better pursued for fun or experience rather than as your main source of income.
Extra Income and Experience: It can be great for earning extra money and gaining experience, but it’s not a reliable primary income source.
Bottom Line: Bug bounty hunting can be enjoyable and rewarding as a side activity, but it’s not the best choice for a main job once you understand the reality of the work involved.
#BugBounty
Bug bounty hunting can seem appealing, but it’s important to know:
High Skill Level Required: Success in bug bounty hunting demands a very high skill level. It's not just about using tools like Nuclei to scan public programs.
Reality Check: Many see bug bounty hunting as a way to financial freedom or a high-paying job. However, if you have the skills to excel here, you can probably find other well-paying jobs in cybersecurity.
Consider Your Location: Bug bounty hunting might be more attractive if you live in a country with a low average salary. Otherwise, it’s better pursued for fun or experience rather than as your main source of income.
Extra Income and Experience: It can be great for earning extra money and gaining experience, but it’s not a reliable primary income source.
Bottom Line: Bug bounty hunting can be enjoyable and rewarding as a side activity, but it’s not the best choice for a main job once you understand the reality of the work involved.
#BugBounty
👍1🔥1
Attacking NodeJS Application.
- Use flat Promise chains;
- Set request size limits;
- Do not block the event loop;
- Perform input validation;
- Perform output escaping;
- Perform application activity logging;
- Monitor the event loop;
- Take precautions against brute-forcing;
- Use Anti-CSRF tokens;
- Prevent HTTP Parameter Pollution;
- Do not use dangerous functions;
- Use appropriate security headers;
- Listen to errors when using EventEmitter;
- Set cookie flags appropriately;
- Avoid eval(), setTimeout(), and setInterval();
- Avoid new Function();
- Avoid code serialization in JavaScript;
- Use a Node.js security linter;
- References.
#devsecops
- Use flat Promise chains;
- Set request size limits;
- Do not block the event loop;
- Perform input validation;
- Perform output escaping;
- Perform application activity logging;
- Monitor the event loop;
- Take precautions against brute-forcing;
- Use Anti-CSRF tokens;
- Prevent HTTP Parameter Pollution;
- Do not use dangerous functions;
- Use appropriate security headers;
- Listen to errors when using EventEmitter;
- Set cookie flags appropriately;
- Avoid eval(), setTimeout(), and setInterval();
- Avoid new Function();
- Avoid code serialization in JavaScript;
- Use a Node.js security linter;
- References.
#devsecops
👍1
🔥Year in Bug Bounties - from 0 to $25,700* in 12 months (Stats, Graphs, Learnings, Experiences & Plans!)🔥
🔗https://shreyaschavhan.notion.site/Year-in-Bug-Bounties-from-0-to-25-700-in-12-months-Stats-Graphs-Learnings-Experiences-Plan-9ccb71a21f874d71be9e112a52620a80
🔗https://shreyaschavhan.notion.site/Year-in-Bug-Bounties-from-0-to-25-700-in-12-months-Stats-Graphs-Learnings-Experiences-Plan-9ccb71a21f874d71be9e112a52620a80
shreyaschavhan on Notion
Year in Bug Bounties - from 0 to $25,700* in 12 months (Stats, Graphs, Learnings, Experiences & Plans!) | Notion
Table of Content:
👍1
⚠️Template Injection on ServiceNow by @assetnote⚠️
📌PoC:
😬 https://assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
🔖#bugbounty #bugbountytips #infosec
📌PoC:
https://1337/login.do?jvar_page_title=<style><j:jelly xmlns:j="jelly" xmlns:g='glide'><g:evaluate>gs.addErrorMessage(7*7);</g:evaluate></j:jelly></style>
😬 https://assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
🔖#bugbounty #bugbountytips #infosec
www.assetnote.io
Chaining Three Bugs to Access All Your ServiceNow Data
Through the course of 3/4 weeks, we were able to find a chain of vulnerabilities that allows full database access and full access to any MID servers configured. This resulted in 3 separate CVE's.
👍1