Olivia
Online
Mahesh Yadav
@hackrul3r
Web Security Researcher and Bug Bounty Hunter
GitHub:
Joined March 2023
392 Following
156 Followers
139 Posts
Pinned Tweet
Jsmon just hit a new record 📈
This month alone: 444,509 URLs scanned
Last 3 months combined: 373,746
One month > three months.
We launched Recurring Scans recently — set it once, monitor continuously. Looks like the numbers agree it was the right call.
Coming up on 500K scanned this month. Watch this space.
→ https://t.co/KAxMTnrEmT
Free online tool to validate npm packages vulnerable to dependency confusion attacks: https://t.co/1Kp04UYFef
Apiffuf: API URL fuzzer for API hacking https://t.co/xb2nEOVzwd via @producthunt
No need to reverse engineer big minified JS files, chunks, sourcemaps yourself now.
Find GraphQL Queries, Mutations and Fragments from Javascript files in Jsmon Scans for free.
> Scan a host at Jsmon (which contains graphql)
> Go to Reconnaissance, click on GraphQL [Operation]
Cloudflare won't save you.
Jsmon now bypasses WAFs to scan what's actually exposed behind your firewall: Cloudflare, Akamai, and more.
Watch the 30-sec demo over Cloudflare-protected domain 👇 Live at https://t.co/10muV7baIG
Just shipped the biggest Jsmon update since we launched.
85% price drop + completely new UI + way better search/filters.
$15/mo gets you hacker-grade security scans.
This started as bash scripts for bug bounty hunting. Now it's accessible to every security researcher.
https://t.co/OezEeQKWSR
We just dropped Jsmon's prices by 85%
Recon: $15/mo (was $100)
Recon Pro: $50/mo (was $100)
+ completely rebuilt UI
+ enhanced search & filters
+ light/dark mode
+ better scan controls
Hacker-Grade Security Scans for every security researcher in 1-click. https://t.co/No6lIRYgX0
https://t.co/8Bz0ljZzCJ
This is damn fast for the larger files 🔥. Even I am using it for my automation. Like I have tried it on 20 M subdomains to test on 8 GB/4 core conf Server. And it is like 5-6 times faster than anew.
We just open-sourced xnew — a blazing fast CLI for appending unique lines to files 🚀
Built in Go for security researchers working with massive datasets. Streams efficiently with minimal memory footprint.
📊 Benchmarks (vs anew):
- 100M lines: 30s vs 1m38s
- 10M lines: 2.8s vs 12.4s
- Scales cleanly from 1K to 100M+ lines
Perfect for:
→ Subdomain deduplication
→ Endpoint lists
→ Wordlist management
→ Any large-scale data pipeline
⭐ https://t.co/8vWVWA7aiz
Uses XXH3 hashing + buffered I/O. Minimal memory, maximum speed.
#infosec #bugbounty #golang #opensource
- Shoutout to @jsmonsh for S3 takeover discovery
- Reported, triager marked Informative
- App fetching from same S3 bucket
- Took over, uploaded image on path
- App fetching my image now
- Commented impact, changed to Triaged
- Reported to @intigriti
We've been heads-down shipping some major upgrades to Jsmon. Here’s what’s new 👇
⚡ 6.2× Faster Scans: We migrated our infrastructure from NoSQL → SQL and refactored core backend components. Result: scans are 6.2× faster.
🔎 Configurable Scan Depth (1–4)
• Depth 1 - Target page only
• Depth 2 - Target + linked pages
• Depth 3 - Recursive crawl (1 level deeper)
• Depth 4 - Full deep recursive crawl
🛡 WAF Bypass Support: Jsmon now simulates a browser-like environment, allowing scans on assets that were previously unreachable.
More improvements coming soon.
Feedback welcome👇 Happy hacking 🎯
@PortSwigger Anyone else facing this issue?
No jailbreak. No problem. 🔓
I built a tool that bypasses iOS SSL Pinning using OpenVPN + iptables — works with Burp Suite & mitmproxy out of the box.
👇 GitHub
https://t.co/N4QyCDaXvR
#CyberSecurity #BugBounty #iOS #Pentesting
There are dozens of JS analysis tools available for bug hunters.
Each one has its own unique strengths.
Here are 4 tools I personally use to streamline my workflow: 🧵
The JS Recon Iceberg!
Here's how you can do better API-contextful fuzzing by using JS files:
1. Scan domain/URL at https://t.co/wZXxcFV7OV
2. Go to JS Intelligence > API Paths
3. Export all the API endpoints
Make a wordlist and use ffuf or kiterunner to fuzz on dev/prod/staging APIs.
#bugbountytips
We’re hosting a live webinar on ‘Listening like a Hacker with Jsmon’. Join us with the below link
Webinar link : https://t.co/6SxZUlzLA1
#cybersecurity #hackers
If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀
Check for it quicker using this cool new tool by JSMon: https://t.co/zjdmSzRfqy 👇
From your feedback, to our team’s hard work → Jsmon 2.0 is here.
✨ Cleaner design
📊 Easier reporting
⚡ More power under the hood
Thank you for helping us build the future of JavaScript security 💜
Check it out → https://t.co/J9zl7BBy2G
Hey i am at psy9 booth at besides Ahmedabad
Last Seen Users on Sotwe
eş paylaşım sayfası
Seen from Turkey
Jeruk Nipis
Seen from Indonesia
Mature Daddy LOVER
Seen from United Kingdom
แป้ง สาวพม่า
Seen from Israel
Anh Nguyen 
Seen from Vietnam
Türk Pornonun Tek Adresi Am Delisi
Seen from Netherlands
Butt Muffin 🔞
Seen from United States
The Daily B...
مديثكم🤤
Seen from Egypt
trai thẳng sưu tầm
Seen from Vietnam
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers