Social Engineering & OSINT    No Replies

Did you know you can use Nuclei for OSINT!? 

There are more than 600 community-generated user enumeration Nuclei templates to choose from!

 nuclei -tags osint -var user=<USERNAME> -esc

NOTE: You need to use the -esc flag to enable the loading of self-contained templates!

Via X: You are not allowed to view links. Register or Login to view.

Web & Bug Bounty    No Replies

a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:

• crawling a target (pass a domain/URL)
  
• crawling multiple targets (pass a file of domains/URLs)
  
• searching files in a given directory (pass a directory name)
  
• get them from a Burp project (pass location of a Burp XML file)
  
• get them from an ZAP project (pass location of a ZAP ASCII message file)
  
• get them from a Caido project (pass location of a Caido export CSV file)
  
• processing a You are not allowed to view links. Register or Login to view. results directory (searching archived response files from waymore -mode R and also requesting URLs from waymore.txt and the original URLs from index.txt - see You are not allowed to view links. Register or Login to view.)
  

Social Engineering & OSINT    No Replies

When running phishing simulations, ensuring emails land in the inbox—not spam—is critical. Here are two must-have tools:

You are not allowed to view links. Register or Login to view. – Detects spam trigger words to optimize email content for better deliverability.
You are not allowed to view links. Register or Login to view. – Provides a detailed spam score and analyzes your sending IP, mail server, and email configuration.

Use these tools to refine your phishing campaigns and maximize engagement!

Network Pentesting    No Replies

LazyHunter is an automated reconnaissance tool designed for bug hunters, leveraging Shodan's InternetDB and CVEDB APIs. It retrieves open ports, hostnames, tags, and vulnerabilities for a given IP and fetches CVE details, including affected products and CVSS scores. Results are color-coded by severity for easy analysis.

Features

• Fetch open ports, hostnames, and associated vulnerabilities for an IP address.
  
• Retrieve CVE details including severity levels.
  
• Color-coded output for easy identification of risk levels.
  
• Support for file input (-f) and output saving (-o).
  
• Option to display combined CVEs and open ports.
  

Web & Bug Bounty    No Replies

Shadow Repeater monitors your Repeater requests and identifies which parameters you're changing. It then extracts the payloads you've placed in these parameters, and sends them to an AI model which generates variants. Finally, it attacks the target with these payload variations and uses response diffing to identify whether any of them triggered a new interesting code path. This approach allows it to build on a manual tester's expertise to uncover unexpected behaviors, such as unconventional You are not allowed to view links. Register or Login to view. vectors, successful You are not allowed to view links. Register or Login to view. attempts, and even novel vulnerabilities like email splitting attacks.

You can get the source code for You are not allowed to view links. Register or Login to view. and it's available on the BApp store.




Reference : You are not allowed to view links. Register or Login to view.

Red Team Labs    2 Replies

You are not allowed to view links. Register or Login to view.

Web & Bug Bounty    No Replies

Shodan Dorks Generator :  You are not allowed to view links. Register or Login to view.
Google Dorks Generator :  You are not allowed to view links. Register or Login to view.
Github Dorks Generator : You are not allowed to view links. Register or Login to view.
DorkGPT (Generate Google Dorks with AI) : You are not allowed to view links. Register or Login to view.

Google Dorks for Bug Bounty : You are not allowed to view links. Register or Login to view.

Web & Bug Bounty    No Replies

AI HTTP ANALYZER is an advanced security analysis assistant integrated into Burp Suite. It examines HTTP requests and responses for potential security vulnerabilities such as SQL injection, XSS, CSRF, and other threats. The extension provides focused technical analysis, including quick identification of detected vulnerabilities, clear technical steps for exploitation, and PoC examples and payloads where applicable.

Features

• Analyze HTTP requests and responses for security vulnerabilities
  
• Provide technical analysis and exploitation steps
  
• Include PoC examples and payloads
  
• Integrate with Burp Suite's UI and context menu
  
• Real-time vulnerability assessments
  
• AI-powered context-aware analysis
  
• Generate Proof-of-Concept exploits
  
• Custom PoC script generation
  
• Payload customization for specific scenarios
  

Web & Bug Bounty    No Replies

JS to extract all links from a page instantly. Just open your browser console (
F12 → Console) and paste this:

Job Board    No Replies

Location: Pune, Maharashtra |  Full-Time

What You’ll Do

• Test & secure web apps/services
  
• Find & exploit vulnerabilities
  
• Report & recommend fixes
  
• Collaborate & innovate
  

• Web security & pentesting skills
  
• OWASP Top 10 knowledge
  
• Coding & automation mindset
  
• Strong analytical & communication skills
  

• Work with top security experts
  
• Continuous learning & research
  
• Impactful projects