Nithin 🦹♂️
@thebinarybot
Followers
17,081
Following
516
Media
1,350
Statuses
9,043
Hacking machines and life | Community Manager @InfoSecComm | eJPT | Certified Red Team Professional (CRTP)
DM for Collaborations
Joined March 2018
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
オリンピック
• 607526 Tweets
Christians
• 304515 Tweets
花火大会
• 184581 Tweets
グラブル
• 90328 Tweets
Endrick
• 78843 Tweets
NuNew Sing With Piano
• 71009 Tweets
Itália
• 63115 Tweets
バレーボール
• 48882 Tweets
#withMUSIC
• 34452 Tweets
#アークナイツハニバ2024
• 28950 Tweets
#AkatsukiJapan
• 21238 Tweets
永山選手
• 17429 Tweets
#ぱかライブTV
• 17317 Tweets
#VoleiNaGlobo
• 16157 Tweets
Darlan
• 15830 Tweets
フルセット
• 14764 Tweets
コラボガチャ
• 11887 Tweets
花火の音
• 11818 Tweets
Flávio
• 11070 Tweets
男子バスケ
• 11004 Tweets
Pinned Tweet
THEBINARYBOT'S GUIDE TO API HACKING IS AVAILABLE NOW FOR SALE !!!
Learn and find different API-related vulnerabilities such as:
-BOLA
-BOFA
-SSRF
and more...
Use code "thebotswarm" to get the product for just $5. Valid till 6 Mar.
#bugbounty
0
6
42
Top 8 FREE cybersecurity courses with certification.
🧵👇
#bugbounty
#pentesting
#hacking
#infosec
#cybersecurity
#pentesting
#certifications
70
494
2K
43
283
964
Here's a list of some high quality Bug Bounty Methodologies / checklists.
All for FREE.
🧵👇
#bugbounty
#bugbountytips
#infosec
#cybersecurity
59
377
936
☃️OSCP Study Guide 2022☃️
A detailed and well formatted study guide for those who are preparing for OSCP in 2022/3.
37
275
890
Here's a list of tools that I use on a daily basis for Bug Bounty Hunting :
38
236
806
Bypass SSRF protection with different encodings.
A thread.
🧵👇
14
283
697
Before doing a penetration test on a corporation, you must conduct OSINT, or open source intelligence, on the company's in scope assets.
Here's a list of commonly used OSINT tools below.
🧵👇
#OSINT
#bugbounty
#hacking
#pentesting
31
176
686
Here's a list of 13 discord Cybersecurity communities.
Join, connect with people, grow your knowledge and network!
#cybersecurity
#hacking
#bugbounty
#infosec
19
222
657
☁️ Interested in Cloud Security? ☁️
Checkout these FREE resources to upskill your game.
🧵👇
#hacking
#infosec
#cloudsecurity
#bugbounty
#cybersecurity
#pentesting
39
245
640
Want to break into cybersecurity but got no money?
Utilize these FREE resources to get started.
#bugbounty
#hacking
#infosec
#cybersecurity
28
191
606
☃️Burp Suite for Pentester☃️
This cheatsheet is built for the Bug Bounty Hunters and Pentesters to help them find vulnerabilities using "BurpSuite". Learn how to:
➡️Use different extensions
➡️Fuzz with intruder
and much more...
#bugbounty
#cybersecurity
#infosec
#hacking
12
183
561
Here's a collection of FREE Labs (Red/Blue/CTF) to improve your Cybersecurity skills.
🧵👇
#cybersecurity
#infosec
#bugbounty
#hacking
31
208
541
Studying Active Directory?
Here are 5 of my favourite blogs I feel you should definitely checkout.
🧵👇
#activedirectory
#pentesting
#hacking
#infosec
#cybersecurity
16
190
518
I re-watched
@GodfatherOrwa
's talk at
@InfoSecComm
's IWCON 2.0 and must say it's super informative.
The talk is ~45 minutes long but I have condensed the talk for you to read in 2 minutes.
