Share this page!

Maybe Scrolly?
Abhishek Meena Profile picture
Twitter logo
Nov 14 7 tweets 6 min read
Bug Bounty automation script v1

#bugbounty #bugbountytip #infosec

See 🧵: 👇
Search to files using assetfinder and ffuf : [Check IMG 👇]

—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————

#bugbounty #bugbountytip #infosec
HTTPX using new mode location and injection XSS using qsreplace.

#bugbounty #bugbountytip #infosec
Search JS using assetfinder, rush and hakrawler.

#bugbounty #bugbountytip #infosec
Assetfinder to run massdns.

#bugbounty #bugbountytip #infosec
Using to findomain to SQLINJECTION.

#bugbounty #bugbountytip #infosec
Jaeles scan to bugbounty targets.

#bugbounty #bugbountytip #infosec

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena

Abhishek Meena Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Aacle_

Abhishek Meena Profile picture
Nov 15
Recon Everything v1

#bugbounty #infosec #bugbountytips

• Bug Bounty Hunting Tip #1- Always read the Source Code

How To Approach a Target - Thread🧵:👇
Approach a Target (Lot of this section is taken from
Jason Haddix and portswigger blog)

• Ideally you wants to choose a program that has a wide scope. You’re also going to be wanting to look for a bounty program that has wider range of vulnerabilities within scope.
• Mining information about the domains, email servers and social network connections.

—————————
I've opened My Bug Bounty tips Group =>
Join Link : t.me/bugbountyresou…
—————————

Continue Your Read👇
Read 10 tweets
Abhishek Meena Profile picture
Nov 15
Cryptography For Beginner Part - 1

#bugbounty #Infosec

Thread 🧵:👇
Join My Bugbounty Tips Group : t.me/bugbountyresou…

&

Continue Your Read🧵:👇
➡ What is cryptography?

Cryptography is a collection of techniques for :

• Concealing data transmitted over insecure channels
• Validating message integrity and authenticity Image
Read 13 tweets
Abhishek Meena Profile picture
Nov 14
✨Most Valuable IDOR Tools & Resources✨

It occur when application provides direct access to objects based on user-supplied input. Attackers can bypass authorization and access resources in the system directly

#bugbounty #infosec

All Resources 👇
Burp Extensions

Authz - portswigger.net/bappstore/4316…

AuthMatrix -portswigger.net/bappstore/30d8…

Autorize -
portswigger.net/bappstore/f9bb…

#bugbounty #Infosec
Resources 👇
#bugbounty #infosec

Portswigger - portswigger.net/web-security/a…

MindMap - github.com/blaCCkHatHacEE…

Find IDOR -
github.com/blaCCkHatHacEE…

How critical is IDOR vulnerability? -
ninadmathpati.com/2019/05/16/how…

Medium Article -
1. vickieli.medium.com/how-to-find-mo…

1. medium.com/cyberverse/aut…
Read 4 tweets
Abhishek Meena Profile picture
Nov 8
IDOR Exploitation #bugbounty #infosec

Include : 🔽

➡ Basics
➡ Bypass

🧵(1/n) :👇
➡ IDOR Basics : #bugbounty #infosec

Check for valuable words:
{regex + perm} id
{regex + perm} user
{regex + perm} account
{regex + perm} number
{regex + perm} order
{regex + perm} no
{regex + perm} doc

🧵: 👇
{regex + perm} key
{regex + perm} email
{regex + perm} group
{regex + perm} profile
{regex + perm} edit

🧵: 👇
Read 11 tweets
Abhishek Meena Profile picture
Nov 8
Code Review Security Tips #bugbounty #infosec

# Tips

1.Important functions first

2.Follow user input

3.Hardcoded secrets and credentials

4.Use of dangerous functions and outdated dependencies

🧵(1/3) :👇 Code Review Security Tips
5.Developer comments, hidden debug functionalities, configuration files, and the .git directory

6.Hidden paths, deprecated endpoints, and endpoints in development

7.Weak cryptography or hashing algorithms

8.Missing security checks on user input and regex strength

🧵(2/3) :👇
9.Missing cookie flags

10.Unexpected behavior, conditionals, unnecessarily complex and verbose functions

. . .END. . .

Hope you like this Thread🧵 on : Code Review
#bugbounty #infosec #bugbountytips

Follow me For more
Read 4 tweets
Abhishek Meena Profile picture
Nov 8
Denial of Service (DOS) Attack Tips

Intro : Denial of Service is a type of attack on a service that disrupts its normal function and prevents other users from accessing it

Where to find
This vulnerability can appear in all features of the application.

How to exploit🧵(1/n) :👇
🏹Cookie bomb #bugbounty #infosec #DOS
. . .
https:// target.com/index.php?para…

After input "xxxxxxxxxxxxxx" as a value of param1, check your cookies. If there is cookies the value is "xxxxxxxxxxxxxxxxxxxxxx" it means the website is vulnerable
🏹Try input a very long payload to form. For example using very long password or using very long email
. . .

POST /register HTTP/1.1
Host: target.com

username=victim&password=aaaaaaaaaaaaaaa

#bugbounty #infosec #DOS
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(