Awasome OSINT Tools
There are many various OSINT tools in the market. But some of them are uncommon. Here are some open source intelligence tools which are really […]
There are many various OSINT tools in the market. But some of them are uncommon. Here are some open source intelligence tools which are really […]
If you are looking for API security here is a collection of awesome API Security tools and resources from arainho. You may find public repo […]
Everthing about Bug Bounty you need to know is here. XSS•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/xss.md• https://github.com/ismailtasdelen/xss-payload-list SQLi•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/sqli.md SSRF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/ssrf.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery CRLF•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/crlf.md • https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection CSV-Injection•https://github.com/EdOverflow/bugbountycheatsheet/blob/master/cheatsheets/csvinjection.md• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection Command Injection• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20InjectionDirectory Traversal• https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal […]
Find XXE Vulnerability, XXE Dorks 1-Functionality that parses SVG files 2-Functionality that parses sitemap.xml files 3-SAML Authentication 4-HTML parsing 5-SOAP APIs 6-XML APIs Good Lock#bugbounty […]
SSRF exploitation via URL Scheme 1-File:Allows an attacker to fetch the content of a file on the server file://path/to/filefile:///etc/passwdfile://\/\/etc/passwdssrf.php?url=file:///etc/passwd 2-HTTP:Allows an attacker to fetch any […]
When you found API endpoint like “/api/v12/somthing” add “internal” to the route and check the respons. Example: Request:/api/v12/users/<userID> Respons: 403 Request: “/api/v12/internal/users/<userID>Respons: 200 After this […]
XSSerW3afProbelyPower fuzzerBurp SuiteNetsparkerZAProxyWebScarabXSStrikeXSScrapywfuzzImmuniWeb On-demandnmapJMeterwapitiZAP-CLIArachniXSS HunterFirebugxsssniperSkipfishKNOXSSAcunetixPsalm Plus:Also you will need https://xsshunter.com/ #bugbountytips #xss
http://127.1/ http://0000::1:80/ http://[::]:80/ http://2130706433/ http://whitelisted@127.0.0.1 http://0x7f000001/ http://017700000001 http://0177.00.00.01 http://⑯⑨。②⑤④。⑯⑨。②⑤④/ http://⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80/ http://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80/ http://②⑧⑤②⓪③⑨①⑥⑥:80/ http://④②⑤。⑤①⓪。④②⑤。⑤①⓪:80/ http://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥:80/ http://0xd8.0x3a.0xd6.0xe3 Good luck!
Are you goint to test a web site? And you are looking for deserialization vulnerabilities? All you need is Freddy Burpsuite plugin. Which target are […]
How to find Tomcat, Weblogic vulnerabilities? All you need is J2EEScan (Burpsuite plugin). Which vulnerabilities can you detect with J2EEScan? Expression Language Injection (CVE-2011-2730)Apache Roller […]
Copyright © 2024 | WordPress Theme by MH Themes