TryHackMe Vouchers Available
1 Months-500 INR
3 Months-1400 INR
UPI/Paypl Accepted

🚨sj (Swagger Jacker)🚨
👉A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
📥 https://github.com/BishopFox/sj/

GTFONow

Automatic privilege escalation on unix systems by exploiting misconfigured setuid/setgid binaries, capabilities and sudo permissions. Designed for CTFs but also applicable in real world pentests.

https://github.com/Frissi0n/GTFONow

🌟Subdominator🌟 is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes.

📥 https://github.com/sanjai-AK47/Subdominator

Jon The Discussion Group👇
https://news.1rj.ru/str/+bjrvAloQDJsxM2Fl

🌟WebCopilot🌟
👉An automation tool that enumerates subdomains then filters out xss,sqli, open redirect, lfi,ssrf and rce parameters and then scans for vulnerabilities.

📥https://github.com/h4r5h1t/webcopilot

Tryhackme Vouchers Stocked Again ✅1 Month 500 INR
✅3 Month 1400 INR ✅1 Year 4000 INR . Ping @wtf_yodhha

Public Bug Bounty Programs [Domain,Subdomain]
https://github.com/trickest/inventory

Public Bug Bounty Platforms Around The World
https://platforms.disclose.io/

Public Bug Bounty/ Penetration Testing Reports
https://github.com/reddelexc/hackerone-reports
https://github.com/juliocesarfort/public-pentesting-reports

Bug Bounty Books
https://github.com/akr3ch/BugBountyBooks
https://github.com/AnLoMinus/Bug-Bounty

Bug Bounty Youtube Channel
https://www.youtube.com/@BugBountyReportsExplained
https://www.youtube.com/@NahamSec
https://www.youtube.com/@STOKfredrik
https://www.youtube.com/channel/UCyBZ1F8ZCJVKSIJPrLINFyA
https://www.youtube.com/@InsiderPhD

Bug Bounty Hunter Twitter/Blog/etc
https://twitter.com/thedawgyg?lang=en
https://twitter.com/d00xing?lang=en
https://m0chan.github.io/
https://twitter.com/codecancare
http://ele7enxxh.com/
https://twitter.com/ele7enxxh?lang=en
https://twitter.com/orange_8361?lang=en
https://twitter.com/_godiego__?lang=en

💢 15 different methods for 2FA Bypass Techniques 💢

1. Response Manipulation
In response if "success":false
Change it to "success":true

2. Status Code Manipulation
If Status Code is 4xx
Try to change it to 200 OK and see if it bypass restrictions

3. 2FA Code Leakage in Response
Check the response of the 2FA Code Triggering Request to see if the code is leaked.

4. JS File Analysis
Rare but some JS Files may contain info about the 2FA Code, worth giving a shot

5. 2FA Code Reusability
Same code can be reused

6. Lack of Brute-Force Protection
Possible to brute-force any length 2FA Code

7. Missing 2FA Code Integrity Validation
Code for any user account can be used to bypass the 2FA

8. CSRF on 2FA Disabling
No CSRF Protection on disabling 2FA, also there is no auth confirmation

9. Password Reset Disable 2FA
2FA gets disabled on password change/email change

10. Backup Code Abuse
Bypassing 2FA by abusing the Backup code feature
Use the above mentioned techniques to bypass Backup Code to remove/reset 2FA reset restrictions

11. Clickjacking on 2FA Disabling Page
Iframing the 2FA Disabling page and social engineering victim to disable the 2FA

12. Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
If the session is already hijacked and there is a session timeout vulnerbility

13. Bypass 2FA with null or 000000
Enter the code 000000 or null to bypass 2FA protection.

Steps:-
1. Enter “null” in 2FA code
2. Enter 000000 in 2FA code
3. Send empty code - Someone found this in grammarly
4. Open new tab in same browser and check if other API endpoints are accessible without entering 2FA

14. Google Authenticator Bypass Steps:-
1) Set-up Google Authenticator for 2FA
2) Now, 2FA is enabled
3) Go on password reset page and change your password
4) If you are website redirect you to your dashboard then 2FA (Google Authenticator) is bypassed

15. Bypassing OTP in registration forms by repeating the form submission multiple times using repeater
Steps :-
1) Create an account with a non-existing phone number
2) Intercept the Request in BurpSuite
3) Send the request to the repeater and forward
4) Go to Repeater tab and change the non-existent phone number to your phone number
5) If you got an OTP to your phone, try using that OTP to register that non-existent number.

CSRF - Bypasses

1. Remove the entire token parameter with value/Remove just the value.
2. Use any other random but same length token.
3. Use any other random (length-1) or (length+1) token.
4. Use attacker's token in victim's session.
5. Change the method from POST to GET and remove the token.
6. If request is made through PUT or DELETE then try POST
7. If token is sent through custom header; try to remove the header.
8. Change the Content-Type to application/json, application/x-url-encoded or form-multipart, text/xml, application/xml.
9. If double submit token is there (in cookies and some header) then try CRLF injection.
10. Bypassing referrer check:
i. If the referrer header is checked but only when it exists in the request then add this piece of code in your csrf poc:

<meta name="referrer" content="never">

ii. Regex Referral bypass:
11. CSRF token stealing via xss/htmli/cors.
12. JSON Based:
i. Change the Content-Type to text/plain, application/x-www-form-urlencoded, multipart/form-data and check if it accepts.
ii. Use flash + 307 redirect.
13. Guessable CSRF token.
14. Clickjacking to strong CSRF token bypass.
15. Type Juggling.
16. Array: newemail=victim@gmail.com&csrftoken[]=lol
17. Set the csrf token to "null" or add null bytes.
18. Check whether csrf token is sent over http or sent to 3rd party. See here
19. Generate multiple csrf tokens, observe the static part. Keep it as it is and play with the dynamic part.

🌟DNS Enumeration 🌟

1. DIG:
- Importance: Command-line tool for querying DNS information.

2. Host:
- Importance: Command-line utility for DNS queries.

3. NMAP (dns-brute noscript):
- Importance: Network scanning tool to identify subdomains and IPs.

4. DNS Recon:
- Importance: Dedicated tool for automated DNS information gathering.

5. SecurityTrails:
- Importance: Online service for historical DNS data exploration.

Importance of DNS Enumeration:
- Subdomain Discovery: Identify potential entry points.
- IP Address Mapping: Understand target infrastructure.
- Vulnerability Assessment: Spot DNS misconfigurations.
- Attack Surface Mapping: Identify hosts and services.
- *Information Gathering:* Extract valuable domain-related data.

DNS enumeration is vital for comprehensively understanding a target's infrastructure and potential vulnerabilities during security assessments.