Hossein NafisiAsl Profile picture
May 16 β€’ 8 tweets β€’ 3 min read
#Secret3
6 Questions that Guarantee your Bounty 😈

#bugbountytipsπŸ‘‡πŸ»πŸ§΅
1/
How does the app pass data?

parameter or path?
2/
How/Where does app Talk about users?

Cookie or API Calls?

uid or username or email or uuid?
3/
Does site have multiple user levels?

admin, user, viewer, etc...
4/
Has there been past vulns?
5/
How does the app handle?

xss? csrf? code injection?
6/
Does site have unique threat model?
#Secret3
6 Questions that Guarantee your Bounty 😈
github.com/NafisiAslH/Kno…

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Hossein NafisiAsl

Hossein NafisiAsl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @MeAsHacker_HNA

May 17
How I get RCE via Dependency Confusion πŸ’Ž

#bugbountytips πŸ§΅πŸ‘‡πŸ»
1/ Introduction πŸ“–

Dependency Confusion occurs when software installer script is tricked into pulling malicious code file from public repository.

How I found this bug?
2/ Recon πŸ”¦

1⃣ I started with some Shodan recon and I found a IP that belongs to TARGET.

2⃣ Using directory brute forcing tools like Dirsearch and FFUF, I found a package.json file contained all the packages which was installed in the server.
URL: /ui/package.json ImageImage
Read 7 tweets
May 12
How We hacked Admin Panel just by JS file:
(step by step)
#bugbounty #bugbountytips

πŸ§΅πŸ‘‡πŸ»
1/ Introduction πŸ“–

Team gave mobile app and website.

We didn’t waste of time on mobile app and decided to work on website.

We just tried to find Admin Panel because main domain was just a single page to download the app.
2/ Subdomain Enumeration πŸ”Ž

After brute forcing the subdomains we found that website had a subdomain like that admin.target.com

When we visited the subdomain we just got that Login Portal
Read 8 tweets
May 11
Have you ever get bounty by using default credentials?
Read this thread πŸ”₯

#bugbountytips
πŸ§΅πŸ‘‡πŸ»
You need to have a special word list for each vendor.

This thread has most known vendors default credentials that gathered from several sources.

Default Credentials for Apache Tomcat:
2/
Default Credentials for Cisco
Read 8 tweets
Mar 16
#Secret2
Bug Bounty with One-Line Bash ScriptsπŸ’΅πŸ˜Ž

You can mention your favorite script. I will add them to this thread.
#BugBounty #BugBountyTip
#100BugBountySecrets
πŸ§΅πŸ‘‡πŸ»
1/ #Secret2

🎯 Hunt #XSS:
πŸ‘‰πŸ» cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
πŸ‘‰πŸ» cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"

#BugBounty #BugBountyTip
#100BugBountySecrets
πŸ§΅πŸ‘‡πŸ»
2/ #Secret2

🎯 Hunt #SQLi:
πŸ‘‰πŸ»httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'

#BugBounty #BugBountyTip
#100BugBountySecrets
πŸ§΅πŸ‘‡πŸ»
Read 13 tweets
Mar 9
1/

R3C0Nizer is the first ever CLI based menu-driven automated web application B-Tier recon framework ...
github.com/Anon-Artist/R3…

#Recon #BugBounty
#100BugBountySecrets
πŸ§΅πŸ‘‡
2/

scant3r is a module-based web security tool, our goal is to make customizable tool with providing many functions and features that what you need for write a security module....
github.com/knassar702/sca…

#Recon #BugBounty
#100BugBountySecrets
πŸ§΅πŸ‘‡
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(