Discover and read the best of Twitter Threads about #bugbounty

Most recents (24)

Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
You cannot be an expert hacker in everything. #cybersecurity is a vast field.

Let's say you wear an offensive hat. This is a vast field in itself.

Choose one topic, say "application security" (I'm also into this).

Here’s my best approach to skill-up fast:

1. Read write-ups from @PentesterLand on that specific topic (say "authentication bypass")

Go to: and search for "bypass"
2. Practice on @RealTryHackMe

Go to:… and search for "bypass"
Read 7 tweets
Bypass Linux Shell Restrictions { v1 }
#bugbounty #Infosec #pentest

Look the thread 🧵Below :👇
🏹Common Limitations Bypasses
#bugbounty #infosec

• Reverse Shell : 👇

• Short Rev shell : 👇 ImageImage
• Bypass Paths and forbidden words :🖼👇

• Bypass forbidden spaces : 🖼👇

• Bypass backslash and slash :🖼👇

• Bypass pipes : ↙

bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==) ImageImageImage
Read 3 tweets
OAuth 2.0 Explained ! 📌v2
#bugbounty #infosec

Difficulty : Beginner & Intermediate

Read Thread🧵:👇
⭕ Weak redirect_uri

1. Alter the redirect_uri URL with TLD ->

2. Finish OAuth flow and check if you're redirected to the TLD, then is vulnerable

3. Check your redirect is not to Referer header or other param [See ->🖼:👇]

⭕Path traversal :
https: //

⭕HTML Injection and stealing tokens via referer header.

• Check referer header in the requests for sensitive info

Read 9 tweets
OAuth 2.0 Explained ! 📌v1
#bugbounty #Infosec

Difficulty : Beginners

See Thread 🧵:👇
When OAuth 2.0 is in Work :
#bugbounty #Infosec

• YourWeb tried integrate with Twitter.
• YourWeb request to Twitter if you authorize.
• Prompt with a consent.
• Once accepted Twitter send request redirect_uri with code and state.
• YourWeb take code and it's own client_id and client_secret and ask server for access_token.
• YourWeb call Twitter API with access_token.

Some Definitions Explained : 🖼:👇
#bugbounty #infosec
Read 4 tweets
⭐ Broken Authentication And Session Management.
#bugbounty #Infosec

Step by Step Explanation

See 🧵:
📌Old Session Does Not Expire After Password Change :

Steps🖼 :👇
📌Session Hijacking (Intended Behavior)
#bugbounty #infosec

Impact: If attacker get cookies of victim it will leads to account takeover.

Steps :👇
Read 10 tweets
⭐️New day, New Thread!⭐️
Recently Across bridge Announced their #Airdrop🚀!
Congratulations to those who are eligible and don’t worry if you are not.

Today we are talking about @wormholecrypto Bridge and possible #Airdrop.
#Bitcoin #Cryptobridge #Airdrop
🤔What is @wormholecrypto?
✅A wormhole is an interoperability protocol powering the seamless transfer of value and information across 18 high-value chains with just one integration. The wormhole is not only a bridge, moreover, but it’s also a blockchain.
🔥Recently @wormholecrypto Performed AMA on Binance lives with @Moonbeamnetwork.
The project is being built strongly day by day so better to be an early user.
There is no doubt if everything went good, then @wormholecrypto will surely deploy their native token.🔥
Read 10 tweets
Hidden API Functionality Exposure
#bugbounty #infosec

Credit : @N3T_hunt3r

Application programming interfaces (APIs) have become a critical part of almost every business.

APIs are responsible for transferring information between systems within a company or to external companies.

For example, 🧵:👇
when you log in to a website like Google or Facebook, an API processes your login credentials to verify they are correct.

• Swagger UI Documentation
• Dictionary Attack | Brute force
• Common wordlist for API Enum:



Read 4 tweets
Account Takeover Methodology
#bugbounty #infosec

📌Chaining Session Hijacking with XSS
#bugbounty #Infosec

My Bugbounty Tips Group Link : 👇…

📌No Rate Limit On Login With Weak Password Policy

So if you find that target have weak password policy, try to go for no rate limit attacks in poc shows by creating very weak password of your account.

(May or may not be accepted)

Read 8 tweets
Cybersecurity Certifications

A thread.


#bugbounty #hacking #infosec #cybersecurity Image
⭐ In this thread, I am not going to debate whether certifications are required to showcase your skill and get a job. You like it or not, certifications do add value to your resume.

That being said, I'm going to uncover top certifications with pricing based on difficulty.
1️⃣ Beginners

1. eJPT - eLearnSecurity / $200
2. eWPT - eLearnSecurity / $200
3. Pentest+ - Comptia / $397

❓CEH-Practical - EC-Council
Read 9 tweets
Testing for IDOR ( Manual-Method )
#bubgounty #infosec

🧵(1/n) :👇
➡ Base Steps :

1. Create two accounts if possible or else enumerate users first.
2. Check if the endpoint is private or public and does it contains any kind of id param.
3. Try changing the param value to some other user and see if does anything to their account.

🧵(2/n) :👇
➡ Testcase 1: Add IDs to requests that don’t have them

GET /api/MyPictureList → /api/MyPictureList?user_id=<other_user_id>

Pro tip: You can find parameter names to try by deleting or editing other objects and seeing the parameter names used.

