⚡️grepsubsfromwebpages
✅Extract subdomains automatically while visiting webpages. Just add target domain name and this extension will start extracting subs from the webpages you visit.
📌https://github.com/hackersthan/grepsubsfromwebpages
✅Extract subdomains automatically while visiting webpages. Just add target domain name and this extension will start extracting subs from the webpages you visit.
📌https://github.com/hackersthan/grepsubsfromwebpages
👍9❤2🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍13❤7🔥5
Please open Telegram to view this post
VIEW IN TELEGRAM
😢21🤣4👍2🔥1
🚨 CVE-2025-1094: PostgreSQL psql SQL injection
🔥PoC:https://github.com/rapid7/metasploit-framework/pull/19877
🧐Deep Dive :https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
👇Dorks:
HUNTER : protocol="postgresql"
FOFA : product="PostgreSQL"
SHODAN : "port:5432 PostgreSQL"
📰Refer:https://thecyberthrone.in/2025/02/15/cve-2025-1094-impacts-postgresql-with-sql-injection/
🔥PoC:https://github.com/rapid7/metasploit-framework/pull/19877
🧐Deep Dive :https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis
👇Dorks:
HUNTER : protocol="postgresql"
FOFA : product="PostgreSQL"
SHODAN : "port:5432 PostgreSQL"
📰Refer:https://thecyberthrone.in/2025/02/15/cve-2025-1094-impacts-postgresql-with-sql-injection/
👍12🔥5❤3👏1
This media is not supported in your browser
VIEW IN TELEGRAM
javanoscript:(async function(){let scanningDiv=document.createElement("div");scanningDiv.style.position="fixed",scanningDiv.style.bottom="0",scanningDiv.style.left="0",scanningDiv.style.width="100%",scanningDiv.style.maxHeight="50%",scanningDiv.style.overflowY="scroll",scanningDiv.style.backgroundColor="white",scanningDiv.style.color="black",scanningDiv.style.padding="10px",scanningDiv.style.zIndex="9999",scanningDiv.style.borderTop="2px solid black",scanningDiv.innerHTML="<h4>Scanning...</h4>",document.body.appendChild(scanningDiv);let e=[],t=new Set;async function n(e){try{const t=await fetch(e);return t.ok?await t.text():(console.error(`Failed to fetch ${e}: ${t.status}`),null)}catch(t){return console.error(`Error fetching ${e}:`,t),null}}function o(e){return(e.startsWith("/")||e.startsWith("./")||e.startsWith("../"))&&!e.includes(" ")&&!/[^\x20-\x7E]/.test(e)&&e.length>1&&e.length<200}function s(e){return[...e.matchAll(/['"]((?:\/|\.\.\/|\.\/)[^'"]+)['"]/g)].map(e=>e[1]).filter(o)}async function c(o){if(t.has(o))return;t.add(o),console.log(`Fetching and processing: ${o}`);const c=await n(o);if(c){const t=s(c);e.push(...t)}}const l=performance.getEntriesByType("resource").map(e=>e.name);console.log("Resources found:",l);for(const e of l)await c(e);const i=[...new Set(e)];console.log("Final list of unique paths:",i),console.log("All scanned resources:",Array.from(t)),scanningDiv.innerHTML=`<h4>Unique Paths Found:</h4><ul>${i.map(e=>`<li>${e}</li>`).join("")}</ul>`})();
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥33👍7❤3
⚡️One Million Dorks - A repository with text files containing a million dorks for finding potentially vulnerable web pages and sensitive data (in Google and other search engines). Can be used with various automation tools.
🎯https://github.com/HackShiv/OneDorkForAll/tree/main/dorks/1M_dork
#bugbounty #cybersecurity
🎯https://github.com/HackShiv/OneDorkForAll/tree/main/dorks/1M_dork
#bugbounty #cybersecurity
🔥19👍9
Schlix CMS 2.2.7-2 Arbitrary File Upload - POC ---> https://news.1rj.ru/str/brutsecurity_poc/41
❤3👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
🤣40🔥1
Nuclei v3.3.9 (@pdiscoveryio) has -ai option to generate and run nuclei templates on the fly in natural language.
This is a list of prompts for this option:
- sensitive data exposure
- SQLi
- XSS
- SSRF
https://github.com/reewardius/Nuclei-AI-Prompts
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥34👍6🗿2
Please open Telegram to view this post
VIEW IN TELEGRAM
🤣46👍6😢1🤨1
This media is not supported in your browser
VIEW IN TELEGRAM
Writeup- https://blog.chebuya.com/posts/server-side-request-forgery-on-sliver-c2/
POC- https://github.com/chebuya/exploits/tree/main/CVE-2025-27090%3A%20Sliver%20C2%20SSRF
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥43👍7❤2🤣1
CVE-2025-26465, -26466: Two vulnerabilities in OpenSSH, 6.8 rating❗️
MitM and DoS in OpenSSH. The severity level is medium, but the vulnerabilities cover many versions: from 2013 for -26465 and from 2023 for -26466.
Search at Netlas.io:
👉 Link: https://nt.ls/1TTrj
👉 Dork: ssh.server_key_exchange.client_to_server_compression:"zlib@openssh.com"
Read more: https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
MitM and DoS in OpenSSH. The severity level is medium, but the vulnerabilities cover many versions: from 2013 for -26465 and from 2023 for -26466.
Search at Netlas.io:
👉 Link: https://nt.ls/1TTrj
👉 Dork: ssh.server_key_exchange.client_to_server_compression:"zlib@openssh.com"
Read more: https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
👍10🔥5❤2😱1🤣1
Please open Telegram to view this post
VIEW IN TELEGRAM
10😱12👍7🔥7
CVE-2025-23209: Code Injection in CraftCMS, 8.1 rating❗️
Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys.
Search at Netlas.io:
👉 Link: https://nt.ls/brxoj
👉 Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x
Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys.
Search at Netlas.io:
👉 Link: https://nt.ls/brxoj
👉 Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x
🔥4👍2😱1
javanoscript:(function(){var noscripts=document.getElementsByTagName("noscript"),regex=/(?<=(\"|\'|\`))\/[a-zA-Z0–9_?&=\/\-\#\.]*(?=(\"|\'|\`))/g;const results=new Set;for(var i=0;i<noscripts.length;i++){var t=noscripts[i].src;""!=t&&fetch(t).then(function(t){return t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of e)results.add(r[0])}).catch(function(t){console.log("An error occurred: ",t)})}var pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const match of matches)results.add(match[0]);function writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();Please open Telegram to view this post
VIEW IN TELEGRAM
10👍7❤6🔥5🤝2