๐Dons Js Scanner๐
๐Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.
๐https://github.com/dragonked2/Dons
๐Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.Dons Js Scanner is a Python tool designed by Ali Essam to scan websites and uncover potential sensitive information within JavaScript files. It utilizes asynchronous programming for efficient web crawling and in-depth analysis.
๐https://github.com/dragonked2/Dons
โค7๐3๐1๐ฅ1๐1
This media is not supported in your browser
VIEW IN TELEGRAM
๐๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ข๐ง๐ ๐๐๐๐ ๐๐จ๐ง๐๐ข๐ญ๐ข๐จ๐ง๐ฌ ๐ฎ๐ฌ๐ข๐ง๐ ๐๐ฎ๐ซ๐ฉ ๐๐๐ฉ๐๐๐ญ๐๐ซ ๐๐ซ๐จ๐ฎ๐ฉ๐ฌ ๐
Race condition vulnerabilities abuse the server's (improper) way of handling concurrent requests.
These vulnerabilities can be used to perform limit-overrun attacks such as:
- using the same gift card multiple times
- redeeming the same coupon code
- bypassing a shop's quantity limits (nvidia video cards ๐)
How to check for race condition vulns
1. Find the request that triggers the server-side check
2. Create a new tab group in Repeater
3. Add the same request multiple times to the group (CTRL+R)
4. Select "Send group in parallel"
5. Run the attack
6. Check if more than one response is valid
*
Credit- Andrei Agape
Lab: https://portswigger.net/web-security/race-conditions/lab-race-conditions-limit-overrun
Article: https://portswigger.net/research/smashing-the-state-machine
Race condition vulnerabilities abuse the server's (improper) way of handling concurrent requests.
These vulnerabilities can be used to perform limit-overrun attacks such as:
- using the same gift card multiple times
- redeeming the same coupon code
- bypassing a shop's quantity limits (nvidia video cards ๐)
How to check for race condition vulns
1. Find the request that triggers the server-side check
2. Create a new tab group in Repeater
3. Add the same request multiple times to the group (CTRL+R)
4. Select "Send group in parallel"
5. Run the attack
6. Check if more than one response is valid
*
Credit- Andrei Agape
Lab: https://portswigger.net/web-security/race-conditions/lab-race-conditions-limit-overrun
Article: https://portswigger.net/research/smashing-the-state-machine
โค8๐6๐ฅ4
๐คBug Bounty Tips for SSRF๐ค
Step 1: Subdomain Enumeration
โขDNS Dumpster
โขSublist3r
โขAmass
โขGoogle Dorking
โขCertificate Transparency Logs
โขsubdomainer
Step 2: Find Live Domains
cat all-domains.txt | httpx > all-live.txt
Step 3: Identify All URLs
cat all-live.txt | gauplus -subs -b png,jpg,gif,jpeg,swf,woff,gif,svg -o allUrls.txt
Step 4: Injection Burp Collaborator URL in Parameters
cat /home/casperino/tools/nuclei/httpx.txt | grep "=" | ./qsreplace 40ga7gynfy6pcg06ov.oastify.com > ssrf.txt
Step 5: Test for SSRF Vulnerabilities
cat ssrf.txt | httpx -fr
Step 6: How to check which URL is vulnerable
split -l 10 ssrf.txt output_file_
โค27๐10๐ฅ7
๐คBug Bounty VPS Setup๐ค
Bug Hunting Autopilot VPS by Om Arora
https://lnkd.in/dkhvZ54t
Setup Bug Bounty Automation by sm4rty
https://lnkd.in/dRW3yX32
VPS Bug Bounty Tools by drak3shift7
https://lnkd.in/dbVwcveD
Setup DigitalOcean VPS to Bug Bounty by SimbaTech
https://lnkd.in/dse2BhkE
Using VPS for Bug Bounty, comparing VPS providers
https://lnkd.in/dZUtg3Hr
Bug Bounty Tools config in VPS by Iheb Hamad
https://lnkd.in/d42rqzwW
Beginners Guide: VPS Setup for Bug Bounty Recon Automation
https://lnkd.in/dxeEAYxJ
Notification system for your Bug Bounty Automation by Ranjan Kumar
https://lnkd.in/djfBqR-4
Emissary Tool (Send notifications via different channels such as Slack, Telegram or Teams in your bug bounty flow) by BountyStrike
https://lnkd.in/dX-aGhRw
SSRF! : Get notified on discord whenever you have an SSRF by a1bi_n_
https://lnkd.in/dsVsj_qq
Bug Hunting Autopilot VPS by Om Arora
https://lnkd.in/dkhvZ54t
Setup Bug Bounty Automation by sm4rty
https://lnkd.in/dRW3yX32
VPS Bug Bounty Tools by drak3shift7
https://lnkd.in/dbVwcveD
Setup DigitalOcean VPS to Bug Bounty by SimbaTech
https://lnkd.in/dse2BhkE
Using VPS for Bug Bounty, comparing VPS providers
https://lnkd.in/dZUtg3Hr
Bug Bounty Tools config in VPS by Iheb Hamad
https://lnkd.in/d42rqzwW
Beginners Guide: VPS Setup for Bug Bounty Recon Automation
https://lnkd.in/dxeEAYxJ
Notification system for your Bug Bounty Automation by Ranjan Kumar
https://lnkd.in/djfBqR-4
Emissary Tool (Send notifications via different channels such as Slack, Telegram or Teams in your bug bounty flow) by BountyStrike
https://lnkd.in/dX-aGhRw
SSRF! : Get notified on discord whenever you have an SSRF by a1bi_n_
https://lnkd.in/dsVsj_qq
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
๐4๐ฅ4โค2
๐จWeb Pentesting Checklist by Ott3rly ๐จ
- API docs/support pages. Explore functionality to understand the app better.
- Plans and pricing. Identify limitations of different plans, your goal will be detecting ways to bypass them.
- Register functionality. IDORS, unexpiring tokens, reused tokens,
- Password reset.
- 2FA.
- User Management (auth model). Try to build RBAC matrix.
- My profile section.
- User invites
- See if inviting an existing user to your org exposes their name
- See if inviting an existing user removes them from their own org
- User management
- Customer data
- Look for JS, ctrl+f and try to find /admin /api and etc.
- Look for API
- If an endpoint has api/v2/, try api/v1/
- Undocumented API Calls and Admin tools
- Upload functions
- Integration functions
- Look for subdomains, don't hack on them since they will be OOS, but try to find the way to to elavate it to your main target.
- If you find a bug that's OOS, still ask the customer if they care
Cart section
- Integer overflow
- Business logic errors (-1 number of items)
- Rate limit on coupon
- Race condition on coupon
- Any interesting parameters
Giftcards
- Any interesting parameters
- Race condition
- Reflected XSS
- API endpoint enumeration
Intercom
- Intercom('show');
- Intercom('boot',{email:'[email protected]'})
๐13โค4๐ฅ4
๐จafrog - A Security Tool for Bug Bounty, Pentest and Red Teaming๐จ
๐ฅDownload - https://github.com/zan8in/afrog/
๐Usage -
โ afrog -T urls.txt -S high,critical,medium -o result.html
โ afrog -t https://example.com -S high,critical
๐ฅDownload - https://github.com/zan8in/afrog/
๐Usage -
โ afrog -T urls.txt -S high,critical,medium -o result.html
โ afrog -t https://example.com -S high,critical
โค9๐ฅ4๐3