π AnalyticsRelationships - Discover related domains and subdomains through Google Analytics IDs!
β¨ How it works:
- Extract Google Analytics IDs from a webpage.
- Query services like BuiltWith and HackerTarget to find domains and subdomains associated with those IDs.
- A simple yet effective tool for OSINT and reconnaissance!
π Get the tool here: https://github.com/Josue87/AnalyticsRelationships
β¨ How it works:
- Extract Google Analytics IDs from a webpage.
- Query services like BuiltWith and HackerTarget to find domains and subdomains associated with those IDs.
- A simple yet effective tool for OSINT and reconnaissance!
π Get the tool here: https://github.com/Josue87/AnalyticsRelationships
π1π₯1
π The Art of Auditing
β¨ What it offers:
The first community-driven resource consolidating thousands of hours of expertise from top industry professionals. Ideal for security auditors, researchers, and enthusiasts, this comprehensive guide is a must-read.
π Explore it here: https://web3-sec.gitbook.io/art-of-auditing
β¨ What it offers:
The first community-driven resource consolidating thousands of hours of expertise from top industry professionals. Ideal for security auditors, researchers, and enthusiasts, this comprehensive guide is a must-read.
π Explore it here: https://web3-sec.gitbook.io/art-of-auditing
web3-sec.gitbook.io
Preface | Art Of Auditing
β€6
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - 0dayhunter/Facebook-BugBounty-Writeups: Collection of Facebook Bug Bounty Writeups
Collection of Facebook Bug Bounty Writeups. Contribute to 0dayhunter/Facebook-BugBounty-Writeups development by creating an account on GitHub.
β€6π1
π¨CVE-2024-50379: Apache Tomcat - RCE via write-enabled default servlet.
πDorks
HUNTER:/product.name="Apache Tomcat"
FOFA:product="APACHE-Tomcat"
SHODAN:product:"Apache Tomcat"
π°https://lnkd.in/g_nmV2MM
πDorks
HUNTER:/product.name="Apache Tomcat"
FOFA:product="APACHE-Tomcat"
SHODAN:product:"Apache Tomcat"
π°https://lnkd.in/g_nmV2MM
β€4
π¨ [CVE-2024-56145] Exploit released! π¨
Details, PoC, and setup instructions:
π https://github.com/Chocapikk/CVE-2024-56145
Learn more:
π https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
#bugbountytips #BugBounty
Details, PoC, and setup instructions:
π https://github.com/Chocapikk/CVE-2024-56145
Learn more:
π https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
#bugbountytips #BugBounty
π8
βοΈ Exciting News for Aspiring Bug Hunters! βοΈ
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Get ready to dive deep into the world of ethical hacking and bug bounty hunting, guided by industry professionals. Whether you are a complete beginner or looking to advance your skills, this course is tailored for you.
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
π Classes Begin: January 2025 (PAID COURSE)
π Contact: Whatsapp for details and enrollment.
π Visit: Brut Security
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Get ready to dive deep into the world of ethical hacking and bug bounty hunting, guided by industry professionals. Whether you are a complete beginner or looking to advance your skills, this course is tailored for you.
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
Please open Telegram to view this post
VIEW IN TELEGRAM
π3
Extract all endpoints from a JS File and take your bug π
β Method one
β Method two
#infosec #cybersec #bugbountytips
β Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
β Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips
1π32β€11π₯10π€¨3π³2
Donβt forget the reactions and stars!
They fuel my energy to post such contentsπ β¨ .
They fuel my energy to post such contents
Please open Telegram to view this post
VIEW IN TELEGRAM
π17
β‘οΈA list of companies that accept Responsible Disclosure
β bug-bounties.as93.net
#bugbountytips #bugbounty
β bug-bounties.as93.net
#bugbountytips #bugbounty
π7π€¨4β€1π₯1π¨βπ»1
Using TLDFinder with the Netlas Module π
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
π Read now: https://netlas.io/blog/tldfinder_and_netlas/
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
π Read now: https://netlas.io/blog/tldfinder_and_netlas/
netlas.io
Using TLDFinder with Netlas - Netlas Blog
This article will look at using the TLDFinder tool to find top level domains and subdomains using the Netlas integration.
π5β€4
β‘οΈCVE-2024-50379/CVE-2024-56337 : Apache Tomcat Patches Critical RCE Vulnerability
π₯Exploit : https://github.com/SleepingBag945/CVE-2024-50379
πDorks:
HUNTER :/product.name="Apache Tomcat"
FOFA : product="Apache-Tomcat"
SHODAN : product:"Apache-Tomcat"
π₯Exploit : https://github.com/SleepingBag945/CVE-2024-50379
πDorks:
HUNTER :/product.name="Apache Tomcat"
FOFA : product="Apache-Tomcat"
SHODAN : product:"Apache-Tomcat"
β€7π2
π Merry Christmas from Brut Security! π
Wishing you and your loved ones a season filled with joy, peace, and happiness. May this festive time bring warmth to your heart and cherished moments with your loved ones.
Thank you for being a part of our community!
Happy Holidays! π
#MerryChristmas #Cybersecurity #BrutSecurity
Wishing you and your loved ones a season filled with joy, peace, and happiness. May this festive time bring warmth to your heart and cherished moments with your loved ones.
Thank you for being a part of our community!
Happy Holidays! π
#MerryChristmas #Cybersecurity #BrutSecurity
1β€14π2π₯2
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
Best Bug Bounty and Pentesting Methodology for Beginners: A Step-by-Step Guide
Bug bounty programs and penetration testing (pentesting) are popular ways for ethical hackers to make money while helping companies enhanceβ¦
β€14π2
β‘οΈTiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts.
β tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
β tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
π11
β‘You can use #httpx to request any path and see the status code and other details on the go, filter, or matcher flags if you want to be more specific.
β httpx -path /swagger-api/ -status-code -content-length
β httpx -path /swagger-api/ -status-code -content-length
π16π₯6β€1
Fuxploider: a free tool for finding and exploiting flaws in file upload forms. It spots allowed file types and finds out the best way to upload malicious files onto a website.
https://t.co/uP1HxJIdpC
https://t.co/uP1HxJIdpC
β€7π4