If you found any #swagger public document on your target, make sure you are testing API endpoints, there's can be some endpoints which accessible without any authentication.
#bugbountytips#BugBounty
Not a major update, but hereโs a quick improvement ๐ . Iโve simplified the process for enhancing Nightingale. If youโd like to request the addition of a new tool for the next stable release, you can now submit a request directly via GitHub. ๐งต
๐จ Keeping debug mode enabled can expose sensitive info in the web app's stack trace like database credentials, file paths, and more.
I have made a list of few common errors that can be searched through Google Dorking using error title. #WebSecurity#BugBounty#CyberSecurity
Burp Ex
403 Bypasser
5GC API Parser
Active Scan++
Backslash Powered Scanner
CO2
IP Rotate
J2EEScan
JS Link Finder
JS Miner
Logger++
Log Viewer
GAP
Distribute Damage
IIS Tilde
Look Over There
Param Miner
Software Vulnerability Scanner
SAML Raider
Autorize
Encode IP
Asset Discovery