Latest posts

  • Advanced Shodan Dorking Complete Guide

    1. DJANGO DROPLET http.html:”Your Django Droplet” 2. ONEINSTACK http.html:”Congratulations, OneinStack installed successfully” 3. GITEA INSTALLATION http.html:”Installation – Gitea: Git with a cup of tea”http.title:”Installation – Gitea: Git with a cup of tea” 4. DIRECTORY BROWSING MODE http.title:”directory browsing mode” 5. CANNOT RESOLVE http.title:”Cannot resolve”http.html:”Cannot resolve” 6. Exposed Docker Registry API Without Authentication Some are intentionally public, for others…

    Read more

  • Shodan Secrets | Hack Hidden Files Easily

    Default Directory Listing Used to locate web servers where directory listing is enabled unintentionally by the developer or sysadmin, and serving the delicious spicy foods directly to hackers with no efforts. http.html:”index of /” Backup Files When changes are made by the web developer, first they make backup of existing important files and then start…

    Read more

  • Time Based SQL Injection Bug Hunting Methodology💉

    In this article, I am going to elaborate what are the practical and manual steps an experienced bug hunter takes to uncover Time Based SQL Injection Vulnerability. Meanwhile the beginners will only keep injecting single quote and double quote on all GET request parameters in a hope to see the keyword “error” in the server…

    Read more

  • Bug Bounty Recon Methodology

    Step-by-step Linux commands for bug bounty live hunting Recursive Subdomain Enumeration🔍🔍 subfinder -d domain.com -all -recursive > subs_domain.com.txt Filtering live hosts with httpx🚨 cat subs_domain.com.txt | httpx -td -title -sc -ip > httpx_domain.com.txtcat httpx_domain.com.txt | awk ‘{print $1}’ > live_subs_domain.com.txt Port Subs subfinder -d domain.com -all -recursive > subs_domain.com.txtcat subs_domain.com.txt | httpx -silent -ports 80,443,3000,8080,8000,8081,8008,8888,8443,9000,9001,9090 | tee…

    Read more

  • NASA Hall of Fame using Google Dorking

    Why other bug hunters overlooked this endpoint ? A basic thing that beginners fail is to spend 10–15 min atleast to read the scope, the guidelines, the domains where reports are already been submitted and resolved along with the bug type category, any scope changes and much more… This is also part of my information…

    Read more

  • FOFA Dorking for Bug Hunters

    How to use FOFA search engine for OSINT, Recon, Bug Hunting & Pentesting 🌐FOFA Search Engine: https://en.fofa.info/ domain=”example.com” 2711 Unique IPs found 100 Favicons Found Click on any favicon and automatically, the hash value will be added to the existing dork domain=”example.com” && icon_hash=”xxxxxxxxxx” I try to test the Non-WAF endpoints first 1️⃣ HTTPS ports apart…

    Read more