🔍 gitlab-subdomains - A Go-based tool to uncover subdomains via GitLab searches.

🔗https://github.com/gwen001/gitlab-subdomains

Extract all endpoints from a JS File and take your bug 🐞

✅Method one

waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu

✅Method two

cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt

#infosec #cybersec #bugbountytips

⚡️Want to download 100+ Bug Bounty Tips collected from X?

✅Download the PDF from here

#BugBounty #bugbountytips

🔖 Dnsbruter - A powerful tool for active subdomain enumeration and discovery.

✨ Features:
Dnsbruter uses DNS resolution to bruteforce and identify subdomains efficiently. Its multithreading capability allows users to control concurrency for faster and more effective results. Perfect for researchers and pen testers targeting domain reconnaissance.

🔗 https://github.com/RevoltSecurities/Dnsbruter/

🔖The ultimate 403 Bypass wordlists and tester notes by JHaddix

📱 Github: 🔗 Link

🚀 Exciting News for #InfoSec & #BugBounty! 🛡

ProxSec v1.0.0 is out—an open-source extension for security pros! 🔥

✅ Proxy management
✅ Scope validation
✅ Program tracking
✅ Lightweight & private

Open-Source : https://github.com/aacle/ProxSec

Feedback welcome! 💬

🕵️‍♂️ Bug Bounty Tip - Extract JavaScript File URLs from Any Page!

Forget opening DevTools - use this bookmarklet to instantly extract all .js file URLs and download them in a .txt file.

🚀 Why this matters:

Quickly collect all linked JavaScript files
Use them for static analysis (LinkFinder, SecretFinder, etc.)
Great for recon, endpoint discovery & auth bypasses

📌 Bookmarklet Code:
javascript:(function(){let urls=[];document.querySelectorAll('*').forEach(e=>{urls.push(e.src,e.href,e.url)});urls=[...new Set(urls)].filter(u=>u&&u.endsWith('.js')).join('\n');let blob=new Blob([urls],{type:'text/plain'});let a=document.createElement('a');a.href=URL.createObjectURL(blob);a.download='javascript_urls.txt';a.click();})();

💡 How to use:
Create a new bookmark in your browser.
Paste the above code into the URL field.
Visit a target site and click the bookmark.
A javascript_urls.txt file will be downloaded with all .js links.

🔥 Now you can feed that into:
LinkFinder
SecretFinder
JSParser
Or manual analysis!

Testing a Sign-up form? Don't just check for XSS/SQLi.

The most critical vulnerabilities often hide in the business logic and subtle flow manipulations. A weak registration page is a gift to attackers.

Here's a structured checklist for assessment. 🧵#bugbounty #infosec

https://www.linkedin.com/pulse/ultimate-checklist-testing-registration-functionality-abhishek-meena-f82lc

⚡Bypass Series for bug hunters😎

Part-2
Crazy WAF Bypass:
cat /etc/hosts - triggers WAF

xxd -p /etc/hosts | xxd -p -r
xargs -d '\n' -I{} echo {} < /etc/hosts
perl -pe '' /etc/hosts
sed '' /etc/hosts
awk '{print}' /etc/hosts
dd if=/etc/hosts 2>/dev/null

#Bugbountytips #infosec

Tweet 1/5

That "A+" score from your security header scan? It might be creating a dangerous false sense of security.

Headers are the seatbelt, not the brake pedal. They are crucial, but relying on them alone is a mistake.

Here's why. 🧵

Read For More

1/5
Many bug hunters are stuck in a low-payout loop. They find a valid bug, report it, and get a small reward.

The problem isn't the bug. It's the story. They're reporting a single puzzle piece instead of showing the full picture.

#bugbounty #BugBountyTips #InfoSec

Thread :🧵👇

Read

Tired of hunting the same old OWASP Top 10? The real gold is often found in business logic flaws – where processes, not just code, are vulnerable.

Learn how to systematically uncover these high-impact bugs that scanners overlook.

New article out now! 👇
https://medium.com/@Aacle/yond-the-owasp-top-10-a-strategic-guide-to-uncovering-high-impact-business-logic-flaws-b221729fb655

Dear Hunters,
To allow for more focused conversations and make it easier to share resources, we're launching the official Vulncure WhatsApp Community.

This will be our central hub for deeper collaboration, designed with a clear structure to help you find the information you need without the noise.

Inside, you'll find dedicated groups:

💬 #infosec Talks
For discussing industry news, trends, and general cybersecurity topics.

🎯 #bugbounty tips
A dedicated space to share methodologies, ask for technical advice, and post your best tips.

🛡 #vulncure Security
For direct updates from our team, questions about our projects, and first-hand info.

We'll continue to add more groups based on your feedback. The goal is to build a powerful resource for all of us to connect, learn, and grow.

Ready to join a more organized space?

👉 Click here to join the Vulncure WhatsApp Community:
https://chat.whatsapp.com/G5BJG25IfrDA296gsPGwaU

That CSP error in your console? It's not a wall—it's an invitation.

I just published Part 1 of my CSP Bypass series: the fundamentals that work on 70-80% of policies.

5 quick wins that still pay bounties 🧵👇

1️⃣ 'unsafe-inline' = instant win
2️⃣ Wildcard domains = JSONP paradise
3️⃣ File uploads to CDNs = code execution
4️⃣ Missing base-uri = hijack all scripts
5️⃣ Missing object-src = embed attacks

Each one has gotten ~$2,500-$5,000 payouts.

2. example:
Policy: script-src 'self' cdn.example.com

I uploaded a .js file as a profile picture → got the CDN URL → loaded it as a script.

$3,000 bounty from a "secure" CSP.
The key? Attack the TRUSTED domains, not the policy itself.

3. My CSP audit checklist:

✓ Read full policy
✓ Hunt for JSONP on whitelisted domains
✓ Test file uploads
✓ Check base-uri
✓ Check object-src
✓ Look for unsafe-inline/eval

One hit from this list = potential critical XSS.

This is just the beginning.

Part 2: Advanced nonce exploitation, AngularJS escapes, service workers

Part 3: DOM clobbering, mutation XSS, scriptless attacks

Full guide + testing checklist:
https://medium.com/@Aacle/a-bug-hunters-guide-to-csp-bypasses-part-1-69b606fd2699