🧵(3/n) :👇
Read 14 tweets
8 golden platforms where you can begin your Cybersecurity journey

#bugbounty #hacking #infosec #cybersecurity
1. @PortSwigger Web Academy
2. @PentesterLab

Highly recommended for Bug Bounties and Pentesting.
3. @RealTryHackMe
4. @hackthebox_eu

CTFs and Hands-on Learning.
Read 7 tweets
Blind XSS and More techniques!

#bugbounty #bugbountytips #cybersecurity
• Blind XSS-> Type of stored XSS. (Payload gets stored on a web page)

• Where do you find them? - In places you cannot access.
> An admin panel
> A log history restricted to admins
> A feedback form that goes straight to the admin
> A chat bot message to the support team
• Where do you put the payloads?
> In headers (eg: in Referer and User-Agent headers while filling forms)
> Put the payload in your username and self-report yourself ;)

• But how will you know if the payload actually fires?
> XSShunter!
Read 5 tweets
10 Tips to Review Code
#bugbounty #infosec #hacking

1.Important functions first
2.Follow user input
3.Hardcoded secrets and credentials
4.Use of dangerous functions and outdated dependencies

5.Developer comments, hidden debug functionalities, configuration files, and the .git directory
6.Hidden paths, deprecated endpoints, and endpoints in development
7.Weak cryptography or hashing algorithms

More 🧵:👇
8.Missing security checks on user input and regex strength
9.Missing cookie flags
10.Unexpected behavior, conditionals, unnecessarily complex and verbose functions
Read 4 tweets
Web Cache Poisoning 🖥 [ Part - 1 ]
#bugbounty #infosec

Thread -🧵:👇
🏹Intro :
The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.

🏹How to exploit -🧵:👇
➡ Basic poisoning
. . .

X-Forwarded-Host: evil. com

The response body is

<img href="" />

When you put Input as XSS payload

X-Forwarded-Host: a.\"><script>alert(1)</script>

Response body is :
<img href="https://a.\"><script>alert(1)</script>a.png" />
Read 6 tweets
2FA Bypass Techniques :)

#bugbounty #bugbountytips #cybersecurity
1. Response Manipulation: In response, if "success":false Change it to "success":true

2. Status Code Manipulation: If Status Code is 4xx Try to change it to 200 OK and see if it bypass restrictions
3. 2FA Code Leakage in Response: Check the response of the 2FA Code Triggering Request to see if the code is leaked

4. JS File Analysis: Rare but some JS Files may contain some information about the 2FA Code

5. 2FA Code Reusability: Same code can be reused
Read 6 tweets
12 Pentest Tools✨
#bugbounty #Infosec #hacking

A collection of custom security tools
for quick needs.

⬇⬇⬇ Version - 1 ⬇⬇⬇

See 🧵: 🔽
Converts IP address in arpa format to classical format.
Performs host command on a given hosts list using parallel to make it fast.

🧵: 🔽
• codeshare.php
Performs a string search on
Test CORS issue on a given list of hosts.

🧵: 🔽
Read 8 tweets
Day 0⃣8⃣/2⃣0⃣ -- [Hacking File Upload Functionality]
➡️ Hitting P1's - RCE, SQL Injection, SSRF, Stored XSS, LFI, XXE, IDOR e.t.c
➡️ ➰ Below some of the best Tips & References (Feel Free To Share)🧵🧵👇👇
File Upload Vulnerabilities Checklist…
Exif Data Not Stripped From Uploaded Images…
Read 25 tweets
🌱BugBounty Tips v1 🔥🌵
#bugbounty #infosec

• If you're testing for XSS on a site with a CSP, use burp's find+replace on the CSP reporting uri to point to a burp collaborator instance so you don't have to monitor dev tools for csp exceptions.

• Search for hidden (and visible) input fields and try to set the value via GET. A lot of Webapps still use $_REQUEST. You will be surprised. If you have a
reflected value -> check of html/script injection.
Read 7 tweets
Tips on cybersecurity job hunting.


#hacking #infosec #bugbounty #cybersecurity
1️⃣ Certifications.

You can either be extremely skilled (mostly pentester) and showcase your public profile (HOFs, bounties) or the other way is certificates.

EOD, you have to prove your worth and let the employer know you are qualified for the job.
2️⃣ Resume

One pager.

Strictly have a one pager resume, which is not cobbled with info but neat and crisp. Highlight your most important talking points.

Tip: Use numbers wherever possible.
For example: Reported XXX bugs overall with AB.CD% accuracy.
Read 7 tweets
6 Account takeover tips🌵
#bugbounty #infosec

➡ Use intruder to send many reset links/token to your email in a short amount of time and compare the links/tokens.

If only a few digits are different you can brute force them. After you can do the same with 2 different emails
➡ HTTP Parameter Pollution
When requesting a password reset link:

When resetting password:
Read 8 tweets
✨Top 12 Hash Cracking Website
#bugbounty #infosec

1• https ://
2• http ://
3• https ://
4• https ://
5• https ://
6• https ://

🧵:👇 Top 12 Hash Cracking Website
7• https ://
8• https ://
9• http ://
10• https ://
11• https ://
12• https ://

#bugbounty #infosec #hashcracking
Thanks You For Reading This Thread 🧵on :
Top 12 Online Hash Cracking Websites

If you want :
Join My Bug Bounty Tips Group :…

#bugbounty #infosec
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!