Share this page!

Lohitaksh Nandan Profile picture
Twitter logo
Nov 16 5 tweets 3 min read
Hacking resources that are free but are worth thousands:

#bugbounty #cybersecurity #infosec #hacking
Web Security Academy from @PortSwigger

After years of pentesting, I still come back to exercises in these labs on a regular basis for reference.

portswigger.net/web-security
All courses from @OpenSecTraining, especially the ones on x86_64 ASM and OS internals. I have used these quite a lot while learning xdev/RE.

opensecuritytraining.info/About.html
Exploit development courses from @pwncollege

Want to learn exploit development in an easily accessible and challenging way? Brush up on your C and ASM and start here. You can even host it yourself.

pwn.college
Join here to get more stuffs and resources on Tech & Cybersecurity 👇🏻
telegram.me/h4ckerinthehou…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lohitaksh Nandan

Lohitaksh Nandan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NandanLohitaksh

Lohitaksh Nandan Profile picture
Nov 14
30 Search Engines for Cybersecurity Researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.

#cybersecurity #infosec #bugbounty
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
13. FullHunt—Search and discovery attack surfaces.
14. AlienVault—Extensive threat intelligence feed.
12. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
Read 8 tweets
Lohitaksh Nandan Profile picture
Nov 14
17 platforms where you can begin cybersecurity:

1. HackXpert - Free labs and training.
2. TryHackMe - Hands-on exercises and labs.
3. CyberSecLabs - High quality training labs.
4. Cybrary - Videos, labs, and practice exams.

#cybersecurity #infosec #hacking #bugbounty
5. LetsDefend - Blue team training platform.
6. Root Me - Over 400 cybersecurity challenges.
7. RangeForce - Interactive and hands-on platform.
8. Certified Secure - Loads of different challenges.
9. Vuln Machines - Real world scenarios to practice.
10. Try2Hack - Play a game based on the real attacks.
11. TCM Security - Entry level courses for cybersecurity.
12. EchoCTF - Train your offensive and defensive skills.
13. Hack The Box - Cybersecurity training platform.
Read 5 tweets
Lohitaksh Nandan Profile picture
Nov 13
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
Lohitaksh Nandan Profile picture
Nov 10
Websites/Platforms to learn to hack... :)

→ Hackthebox
→ Hacxpert
→ Tryhackme
→ Pentester Lab
→ Vulnhub
→ Cybrary
→ CybersecLabs
→ Root Me
→ OverTheWire
→ Vulnmachines
→ RangeForce
→ certifiedsecure
→ EchoCTF
→ Try2Hack

#cybersecurity #infosec #hacking
🌐Web Exploitation
→ Hackxpert
→ Portswigger Web Security Academy
→ Bug Bounty Hunter
→ Pentester Lab
application.security
→ OWASP Juice Shop
→ OWASP WebGoat
→ bWAPP
→ OWASP Broken Web Application
🏁CTF Based Learning
→ CTFTime
→ PicoCTF
→ 247CTF
→ Hackthissite
→ WeChall
→ W3challs
→ Hacker101
→ IO wargame
Read 8 tweets
Lohitaksh Nandan Profile picture
Nov 9
FREE LABS TO TEST YOUR PENTEST/CTF SKILLS :-)

Retweet this to let others know :)

#cybersecurity #infosec #hacking #bugbounty
Academy Hackaflag BR - hackaflag.com.br
Attack-Defense - attackdefense.com
Alert to win - alf.nu/alert1
CTF Komodo Security - ctf.komodosec.com
CMD Challenge - cmdchallenge.com
Explotation Education - exploit.education
Google CTF - lnkd.in/e46drbz8
HackTheBox - hackthebox.com
Hackthis - hackthis.co.uk
Hacksplaining - lnkd.in/eAB5CSTA
Hacker101 - ctf.hacker101.com
Hacker Security - lnkd.in/ex7R-C-e
Hacking-Lab - hacking-lab.com
Read 8 tweets
Lohitaksh Nandan Profile picture
Nov 8
Recon Tools for Web Application Pentesting... :)

A Thread 🧵

#bugbounty #bugbountytips #cybersecurity
Proxy

- burpsuite
- zap proxy

Subdomain

- subfinder
- assetfinder
- amass
- sublist3r
- dig
- chaos (chaos.projectdiscovery.io)

Webspidering

- gospider
- gau
- linkfinder
- waybackurls
- hakrawler
- paramspider

Directory/fuzzing

- ffuf
- wfuzz
- gobuster
- dirbuster
Fingerprinting

- wappalyzer
- builtwith
- netcraft
- whatweb
- wafw0f

Vulnerability

- nuclei
- wpscan
- nikto

Email

- mxtoolbox
- emkei
- anonymailer
- thunderbird

Exploit

- searchsploit
- exploitdb

Sensitive data

- trufflehog
- gitsecrets
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(