Gokul SK @goktest - Twitter Profile

Pinned Tweet

about 3 years ago

Have a look at my FIRST bug bounty write-up regarding the RCE i got recently. Do share if you found it helpful. https://t.co/YBSL6iZH8E #BugBounty #bugbountytips #hackerone

8

108

25

78

11K

Gokul SK @GokTest

9 days ago

@developer_ali15 Strange. The exposure itself is a big thing. Some triagers are really harsh.

0

1

0

118

Gokul SK @GokTest

10 days ago

Sometimes finding private keys are as simple as example(.)com/private.key ..! . . #bugbounty #hackerone #bugbountytips #bugcrowd #hack #pentest #TogetherWeHitHarder

GokTest's tweet photo. Sometimes finding private keys are as simple as example(.)com/private.key ..!
.
.
#bugbounty #hackerone #bugbountytips #bugcrowd #hack #pentest #TogetherWeHitHarder https://t.co/hQoi7hAnuO

2

94

11

32

3K

Gokul SK @GokTest

21 days ago

Found huge internal infrastructural data leak through puppetdb dashboard. Lookout for exposed puppetdb dashboards on mainstream ports and fuzz them properly. . . #bugbounty #hackerone #bugbountytips #bugcrowd #hack #pentest #TogetherWeHitHarder

GokTest's tweet photo. Found huge internal infrastructural data leak through puppetdb dashboard.

Lookout for exposed puppetdb dashboards on mainstream ports and fuzz them properly.
.
.
#bugbounty #hackerone #bugbountytips #bugcrowd #hack #pentest #TogetherWeHitHarder https://t.co/9AcFC23LYq

3

120

3

40

5K

Who to follow

Nathan Jones

@njcve_

HackerOne UK Ambassador || Part time bug hunter

KaafUzair

@KaafUzair

~Hack€r •Security-Researcher •Bug-Hunter

Sayim

@sayim0x

Cyber Security Researcher || Ethical Hacker || Bug Bounty || Pentester at Yogosha

Gokul SK @GokTest

about 1 month ago

Found a misconfigured backend that exposes the entire application internals. Whole internal credentials exposed. Tips: Add these files to your wordlists /defines.inc.php /session_start.inc.php . . #bugbounty #bugbountytips #hackerone #bugcrowd #hack #TogetherWeHitHarder

GokTest's tweet photo. Found a misconfigured backend that exposes the entire application internals. Whole internal credentials exposed.

Tips: Add these files to your wordlists /defines.inc.php
/session_start.inc.php
.
.
#bugbounty #bugbountytips #hackerone #bugcrowd #hack #TogetherWeHitHarder https://t.co/ylBoZSeYrZ

0

90

9

60

3K

Gokul SK @GokTest

3 months ago

Lazy me and lazy bugs. Found some exposed go pprof endpoints. . . . #bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder

GokTest's tweet photo. Lazy me and lazy bugs. Found some exposed go pprof endpoints.
.
.

.
#bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder https://t.co/BLruvH4S0B

3

71

1

21

3K

Gokul SK @GokTest

7 months ago

@Sank_Sec Yeah

0

1

0

190

Gokul SK @GokTest

7 months ago

Git folder = Goldmine 🔥 . . #bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder

3

91

1

21

5K

Gokul SK @GokTest

7 months ago

@acharyar00071 Private

0

3

0

188

GokTest retweeted

Het Mehta

@hetmehtaa

7 months ago

don't leave babe, I'll find next critical soon

16

477

41

40

23K

GokTest retweeted

‎Wojak Codes

@wojakcodes

about 1 year ago

“Until death, all defeat is psychological”

361

71K

17K

21K

26M

Gokul SK @GokTest

8 months ago

@DeepVoid_0 @Hacker0x01 India

0

1

0

167

Gokul SK @GokTest

8 months ago

It was a life changing decision to do bug bounty and @hacker0x01 is certainly a big time game changer. Thank you @hacker0x01 for acknowledging the hardwork and delivering this prestigious t-shirt all the way from California. . . #bugbounty #hackerone #bugcrowd #cybersecurity

GokTest's tweet photo. It was a life changing decision to do bug bounty and @hacker0x01 is certainly a big time game changer. Thank you @hacker0x01 for acknowledging the hardwork and delivering this prestigious t-shirt all the way from California.

.
.
#bugbounty #hackerone #bugcrowd #cybersecurity https://t.co/L3yqNJQrYo

5

73

1

4

4K

Gokul SK @GokTest

9 months ago

@Hacker0x01 is so generous! Thank you for the burpsuite and pentesterlab vouchers! . . #bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder

GokTest's tweet photo. @Hacker0x01 is so generous! Thank you for the burpsuite and pentesterlab vouchers!
.
.
#bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder https://t.co/KcL174g2yt

1

11

0

1

422

Gokul SK @GokTest

9 months ago

Seeing someone’s credentials are always a dopamine! When you come across a puppetDB instance dont forget to check the endpoint /pdb/query/v4/resources . . #bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder

GokTest's tweet photo. Seeing someone’s credentials are always a dopamine!
When you come across a puppetDB instance dont forget to check the endpoint /pdb/query/v4/resources
.
.

#bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder https://t.co/v0nco5O0vO

7

387

22

195

13K

Gokul SK @GokTest

9 months ago

I earned $334 for my submission on @bugcrowd https://t.co/5olas2COOw #ItTakesACrowd

2

42

0

4

3K

Gokul SK @GokTest

9 months ago

Crazy part is one more report is still under review.

1

2

0

570

Gokul SK @GokTest

9 months ago

This was public exposure of a sensitive file. July 10 - Marked as N/A Fought a lot with the triager Sep 3 - Rewarded. triagers are too lazy to read a report.Expect a writeup. #bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder

GokTest's tweet photo. This was public exposure of a sensitive file.
July 10 - Marked as N/A
Fought a lot with the triager
Sep 3 - Rewarded.

triagers are too lazy to read a report.Expect a writeup.
#bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder https://t.co/80n7P7Snd1

5

69

1

12

4K

Gokul SK @GokTest

9 months ago

Found backup files through directory listing. . . #bugbounty #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder

3

53

0

8

3K

Gokul SK @GokTest

10 months ago

When you come across on an influxdb instance, make sure to checkout /metrics endpoint. It may leak sensitive endpoints that can be accessed without authentication. . . #bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder

GokTest's tweet photo. When you come across on an influxdb instance, make sure to checkout /metrics endpoint. It may leak sensitive endpoints that can be accessed without authentication.
.
.
#bugbounty #bugbountytips #hackerone #bugcrowd #hack #pentest #TogetherWeHitHarder https://t.co/KJgGlTXXr0

0

62

0

18

3K

GokTest retweeted

ZoomEye

@zoomeye_team

10 months ago

ZoomEye BugBounty Radar #12 | Best Practice: Discovering Origin IPs Behind CDNs When using ZoomEye BugBounty Radar, you may come across a target domain running a vulnerable web application (e.g., SQL injection), but it's protected by Cloudflare or another CDN, making direct exploitation impossible. In such cases, you can try to discover the origin IP address using ZoomEye: - Review the header, body, or SSL content of the target asset. - Look for unique identifiers — such as page titles, server banners, or SSL subjects. - Use one of these identifiers as a search keyword in ZoomEye. - If the results include IPv4 or IPv6 addresses, they are likely origin IPs for the protected domain. Example: Search using the page title — title="Welcome to XXX" Discovering origin IPs allows you to bypass CDN protection and interact with the real host — a key tactic for bounty hunters. 🚀 Learn to hunt smarter with BugBounty Radar — follow ZoomEye for daily tips. DM us for 15 days of Bounty Radar access! 🔗 https://t.co/EHa2vFeXFT #BugBounty #bugbountytip #CyberSec

zoomeye_team's tweet photo. ZoomEye BugBounty Radar #12 | Best Practice: Discovering Origin IPs Behind CDNs

When using ZoomEye BugBounty Radar, you may come across a target domain running a vulnerable web application (e.g., SQL injection), but it's protected by Cloudflare or another CDN, making direct exploitation impossible.

In such cases, you can try to discover the origin IP address using ZoomEye:
- Review the header, body, or SSL content of the target asset.
- Look for unique identifiers — such as page titles, server banners, or SSL subjects.
- Use one of these identifiers as a search keyword in ZoomEye.
- If the results include IPv4 or IPv6 addresses, they are likely origin IPs for the protected domain.

Example: Search using the page title — title="Welcome to XXX"

Discovering origin IPs allows you to bypass CDN protection and interact with the real host — a key tactic for bounty hunters.

🚀 Learn to hunt smarter with BugBounty Radar — follow ZoomEye for daily tips. DM us for 15 days of Bounty Radar access!
🔗 https://t.co/EHa2vFeXFT

#BugBounty #bugbountytip #CyberSec

0

28

6

14

2K

Gokul SK

@GokTest

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users