Hossein NafisiAsl Profile picture
Web Security Researcher, ‌Bug Hunter Phd Candidate at Sharif University of Technology Farsi Tweets:@NafisiAslH
Aug 24, 2022 6 tweets 2 min read
From Recon to Getting P1 on TESLA👻👻

Rewarded $2500 💵💵

#bugbountytips 🧵👇🏻 Image 1⃣ Find out target servers IP

🔧Tools: Censys and dnsdumpster ImageImage
Jun 20, 2022 8 tweets 3 min read
Mass Account Takeovers using HTTP Request Smuggling 👻

#bugbountytips 🧵👇🏻 1/ Find Vulnerability🔍

slackb.com was vulnerable to HTTP Request Smuggling.

You can use smuggler to find HTTP Request Smuggling vulnerability.
github.com/defparam/smugg…
Jun 6, 2022 10 tweets 2 min read
#Secret6
8 Awesome 2FA Bypass Techniques 🗝️

#bugbountytips 🧵👇🏻 1⃣ Access Next Endpoint Directly

- Just try to access the next endpoint directly
- If this doesn't work, try to change the Referrer header as if you came from the 2FA page
May 23, 2022 12 tweets 4 min read
20 Top Videos to Master Recon 👑

#bugbountytips 🧵👇🏻 1/

The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix
Aug 2020
May 18, 2022 12 tweets 10 min read
May 17, 2022 7 tweets 3 min read
How I get RCE via Dependency Confusion 💎

#bugbountytips 🧵👇🏻 1/ Introduction 📖

Dependency Confusion occurs when software installer script is tricked into pulling malicious code file from public repository.

How I found this bug?
May 16, 2022 8 tweets 3 min read
#Secret3
6 Questions that Guarantee your Bounty 😈

#bugbountytips👇🏻🧵 1/
How does the app pass data?

parameter or path?
May 12, 2022 8 tweets 4 min read
How We hacked Admin Panel just by JS file:
(step by step)
#bugbounty #bugbountytips

🧵👇🏻 1/ Introduction 📖

Team gave mobile app and website.

We didn’t waste of time on mobile app and decided to work on website.

We just tried to find Admin Panel because main domain was just a single page to download the app.
May 11, 2022 8 tweets 2 min read
Have you ever get bounty by using default credentials?
Read this thread 🔥

#bugbountytips
🧵👇🏻 You need to have a special word list for each vendor.

This thread has most known vendors default credentials that gathered from several sources.

Default Credentials for Apache Tomcat:
Mar 16, 2022 13 tweets 15 min read
#Secret2
Bug Bounty with One-Line Bash Scripts💵😎

You can mention your favorite script. I will add them to this thread.
#BugBounty #BugBountyTip
#100BugBountySecrets
🧵👇🏻 1/ #Secret2

🎯 Hunt #XSS:
👉🏻 cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
👉🏻 cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"

#BugBounty #BugBountyTip
#100BugBountySecrets
🧵👇🏻
Mar 9, 2022 11 tweets 10 min read
#Secret1
Top 10 Automatic Recon Tools

#Recon #BugBounty
#100BugBountySecrets
🧵👇 1/

R3C0Nizer is the first ever CLI based menu-driven automated web application B-Tier recon framework ...
github.com/Anon-Artist/R3…

#Recon #BugBounty
#100BugBountySecrets
🧵👇