0xRAYAN
@0xRAYAN7
Followers
4,268
Following
337
Media
44
Statuses
698
DevSecOps | Automation | Bug bounty hunter
🇸🇦
Joined January 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Israel
• 3510155 Tweets
Iran
• 2810690 Tweets
ايران
• 1108031 Tweets
Gaza
• 1021460 Tweets
اسرائيل
• 955658 Tweets
Tel Aviv
• 702940 Tweets
Walz
• 537370 Tweets
Vance
• 439668 Tweets
Presidenta
• 424546 Tweets
Middle East
• 382997 Tweets
Halloween
• 324315 Tweets
Claudia Sheinbaum
• 259554 Tweets
Iron Dome
• 165680 Tweets
イスラエル
• 135641 Tweets
Wizkid
• 104270 Tweets
John Amos
• 99449 Tweets
Adams
• 92651 Tweets
Davido
• 89043 Tweets
Mets
• 78547 Tweets
Good Times
• 69448 Tweets
60 Minutes
• 63422 Tweets
Tigers
• 61050 Tweets
Isreal
• 50875 Tweets
Raiders
• 44723 Tweets
#GHLímite4
• 44425 Tweets
Royals
• 37714 Tweets
からくりサーカス
• 35530 Tweets
対象作品
• 35466 Tweets
集英社秋マンガチャ開催
• 33726 Tweets
Astros
• 33344 Tweets
ケンタッキー
• 30429 Tweets
#WWENXT
• 30399 Tweets
Orioles
• 27055 Tweets
Frogido
• 25883 Tweets
Brewers
• 23966 Tweets
#TemptationIsland
• 23110 Tweets
週の真ん中
• 11299 Tweets
Giulia
• 10752 Tweets
Roxanne
• 10422 Tweets
Pinned Tweet
I've started to enjoy working with Tailwind CSS and the React framework to build modern, mobile-responsive applications, and I ended up creating something like this.
1
0
7
I hate recon but here a good tip :
1 - Get the company IPs range X.X.X.X/24
2 - Run nmap -p 80,448,8080 IP/24 -oN file.txt
3 - Use any IP extractor or API in case of automation or bash then save it on IPs.txt
4- run httpx -l IPs.txt -o final.txt
5 - run nuclei -l final.txt
8
323
1K
Recon is the key and below is a good tip created for you :
1 - Collect your target IPs range
2- Go to Censys search engine
3 - Run : ip=Target_range/XX
4 - Looking for a specific status code run this: ip=Target_range/XX and services.http.response.status_code=200
4
134
416
Recon Tools For Web Application Pentesting 🔎
#Proxy
1- Burpsuite
2- Zap proxy
3- Caido
#Subdomain
1- subfinder
2- amass
3- dig
4- assetfinder
5- sublist3r
6- chaos (chaos.projectdis)
#webspidering
1- gospider
2- gau
3- linkfinder
4- waybackurls
5- hakrawler
6- paramspider
3
104
409
July and June it was an amazing month for me I managed to get more than 6000 € , happy hunting 🇸🇦🔥
24
20
322
🔍 Search Engines for Bug hunter & Security Pro : [ Recon is the key ]
1. - Dorks
2. - Servers
3. - Servers
4. - Mail addresses
5. - Attack Surface
6.
2
93
306
shodan dorks for recon :
1. :"*.target.com" http.title:"index of/"
2. :"*.target.com" http.title:"gitlab"
3. :"*. " http.title:"gitlab"
4. :"*.target.com" "230
2
101
289
🔍
#BugBountyTip
:
Found a JS file that's hard to read?
Try deobfuscating it at . Learn the obfuscation techniques used, as some methods might not be reversible by this tool. 🛠️ Key JS obfuscation techniques:
- Reordering
- Encoding
- Splitting
- Renaming
0
66
275
Here a good tip for testing a clinet side attack ( Post message ) :
1 - Using Post message trakcer by Frans( Epic one )
2 - check If the Oirgin misconfigured then start test.
3 - test from dev tool direct no need for PoC , ( later on ) .
6
59
269
Bug Bounty Tips:
1. Save JavaScript files for your target locally (e.g., main.js, app.js).
2. Upload to ChatGPT with a subscription.
3. Request: "Find potential security issues like DOM XSS, credentials leaks, or juicy endpoints."
It's effective for analyzing JS.
3
30
212
السلام عليكم ،
كتبت مقالة عن اختباري OSWE وتجربتي معا الاختبار اتمنى اكون وفقت في تلخيص بالشكل المناسب ، قراءه ممتعه 👍❤️
6
23
197
BugHuntingTips 🪿
SOME OF THE TOP XSS WAF BYPASS PAYLOADS :)
CloudFlare WAF:
<svg onload=alert&
#0000000040document
.cookie)>
<svg/oNLY%3d1/**/On+ONLoaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NLZCA6KQ=="))>
Cloudfront
0
38
201
Tips for my last P1 :
1 - Found dev portal for developing require Basic Auth
2 - search in GitHub "domain" docker
3- found a user try to pull the privite repository and passing the username:pass
4 - Decode Base64 Basic Auth
5 - Logged in and full access on all Prod
7
41
179
Testing web caching vulnerabilities with Akamai? Here are some key headers to use for testing :
- Cache-Control: no-cache, no-store, max-age=0
- Pragma: no-cache
- Expires: Wed, 21 Oct 2015 07:28:00 GMT
- Vary: User-Agent, Accept-Encoding, Cookie
- If-Modified-Since: Wed, 21
4
28
148
السلام عليكم ورحمة الله وبركاته ،
اليوم نشرت اول ثغره لي في مسابقة هاكر ون ممثلين السعوديه في الجوله الاولى، 🇸🇦
لاتنسانا من الريتويت والايك اذا عجبك المحتوى عشان نستمر 👍
Today I just publish my first finding in
Hackerone World Cup 🔥
10
28
110
I learned something while doing a bug bounty :
1- Don’t stress your self after submitting the report, leave them .
2- No need for asking for update , the team will see it and evaluate your report .
3 - if you deserve something you will get it.
Your health is matter !👌✅
3
9
96
Here explain for a bounty worth 2K :
1- Identified a GraphQL query that includes a user ID as part of the email parameter in a password reset function.
2- Discovered that my user ID is 2811.
3- After sending 6 requests to the endpoint, I was unexpectedly logged out.
exploit .
5
8
93
الحمدالله اخير نجحت في الاختبار كانت تجربه حلوه🕷🤍
Thank you for the training and content
@offsectraining
.
12
5
80
As part of source code series below the challenge of real finding that I found in Google Cloud - 2020
What are the security vulnerabilities in the source code ?
12
4
69
See you there !
I will be discussing some unique bugs.
Topic :
Hacking the Hackers
Date and time :
13:40-14:20, 16 November, Briefing Stage 3
8
4
66
Here we go €€€€
Bug type : information discourse via ws:// due lack of auth flow
5
1
55
I've spent 6 days with 3 hours daily on BBP and found only 2 bugs, which is frustrating. I think I need to level up on my skills. 😤
7
1
46
Building entire application with many features for automating exploit and reconnaissance process for web application
10% just done so far and a lot of work needs to be done .
5
0
35
@Jr0dR87
There are 2 security issue ,
1- isAdmin set to false if not provided by the user meaning if the user put true during the POST request it will be changed - Never trust client
- The password stored as plain text and not hashed in the DB in User class - using bcrypt
1
0
30
For source code review, follow these steps:
1. Set up a new Ubuntu VM on AWS.
2. Install source code tools ensuring support for API and custom signatures.
3. Develop a script integrated with AI chat (e.g., GPT) to scan the code
4. Implement Gitlab or Jenkins for CI/CD
2
5
29
It was incredible experience at
@Blackhatmea
witch is organized by
@SAFCSP
, I discussed today " Hacking the Hackers " I explained multiple techinuqes .
Thank you for your attendance and the great experience so far 🙏🏻.
4
1
28
How did you miss this epic one
@japzdivino
@errorsec_
😅 ?
Congratulations to the reporter, it was really good.
3
1
28
I think these people are testing Linkdhin for XSS and send me invite. 😂
5
1
23
@Bugcrowd
Tips for my last P1 :
#bugbountytips
1 - Found dev portal for developing requireBasic Auth
2 - search in GitHub "domain" docker
3- found a user try to pull the privite repository and passing the username:pass
4 - Decode Base64 Basic Auth
5 - Logged in and full access on all Prod
1
10
18
Hi hackers,😁
You can use the below tool, one of the amazing tool when it comes to source code review assessment it’s going to save your time, It’s contain a huge databases with updated signatures for critical function in different programming languages.
0
4
13
كل عام وانتم بخير وصحه وسلامه والله يعيده علينا وعليكم بالصحه والعافيه 🌙
Happy Eid for everyone 🎉
1
0
14
This year, I feel like all my energy for hunting is gone. I can't spend much time or even hours on it anymore. 😅 I can see myself drifting away from everything related to computers. ):
5
1
12
@healthyoutlet
@Hacker0x01
@healthyoutlet
@Hacker0x01
.I'm reading your tweet and laughing to be honest , I'm reporting this ethicaly via HackerOne paltforme if I want to take advantage of this will not reported at all , The problem here if the there is another hacker found this.
4
0
12
@BhatAasim9
@theXSSrat
@nav1n0x
@ADITYASHENDE17
I have good things to try , it worth P3 you can reported , try to access ( /whoAmI ) , impact is : Exposed session identifiers on user detail object in the whoAmI diagnostic page
1
1
9
@3bdullaM9
السبب في وجهة نظري جو CTF يبغاله تكرس له وقت وتحل تحديات وتدخل HTB في تحديات كثيره CTF , يبغالها مجهود ومعا الوقت تتمكن منها ، بس الشخص الي شغال Bug bounty او PT كاعمل له ماعنده وقت لشيء ذا طبيعي محا يحل أسهل تحديات ممكن ، والسبب زي ماذكرت تحتاج ممارسه 👍
0
0
11
@0xbinhelal
No actually you need to understand the scope and this technique works better than subdomain enumeration because you have the right subnet for the company , OOS happens if you submit domain or assets not belongs to the company . Or not mentioned in the scope.
0
0
10
@GodfatherOrwa
@Bugcrowd
Nice
@GodfatherOrwa
, how did you find the file path that you uploaded in order to be executed ?
1
0
9
Below is the best extensions I used in VScode :
1- Prettier - Code formater
2- Auto Rename Tag
3- Atom One Dark Them
4- MySQL ( authored by : cweijan)
5-SQLite
0
2
9
4- check the frames array and test ( ) direct instead of building the JSON from js file
5- if you find post message just try to find another endpoint that leaks something leading to ATO .
1
0
10
What the amazing experience that is hacking on
@Hacker0x01
with
@AMakki1337
and the rest of the Saudi team for the World Cup, so far learned a lot 🔥🔥
3
0
8
When writing a user model, note that some database schemas don't support validation for usernames, which might lead to XSS or other types of attacks when data is displayed on the frontend. Ensure to carefully validate all user input.
0
0
9
You can bypass Rate limit on login function by using my methodology below but this might be fixed in some cases .
1
1
7
@ManasH4rsh
Very simple <a > is anchor tag is used to create a hyperlink and the "aaaaaa" attributes are just part of the tag and will not effect the functionality but if you write it <aa> without space then this will not be a valid payload .
0
0
7
@bxmbn
I’m agree with you to be honest but remember that in one day you was totally nope and you learn from these articles and public disclosure and people work ! It’s matter of given to the community as you took previously. And the technique you are using it’s not new to the community
0
0
7
@Bugcrowd
Bug: PHP type juggling
code: if ($_POST["userid"] == int($_SESSION["userid"]))
Exploit:
An attacker could send a $_POST["userid"] value with a numeric string followed by non-numeric characters, which would be interpreted as an integer, passing the comparison check
0
0
7
@fortnit45007347
The subscription version is recommended for two reasons: it supports larger usage limits, capable for handling and analyzing extensive JavaScript files, and it offers an exclusive file upload feature,
You can automate this process in Chat GPT 4 using their API Key
1
0
6
6- If the X-Frame-Options and CSP are correctly configured, identify another XSS vulnerability to target the affected post message domain and extract the sensitive data for account takeover (ATO).
0
0
7
بأذن الله معكم 🔥🇸🇦👍👍
للسعوديين او المقيمين بالسعودية وحابين يشاركو بمسابقة كأس العالم World Cup 2023 المقدمة من منصة هكر ون لإكتشاف الثغرات باسم السعودية, يتواصل معي على الخاص ورح يتم نشر تحديات غدا الساعة 7 مساءً في الدسكورد لإختيار المشاركين.
5
17
98
0
0
5
5. Set up Gitlab or Jenkins stages to execute your tools, generating final results in JSON.
6. Transform the JSON results into HTML format.
7. Implement your SMTP script as the final stage for email notifications, attaching the HTML file.
0
0
4
When building your application in .NET ASP Core ,
Below is the right and recommended pipeline for your middleware to be in place for your application from security perspective as well
0
0
5
@GodfatherOrwa
Very easy bug when you read it , but difficult to find because the way you think is out of the box , Many of attackers they know how to exploit but don’t know how to search 👍
0
1
4
@akita_zen
CORS is configured , but CSP and Iframe option is allowed across subdomain , in this case iframe will works fine to communicate with parent window .
1
0
4
@h4x0r_dz
@IamRenganathan
Yes it’s sandbox environment , they are smart enough to avoid such as this silly mistake
0
0
4
I like DANTE lab from HTB pro labs but confused little bit in some cases. 😅
1
0
4
@_2os5
Bypassing the caching mechanism causes the server to serve all requests directly, without caching. If the application relies on caching for user roles during authentication, this can lead to server-side flaws like improper access control or information leakage. This approach also
0
0
4
@zhero___
@MiniMjStar
@MiniMjStar
Configure Akamai with a website, experiment with cache settings and configurations, and test different scenarios for web caching vulnerabilities etc , this will let find a uniqe finding then applied for all websites running a Akamai as catching for performance
1
0
4
Here is the fix code for the two findings mentioned , priv esc + logger
0
0
4
@Sin4Yeganeh
How did you test the React code when the application consists solely of a main.js file or a misconfigured build during building the front end allowing you to view JSX?
0
0
3
@hattan_515
@Bugcrowd
@az7rb
@aa_8989
@0xNasser_
@0xRaw
ماشاءالله الله يوفقكم يارب وتجيبوا الاول 🌹🌹🏆
1
0
3
@_public_void
Great Mohamed , can elaborate more when does the conditional if statement return true and why its return true .
1
0
2
1
0
3