Olivia
Online
sumgr0
@sumgr0
Joined May 2009
4.9K Following
5.4K Followers
24.8K Posts
Pinned Tweet
Curious how to launch yourself into the top ranks of our quarterly leaderboard in only a few weeks time? @sumgr0 recently pulled this off, so we sat down with him to try uncover some of his secrets! 😏
Check out our interview:
https://t.co/plML3S8PET
🚨 CVE-2026-0257- Palo Alto Networks PAN-OS - Authentication Bypass
🔍 Nuclei Template: https://t.co/6ToJTHFmTn
📑 Reference: https://t.co/fd4HRz6QVK
#kev #authbypass #bugbounty
How to scan target's API architecture at Jsmon with an example 👇
1⃣ Domain scan - https://t.co/WYAsD8pPTa
2⃣ 7000+ API endpoints extracted, visible in sidebar
🤯TIP 1: Configure the depth, headers, and other filters in "options" to tune the results as per your set target
🤯TIP 2: Check API endpoints in Reconnaissance section to set page size and export as JSON or CSV
Signup at https://t.co/Cmy8wrkI3L and scan now.
Jsmon just hit a new record 📈
This month alone: 444,509 URLs scanned
Last 3 months combined: 373,746
One month > three months.
We launched Recurring Scans recently — set it once, monitor continuously. Looks like the numbers agree it was the right call.
Coming up on 500K scanned this month. Watch this space.
→ https://t.co/KAxMTnrEmT
Who to follow
Dalfox v3 has been released🔥
I've been rewriting it in Rust since August last year, and it's finally done.
The biggest change is the engine. v3 no longer depends on a headless browser like v2 did. Instead, it uses DOM/AST analysis to check whether an XSS finding is actually valid.
Tested on xssmaze, various challenge sites, and real-world targets, it reduces false negatives and false positives more effectively while scanning faster than v2.
https://t.co/maZDqTQPqs
Introducing apiffuf (ffuf for APIs) 🔓
An API URL fuzzer that cross-joins hosts × paths → normalizes URLs → probes over HTTP → reports live endpoints.
apiffuf -hosts targets.txt -paths wordlist.txt
→ https://t.co/7It588xmie
#bugbounty #recon #appsec #infosec #cybersecurity
Introducing Bulk Scans in Jsmon.
Scan thousands of assets in a single workflow:
• CIDR ranges & IPs
• Domains, hosts & URLs
• Set crawl depth, extensions & more filters
Built for large-scale recon, attack surface mapping, and enterprise scanning.
No more one-by-one scans.
@OneCardHelp Shared the details via DM.
@OneCardHelp I'm unable to login back into the iPhone app using my Apple ID email address and your customer service claims the change email address is not working for past 1 month. How to access my OneCard app again???
@GetOneCardIN your app is broken and not allowing me to login back using my Apple ID email address. To top it all the change email address process is been put on hold for the past one month. How do I access my card details now!!! PLEASE HELP
Jsmon now accepts Crypto payments 🪙
Head to https://t.co/wZXxcFVFEt, pick your plan, and pay with your crypto wallet — no card needed.
Security tools should be accessible to everyone, including the anon researchers 👀
Here's something every bug bounty hunter should be checking on their targets 👇
AWS assets leaking through HTTP responses and headers. Cognito Pool IDs. S3 buckets. Lambda runtime URLs. Auth domains.
Just shipped this detection on Jsmon - 20+ AWS asset types. One domain scan, average ~10 seconds.
Go run it on your current target. Live at https://t.co/OrTb8I45MM
#bugbounty #bugbountytip #ethicalhacking #cybersecurity #awssecurity #aws
Cloudflare won't save you.
Jsmon now bypasses WAFs to scan what's actually exposed behind your firewall: Cloudflare, Akamai, and more.
Watch the 30-sec demo over Cloudflare-protected domain 👇 Live at https://t.co/10muV7baIG
We just dropped Jsmon's prices by 85%
Recon: $15/mo (was $100)
Recon Pro: $50/mo (was $100)
+ completely rebuilt UI
+ enhanced search & filters
+ light/dark mode
+ better scan controls
Hacker-Grade Security Scans for every security researcher in 1-click. https://t.co/No6lIRYgX0
Heading for the first @defcon at #Singapore
If you are also there and see me ( Bald and Long Bearded guy) come say Hi! 👋
Traffic Rules > money/vehicle category/social status
If only people understood this equation 🤦♂️
Writing this to Indian government authorities - @IndianGov @NHAI_Official @noidapolice @Uppolice @nitin_gadkari @Noidatraffic @uptrafficpolice.
I've no clue why is no one writing about this. This is going to be very raw tweet and people can comment their views below.
