Find hidden GET parameters in javascript files
assetfinder https://example.com | gau | egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"; done
#BugBountytip
assetfinder https://example.com | gau | egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"; done
#BugBountytip
👍1
Forwarded from Cat Seclist
[ Scopify - the "Netify" Reconnaissance Tool ]
Scopify is a Python command-line tool designed for penetration testers and bug bounty hunters to quickly gather and analyze infrastructure information (CDN, Hosting, SaaS) for a target company by scraping netify.
It optionally leverages OpenAI's API to provide AI-driven analysis of the gathered infrastructure, highlighting potential areas of interest and suggesting reconnaissance methodologies.
By Jason Haddix.
🔗Tool: https://github.com/Arcanum-Sec/Scopify
Scopify is a Python command-line tool designed for penetration testers and bug bounty hunters to quickly gather and analyze infrastructure information (CDN, Hosting, SaaS) for a target company by scraping netify.
It optionally leverages OpenAI's API to provide AI-driven analysis of the gathered infrastructure, highlighting potential areas of interest and suggesting reconnaissance methodologies.
By Jason Haddix.
🔗Tool: https://github.com/Arcanum-Sec/Scopify
Forwarded from Whitehat Lab
watchTowr Labs
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will.
No heist story…
No heist story…
Path traversal уязвимость приводящая к выполнению произвольного кода (RCE) без аутентификации
/commandcenter/deloyWebpackage.do, в результате чего Commvault получит ZIP-файл с внешнего сервера../../Reports/MetricsUpload/shell/commandcenter/deployWebpackage.do/reports/MetricsUpload/shell/.tmp/dist-cc/dist-cc/shell.jspРейтинг CVSS - 9.0
Уязвимость устранена в версии 11.38
#cve #rce #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
https://github.com/antonioCoco/RoguePotato
Another Windows Local Privilege Escalation from Service Account to System
Another Windows Local Privilege Escalation from Service Account to System
GitHub
GitHub - antonioCoco/RoguePotato: Another Windows Local Privilege Escalation from Service Account to System
Another Windows Local Privilege Escalation from Service Account to System - antonioCoco/RoguePotato
SecList for CyberStudents
https://github.com/itm4n/PrintSpoofer
itm4n’s blog
PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
Over the last few years, tools such as RottenPotato, RottenPotatoNG or Juicy Potato have made the exploitation of impersonation privileges on Windows very popular among the offensive security community. Though, recent changes to the operating system have…
Library of Leaks
Search by keyword (full name, email, company) in leaked documents, emails, tables, images and other files.
#OSINT
Search by keyword (full name, email, company) in leaked documents, emails, tables, images and other files.
#OSINT