Please open Telegram to view this post
VIEW IN TELEGRAM
app.netlas.io
Discover, Research and Monitor any Assets Available Online
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
๐ฅ4
This media is not supported in your browser
VIEW IN TELEGRAM
Active link finding with xnLinkFinder! ๐
Command breakdown:
-i https://bugcrowd.com โ Target domain
-sp https://bugcrowd.com โ Scope prefix
-sf "bugcrowd.*" โ Scope filter
-d 2 โ Crawl depth
-v โ Verbose output
Command breakdown:
-i https://bugcrowd.com โ Target domain
-sp https://bugcrowd.com โ Scope prefix
-sf "bugcrowd.*" โ Scope filter
-d 2 โ Crawl depth
-v โ Verbose output
๐10โค9
This media is not supported in your browser
VIEW IN TELEGRAM
Popping alert(1) doesn't show REAL impact.
Escalate your XSS by stealing cookies instead๐
Escalate your XSS by stealing cookies instead๐
๐ฟ15๐ฅ4โค2
Is your open URL redirect payload getting blocked? ๐ง
Try one of these payloads to bypass it! ๐ค
https://www.intigriti.com/researchers/blog/hacking-tools/open-url-redirects-a-complete-guide-to-exploiting-open-url-redirect-vulnerabilities
Try one of these payloads to bypass it! ๐ค
https://www.intigriti.com/researchers/blog/hacking-tools/open-url-redirects-a-complete-guide-to-exploiting-open-url-redirect-vulnerabilities
โค7๐3๐ฅ2
Crazy Aliyun WAF Bypass:
cat /etc/hosts - triggers WAF
tac /etc/hosts - ๐งโโ๏ธ
Credit: @galnagli
#bugbountytips #bugbounty
cat /etc/hosts - triggers WAF
tac /etc/hosts - ๐งโโ๏ธ
Credit: @galnagli
#bugbountytips #bugbounty
๐ฅ5๐คจ3โค2๐2๐ฟ2
Some will find their first bug in a week, while others might take months. Some will excel in recon, others in web exploitation. Itโs not about how fast you get thereโitโs about persistence, learning, and adapting. Every failed attempt is a step forward, every mistake a lesson.
So, donโt compare your journey to others. Focus on your progress. Keep hacking, keep improving, and most importantly, keep walking your own path. Success will follow.
Please open Telegram to view this post
VIEW IN TELEGRAM
โค25๐5
Brut Security pinned ยซ๐ญ Everyoneโs journey in bug bounty is unique. What worked for one hacker may not work for you, and thatโs okay. Your growth isnโt defined by someone elseโs timeline. You have your own challenges to face, your own lessons to learn, and your own way of masteringโฆยป
โกLinkook - An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
โ https://github.com/JackJuly/linkook
โ https://github.com/JackJuly/linkook
๐13๐ซก3โค2
CVE-2024-47051: RCE in Mautic, 9.1 rating ๐ฅ
The vulnerability allows an attacker to conduct RCE through asset loading, as well as manipulate the file deletion process to delete arbitrary files.
Search at Netlas.io:
๐ Link: https://nt.ls/odIOX
๐ Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e
Vendor's advisory: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
The vulnerability allows an attacker to conduct RCE through asset loading, as well as manipulate the file deletion process to delete arbitrary files.
Search at Netlas.io:
๐ Link: https://nt.ls/odIOX
๐ Dork: http.favicon.hash_sha256:67a5904d731636c114513a7df90d4d6bff7a3f690f305ef3487ac84844a5874e
Vendor's advisory: https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
๐7๐ฑ3
Please open Telegram to view this post
VIEW IN TELEGRAM
๐15๐ฅ5
When you test a Django, Rails, or NodeJs web app try the following payloads in the "Accept:" header.
Please open Telegram to view this post
VIEW IN TELEGRAM
๐27โค18
A Huge Collection of Cybersecurity Tools and Resources!๐ก๏ธ
๐inventory.raw.pm/resources.html
๐inventory.raw.pm/resources.html
๐ฟ10๐4๐ข1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ16๐3๐3
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ18๐ฑ12โค7๐6