47
270
526
75% of my Twitter DMs in the recent times have been people asking me "How to get started in Ethical Hacking?"
Although I love to answer everybody personally, I decided to write a thread of resources that would help any newbie level up.
🧵👇
#infosec
#bugbounty
#cybersecurity
51
181
512
FREE Network Security Resources
🧵👇
#infosec
#cybersecurity
#networksecurity
#hacking
#pentest
#tryhackme
#hackthebox
31
179
497
List of OSINT tools that can aid your investigation if you come across a suspicious URL or IP address.
🧵👇
#osint
#infosec
#bugbounty
#hacking
#cybersecurity
#pentest
33
167
503
☃️FREE Blue Team Resources☃️
Security Blue Team is 6 free courses
➡️ OSINT
➡️ Digital Forensics
➡️ Network Analysis
and much more...
#blueteam
#bugbounty
#hacking
#infosec
#cybersecurity
24
164
490
The easiest P1/P2 afaik is Sensitive Information.
You can mostly find this on Github. Using the correct dorks would result in quick $$$$.
Here's a list of highly efficient Github dorks that I use on a regular basis.
🧵👇
#bugbounty
#dorks
#github
#bugbountytips
38
202
482
Need FREE labs to practice mobile app pentesting?
Don't worry, I got you covered!
Checkout 5 FREE labs below to smash those bugs in mobile applications and earn $$$$.
🧵👇
#androidPentesting
#iOSPentesting
#mobilePentesting
#bugbounty
#labs
32
205
473
😱 I watched
@GodfatherOrwa
's insightful talk "The Power of Shodan - Leveraging Shodan for Critical Vulnerabilities" at
@NahamSec
's
#NahamCon2023
and have condensed the ~25 minute talk for you to read in 2 minutes.
Here's some interesting bug bounty tips and tricks ⬇️
27
193
471
If you want to get started in Ethical Hacking in 2023, I cannot recommend something better than
@TCMSecurity
's 15-hour Practical Ethical Hacking course.
Know what's the best part? It's 100% FREE.
#infosec
#bugbounty
#hacking
#pentesting
#ethicalhacking
#cybersecurity
#infosec
11
99
457
🎅 If you're looking to crack OSCP in 2023, feel free to use the link below to download my OSCP Machines List Notion Template.
Practice, tick items off the list, crack OSCP 💻
🔗Link:
#infosec
#notion
#bugbounty
#cybersecurity
#notion
10
154
464
💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$
However, finding/exploiting one manually is tricky. That's where SQLmap helps us.
Here's a list of highly efficient SQLmap commands which you can use to hunt for SQL Injections 🧵👇
3
114
427
Here's a list of 10 FREE resources to learn API Security Testing / Pentesting
➡️ Labs
➡️ Blogs
➡️ Videos
and much more...
🧵👇
#bugbounty
#API
#pentesting
#hacking
#infosec
#cybersecurity
32
166
415
Here's a list of bug bounty tools that
@GodfatherOrwa
uses and shared in
@NahamSec
's live stream.
🧵👇
#bugbounty
#bugbountytips
26
153
420
API hacking is simple, easier to learn and reproduce.
Down below are massive API hacking resources.
PS: You might definitely want to bookmark this and come.
2
131
395
I got around 10+ messages last week asking me for the tools I use in Bug Bounty.
So I thought why not make a thread on it.
Here's a list of my most used tools.
🧵👇
PS: This is my only my personal preference and I always experiment.
#bugbounty
#infosec
#recon
#cybersecurity
28
126
375
Want to learn Active Directory Pentesting for FREE?
No worries, open this thread 👇🧵
#cybersecurity
#activedirectory
9
104
378
Simple recon:
1. Use katana, grab all links.
2. Then use gf and identify patterns on different vulnerabilities like IDOR, SQLi
3. Check source code for .js files and hidden endpoints/params
4. Do Shodan / Google / Bing / Duckduckgo Dorking
5. Naabu on top 1000 ports - each link
15
128
357
7 GitHub profiles to star if you are into Bug Bounty.
🧵👇
23
130
349
ANNOUNCEMENT 🚨
I'm building a bug bounty tools playbook for you all!
