Extract all endpoints from a JS File and take your bug π
β Method one
β Method two
#infosec #cybersec #bugbountytips
β Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
β Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips
1π32β€11π₯10π€¨3π³2
Donβt forget the reactions and stars!
They fuel my energy to post such contentsπ β¨ .
They fuel my energy to post such contents
Please open Telegram to view this post
VIEW IN TELEGRAM
π17
β‘οΈA list of companies that accept Responsible Disclosure
β bug-bounties.as93.net
#bugbountytips #bugbounty
β bug-bounties.as93.net
#bugbountytips #bugbounty
π7π€¨4β€1π₯1π¨βπ»1
Using TLDFinder with the Netlas Module π
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
π Read now: https://netlas.io/blog/tldfinder_and_netlas/
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
π Read now: https://netlas.io/blog/tldfinder_and_netlas/
netlas.io
Using TLDFinder with Netlas - Netlas Blog
This article will look at using the TLDFinder tool to find top level domains and subdomains using the Netlas integration.
π5β€4
β‘οΈCVE-2024-50379/CVE-2024-56337 : Apache Tomcat Patches Critical RCE Vulnerability
π₯Exploit : https://github.com/SleepingBag945/CVE-2024-50379
πDorks:
HUNTER :/product.name="Apache Tomcat"
FOFA : product="Apache-Tomcat"
SHODAN : product:"Apache-Tomcat"
π₯Exploit : https://github.com/SleepingBag945/CVE-2024-50379
πDorks:
HUNTER :/product.name="Apache Tomcat"
FOFA : product="Apache-Tomcat"
SHODAN : product:"Apache-Tomcat"
β€7π2
π Merry Christmas from Brut Security! π
Wishing you and your loved ones a season filled with joy, peace, and happiness. May this festive time bring warmth to your heart and cherished moments with your loved ones.
Thank you for being a part of our community!
Happy Holidays! π
#MerryChristmas #Cybersecurity #BrutSecurity
Wishing you and your loved ones a season filled with joy, peace, and happiness. May this festive time bring warmth to your heart and cherished moments with your loved ones.
Thank you for being a part of our community!
Happy Holidays! π
#MerryChristmas #Cybersecurity #BrutSecurity
1β€14π2π₯2
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
Best Bug Bounty and Pentesting Methodology for Beginners: A Step-by-Step Guide
Bug bounty programs and penetration testing (pentesting) are popular ways for ethical hackers to make money while helping companies enhanceβ¦
β€14π2
β‘οΈTiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts.
β tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
β tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
π11
β‘You can use #httpx to request any path and see the status code and other details on the go, filter, or matcher flags if you want to be more specific.
β httpx -path /swagger-api/ -status-code -content-length
β httpx -path /swagger-api/ -status-code -content-length
π16π₯6β€1
Fuxploider: a free tool for finding and exploiting flaws in file upload forms. It spots allowed file types and finds out the best way to upload malicious files onto a website.
https://t.co/uP1HxJIdpC
https://t.co/uP1HxJIdpC
β€7π4
Using theHarvester with the Netlas Module π
In our latest article, we demonstrate how to leverage the theHarvester framework integrated with Netlas to efficiently discover subdomains.
π Read now: https://netlas.io/blog/theharvester_and_netlas/
In our latest article, we demonstrate how to leverage the theHarvester framework integrated with Netlas to efficiently discover subdomains.
π Read now: https://netlas.io/blog/theharvester_and_netlas/
netlas.io
Using theHarvester with Netlas - Netlas Blog
In this article we will look at using theHarvester tool to find subdomains with the Netlas integration.
β€5π3
π Free Tool for Finding Open S3 Buckets and Files
π― Purpose:Search for open Amazon S3 buckets and locate potentially interesting files efficiently.
β Tool Links:
Explore Open S3 Buckets: https://buckets.grayhatwarfare.com
π Why This is Useful:Helps identify misconfigured S3 buckets.
Uncover sensitive data or files accidentally exposed to the public.
π― Purpose:Search for open Amazon S3 buckets and locate potentially interesting files efficiently.
β Tool Links:
Explore Open S3 Buckets: https://buckets.grayhatwarfare.com
π Why This is Useful:Helps identify misconfigured S3 buckets.
Uncover sensitive data or files accidentally exposed to the public.
β€10π3π₯2
π Happy New Year, Brut Fam! π
2024 was incredibleβtogether, we shared 1,500+ resources and grew to an 8.5K+ community! Your support makes it all worthwhile.
πͺ
If youβve found value in this journey, you can support me with a β: https://buymeacoffee.com/brutsecurity
Wishing you a safe, successful, and prosperous 2025! Letβs make it even bigger and better! π
2024 was incredibleβtogether, we shared 1,500+ resources and grew to an 8.5K+ community! Your support makes it all worthwhile.
πͺ
If youβve found value in this journey, you can support me with a β: https://buymeacoffee.com/brutsecurity
Wishing you a safe, successful, and prosperous 2025! Letβs make it even bigger and better! π
β€14π₯3π€1
π1
β‘οΈSqliSniper: Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers
β https://github.com/danialhalo/SqliSniper
β https://github.com/danialhalo/SqliSniper
π8β€5
Learn from a proven bug hunter with extensive experience on platforms like Bugcrowd, HackerOne, and Immunefi.
Harsh D Ranjan is a recognized expert in bug bounty programs with verified profiles:
β’ Bugcrowd
β’ HackerOne
β’ Immunefi
β’ In-depth exploration of bug bounty methodologies
β’ Practical guidance for platforms like Bugcrowd, HackerOne, and Immunefi
β’ Real-world examples of impactful vulnerability reports
β’ Hands-on practice to prepare you for live bug bounty programs
π Class Timings: Tuesday & Wednesday, 3:00β5:00 PM IST
π Duration: 2β3 months
π₯ Max Slots: 10 participants per batch
π DM on WhatsApp to Book Your Slot: https://wa.link/7j7p6g
β’ Direct mentorship from an experienced bug hunter
β’ Small class size for personalized attention
β’ Gain skills for earning through bug bounty programs
Please open Telegram to view this post
VIEW IN TELEGRAM
1π₯5β€1π1πΏ1