Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Lohitaksh Nandan Profile picture
@NandanLohitaksh
May 2 7 tweets 13 min read Twitter logo Read on Twitter
Complete Bug Bounty tool List :)

dnscan github.com/rbsec/dnscan

Knockpy github.com/guelfoweb/knock

Sublist3r github.com/aboul3la/Subli…

massdns github.com/blechschmidt/m…

nmap nmap.org

masscan github.com/robertdavidgra…

#bugbounty #bugbountytips #cybersecurity #hacking
EyeWitness github.com/ChrisTruncer/E…

DirBuster sourceforge.net/projects/dirbu…

dirsearch github.com/maurosoria/dir…

Gitrob github.com/michenriksen/g…

git-secrets github.com/awslabs/git-se…

sandcastle github.com/yasinS/sandcas…

bucket_finder digi.ninja/projects/bucke…
GoogD0rker github.com/ZephrFish/Goog…

Wayback Machine web.archive.org

waybackurls gist.github.com/mhmdiaa/adf6bf…

Sn1per github.com/1N3/Sn1per/

XRay github.com/evilsocket/xray

wfuzz github.com/xmendez/wfuzz/

patator github.com/lanjelot/patat…

datasploit github.com/DataSploit/dat…
hydra github.com/vanhauser-thc/…

changeme github.com/ztgrace/change…

MobSF github.com/MobSF/Mobile-S…

Apktool github.com/iBotPeaches/Ap…

dex2jar sourceforge.net/projects/dex2j…

sqlmap sqlmap.org

oxml_xxe github.com/BuffaloWill/ox…

XXE Injector github.com/enjoiz/XXEinje…
The JSON Web Token Toolkit github.com/ticarpi/jwt_to…

ground-control github.com/jobertabma/gro…

ssrfDetector github.com/JacobReynolds/…

LFISuit github.com/D35m0nd142/LFI…

GitTools github.com/internetwache/…

dvcs-ripper github.com/kost/dvcs-ripp…

tko-subs github.com/anshumanbh/tko…
HostileSubBruteforcer github.com/nahamsec/Hosti…

Race the Web github.com/insp3ctre/race…

ysoserial github.com/GoSecure/ysose…

PHPGGC github.com/ambionics/phpg…

CORStest github.com/RUB-NDS/CORSte…

Retire-js github.com/RetireJS/retir…

getsploit github.com/vulnersCom/get…
Findsploit github.com/1N3/Findsploit

bfac github.com/mazen160/bfac

WPScan wpscan.org

CMSMap github.com/Dionach/CMSmap

Amass github.com/OWASP/Amass

Extra Tools
projectdiscovery.io

Enjoy :)
#bugbounty #bugbountytips #bugbountytip #cybersecurity #infosec #hacking

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lohitaksh Nandan

Lohitaksh Nandan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NandanLohitaksh

Lohitaksh Nandan Profile picture
Jan 31
18 Threat Hunting and OSINT Tools 🔥

1. shodan.io - Search for devices connected to the internet and their vulnerabilities
2. prowl.lupovis.io - Free IP search & identifications of IoC and IoA

#cybersecurity #infosec #hacking #OSINT
3. intelx.io - Search engine for data archives.
4. netlas.io - Search and monitor devices connected to the internet
5. urlscan.io - Scan a website incoming and outgoing links and assets
6. fullhunt.io - Identify an attack surface
7. zoomeye.org - Cyberspace search engine, users can search for network devices
8. leakix.net - Identify public data leaks
9. greynoise.io - Search for devices connected to the internet.
Read 6 tweets
Lohitaksh Nandan Profile picture
Jan 24
10 Ways to Bypass CSRF Defense Mechanism

A Thread 🧵
#bugbounty #bugbountytips #cybersecurity
1. Change GET request to POST request, and vice versa.

2. Remove the CSRF token and send the request and check whether the application is accepting the request without the token.And also send empty parameter and check.
3. Change some part of the token and check, First part of the token is static(same for all users), second part is dynamic(different for all users) for some applications, Use random value in dynamic part.
Read 7 tweets
Lohitaksh Nandan Profile picture
Jan 14
Interested in learning iOS Penetration Testing?
Here is how you can start 👇🧵

#bugbounty #bugbountytips #cybersecurity #hacking
Requirements:
- Mac (Intel/M1/M2) Or Mobexler virtual machine (Apple proprietary tools not available)
- Jailbroken iPhone Or Corellium virtual iOS device
Starting iOS App Pentest:
- Reverse engineer the IPA to check for hardcoded secrets, sensitive info etc. (Book Ref: amazon.com/Mobile-App-Rev…)
- Run MobSF static analysis, review the findings and manually validate the interesting points
Read 6 tweets
Lohitaksh Nandan Profile picture
Jan 13
What is a Blockchain?

It's a growing list of records (blocks)

The Blocks are linked together using cryptography.

It's described as a data storage:
- trustless
- fully decentralized
- peer-to-peer
- immutable

It's spread over a network of participants (nodes)

#blockchain
· Blocks

They contain:
- a cryptographic hash of the previous one.
- a timestamp + transaction data.

The timestamp proves that the transaction data existed when the block was published in order to get into its hash.

The blocks form a chain (hence the name).
· Resistance to modification

The recorded data in a block cannot be altered without altering all subsequent blocks

They are ban be managed by a p2p network for use as a publicly distributed ledger

Nodes adhere to a protocol to communicate/validate new blocks.
Read 9 tweets
Lohitaksh Nandan Profile picture
Jan 6
WANT TO LAND YOUR FIRST CYBERSECURITY JOB...??

#cybersecurity #infosec #bugbounty #hacking
1. BUILD THE FOUNDATION

Make sure you have a strong
foundation of knowledge and
skills. As a beginner focus on
improving your knowledge day
today and stay up-to-date on the
latest attacks, trends, and technologies in this field.
2. NETWORKING

Networking is a key to every
domain of IT. Attend industry
events, and connect with other
cybersecurity professionals to
build your network and maintain
a good contact.
Read 6 tweets
Lohitaksh Nandan Profile picture
Dec 21, 2022
If you're starting out and your choice is Pentester/Red Teamer, here is another plan for you 👇🧵

#cybersecurity #infosec #hacking
- Do Penetration student course from @ine or Practical Ethical Hacking course from @TCMSecurity
- Learn OWASP top 10
- Go through the Web Security Academy from @PortSwigger (Burp Suite is one of the main tools for Web Pentest and it has a community edition)
- Practice your knowledge using vulnerable apps, like Webgoat, Juice Shop, @hackthebox_eu, @RealTryHackMe, @VulnHub and others. There are so many
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(