This is a call to the world: protect the Kurds, secure a decentralized future for them in Syria, and stop legitimizing violence as “stability.”
Stand with the Kurds now, before ISIS and chaos rise again from the ruins.
🔰 Find related domains via favicon hash 🔰
By @m4ll0k2
🧾 Did you know that we can find related domains and sub domains to our target by looking for the same favicon icon hash? This is exactly what https://t.co/FBKULdKDxi tool made by @m4ll0k2 does. Here’s how to use it:
cat my_targets.txt | xargs -I %% bash -c 'echo "http://%%/favicon.ico"' > targets.txt
python3 https://t.co/FBKULdKDxi -f https://target/favicon.ico -t targets.txt -s
Simply said, favihash will allow us to discover domains that have the same favicon icon hash as our target. Grab the tool from here:
https://t.co/P7hTK8IvjI
#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp
1. Find CIDR
2. Load Burp with CIDR in scope
3. Masscan CIDR
4. Resolve IP's
5. Open them all in Firefox with Openlist
6. Spider grep and win $$$
#bugbountytips
i was recently able to bypass access controls by appending a url-encoded hash sign, resulting in an idor w/ pii disclosure
/api/v2/user/123 —> 403
/api/v2/user/123%23 —> 200
it may be worth appending %00-%ff to see if the logic or regex in use can be terminated
#bugbountytips
⚠️Important notice: 📢
We've noticed that an account has recently been created on a hacking forum using our name.
Obviously, any activities conducted by this account are not attributable to us at Hackmanac.
Hackmanac Team
I have VPS, laptop, and good methodology to find bugs.
But i don't have wild card scope. whenever i try to hunt i had just 20 or 40 subdomains even its has CDN I had try to find origin IPs but i couldn't. Where can i hunt please suggest me? 🙏🏻🙏🏻