I had fun looking at which backup extensions were the most common on which tech & here's a short list:. WP: .tar/.zip.Joomla: .tar/.zip.Drupal: .tar/.zip.PrestaShop: .tar/.zip.Apache: .tar (.tar.gz, .tar.bz2).Nginx: .tar.IIS: .zip/.cab.Tomcat: .war/.jar. #bugbountytips #BugBounty.

RT @kevin_mizu: I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Ha….

And thanks very much for this first support !! ❤️

Hi !. HExHTTP v1.9.2:. News:.- CVE Next.js CPDoS by @zhero___ research & @Wlayzz PoC (CVE-2025-49826).- Module to check CP via backslash transformation.- Akamai checks. Updated:.-Cleaning & tidying up threads.- +50 new HTTP methods. & more !.HF ! .

First bounty from Intigriti ! .- Vuln: web cache deception.- Tool: HF !.#BugBounty #intigriti

Plop !. Here's a new script to test the web cache deception, don't hesitate to contact us if you have any feedback or comments :). #bugbountytips

Plop,. HExHTTP v1.8:.- New cve module to check Next.js CPDoS by @zhero___ research (CVE-2025-29927).- New module to check cache poisoning via path traversal (Thanks @0xRTH !).- Proxy features (-p option). HF !.

Hey,. Here's a python script to check the cve "CVE-2025-29927" by @zhero___ while waiting to add it to HExHTTP:. Thank you @zhero___ for feeding me so much ahah and excellent research and article as usual ! 💪.

Plop ! . HExHTTP v1.7.5:.- Add a folder/check containing more-less well-known CVEs linked to headers or cache.- Add payloads (~1k).- Fixed bugs/FP & Linting. And 1k ⭐ reached on my github ! Thank you very much everyone for the support ! 💪.

Plop ! . Happy new year !. For the new year, here's a little hexhttp update:. v1.7.2:.- New module for multiple headers cache error based on @0xrth observations.- New module for "human" scan, personal timesleep or random (0-5s) to each requests. HF !.

Plop !. HExHTTP v1.7:.News:.- Logging management.- Error logs management.Updated:.- ANSI banner at startup.- Fixed bugs.- Cache tag color.- Big linting and refactoring.- News payloads. & BIG thanks to @KharaTheOne for the help ! 😁. HF !.

Plop ! . HExHTTP v1.6.1:.- New file "payloads_errors.py" which lets you directly add payloads for CPDoS (+400 payloads on it).- Check js/css url during the CPDoS check.- Reduct FP.- Fix hho & hmo modules. And thanks to @N_ambush for the help ! 😁. HF !.

Just got a reward for a high vulnerability submitted on.@yeswehack. - Vuln: DoS via web cache poisoning .- Payload: {Content-Type: text/html; charset=invalid-charset, Content-Encoding: xxxx}.- Tool: HExHTTP: & top 200 now ! 😁. #YesWeRHackers #BugBounty

Just got a reward for a high vulnerability submitted on @yeswehack . - Vuln: DoS via web cache poisoning.- Payload: "Max-Forwards: 0" (Or "foo").- Tool: HExHTTP: #YesWeRHackers #BugBounty

Plop ! . All the biggest news from HExHTTP !. - Many CP/CPDoS techniques added.- Code refont & many fixs.- Some checks on various technologies (CDN. ).- Github makeover. Thanks all & especially @Nishacid for help ! 🤝. HF ! 😁. #YesWeRHackers #BugBounty.

RT @zhero___: happy to release my new article entitled:. Next.js and cache poisoning: a quest for the black hole. .

RT @Fransosiche: Yo les chefs,. Aujourd'hui, j'aborde le :. 🪄 Web Cache Poisoning🪄. Vulnérabilité pas super connue et peu exploitée en feat….

Just got a reward for a vulnerability submitted on @yeswehack. - Vuln: DoS via web cache poisoning (Host Header case normalization) .- Payload: "Host: .- Doc: - Tool: HexHTTP (. #YesWeRHackers #BugBounty

We're ending the year on a good vibe ! .Thx @yeswehack !. - Vuln: Cache Poisoning leads to link modification and potential DOS.- Payload: X-Forwarded-Port: 1234.- Tool: HexHTTP (. #YesWeRHackers

Hi hunters !. I've cache poisoning with the "Referer" header reflected in a script tag (see screenshot). Any ideas for poc an xss or similar ?. For info: .WAF: AkamaiGhost (console.log seem's ok). #BugBounty

RT @Haax9_: Hello Twitter!. Petit post recrutement, notre équipe offensive recrute actuellement un ou deux profils afin de renforcer l'équi….