Big noob | id - bugkillerAK |
Break security for improving their privacy |
Bug bounty hunter | Learning Cyber Security |
Trust Yourself forget the world
Google Dorking is a powerful technique that uses advanced search operators to uncover hidden assets.
This resource makes it easy to explore:
https://t.co/fN0Qiz2pQs
#CyberSecurity#OSINT#InfoSec#GoogleDorking
When I started bug hunting, I went from $0 to $3K/month in just 6 months.
No secrets, no shortcuts, just a refined process.
Here is the exact framework I followed: 🧵
Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets.
https://t.co/2ttRurgoPh
The tool helps find endpoints, files, internal emails, and some secrets from minified JS.
Its goal is to achieve maximum efficiency with reduced noise in results. Contributions and feedbacks are welcome.
🚨 Other New Findings Using Secret Hunter! 🚨
Today, using my tool Secret Hunter, I was able to discover:
- 🔴 A PII Exposure vulnerability inside a public .js file
This proves again that Secret Hunter is not just a secret finder —
🔥 It also helps with recon and uncovering hidden & impactful vulnerabilities!
---
🎯 Secret Hunter is currently on SALE for just $16/month
⏳ The price will increase soon — don’t miss out!
📢 Join my Telegram channel for more findings, exclusive offers & tips:
➡️ https://t.co/Otm27phCov
📩 Contact me to get your copy:
➡️ https://t.co/V9JswzWb3M
Keep Hacking 🔍✨
#bugbounty
#hacking
#hackers
#secrethunter_by_kassem_s94
#recon
Web App Hacking: Finding Web App Vulnerabilities with Caido Scanner
Caido just became a serious Burp killer.
Scanner plugin auto-detects vulns as you browse + launches targeted attacks on suspicious endpoints:
https://t.co/wkiXeRK5CU
💰 €500 Bounty Earned thanks to Secret-Hunter! 🚀
A few days ago, my tool helped me discover a Critical (9.1) vulnerability 🔥
🐞 Using the “API PATH” tag inside Secret-Hunter (which extracts endpoints)
⚡ I chained the exposed endpoint with a response manipulation trick
➡️ Result: Full access to the Admin API Dashboard 😎
So yes… Secret-Hunter isn’t just a secret finder 👀
It’s a string-based recon powerhouse that reveals:
🔹 Endpoints (API PATHs)
🔹 Secrets
🔹 Sensitive parameters & more…
Leading to high-impact, money-making bugs 💸
Wanna hunt bugs that PAY?
DM for Subs.👉
📩 https://t.co/tCZ14Ob0fS
Join our tools anf tips community💁♂️:
https://t.co/Otm27phCov
#bugbounty
#bugbountytips
#bughunting
#bughunter
#hackers
#hacking
#bugbountytools
#secret_hunter_by_kassem_s94
Need to quickly map a target's tech stack? 👀
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
API Pentesting Series — Part 7
Before you attack APIs, you need a solid lab.
This part covers:
• Tooling (Burp, DevTools, Postman)
• Discovery tools (Kiterunner, Nikto)
• Docker-based vulnerable APIs
• Full environment setup
Notion Notes 🔗: https://t.co/lRzuMynq1b
DAY 15/365
- I just finished a brilliant write-up on the https://t.co/9uSh5ORkZt hack by @samwcyo; i learned a ton from it; when i read the line "Jackpot, full arbitrary account takeover of any https://t.co/9uSh5ORkZt user !", i actually screamed with excitement like i'd discovered it myself, haha... seriously, it's a good read; https://t.co/gCSo0wvX8b.
- I also looked into a great walkthrough on finding secrets in JS files https://t.co/yBKYteAWx2
- And don't miss this intigriti blog about pentesting plugin/addon ecosystems. https://t.co/7AxzHCeQ31
Looking into a potential SSRF or OR but the server checks against a URL whitelist?
Try the backslash trick! Due to a difference in URL specifications, some parsers will treat '\' the same as '/', while others will not.
Here's an example payload: https://<attacker-url>\@<whitelisted-url>/
You can also use https://t.co/7z6RltBswM to find potential new vectors 🥷
Everyone hunts for common bugs… but the real rewards often hide in the underrated ones.
I’ve made a YouTube playlist — “Underrated Vulnerabilities” showing how to find impactful bugs most hackers miss.
Practical. Real. Eye-opening.
Watch here: https://t.co/Y2Kl3h2ist
Just released the Ultimate IDOR Testing Checklist 🧩
I combined techniques from many sources to cover IDOR scenarios.
Know a technique I missed? Drop it in the comments.
Notion:
https://t.co/Sfc0MbrTeX
GitHub:
https://t.co/WrRA6GDodC
#bugbountytips#IDOR#AppSec#InfoSec
Bug Bounty Tool:
jsluice extracts URLs, paths, and secrets from JavaScript using 'syntax trees' so you get context, not noise.
Great for finding hidden endpoints and secrets you would otherwise miss.
https://t.co/XNbMrMdKVr