haxshadow

My team met developed a Recon Engine with subdomain find, port scan, parameter find, technology detect, information disclosure, git dorking, cve search etc many more features. You guys should check this Recon Engine. If you know anything valid and interesting that missing on the Recon engine you can suggest us by giving link. DM us.

https://freelancermijan.github.io/reconengine/

👍30❤11🔥7💩5🤝4🥰3

4.53K viewsedited 05:37

haxshadow

❤23🔥5👍3💩3

3.96K views05:15

haxshadow

https://youtu.be/SzTYvuatkpE?si=1ntYEjTptii-WLbv

YouTube

How to Find Blind SQL Injection on URI Path | Bug Bounty Guide

💥 How to Find Blind SQL Injection on URI Path | Bug Bounty Guide

Welcome back, hackers! In this video, we’ll explore one of the trickier vulnerabilities to detect: Blind SQL Injection on URI paths. Blind SQL injection attacks are stealthy and challenging…

👎14💩7❤3🔥3👍1🥰1

3.88K views14:35

haxshadow

👍16❤9💩7👎2🕊2🥰1🤮1

4.04K views03:14

haxshadow

https://youtu.be/bxiW3PCvxZI?si=xXykxDiMcSdTnpvU

YouTube

CVE-2024-9014 | pgAdmin4 Auth Bypass Exploit | OAuth Flaw POC

🔒 CVE-2024-9014 | pgAdmin4 Auth Bypass Exploit | OAuth Flaw POC

Welcome back to the channel! In this video, we dive deep into CVE-2024-9014, an authentication bypass vulnerability in pgAdmin4 that exposes a critical flaw within its OAuth implementation.…

❤‍🔥14🔥2

3.69K views12:46

haxshadow

Forwarded from Offensive Security

#Exclusive 🔥
HTB Academy – Bug Bounty Hunter Job Rule Path 2024.11

🔗 Download

Info : https://academy.hackthebox.com/path/preview/bug-bounty-hunter

@offensivesecurity

❤11👍2

4.18K views05:54

haxshadow

🔖 Here’s a list of 10 Github dorks to find secret and access tokens

"https://target.com" send_keys
"https://target.com" password
"https://target.com" api_key
"https://target.com" apikey
"https://target.com" jira_password
"https://target.com" root_password
"https://target.com" access_token
"https://target.com" config
"https://target.com" client_secret
"https://target.com" user auth

Target

Target : Expect More. Pay Less.

Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.

❤11🔥5👍2

4.06K views16:34

haxshadow

How to Find and Exploit 𝐌𝐢𝐬𝐜𝐨𝐧𝐟𝐢𝐠𝐮𝐫𝐞𝐝 𝐩𝐡𝐩𝐌𝐲𝐀𝐝𝐦𝐢𝐧 | Bug Bounty POC
https://youtu.be/XtIMOsE0554?si=Hq708taLUcVb8nXB

YouTube

How to Find and Exploit 𝐌𝐢𝐬𝐜𝐨𝐧𝐟𝐢𝐠𝐮𝐫𝐞𝐝 𝐩𝐡𝐩𝐌𝐲𝐀𝐝𝐦𝐢𝐧 | Bug Bounty POC

"Ready to take your bug bounty skills to the next level? In this video, I’ll show you how to find and exploit misconfigured phpMyAdmin setups in web applications. 🚀

👉 Get Hostinger Discount ➜ https://bit.ly/Hostinger-Coupon-C0de
💥 HOSTINGER COUPON CODE:…

4.39K views13:14

haxshadow

misconfiguration-check.yaml

1.4 KB

Bash

FOFA = title="phpmyadmin"

👍7❤2

4.53K views13:59

haxshadow

I am Live on YouTube channel

https://www.youtube.com/live/2mGmKsKORF8?si=Q9Yv9onEmw-7aO0V

YouTube

T-mobile - Live bug bounty hunting on bugcrowd | live Recon

🌟 T-Mobile - Live Bug Bounty Hunting on Bugcrowd | Real-Time Reconnaissance Adventure! 🌟

🎯 Ready to step into the thrilling world of ethical hacking? Join us LIVE as we embark on an epic bug bounty hunt, targeting T-Mobile's assets through Bugcrowd! Watch…

❤13🔥7👍1👎1

4.75K views16:12

haxshadow

hello everyone

❤6

3.66K views12:14

haxshadow

NAS Vulnerability: Command Injection Exploit via Group Parameter | Bug Bounty Tutorial
https://youtu.be/UucbbgsiEoA?si=LZ3l1W7SsRIhaBok

YouTube

NAS Vulnerability: Command Injection Exploit via Group Parameter | Bug Bounty Tutorial

🔍 NAS Vulnerability: Command Injection Exploit via Group Parameter | Bug Bounty Tutorial

Welcome back, bug hunters and cybersecurity enthusiasts! 🚀 In this video, we’ll uncover a critical NAS vulnerability involving a command injection exploit through the…

👍8

3.74K views12:15

haxshadow

GoogleDorks
Bash

filetype:ini "password" site:orgfiletype:txt "credentials" site:gov
filetype:yaml "secret_key" -examples
filetype:key "PRIVATE KEY"
filetype:pem "PRIVATE KEY"
filetype:log "debug" "error"
filetype:log "Stack trace" site:edu
filetype:log "unable to connect"
filetype:log "authentication failed"
filetype:json "db_password" -github
filetype:db "database" site:org
filetype:sql "INSERT INTO" "VALUES" site:edu
filetype:dump "database" site:gov
"index of" "backup.sql"
filetype:conf "db_user" site:org
filetype:config "ftp" site:gov
filetype:xml "web.config" site:edu
"index of" "settings.json"
filetype:env "SECRET_KEY"
"index of" "api_key"
filetype:json "api_token"
filetype:txt "api_secret"
"admin login" filetype:php
"index of" "server-status"
filetype:php "mysql_connect" site:gov
"admin dashboard" "login"
filetype:pdf "not for distribution" site:gov
filetype:xlsx "confidential report" site:edu
filetype:doc "salary" "employee"
filetype:docx "restricted access"
filetype:xlsx | filetype:xls "username" "password" site:gov
filetype:xlsx | filetype:xls "username" site:gov
filetype:xlsx | filetype:xls "database" site:gov
filetype:xlsx | filetype:xls "financial" site:gov
filetype:xlsx | filetype:xls "password" site:gov
site:dropbox.com "password"
site:box.com "confidential"
site:drive.google.com "important"
site:onedrive.live.com "restricted"
site:pastebin.com "password"
site:github.com "SECRET_KEY"
site:gitlab.com "PRIVATE_KEY"
site:bitbucket.org "db_password"

👍21🔥14👎1

4.88K viewsedited 12:22

haxshadow

hello everyone i am back

👍13❤3🥰3🔥2

3.93K views12:57

About

Blog

Apps

Platform