Nithin R Profile picture
Sep 14 11 tweets 4 min read
I revisited NahamCon 2021 and found the talk by @rez0__ on fuff super informative.

Hence, I decided to write a thread on it for those who don't have time to watch the talk.

"fuff scripts & tricks" - A thread.


#bugbounty #infosec #fuzzing #bugbountytips #cybersecurity
🚔Obey the law

Before we dive into the tips and tricks, remember that fuff is a powerful tool and don't spam it everywhere. Use the -t or -rate flags wherever necessary.
🔊 1. Noise Reduction
👻 2. Virtual Host Fuzzing
⭐ 3. Creative Fuzzing
🆒 4. Other Cool Stuff
👋 I decided to split the entire talk into two threads. This thread covers the tips and tricks and the next thread will cover the scripting part.

Follow me and stay updated for the next thread on the same topic.
❓Before we go, I got a few questions.

1. What is the purpose of using the auto calibrate flag?
2. What is the difference between maxtime and timeout flag?
3. Really didn't understand the fuzz multiple places tip. If you could expand, it'll be helpful.

@rez0__ @ReconOne_bk
📺Want to watch the entire talk instead?

Checkout this link:
🚀 Do you have any other cool/interesting FUFF tips & tricks?

Share them in the comments below.
That's a wrap!

If you enjoyed this thread:

1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Nithin R

Nithin R Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @thebinarybot

Sep 13
Have you heard "Proxy" and "Reverse Proxy" most of the time in this Bug Bounty space but don't know what they are?

Don't worry, I got you covered.

"Proxy Servers - Explained" - Part 6 of the "Understanding the Internet" series.


#bugbounty #infosec #cybersecurity
Before we dive right into proxy servers, I have created a thread on some of the basic terminologies and fundamental knowledge you should know if you are starting out on bug bounty hunting or cybersecurity.

Read the fundamentals here:
🔵 Proxy Server

A forward proxy, also known as a proxy, proxy server, or web proxy, is a server that resides between two or more client PCs.
Read 16 tweets
Sep 12
Roughly 59% of the the mass has shifted to work from home than going to office.

Here are some tips on how you can stay productive working from home.


#productivity #workfromhome
🌍 WFH (Work From Home) eventually means working from coffee shops, parking lots, your car while driving, and basically anywhere you can connect to the internet or converse on your phone.
🐈 Working from home includes all the chaos of your home (pets, family members, children, and kitchen noises).

Self-Discipline, concentration and work ethic are needed to successfully navigate this process.
Read 9 tweets
Sep 11
The easiest P1/P2 afaik is Sensitive Information.

You can mostly find this on Github. Using the correct dorks would result in quick $$$$.

Here's a list of highly efficient Github dorks that I use on a regular basis.


#bugbounty #dorks #github #bugbountytips
💬 Sensitive words

password, api_key, access_key, dbpassword, dbuser, pwd, pwds, aws_access, key, token, credentials, pass, pwd, passwd, private, preprod, appsecret
🗣️ Language

Combine the above sensitive words with some well known languages where they're seen usually.

language:json, bash, shell, java etc.

Example: HEROKU_API_KEY language:json
Read 8 tweets
Sep 7
Different people have different hobbies.

But I feel everybody should have a hobby under different buckets such as creativity, money making etc. that can help you grow while doing what you love.

Read more below 🧵👇

#productivity #growth
1. Hobby to keep you creative

Having a creative activity is essential for increasing brain function, focus, and emotional expression.

Writing, painting, doodling, journaling, stitching, crochet, DIY crafts etc are good hobbies to keep one creative.
2. Hobby to make you money

If you have turned your passion to profession, then it’s a different case but if not, try having a hobby that helps you make some extra money.

Examples for hobbies that can help you earn money are writing, singing, painting, coaching etc.
Read 7 tweets
Sep 6
Before doing a penetration test on a corporation, you must conduct OSINT, or open source intelligence, on the company's in scope assets.

Here's a list of commonly used OSINT tools below.


#OSINT #bugbounty #hacking #pentesting
1. Maltego
2. Mikita
3. SpiderFoot
4. Spyse
5. BuiltWith
6. Intelligence X
Read 7 tweets
Sep 6
Does music affect your productivity?

Learn more below.


#productivity #growth #music
🚀 Music between tasks may increase productivity.

Although listening to music while working may have negative consequences, listening to music in between tasks might improve your mental performance and capacity to concentrate for lengthy periods of time.
🎗️ Music familiarity is best for focus

When we listen to familiar music rather than unknown music, certain parts of our brain that elicit powerful emotions and boost focus become more active.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!