Vivek Kashyap
@starkcharry
Followers
2,099
Following
412
Media
147
Statuses
1,849
Bug Hunter | Delhi Technological University
127.0.0.1
Joined December 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Pais
• 719008 Tweets
NUNEW DREAM CATCHER
• 287418 Tweets
Shah Firdaus
• 156703 Tweets
Itália
• 70169 Tweets
Diaz
• 69307 Tweets
ヴィーガン
• 50154 Tweets
マーリン
• 47571 Tweets
Feliz Dia
• 47142 Tweets
和田アキ子
• 39891 Tweets
契約解除
• 39615 Tweets
#阪神タイガース
• 36298 Tweets
まりほー
• 35197 Tweets
#italvolley
• 32643 Tweets
Sifan Hassan
• 27721 Tweets
高橋遥人
• 19228 Tweets
Jota
• 18492 Tweets
台風6号
• 14784 Tweets
レスリング
• 13477 Tweets
分割3クール
• 12497 Tweets
#nhkらじらー
• 10340 Tweets
Pinned Tweet
I earned $2,500 for my submission on
@bugcrowd
💝
Tip : "GET request for XML not found" changes the request to POST with XXE payload.
#ItTakesACrowd
#bugcrowd
17
28
302
MY First RCE from N/A to Triaged
tip: shodan
Ssl:"target Inc." 200
http.title
look for palo alto networks (vps)
https://target.
com/global-protect/login.esp
vuln version 8.1.15
#bugbounty
#bugbountytips
#ItTakesACrowd
#infosec
19
107
292
I earned $1,450 for my submission on
@bugcrowd
🥳
2023 First Bounty
@Mohamed87Khayat
@krishnsec
@GodfatherOrwa
Thank you!
#ItTakesACrowd
#BugBounty
12
8
223
I earned $2,500 for my submission on
@bugcrowd
💝 Thanks to
@Bugcrowd
for helping me in this report.
#ItTakesACrowd
#bugcrowd
13
6
169
Information disclosure $$$
1. subfinder -d target. com | httprobe -c 100 > target.txt got around 210 subdomains.
2. cat target.txt | aquatone -out ~aquatone/target
3. Checked every screenshot and found an interesting subdomain.
#bugbountytips
#bugbounty
#infosec
7
47
163
Another hit😍 ,I was manually checking GitHub and reported them and today they send me this also I am just 18 please let me know what should I message them
@HackerGautam
? And again thank you so much
@GodfatherOrwa
@HackerGautam
@theXSSrat
#bugbounty
#bugbountytip
#infosec
10
17
157
Account takeover worth $$$$
1. Created account on website using test mail id
2. Upload private document like resume and photos
3. Same site having android app > Created account using same mail id but different password
1/2
#bugbountytips
#bugbounty
#infosec
11
43
156
Another Bounty after 2 months total 4000 rupees , ₹3000 is for hard-core GitHub leak thanks to
@GodfatherOrwa
for his blog & ₹1000 is for reflected XSS on 2 subdomain thanks to
@HackerGautam
for his script to automate XSS finding
#bugbounty
#bugbountytip
#infosec
14
10
142
In February I submitted 27 reports to 6 programs. Bugcrowd 93.3 success rate
Special reports : Sony , Facebook
Tip : just deeply follow
@GodfatherOrwa
write-ups,videos
#bugbounty
#bugbountytips
2
8
130
Today is a special day for me I started learning bug hunting almost 2 months ago and today I got my First Bounty for Stored XSS I would like to thanks everyone
@AnubhavSingh_
@cyph3r_asr
@hunter0x7
@harshbothra_
@HackerGautam
@theXSSrat
#bugbounty
#firstbounty
#bugbountytips
19
9
128
I just published My First RCE from N/A to Triaged (CVE-2021–3064)
THOSE WHO ARE ASKING FOR POC PLEASE READ MY BLOG THANK YOU
#bugbounty
#bugbountytips
#infosec
4
42
120
9
0
110
I earned $500 for my submission on
@bugcrowd
February Rain $$$
#ItTakesACrowd
@GodfatherOrwa
@krishnsec
5
5
98
This was interesting.
Tip : found a subdomain target-internal. com
signup/in functionality was there so its obvious p1 just signup and can easily see internal data but i tried xss so register again but in name field put xss payload
1/2
#bugbounty
#bugbountytips
12
20
95
2
21
93
Another report Triaged on
@Hacker0x01
Same issue but in different location
#bugbounty
#bugbountytips
10
3
70
Can't believe I Just reported a xss on Facebook I think it's gonna out of scope
#bugbounty
#bugbountytips
4
3
56
Guessing I made a silly mistake , what I did was discover origin ip and no waf was there so got .env access exposing credentials, I made only one report should I made another report telling that origin ip disclose??
#bugbounty
8
2
51
I had a great conversation with
@HusseiN98D
at
@bsidesahmedabad
event.
thank you for your valuable advice and guidance.
1
1
49
reported /.git exposed to private program and they said
In order to be a triaged issue a submission must demonstrate an impact that can have an effect on the customer, or its users. Submissions should always answer the question "as an attacker I could",
1/2
#bugbountytips
12
6
40
If you see your Target scopes are full of dead subdomains, then you should do a FULL Port scan & IP permutation you will see a huge difference and become closer to Bounty. (Don't try in akamai waf & cloudflair it will waste your time waste)
Happy Hunting!..
2
4
34
Tip of this submission: track every endpoint/parameters you see in a subdomain --> use Arjun/kxss/paramspider tool --> reflected param --> automation then manual trying for XSS/SQLi --> bounty
0
9
34
I'm planning to write a blog on my techniques to find hidden subdomains of a Wide Scope Program. You guys will love it.
very soon
#bugbountytips
6
0
30
I'm testing a target there is an option called add video link so after that in collaborator showing http response but there is my public IP is it acceptable what else should I do?
#bugbounty
#ssrf
9
3
27
3
5
25
Is there Any Tools to find Acquisition and Subsidiary of a company?
#bugbounty
#bugbountytips
9
0
25
Use this Google Dorking
Google Dork - Juicy Endpoints
site:target[.]com ext:jsp | ext:asp | ext:aspx | ext:pl | ext:cfm | ext:py | ext:rb
3
92
313
0
2
22
Any disadvantages of buying a MacBook Air M1 for bugbounty?
Best windows laptop or a MacBook M1?
#BugBounty
#bugbountytips
#infosec
10
0
17
I earned $130 for my submission on
@bugcrowd
#ItTakesACrowd
Nothing special just bypassed old reports.
1
1
15
4. Boom account created and able to see private documents
2/2
0
2
13
P4 in 5 minutes. This was also found using my phone
Recon is best when you are bored.
Already shared shared tip in last posts.
#bugbounty
#bugbountytips
3
0
14
If a Sub-domain allows only target email to register/login but not Normal email, I have a situation where
Demo_acc1
@gmail
.com not allowed to register but
Demo_acc1
@target
.com is accepted and can register
Is this a Vulnerability?
#BugBounty
4
0
14
Thank you
@Kanhaiya_sh4rma
I my subscription Will be expired on 13th March but now extended one more month 🙏🙏❤✌✌
1
0
13
@Virdoex_hunter
@ADITYASHENDE17
@remonsec
@theXSSrat
@e11i0t_4lders0n
@1ndianl33t
@sunilyedla2
@GodfatherOrwa
@hunter0x7
@sechunt3r
Go with this article I also found this helpful
0
3
14
Useful GitHub Repos for Bug Bounty (attacks,PoC,Tip's,Book's)
1. Book of Secret Knowledge
2. Awesome Hacking
3. Awesome Bug Bounty
1/2
#bugbountytips
#bugbounty
#infosec
1
5
13
Found self,dom Xss on whole CIDR range of a program 💀 in cookie param
mp_id=xss payload , need good possible Way's to make it stored or reflected.
#bugbounty
#xss
2
0
12
How addictive is Bug Bounty so, today I was at barbershop waiting for my turn & apparently I found directory listing & .env file on a BC program with my phone which contains AWS,Keys. reported DL turns to P5 & SDE P4 cause it was expired.
#bugbounty
#bugbountytips
1
2
10
Got 5 AWS credentials in a zip file, none of them are working 😭.
2
0
10
@AllostaticSec
@security_donut
Yo man I surely tell them 👽 let me finish thier internet data , 256gb downloding data pending 🤭
4
0
10
Hi,recently I submitted a lot of info disclosure of apikeys accesstoken to a program in bugcrowd but they didnt accepted it they ask impact. What to do now I don't know how to exploit them further!Help!
@AkashHamal0x01
@cyph3r_asr
@AnubhavSingh_
#bugbounty
#bugbountytip
#infosec
4
1
10
@x_hosein_x
@n__Neo
Crt(.)sh, security trials & shodan
Get ip and subdomains catch one interesting subdomain I can't able to extract urls from it so I use a powerful tool called acunetix it gives me hint that it can be vuln to xss I passed that endpoint to intuder with custom script than got a Xss
2
0
9
It's happening with me since last week, Doing Recon, BurpSuite stuff ends up with Instagram Reel's 🥲😂
1
0
9
hii so i founded a github recon with login pass, and it allows me to see all internal employees files etc
and i saw few of them its exposing everything but they don't have bugbounty program what should i do😖.
#bugbounty
#bugbountytip
#infosec
1/2
5
1
9
Let's see who will win
share yours screenshot comment below 👇👇👇
#bugbounty
#bugbountytips
#bugbountytip
#infosec
2
0
9
can you guys explain me when you are doing directory fuzzing generally after how many -recursion depth there is a chances to get something secrete/important
@fardeenahmed411
@Farah_Hawaa
@hunter0x7
@KathanP19
@harshbothra_
@HackerGautam
@AnubhavSingh_
#bugbounty
#bugbountytips
2
3
9
Bro 🙏🏽🙏🏽🙏🏽🙏🏽 please release or DM, your 1-2 POC video's of idor and logic flow I know you are best in it ❤️❤️❤️🥺😭😭 thanks in advance
@AkashHamal0x01
#bugbounty
4
1
9
Get all JS files: , . JS hardcoded APIs and secrets: . JS analysis: , , , .
#bugbounty
#infosec
#bugbountytip
0
4
8
2
2
7
@harshbothra_
Here is one liner that i use most for my xss recon (secret). For tools I'll say I don't use a specific tool but my Recon starts from security trials, crtsh, my favorite for interesting subdomains definitely try ports scan and then higher possibility of P3 to P1 bugs
2
0
9
anyone can suggest me how to exploit it further in google it says cve 2017-12617 RCE
#bugbountytips
#bugbountytip
#bugbounty
1
1
6
0
2
7
@krishnsec
1.Customer ne triager ko private message krke apni aukaat dikha di 😂
2.Customer ne OOS domains bina announcement kiye dusre hunter ko bounty de kr aukaat dikha di
3.Triager ne same parameter bug different domains ko self duplicate krke apni aukaat dikha di
1
0
7
