Extract all endpoints from a JS File and take your bug π
β Method one
β Method two
#infosec #cybersec #bugbountytips
β Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
β Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips
π11π₯3β€2
πConfig Repo- https://github.com/shellvik/shvbox/
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4π2
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4
Forwarded from Mr Rahim
This media is not supported in your browser
VIEW IN TELEGRAM
Tech industry Right now
π€£10π1
π Link Gopherπ Adblock Plusπ FoxyProxy Standardπ Video Speed Controllerπ Check XSSπ HackToolsπ Bulk URL Openerπ Temp Mailπ JS Beautify CSS HTMLπ Multi-Account Containers
π
TruffleHog
π
Code Formatter
π
Freedium Extension
π
BuiltWith
π
Wappalyzer
π
WhatRuns
π
Retire.js
π
Cookie Extractor
π
Wayback Machine
π
EXIF Data Viwer
π
Shodan
π
S3 Bucket List
π
Ublock Origin
π
Resources Saver
π
Dot Git
π
EndPointer
Please open Telegram to view this post
VIEW IN TELEGRAM
π€16π₯7β€4π3
X-Originaal-URL: /v1/api/endpoint_here
BOOM => Entire API routes disclosure.
Credit: @driccosec
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯18β€5π1
CVE-2025-22609, -22611, -22612: Multiple vulnerabilities in Coolify, 10.0 rating π₯π₯π₯
Three vulnerabilities of highest severity in Coolify allow for RCE, privilege escalation, and authentication bypass.
Search at Netlas.io:
π Link: https://nt.ls/vUWWf
π Dork: http.favicon.hash_sha256:eaf648b6000a49599ed58bda49e576d0f981e535a8075d524a4be890edcf96d0 AND uri:*login*
Vendor's advisory: https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9
Three vulnerabilities of highest severity in Coolify allow for RCE, privilege escalation, and authentication bypass.
Search at Netlas.io:
π Link: https://nt.ls/vUWWf
π Dork: http.favicon.hash_sha256:eaf648b6000a49599ed58bda49e576d0f981e535a8075d524a4be890edcf96d0 AND uri:*login*
Vendor's advisory: https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9
tenten.online business logic BUG POC ---> https://t.iss.one/brutsecurity_poc/23
π10π3
Where is the reactions π₯
Please open Telegram to view this post
VIEW IN TELEGRAM
πΏ13π4π³3π2
π‘Blackbird is a powerful OSINT tool designed for fast and efficient searches of user accounts by username or email across multiple platforms, streamlining digital investigations.
https://github.com/p1ngul1n0/blackbird
https://github.com/p1ngul1n0/blackbird
π₯10π5π€2
This media is not supported in your browser
VIEW IN TELEGRAM
π€£15π1π1
Ninjasworkout:-- Vulnerable NodeJS Web Application.
ADDED BUGS:-
Prototype Pollution β 1
No SQL Injection β 2
Cross site Scripting β 3
Broken Access Control β 4
Broken Session Management β 5
Weak Regex Implementation β 6
Race Condition β 7
CSRF -Cross Site Request Forgery β 8
Weak Bruteforce Protection β 9
User Enumeration β 10
Reset Password token leaking in Referrer β 11
Reset Password bugs β 12
Sensitive Data Exposure β 13
Unicode Case Mapping Collision β 14
File Upload β 15
SSRF β 16
XXE
Open Redirection β 17
Directory Traversal β 18
Insecure Deserilization => Remote Code Execution β 19
https://github.com/effortlessdevsec/ninjasworkout
ADDED BUGS:-
Prototype Pollution β 1
No SQL Injection β 2
Cross site Scripting β 3
Broken Access Control β 4
Broken Session Management β 5
Weak Regex Implementation β 6
Race Condition β 7
CSRF -Cross Site Request Forgery β 8
Weak Bruteforce Protection β 9
User Enumeration β 10
Reset Password token leaking in Referrer β 11
Reset Password bugs β 12
Sensitive Data Exposure β 13
Unicode Case Mapping Collision β 14
File Upload β 15
SSRF β 16
XXE
Open Redirection β 17
Directory Traversal β 18
Insecure Deserilization => Remote Code Execution β 19
https://github.com/effortlessdevsec/ninjasworkout
β€17π3