The Latest Infosec News, Tools, and Exploits – Got Root?
Google dork queries are essential in any bug bounty hunters tool kit. Using the dorks below you can find sensitive information in an unsecured website’s cloud storage. site:http://drive.google.com “targetweb[.]com” site:http://blob.core.windows.net “targetweb[.]com” site:http://googleapis.com “targetweb[.]com” site:http://s3.amazonaws.com “targetweb[.]com” […]
One place for all the default credentials to assist pentesters during an engagement, this document has several product default login/passwords gathered from multiple sources. P.S : Most of the credentials were extracted from changeme,routersploit and […]
Description The main idea for the tool is scanning for Error Based SQL Injection by using different payloads like And match for 152 error regex patterns for different databases.Source: https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml How does it work? It’s […]
Installation pip sudo pip install userefuzz setup git clone https://github.com/root-tanishq/userefuzz cd userefuzz sudo python3 setup.py install Usage Parsing URLs Parsing a list of URLs $ userefuzz -l <LIST> Parsing a URL $ userefuzz -u <URL> […]
WiGLE (https://wigle.net/) is a worldwide WIFI and cellular network mapping project that relies on data submitted by wardrivers or stumblers. They started in 2001 as an educational effort to outline the many networks without encryption. […]
PowerShell revshells ngrok support Updog support To install Shells Screenshots Youtube video Link Download: https://github.com/4ndr34z/shells
For free updated proxy lists check here: https://skynettools.com/free-proxy-list-websites/ Features Why mubeng? It’s fairly simple, there is no need for additional configuration. mubeng has 2 core functionality: 1. Run proxy server as proxy IP rotation This […]
Find Leaked Credentials In GitHub, GitLab, Filesystems, S3, & Circle CI using TruffleHog. Demo docker run -it -v “$PWD:/pwd” trufflesecurity/trufflehog:latest github –org=trufflesecurity Examples Example 1: Scan a repo for only verified secrets Command: Expected output: […]
Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable and […]
This is a short tutorial to find stored XSS & HTML Injections easily. HTML injections occur when input isn’t sanitized to check or remove code thus, allowing potentially malicious code to execute on a web […]
