Log4j — WAF and Patches Bypass Tricks

https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

#log4j #waf #bypass #bugbounty

CRLF OneLiner

A simple Bash one liner with aim to automate CRLF vulnerability scanning. This is an extremely helpful and practical One liner for Bug Hunters, which helps you find CRLF missconfiguration in every possible method. Simply replace the links in subdomains.txt with the URL you want to target. This will help you scan for CRLF vulnerability without the need of an external tool. What you have to do is to copy-and-paste the commands into your terminal and finger crossed for any possible CRLF.

Bash OneLiner:
input='CRLF-one-liner/subdomains.txt';while IFS= read -r targets; do cat CRLF-one-liner/crlf_payloads.txt |xargs -I % sh -c "curl -vs --max-time 9 $targets/% 2>&1 |grep -q '< Set-Cookie: ?crlf'&& echo $targets '[+] is vulnerable with payload: '%>>crlf_results.txt||echo '[-] Not vulnerable: '$targets";done<$input

crlf_payloads.txt:
https://raw.githubusercontent.com/kleiton0x00/CRLF-one-liner/master/crlf_payloads.txt

#crlf #bash #oneliner #bugbounty

LFIDump

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

https://github.com/p0dalirius/LFIDump

#lfi #dump #tools #bugbounty

Google Groups Dork

Some Devs use "Google Groups" as a workplace because it is easy and free.
But a lot of sensitive information is leaked Such as "access keys", "aws secrets" ...etc .

Dork:
site:http://groups.google.com "COMPANY"

#osint #dorks #bugbounty

The Bug Hunter Methodology

PDF:
https://www.ceos3c.com/wp-content/uploads/2020/06/Bug-Hunter-Methodology-V4-Visualization.pdf

#bugbounty #methodology #xmind

Wordlists

Dictionaries of attack patterns and primitives for black-box application fault injection and resource discovery.

https://github.com/fuzzdb-project/fuzzdb
https://github.com/Karanxa/Bug-Bounty-Wordlists
https://github.com/orwagodfather/WordList
https://wordlists.assetnote.io/

#wordlist #fuzzing #bugbounty

🤖 BBOT: OSINT automation for hackers

This tools is capable of executing the entire OSINT process in a single command, including subdomain enumeration, port scanning, web screenshots (with its gowitness module), vulnerability scanning (with nuclei), and much more. BBOT currently has over 50 modules and counting.

Features:
— Recursive;
— Graphing;
— Modular;
— Multi-Target;
— Automatic Dependencies;
— Smart Dictionary Attacks;
— Scope Distance;
— Easily Configurable via YAML.

Blog:
https://blog.blacklanternsecurity.com/p/bbot

Source:
https://github.com/blacklanternsecurity/bbot

#external #recon #osint #redteam #bugbounty

😈 [ pdiscoveryio, ProjectDiscovery.io ]

The Ultimate Guide to Finding Bugs With Nuclei by @v3natoris

https://t.co/2GY3QZlTft

#hackwithautomation #cybersecurity #infosec #bugbounty

🔗 https://blog.projectdiscovery.io/ultimate-nuclei-guide/

🐥 [ tweet ]

⚔️ Katana — Web Crawler

A next-generation crawling and spidering framework.

Features:
— Standard/Headless
— Customizable Config
— JavaScript parsing
— Scope control

https://github.com/projectdiscovery/katana

#web #crawler #tools #bugbounty

😈 [ 0x0SojalSec, Md Ismail Šojal ]

The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇

🔗 https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075

#bugbountyTips #bugbounty

🐥 [ tweet ]

⚙️ Subdomain Generator

If you want to create subdomains quickly, try this site.

🔗 Source:
https://husseinphp.github.io/subdomain/

#subdomain #generator #bugbounty #web