Share this page!

Maybe Scrolly?
Abhishek Meena Profile picture
Twitter logo
Dec 22 14 tweets 9 min read
Bug Bounty Automation Oneliner Commands
- { V1 }
Find Subdomain - { One-liner }

#bugbounty #infosec
Search Subdomain using Gospider
- { One-liner }

#bugbounty #infosec
find .git/HEAD - { One-liner }

#bugbounty #infosec
Check .git/HEAD - { One-liner }

#bugbounty #Infosec
Find XSS - Single Target - { One-liner }

#bugbounty #infosec
Find XSS - Multiple Target - { One-liner }

#bugbounty #Infosec
Find XSS - { One-liner }

#bugbounty #Infosec
BXSS - Bling XSS in Parameters - { One-liner }

#bugbounty #Infosec
Blind XSS In X-Forwarded-For Header
- { One-liner }

#bugbounty #Infosec
XSS using gf with single target - { One-liner }

#bugbounty #infosec
XSS httpx - { One-liner }

#bugbounty #infosec
XSS from javascript hidden params
- { One-liner }

#bugbounty #Infosec
Thank You 🙏 So Much For Reading This Amazing Thread

Hope You'll Like it

If you want :
====
Join My Bugbounty Tip Group : t.me/bugbountyresou…
====

#bugbounty #bugbountytips

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena

Abhishek Meena Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Aacle_

Abhishek Meena Profile picture
Dec 21
Topic - DNS -> Zone Transfer

A zone transfer is a process of transferring DNS zone data from one DNS server to another.

Zone transfers are typically used to replicate DNS data across multiple servers, and are an important part of the DNS infrastructure.
To perform a zone transfer, you will need to have access to a DNS server that is authorized to perform zone transfers.

This typically requires access to the DNS server's configuration settings, which may require authentication.
Once you have access to a DNS server that is authorized to perform zone transfers, you can use a tool such as a dig command to initiate a zone transfer.

For example, the following command can be used to initiate a zone transfer for the domain example.com : Image
Read 4 tweets
Abhishek Meena Profile picture
Dec 16
Effectively use Shodan to search for and identify specific types of devices and systems on the internet.

#bugbounty #infosec

Some tips on how to use Shodan like a pro :👇
➡️ Use filters to narrow your search: Shodan has a wide range of filters that you can use to narrow your search and find specific types of devices or systems.
• For example, you can use the "os" filter to search for devices running a specific operating system, or the "port" filter to search for devices running a specific service on a particular port.
Read 9 tweets
Abhishek Meena Profile picture
Dec 16
Techniques to bypass WAF :👇
✨ Here are some potential ways to bypass a WAF:

➡️ Encoding: Some WAFs are not able to properly decode encoded data, so encoding your payloads or requests may allow them to bypass the WAF.
➡️ Obfuscation: Obfuscating your payloads or requests may make them less recognizable to the WAF, potentially allowing them to bypass detection.

➡️ Evasion techniques: There are a number of evasion techniques that can be used to bypass WAFs
Read 10 tweets
Abhishek Meena Profile picture
Dec 13
🔰 How to Find XSS Like a Pro

Thread 🧵:👇
✨ To find XSS (Cross-Site Scripting) bugs, you can use combination of manual testing and automated tools.

Some steps you can follow to find XSS:

➡️ identify potential entry points for XSS attacks, such as input fields in web forms, query parameters in URLs, or file uploads.
➡️ Use a web application scanner to test these entry points for XSS vulnerabilities.

These scanners can automatically scan your web application and identify potential vulnerabilities, including XSS.
Read 7 tweets
Abhishek Meena Profile picture
Dec 13
Important tools solving CTF challenges.

#bugbounty #infosec

++Networking
- Wireshark, tshark
- tcpdump
- netcat, telnet
- nmap

++Forensics
- dd
- strings
- scalpel
- TrID
- binwalk

My Bugbounty Tips Group Link :
t.me/bugbountyresou…
=====================

Thread More 🧵:👇
Remaining ++Forensics
- foremost
- ExifTool
- Any hex editor
- DFF
- CAINE
- The Sleuth kit
- Volatility

++Cryptography
- Cryptool
- hashpump
- Sage
- John the Ripper
- hashcat
- Online tools(web)
- Modules for python

#bugbounty #Infosec

More : 👇
++Steganography
- OpenStego
- OutGuess
- Steghide
- StegFS
- pngcheck
- Gimp
- Audacity
- Mp3Stego
- ffmpeg
- Own tools

++Reverse Engeering
- GDB
- IDA Pro
- Immunity Debugger
- OllyDbg
- Radare2
- nm
- objdump

#bugbounty #infosec

More : 👇
Read 4 tweets
Abhishek Meena Profile picture
Dec 12
6 Tips To follow to Review Code for Security Bugs

You Must Read : 👇
⭐ Start by reading the code carefully to get a good understanding of how it works and what it does.
⭐ Look for any potential vulnerabilities, such as input validation, authentication, and access control.

➡️ Pay special attention to any areas of the code that handle sensitive information, such as user passwords or financial data.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(