🚨Tool Alert !!🚨
Introducing LEAKEY a tool for validation of any leaked credentials 🔑
The idea behind LEAKEY is to make it highly customizable and easy to add new services/checks once they are discovered 🚀
#bugbounty
#bugbountytips
#cybersecurity
🚨Attention Hunters !!🚨
Typical BugBounty Automation SaaS $200/year 🤡🤡
Don't fall for this kind of BS, each one of them are basically running Open Source tools behind the scenes :)
#bugbounty
#bugbountytips
#cybersecurity
My 2022 BugBounty Goals🎯:
- 20k in Bounties
- 2000 Reputation points on
@Hacker0x01
- 20x swags from Sony (For local charity center)
- 20x RedBull trays (For local charity center)
- [Redacted]
#bugbounty
#togtherwehitharder
🚨Tool Alert !! 🚨
For the past few days I have been playing with
@streamlit
and I must say it's awesome to spin up quick prototypes
I created this BugBounty Helper Tool Kit & it merely took 10 minutes, check out👇
#bugbounty
#bugbountytips
#cybersecurity
🚨Attention Hackers !!🚨
BetterBugBounty - Collection of Classic Tools for Legendary Bug Bounty Hunts
- BurpSuite 1.7
- FoxyProxy's OG version
Even
@zseano
can vouch for this nostalgic thrill! 😉
#bugbounty
#bugbountytips
#cybersecurity
🚨Tool Alert !! 🚨
For the past few days I have been playing with
@streamlit
and I must say it's awesome to spin up quick prototypes
I created this BugBounty Helper Tool Kit & it merely took 10 minutes, check out👇
#bugbounty
#bugbountytips
#cybersecurity
Thank you everyone for the +ve feedback, since a lot of you were asking about the scope & bug types
🔭Scope:
Main App(www,target,com)
🐞Bug Types:
- Business Logic Issues
- BAC/IDORS
- CSRF Bypasses
- SSRFs
- XSS
Success or Failure ?🤔
#bugbounty
#bugbountytips
#cybersecurity
#bugbountytip
🧵👇
Over the time doing bug bounties, I have learned it's okay to not know everything beforehand. I have started "learning on the fly". Stop wasting too much time learning everything beforehand and start doing.
1/n
#bugbounty
#bugbountytips
#cybersecutiy
#infosec
Bugs I never or rarely look for while hunting
1. oAuth
2. Jwt
3. SAML
4. SQLi/XSS (mainly due to WAF and modern frameworks)
If you ever get duped for these and see me on the program, remember it's not me🙃
Comment the bugs you commonly don't look for.
#bugbounty
cc
@theXSSrat
🚨Tool Announcement !! 🚨
🔎🐛 Introducing Bounty Meter, the utility tool for bug bounty hunters to set targets, track bounties, and stay motivated.
Add, remove, and visualize your progress with ease.
#bugbounty
#bugbountytips
#cybersecurity
Recon via YouTube 👀 Yes you heard it right, it's actually a thing, YouTube can be really handy while doing recon, found some good overview of target ultimately leading to easy Critical within minutes. 💯
If you need a blog, let me know🙏
#bugbounty
#bugbountytips
@theXSSrat
🚨Attention Everyone !!🚨
You can find all of my articles here 🙂
I will be publishing a new article about Recon here real soon.
Stay tuned !! 😉
#bugbounty
#bugbountytips
#cybersecurity
A quick one liner to achieve the same in your terminal👇
===================
curl -s '' --compressed -H 'User-Agent: Mozilla/5.0'|jq -r '.[].common_name,.[].name_value'|sort -u
===================
#bugbounty
#bugbountytips
#cybersecurity
Complete Payment Bypass to Use Enterprise features 🫠
H1 Triager marked as High, program reduces to Low after 2 months 🤷♂️
Security Issue or Fraud Issue ? What do you think?🤔
#bugbounty
#bugbountytips
#cybersecurity
🚨Tool Alert !!🚨
Introducing LEAKEY a tool for validation of any leaked credentials 🔑
The idea behind LEAKEY is to make it highly customizable and easy to add new services/checks once they are discovered 🚀
#bugbounty
#bugbountytips
#cybersecurity
Wohh, that went bonkers 🚀🤯 but here is my actual recon process 🫠
./reconftw.sh -r -d target. com -f myconfig.cfg
That's it. This is literally what my recon looks like 🙂, I would like to give a big thumbs up to
@Six2dez1
for such awesome framework 😉 🙌
Drop your favorite Burp Extension below. I am curious to know which ones have captured your attention 🤔
I will share mine and believe me this has to be one of the best extension with tons of capabilities.🚀
#bugbounty
#bugbountytips
#cybersecurity
I have never used Burp Active Scanner and I think I am missing a lot because of this, can anyone share some good resources about insertion and context based scanning with burp.
@ReZ0_
@theXSSrat
#bugbounty
🚨 Tool Alert !! 🚨
Check out this new terminal website👀, who needs a fancy UI, all we need are just commands 😉
More BugBounty Tools to be added soon 🚀
#bugbounty
#bugbountytips
#cybersecurity
🚨 ALERT !! 🚨
Stop relying on third-party hosted XSS hunter instances! You never know what's being monitored and it's best to have full control over your testing environment.Invest in a $5 VPS and host your own instance for transparency & security.
#bugbountytips
#cybersecurity
BugBounty is all about being at the right place at the right time. Testing on a program and all I can see is year old random comments. One of the comment read "Don't waste time here,already tested..." LOL
#bugbounty
@theXSSrat
what's your take on this?
The new Burp UI looks amazing, isn't it ?😉 Wait, this is the new
@CaidoIO
update which allows you to customize the whole look and feel of your proxy tool with custom CSS and JS 🚀
#bugbounty
#bugbountytips
#cybersecurity
All the tweets I have been reading and from my own personal experience, I can say
@Bugcrowd
is doing some awesome job. H1 is degrading day by day even after raising mediation request no action after 13 days. Seems like it's time to hit harder on BC now.
@h4x0r_dz
#bugbounty
Someone just bought me 3 coffees 😭🙏 I can't express my gratitude in words,this is the first time someone donated. This encourages me to contribute more to the open source
Thank you so much for your kind support🙏
#bugbounty
#bugbountytips
#cybersecurity
Take your bugbounty to the next level with Insertion based scanning via Intruder. Define specific insertion points in a request, such as headers or query parameters,and use Burp to automate payload injection for a targeted,efficient scan.
#bugbounty
#bugbountytips
#cybersecurity
For past couple of days I have been getting a lot of DMs regarding the solution to the
@Bugcrowd
's Final Spooky Challenge.
I have done a simple walkthrough of the same, you can read it on my blog here
#bugbounty
#bugbountytips
#cybersecurity
Get a little laugh when your recon finishes, add this to your recon scripts or maybe just add it to your crontab and get a dad joke every 30 mins ;)
echo '*/30 * * * * root joke|notify' >> /etc/crontab
#bugbounty
#bugbountytips
#CyberSecurity
I always find it hard to switch to a new target and start over. I have been hacking on a single program for almost 4 months now, got to know all the ins and outs of the app. I guess I have hit the dead end now🤷♂️
Sometimes, you need to move on at the right time 🚀
#bugbountytips
If you are like me who uses
@firefox
for day to day work(twitter for me lol) and prefer the same for Bug Bounties too at same time.
Here's a tip to setup a separate profile for bugbounties
firefox -no-remote -P
create a new profile named bugbounty, 1/2
#bugbounty
#bugbountytips
Found this on one of the website, why Indian Bug Hunters are obsessed with SPF, click jacking,Rate Limiting, Insufficient session Expiration, Password Policy kind of issues?
Probably because of those unpaid internship and training programs.
@tabaahi_
@Ox4d5a
#bugbounty
I feel a bit demotivated hunting now,feel tired looking at targets,waste time watching YouTube and no real productivity since last 15-20 days.Are these signs of burnout?Earlier I used to be very excited while hunting and now suddenly I feel bit hesitant and lack of confidence. 1/
🚨 Attention Hackers !! 🚨
The
@Hacker0x01
Ambassador Cup 2024 [AWC24] starts in few weeks.
If you're interested in joining a community of passionate hackers and competing in the AWC,
DM me your H1 profile to join our team! 🚀
#bugbounty
#bugbountytips
#cybersecurity
But what after Recon? What are you going to do with the bunch of crap you just collected?
Please don't get trapped into recon forever, jump onto the actual webapp and see what's going on behind the scenes. Believe me there's at least 1 High severity issue sitting there :)
Forgot to share but for the past few weeks I have been tinkering around with the flipper and I must say it's a great addition for research and cybersecurity purposes 👀🔥
A great handy tool for ethical research and pen testing stuff 😃
#bugbounty
#bugbountytips
#cybersecurity
I don't know why this happens but I am little sceptical when starting on a new invite or a program on
@Hacker0x01
, I mean the limited scope and the leader board makes me little uncomfortable. How to tackle this weird feeling
@zseano
@theXSSrat
#bugbounty
#bugbounttips