This page will your one-stop location to find the necessary commands to run for any tool of your choice - but for the first iteration I've included only the most prominent tools.
Any other tool you would
12
65
351
I've been following
@intigriti
's bug bounty tips for quite sometime and they're super valuable.
But it's no use if I just store them with me and not talk about my favourite ones that has worked magic.
So, here's 5 of my recent favourite
#bugbountytips
from
@intigriti
🧵👇
19
103
341
This repo contains fantastic notes on different vulnerabilities such as:
- IDOR
- LFI
- SSRF
and more.
Check it out now!
0
91
341
I'm a big big fan of the bug bounty tips posted by
@intigriti
Here's 8 bug bounty tips posted by them that I feel you all should keep in your fingertips.
🧵👇
#bugbounty
#cybersecurity
#infosec
#bugbountytips
23
125
338
SQL Injection is a P1 critical vulnerability and you will get $$$$ for reporting this.
Learn how to use SQLMap to find your first SQL Injection vulnerability in this thread 👇
3
88
331
☃️ Plution ☃️
Use Plution to scan and test web pages that are vulnerable to client side prototype pollution via a URL payload.
3
99
320
☃️Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet☃️
➡️ Wireless Testing
➡️ Networking
➡️ Mobile App Testing
and much more...
#oscp
#bugbounty
#activedirectory
#redteaming
#infosec
#hacking
#cybersecurity
14
104
317
3
82
311
New to recon?
Looking for video tutorials to up your recon game?
Checkout the talks below 🧵👇
PS: All of these talks are super informative and well presented. There's no ranking per se. Do check them ALL out.
#bugbounty
#infosec
#cybersecurity
#recon
28
130
306
This repo contains fantastic notes on different vulnerabilities such as:
- IDOR
- LFI
- SSRF
and more.
Check it out now!
0
101
307
SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers.
Learn how to use this tool at its fullest to find your first SQL Injection 👇
3
90
305
If you're looking to enter the Cybersecurity space and looking for a job, I highly recommend you to checkout Stefan Waldvogel's website.
The amount of information present here is huge and very helpful.
🔗Link:
#infosec
#bugbounty
#cybersecurity
6
105
290
Top 10 blogs in 2022 to learn and stay informed in cybersecurity.
🧵👇
#hacking
#infosec
#bugbounty
#cybersecurity
26
100
289
Learnt a couple of things from this article ⏬
5
96
283
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->
This payload from
@brutelogic
is OP!
#bugbountytip
#bugbounty
11
95
288
🕵️♀️ Top 10 Active Directory toolsets used by red teamers and pentesting experts (bookmark to refer later):
1. PowerView: A popular tool for Active Directory reconnaissance, PowerView allows you to extract detailed information about users, groups, permissions, and more.
2.
3
57
288
☃️Bug Bounty Roadmaps☃️
➡️ Recon Methodology Roadmap
➡️ SSRF Techniques Roadmap
➡️ Web Application Penetration Tester Roadmap
and much more...
🔗 Link:
#bugbounty
#roadmap
#infosec
#hacking
#cybersecurity
17
103
286
Chrome Extensions and Firefox addons are gems for us bug bounty hunters if used properly.
Here's a thread of some plugins that I found useful and use on a daily basis.
🧵👇
#bugbounty
#infosec
#cybersecurity
10
69
277
Here's a list of 5 DNS attacks/vulnerabilities.
🧵👇
#bugbounty
#hacking
#infosec
#pentesting
#cybersecurity
12
88
273
7
81
272
Fuzzing is one of the most under looked concepts in Bug Bounties or Hacking.
That being said, here's 5 tools you can use to fuzz.
🧵👇
#bugbounty
#hacking
#infosec
#cybersecurity
11
84
270
3 ways to succeed at Bug Bounty
1. Hack daily, no matter what (at least 2 hours)
2. Read reports daily
3. Engage with the community
What would you add?