Rules are made or fine tuned when someone questions wrongdoing.
Locations: Sec 62 Roundabout, Electronic City, Diverging and Merging roads near these locations.
I travel from Ghaziabad to Noida Sec 62 daily. The road that takes 15 mins when traffic is very low, same road takes around 40 mins on weekdays.
Even if it takes 30 mins, it's bearable, but what's not bearable is people not doing lane driving, honking unnecessarily, changing lanes like it's their private roads, opening gates (when driving at 60) to spit out guthkas, using mobile phones and scrolling reels when driving on highways and in traffic.
Are traffic police folks untrained, corrupt or unseeing the situation on roads in UP, Noida, Gurgaon?
When VIPs come on roads, they get good treatment, traffic police folks close the roads, and you see good roads, zero traffic, 70-100 km/hr speeds.
When 99.99% of other normal lower-class, middle-class, upper-class folks are on the same roads, they're facing auto drivers who're stopping on the first lane, second lane. Bus drivers who stop their buses anywhere on roads even sometimes in the middle of roads to get 2 more passangers onboard.
I've seen incidents of 2 passangers getting into an auto (who stopped it in the 2nd lane), and 2 people on bike getting into an accident because of sudden stop by auto guy.
I've seen a bike guy floating in the air and falling from flyover to the service lane (3-5 metres in height) (no clue if he's alive or able to walk) in the air because of a bus doing sudden lane change.
Things which I'm seeing wrong are on UP, Noida, Gurgaon roads:
1. No lane driving (almost 50% of the people are not doing lane driving)
2. People don't follow the traffic lights
3. People don't stop before the zebra line (at traffic light)
4. People honking when all the cars are in continuous traffic
Who's giving them Driving License in India? Babus? Dalals? For 3000 Rs? For 1000 Rs? And, who's responsible for injuries, accidents and deaths on these roads? Dalas or the driver (who got the license because of that Dalal) who's not doing lane driving or driving on NE3 with a bike where bikes are not even allowed.
There are boards on the road with signs of "No Stopping", "No Parking". People are parking right there, traffic police is also there. But, no one is fining them.
Traffic police people should be trained to show no mercy based on the status of someone, just fine them 1000 Rs, 5000 Rs, or whatever the fine is. Put the wrongdoers behind bars. This once in a lifetime punishment will keep them regulated not just on roads but they'll start reading rules and regulations in restaurants, in flights, airports, etc. too.
Not sure if the DL givers (dalals), or the traffic police folks are on X (Twitter), but the social media accounts whom I've tagged above must be reading this. If you're please take some action.
https://t.co/8Bz0ljZzCJ
We just open-sourced xnew — a blazing fast CLI for appending unique lines to files 🚀
Built in Go for security researchers working with massive datasets. Streams efficiently with minimal memory footprint.
📊 Benchmarks (vs anew):
- 100M lines: 30s vs 1m38s
- 10M lines: 2.8s vs 12.4s
- Scales cleanly from 1K to 100M+ lines
Perfect for:
→ Subdomain deduplication
→ Endpoint lists
→ Wordlist management
→ Any large-scale data pipeline
⭐ https://t.co/8vWVWA7aiz
Uses XXH3 hashing + buffered I/O. Minimal memory, maximum speed.
#infosec #bugbounty #golang #opensource
We've been heads-down shipping some major upgrades to Jsmon. Here’s what’s new 👇
⚡ 6.2× Faster Scans: We migrated our infrastructure from NoSQL → SQL and refactored core backend components. Result: scans are 6.2× faster.
🔎 Configurable Scan Depth (1–4)
• Depth 1 - Target page only
• Depth 2 - Target + linked pages
• Depth 3 - Recursive crawl (1 level deeper)
• Depth 4 - Full deep recursive crawl
🛡 WAF Bypass Support: Jsmon now simulates a browser-like environment, allowing scans on assets that were previously unreachable.
More improvements coming soon.
Feedback welcome👇 Happy hacking 🎯
No jailbreak. No problem. 🔓
I built a tool that bypasses iOS SSL Pinning using OpenVPN + iptables — works with Burp Suite & mitmproxy out of the box.
👇 GitHub
https://t.co/N4QyCDaXvR
#CyberSecurity #BugBounty #iOS #Pentesting
Last Seen Users on Sotwe
yana
Seen from Indonesia
Blowjob
Seen from Netherlands
breezyscott
Seen from Italy
DẬP MẠNH NHƯ SÓNG BIỂN
Seen from Vietnam
suaminakal
Seen from Singapore
The Sirius Report 
Seen from United Kingdom
Your Lusty Big Sister
Seen from United Kingdom
كابو مصر
Seen from Germany
whatever啦
otto
Seen from Italy
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers