This media is not supported in your browser
VIEW IN TELEGRAM
π΅οΈββοΈ Bug Bounty Tip - Extract JavaScript File URLs from Any Page!
Forget opening DevTools - use this bookmarklet to instantly extract all .js file URLs and download them in a .txt file.
π Why this matters:
Quickly collect all linked JavaScript files
Use them for static analysis (LinkFinder, SecretFinder, etc.)
Great for recon, endpoint discovery & auth bypasses
π Bookmarklet Code:
π‘ How to use:
Create a new bookmark in your browser.
Paste the above code into the URL field.
Visit a target site and click the bookmark.
A javascript_urls.txt file will be downloaded with all .js links.
π₯ Now you can feed that into:
LinkFinder
SecretFinder
JSParser
Or manual analysis!
Forget opening DevTools - use this bookmarklet to instantly extract all .js file URLs and download them in a .txt file.
π Why this matters:
Quickly collect all linked JavaScript files
Use them for static analysis (LinkFinder, SecretFinder, etc.)
Great for recon, endpoint discovery & auth bypasses
π Bookmarklet Code:
javascript:(function(){let urls=[];document.querySelectorAll('*').forEach(e=>{urls.push(e.src,e.href,e.url)});urls=[...new Set(urls)].filter(u=>u&&u.endsWith('.js')).join('\n');let blob=new Blob([urls],{type:'text/plain'});let a=document.createElement('a');a.href=URL.createObjectURL(blob);a.download='javascript_urls.txt';a.click();})();π‘ How to use:
Create a new bookmark in your browser.
Paste the above code into the URL field.
Visit a target site and click the bookmark.
A javascript_urls.txt file will be downloaded with all .js links.
π₯ Now you can feed that into:
LinkFinder
SecretFinder
JSParser
Or manual analysis!
π₯30β€21π2π2π³1π€1
β‘Dependency Confusion via JS Miner
@GodfatherOrwa just landed a clean P1 by leveraging JS Miner in Burp Suite π₯
Hereβs how it went down π
𧩠After crawling all endpoints, he went to:
Target β Extensions β JS Miner β Run All Passive Scans
π₯ Thatβs when he spotted: [JS Miner] Dependency Confusion
The vulnerable package was unclaimed on NPM π
π¦ Next steps he followed:
After claiming the package, he injected an RCE payload via
π§ͺ Full POC: github.com/orwagodfather/NPM-RCE
π£ Result? A solid P1 vulnerability and a perfect example of how effective Dependency Confusion still is.
Props to @GodfatherOrwa for consistently dropping fire techniques π₯
@GodfatherOrwa just landed a clean P1 by leveraging JS Miner in Burp Suite π₯
Hereβs how it went down π
𧩠After crawling all endpoints, he went to:
Target β Extensions β JS Miner β Run All Passive Scans
π₯ Thatβs when he spotted: [JS Miner] Dependency Confusion
The vulnerable package was unclaimed on NPM π
π¦ Next steps he followed:
npm login
mkdir <package-name> && cd <package-name>
npm init -y
npm publish --access public
After claiming the package, he injected an RCE payload via
package.jsonπ§ͺ Full POC: github.com/orwagodfather/NPM-RCE
π£ Result? A solid P1 vulnerability and a perfect example of how effective Dependency Confusion still is.
Props to @GodfatherOrwa for consistently dropping fire techniques π₯
GitHub
GitHub - orwagodfather/NPM-RCE: the POC of package.json RCE
the POC of package.json RCE. Contribute to orwagodfather/NPM-RCE development by creating an account on GitHub.
π₯16β€8πΏ4π1
π Bug Bounty Web Checklist
β Track your web pentesting progress by checking each subcategory.
πhttps://nemocyberworld.github.io/BugBountyCheckList/
β Track your web pentesting progress by checking each subcategory.
πhttps://nemocyberworld.github.io/BugBountyCheckList/
β€24π9
BBRecon Masterflow - 2025.pdf
30.4 KB
π Bug Bounty Recon Masterflow β 2025 Edition π
π9β€6π4π¨βπ»3
Grab all the GF Patterns from different Repositories at one shot !! π₯
*Link* : https://github.com/thecybertix/GF-Patterns
*Link* : https://github.com/thecybertix/GF-Patterns
GitHub
GitHub - thecybertix/GF-Patterns: This repository contains all the GF-Patterns Repositories. All we have to do is just to run theβ¦
This repository contains all the GF-Patterns Repositories. All we have to do is just to run the given Shell File and it's Done !! - thecybertix/GF-Patterns
π7π₯2β€1
βοΈ Nuclei forge: free tool that helps you visually create Nuclei YAML templates !π₯
created by @payloadartist ! π
https://forge.bugbountyhunting.com
created by @payloadartist ! π
https://forge.bugbountyhunting.com
π16β€7
π Wayback Subdomain Enumeration via Bash
Want to uncover hidden subdomains archived over time? This handy Bash function pulls subdomains from the Wayback Machine and helps with deep reconnaissance.
β Add this to your ~/.bashrc:
π§ͺ Usage:
It filters subdomains from archived URLs and sorts them uniquely.
Want to uncover hidden subdomains archived over time? This handy Bash function pulls subdomains from the Wayback Machine and helps with deep reconnaissance.
β Add this to your ~/.bashrc:
function wayback() {
curl -sk "https://web.archive.org/cdx/search/cdx?url=*.$1&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u
}π§ͺ Usage:
wayback target.comIt filters subdomains from archived URLs and sorts them uniquely.
π₯18β€11π8
β
shosubgo - Small tool to Grab subdomains using Shodan API
β‘https://github.com/incogbyte/shosubgo
β‘https://github.com/incogbyte/shosubgo
β€12πΏ5π1
β
MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.
β‘https://github.com/midoxnet/mapperplus
β‘https://github.com/midoxnet/mapperplus
β€15π2π₯1
π¨ New Batch Starting β August 2025 π¨
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
Email: [email protected]
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
+918945971332Email: [email protected]
β€11π€2
APKDeepLens is a Python based tool designed to scan Android applications (APK files) for security vulnerabilities.
β https://github.com/d78ui98/APKDeepLens/
β https://github.com/d78ui98/APKDeepLens/
β€12π2
π¨ CVE-2025-41646 -
Critical Auth Bypass in RevPi Webstatus (β€ v2.4.5) π¨
β οΈ Impacts ICS/OT environments β high risk!
π οΈ Root Cause:
Backend uses weak equality comparison, accepting a JSON boolean true instead of a password hash.
π§ͺ PoC:
Send this in a login request:
β Result: You get full access without valid credentials!
π Fix: Upgrade to v2.4.6 β patch removes weak comparison logic.
π― Bug bounty takeaway:
Always test for type juggling and loose equality bugs in login flows, especially in OT/ICS systems where patch cycles are slower.
Critical Auth Bypass in RevPi Webstatus (β€ v2.4.5) π¨
β οΈ Impacts ICS/OT environments β high risk!
π οΈ Root Cause:
Backend uses weak equality comparison, accepting a JSON boolean true instead of a password hash.
π§ͺ PoC:
Send this in a login request:
{ "hashcode": true }β Result: You get full access without valid credentials!
π Fix: Upgrade to v2.4.6 β patch removes weak comparison logic.
π― Bug bounty takeaway:
Always test for type juggling and loose equality bugs in login flows, especially in OT/ICS systems where patch cycles are slower.
πΏ12π4β€2
CVE-2025-49826: DoS in Next.js, 7.5 ratingβοΈ
A vulnerability in some versions of the Next.js framework allows attackers to perform cache poisoning, leading to a denial of service.
Search at Netlas.io:
π Link: https://nt.ls/raJ1k
π Dork: http.headers.x_powered_by:"Next.js"
Read more: https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
A vulnerability in some versions of the Next.js framework allows attackers to perform cache poisoning, leading to a denial of service.
Search at Netlas.io:
π Link: https://nt.ls/raJ1k
π Dork: http.headers.x_powered_by:"Next.js"
Read more: https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
π9β€4