#bugbounty
12
40
266
☃️OWASP API Security 2023 Checklist☃️
In this checklist read on different scenarios to test APIs such as
➡️Broken authentication
➡️Server side request forgery
➡️Improper asset management
and much more...
#bugbounty
#cybersecurity
#infosec
11
91
264
Here's a couple of things worth a try to get an IDOR
Comment below if you've other useful tips & techniques.
🧵👇
#bugbounty
#bugbountytips
#infosec
8
100
257
Want to get started at Cybersecurity in 2023?
Worry no more. Open the thread below and master to core!
🧵👇
21
86
257
This repo has a huge collection of bug bounty reports sorted by vulnerabilities such as XSS, CSRF, IDOR, LFI and more.
Do check it out 🔥
2
83
264
☃️Penetration-Testing-Tools☃️
This massive repo has got almost everything you need such as tools, cheatsheets and scripts on various fields such as
➡️ Web Pentesting
➡️ Red Teaming
➡️ Cloud Assessments
and much more...
5
70
253
Finding origin IP can pave way for you to get good bounties and make $$$$
Here’s how you can find the origin IP of a server 👇
4
56
258
☃️ Traitor ☃️
Traitor automates Linux privilege escalation, exploiting misconfigurations and exploits for root shell access, including GTFOBins, writable docker.sock and more!
A super useful tool. Do check it out if you haven't already,
3
61
244
Want quality and quantity at the same time? Okay, let's do it.
Here's 50 YouTube channels that you can subscribe to upskill in Cybersecurity.
🧵👇
#infosec
#bugbounty
#cybsersecurity
#hacking
#security
#technology
17
99
245
8 one-liner commands to make your bug bounty life easier 👇
4
79
250
☃️Pentest Cheat Sheets☃️
This brilliant repo contains a lot one-liner/simple commands that we could use to our benefit when Penstesting. Highly useful if preparing for OSCP as well.
Link:
#bugbounty
#infosec
#hacking
#cybersecurity
#oscp
17
78
248
☃️Bug Bounty Beginner's Roadmap☃️
Many of you have asked me how to get started at bugbounty and what are the pre-requisites to get started.
This repository contains nearly everything you need to know and can help you get started easily with a variety of resources.
#bugbounty
18
72
241
I revisited NahamCon 2021 and found the talk by
@rez0__
on fuff super informative.
Hence, I decided to write a thread on it for those who don't have time to watch the talk.
"fuff scripts & tricks" - A thread.
🧵👇
#bugbounty
#infosec
#fuzzing
#bugbountytips
#cybersecurity
28
103
240
HTTPX is not just used for filtering live hosts. It's a fantastic tool to do more than this.
Here are 7 different ways in which HTTPX can be used in your bug bounty journey 👇
3
61
243
If you can go back in time and start your journey into
#bugbounty
perfectly, what would you do?
I'll go first.
1. Start with
@PortSwigger
labs. Practice as I learn.
2. Visit and get my hands dirty.
3. Update myself regularly with
@intigriti
's bug bytes.
10
55
236
"Multi-Factor Authentication Bypass Techniques"
A THERAD 👇
6
50
239
For those who are just starting in Bug Bounty, I politely ask you to read Web Fundamentals and understand how the internet works before testing applications.
Fortunately for you, I have created threads to explain them the best of my knowledge.
#bugbounty
#infosec
#cybersecurity
8
65
233
One of the biggest mistakes that I did in bug bounty was entering the field and trying to replicate what people did without understanding the basics.
If you are beginner then I urge you to know some fundamentals on how the internet functions, how web apps work etc.
🧵👇
12
61
227
☃️ DNSTake ☃️
DNSTake is a tool to check missing hosted DNS zones that can lead to subdomain takeover.
If you do not know what DNS takeover is, do read the repo's file where the author has explained it clearly.
3
69
227
Finding origin IP is super useful to test for vulnerabilities when there's a WAF protection.
Here’s how you can find Origin IP 👇
4
47
227
Find tools to help aid your Bug Bounty/Pentesting work here 🚀
Filter tools as per requirement on various tags such as:
▶️ Fuzzing
▶️ OSINT
▶️ Network
and much more...
🔗
#bugbounty
#infosec
#cybersecurity
#hacking
#pentesting
4
80
223
☃️ Bug Bounty Reference ☃️
A repository that contains huge list of bug bounty writeups categorized by the bug nature such as
➡️ SQLi
➡️ XSS
➡️ RCE
and more ...
6
66
220
☃️Red Team Notes 2.0☃️
➡️Initial Access
➡️Privilege Escalation
➡️Persistence
and much more...
7
58
217
💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$
However, finding/exploiting one manually is tricky. That's where SQLmap helps us.
Here's a list of highly efficient SQLmap commands which you can use to hunt for SQL Injections 🧵👇
1
66
212
🔎 A simple recon checklist I follow (not in order)
- Shodan/Google/Bing Dorking
- Check JS files
- Subdomain enumeration
- Wayback URLs
- Content Discovery
- Vhost Scan
- Port Scan
- GitHub Search
What more would you add to the list?
5
45
213
☃️Bug Bounty Wordlists☃️
➡️ 403 payloads
➡️ API Fuzz
➡️ Dotfiles
and much more...
🔗Link:
10
76
210
☃️Bug Bounty Beginners Roadmap☃️
➡️ What to learn
➡️ Where to learn
➡️ Practice Labs
and much more...
🔗 Link:
#bugbounty
#hacking
#infosec
#cybersecurity
9
65
206
A simple recon checklist I follow
- Check JS files
- Subdomain enumeration
- Wayback URLs
- Fuzzing
- Port Scan
What more would you add to the list?
#bugbounty
#recon
#cybersecurity
8
47
201
☃️Mobile Application Penetration Testing Cheat Sheet☃️
Find Cheatsheets on both
➡️Android App Pentesting
➡️iOS App Pentesting
#bugbounty
#cybersecurity
#infosec
6
82
200
8
76
198
I passed eJPT yesterday and some folks out there wanted to know the preparation strategy to pass the exam at first take.
Thus, I decide to write on the resources I used, preparation duration and the overall difficulty in the thread below.
🧵👇
10
34
197
Want to learn XSS to make $$$$?
If you screamed YES, this thread is for you 👇
5
48
197
Testing the "Password Reset" functionality can get you CRITICAL bugs.
Try these 7 test cases when you’re hunting on Password Reset functionality 👇
2
49
198
I revisited
@Jhaddix
's "The Bug Hunter Methodology v4: Recon Edition" and I must say that I learn new things every time I watch the recording.
While I recommend you all to watch the talk, I've also captured short notes which might help you.
Here's my notes summarized:
1.
1
42
192
SSRF bugs, often ignored, can easily earn you more than $1000💸
Checkout these top 5 features in a target app to find your first SSRF vulnerability 👇
1️⃣ Webhook Integration:
If your target supports web hook integration feature, then replace the URL with your Burp Collab and
3
71
190
401 & 403 errors - Game Over?🕹️
Not anymore.
Here are 6 tools which will help you in bypassing these errors to get $$$$
2
54
188
8 golden platforms where you can begin your Cybersecurity journey
#bugbounty
#hacking
#infosec
#cybersecurity
10
54
188
"Multi-Factor Authentication Bypass Techniques"
A MEGA THERAD 👇
4
37
186
What do I need to know before getting started in Bug Bounty?
This is one of the most frequently asked questions in my DMs, so I figured it would be better to write a thread about it.
Read more below.
🧵👇
#bugbounty
#infosec
#hacking
#cybersecurity
18
63
182
Nuclei is an awesome vulnerability scanning tool developed by
@pdiscoveryio
that helps to find vulnerabilities automatically based on simple YAML-based templates 🐞💰
Here are 7 ways you can use Nuclei to the fullest 👇
2
46
186