🚨OneDorkForAll🚨
👉An insane list of all dorks taken from everywhere from various different sources. Google, Shodan, Github. Bug bounty dorks (includes private programs), shodan, github, CCTV, CMS dorks, lfi, sqli, xss, more vulns + an extra 1Mil+ dorks.
🔗https://github.com/HackShiv/OneDorkForAll
👉An insane list of all dorks taken from everywhere from various different sources. Google, Shodan, Github. Bug bounty dorks (includes private programs), shodan, github, CCTV, CMS dorks, lfi, sqli, xss, more vulns + an extra 1Mil+ dorks.
🔗https://github.com/HackShiv/OneDorkForAll
🔥7🫡2❤1🤝1
🚨X-Recon: A utility for detecting webpage inputs and conducting XSS scans.🚨
Features:
1. Subdomain Discovery
2. Site-wide Link Discovery
3. Form and Input Extraction
4. XSS Scanning
🔗Link: https://lnkd.in/gfAeBPz7
Features:
1. Subdomain Discovery
2. Site-wide Link Discovery
3. Form and Input Extraction
4. XSS Scanning
🔗Link: https://lnkd.in/gfAeBPz7
💯4👍2🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
🚨noWAFpls🚨
👉Burp Plugin to Bypass WAFs through the insertion of Junk Data
🔗 https://github.com/assetnote/nowafpls
👉Burp Plugin to Bypass WAFs through the insertion of Junk Data
🔗 https://github.com/assetnote/nowafpls
👍3🔥1🤯1
🚨CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server
👉It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
💥PoC: https://github.com/rapid7/metasploit-framework/pull/19240
💥Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
👉It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
💥PoC: https://github.com/rapid7/metasploit-framework/pull/19240
💥Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
Found this on twitter. The POC is very informative. What you think?
🔥11👍2🤯2
Surprisingly Havij - SQL injection tool helped me to achieve a error based sqli on ferrari 😳
🐳4
Simple but effective method to narrow down your scope, sometimes it helps to think simple.
waybackurls --dates domain(.)com | grep '?id='
Payload : if(now()=sysdate(),SLEEP(8),0)
By:@ynsmroztas
#bugbountytips #bugbounty
waybackurls --dates domain(.)com | grep '?id='
Payload : if(now()=sysdate(),SLEEP(8),0)
By:@ynsmroztas
#bugbountytips #bugbounty
🔥6👍1
Brut Security
🚨CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server 👉It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.…
Media is too big
VIEW IN TELEGRAM
Rejetto HTTP File Server - Template injection
🔥5
🚨CVE-2024-29849~29852: Veeam’s Backup Nightmare, Full System Access Exposed
⚠Veeam Backup Enterprise Manager has been issued 4 critical vulnerabilities, allowing unauthorized access, account takeover, and data exposure.
💥PoC: https://github.com/sinsinology/CVE-2024-29849
💥Dorks:
Hunter:/product.name="Veeam Backup Enterprise Manager"
FOFA:app="Veeam-Backup-Enterprise-Manager"
SHODAN:http.noscript:"Veeam Backup Enterprise Manager"
#Veeam #backup #infosec #infosecurity #Infosys #Vulnerability #bugbounty #bugbountytips
⚠Veeam Backup Enterprise Manager has been issued 4 critical vulnerabilities, allowing unauthorized access, account takeover, and data exposure.
💥PoC: https://github.com/sinsinology/CVE-2024-29849
💥Dorks:
Hunter:/product.name="Veeam Backup Enterprise Manager"
FOFA:app="Veeam-Backup-Enterprise-Manager"
SHODAN:http.noscript:"Veeam Backup Enterprise Manager"
#Veeam #backup #infosec #infosecurity #Infosys #Vulnerability #bugbounty #bugbountytips
🤯3
🌐🕵️♂️Ominis: OSINT: Web Hunter 🌐🕵️♂️
👉It gathers online information by querying Google with a user-inputted query. The tool then extracts relevant details like noscripts, URLs, and mentions of the query from the search results.
Targetable and Actionable Results 🎯
1. Identifying Potential Threats 🚨
2. Monitoring Competitors 🕵️♂️
3. Gathering Human Intelligence 👥
4. Detecting Brand Mentions 📣
5. Investigating Individuals 🔍
6. Uncovering Financial Insights 💰
7. Mapping Digital Footprints 🗺️
8. Tracking Online Campaigns 📊
9. Monitoring Regulatory Compliance 📝
10. Forecasting Emerging Risks 📈
11. Google Search Filtering 🖇
🔗Download: https://github.com/AnonCatalyst/Ominis-OSINT
👉It gathers online information by querying Google with a user-inputted query. The tool then extracts relevant details like noscripts, URLs, and mentions of the query from the search results.
Targetable and Actionable Results 🎯
1. Identifying Potential Threats 🚨
2. Monitoring Competitors 🕵️♂️
3. Gathering Human Intelligence 👥
4. Detecting Brand Mentions 📣
5. Investigating Individuals 🔍
6. Uncovering Financial Insights 💰
7. Mapping Digital Footprints 🗺️
8. Tracking Online Campaigns 📊
9. Monitoring Regulatory Compliance 📝
10. Forecasting Emerging Risks 📈
11. Google Search Filtering 🖇
🔗Download: https://github.com/AnonCatalyst/Ominis-OSINT
👍6