🚨 NEW Feature Alert! 🚨
📸 With the httpx v1.3.0 release you can now take screenshots of target URLs, pages, or endpoints along with the rendered DOM! 😱
⌨️ Update httpx with the -up option now to try it out!
What are you waiting for! 🤘
#hackwithautomation
#bugbounty
New Tool Announcement 🔊🔊
𝗖𝗹𝗼𝘂𝗱𝗹𝗶𝘀𝘁 — A multi-cloud tool for listing 𝗔𝘀𝘀𝗲𝘁𝘀 from various cloud providers, intended to used by 𝗯𝗹𝘂𝗲 𝘁𝗲𝗮𝗺𝘀 for attack surface management.
#hackwithautomation
#devops
#assetmanagement
Exciting news! We're thrilled to announce the release of
#pdtm
, an
#opensource
tool manager for all the projects from ProjectDiscovery. Streamline your workflow and optimize your tools with ease.
Check it out ––
#toolmanagement
#bugbounty
#security
Worried about active port scanning? thanks to
@shodanhq
Internetdb API, with the latest release of Naabu, Now you can quickly pull all the open ports of your targets without actually scanning them 🎉
Shoutout to
@breno_css
for the idea 👐
GitHub Release:
[TOOL RELEASE] - 𝗦𝗶𝗺𝗽𝗹𝗲𝗛𝗧𝗧𝗣𝗦𝗲𝗿𝘃𝗲𝗿 - Go alternative of python SimpleHTTPServer
✅ TCP server with customizable response
✅ File server with an arbitrary directory
✅ File upload support
✅ HTTPS support
✅ Basic auth support
#opensource
IPinfo can summarize IP details for you! We have two ✨free✨ options:
📊Our data visualization tool which accepts up to 500,000 IPs!
💻A magical little CLI tool, simply paste the following:
cat ips.txt | ipinfo summarize
Tool update 🔊🔊
We reworked dnsprobe, fixed multiple bugs, added new features, added new flags tailored for better UX and use of data and new project. A simple DNS utility tool for all needs.
dnsx —
#hackwithautomation
#bugbounty
#pentest
#infosec
🚀 Introducing Alterx! A fast, customizable & target-aware subdomain wordlist generator using patterns!
🌐 Perfect for active subdomain enumeration pipelines, it allows users to create their own patterns for better efficiency & effectiveness 🔥
…
Speed up your subdomain port scanning by querying A records from a list subdomains and removing duplicate IP addresses 🏃♀️💨
You can do this easily by chaining subfinder, dnsx, sort and naabu together:
subfinder -d <domain> 🔗 dnsx -a -ro 🔗 sort -u 🔗 naabu
Discover open ports for an IP address with uncover! 🤘
⏱ Get a quick, at-a-glance view of the type of device that is running behind an IP address to help you make decisions based on the open ports!
Install Uncover now 👉
#hackwithautomation
🚨 Major
#Nuclei
Update 🚨
Nuclei v3 is out TODAY! There are TONS of new features in this
#OpenSourceSecurity
update and we're excited to share it with our community. Check out some of the available features of Nuclei v3 in this blog 👇
Looking for ways to convert your target IPs into CIDR notation or the other way around? Using mapCIDR, perform multiple operations on a given set of CIDRs and IPs.
⚡️ IP to CIDR aggregation
⚡️ CIDR to IP expansion
for more details.
#hackwithautomation
We FOSS another tiny utility that let you post all your burp collab incoming connections directly to discord/slack, ease the automation process around blind testing for long running tests.
Notify —
#hackwithautomation
#bugbounty
#pentest
#infosec
We have updated the list of subdomains of all the public bug bounty programs on
@Hacker0x01
@Bugcrowd
platform and will be refreshed daily at
want to add more public programs? make a PR with details at
#bugbounty
#bugbountytips
🚀 Unveiling the power of DNS Recon with dnsX v1.2.0!
Get all the DNS data you need for your domain or subdomain list with the new "-recon" option 🔍
🔗 GitHub Release:
#dns
#recon
#opensource
💡 Improve your recon game with dnsX! 👨💻👩💻
We are so excited to be holding our first UX study! Help us shape the future of cybersecurity and get some awesome swag while doing it!
Are you interested, or do you know people who may be? here is the survey link to share/follow ––
DNS bruteforcing top level domains using dnsx 🧰
⌨️ dnsx -d example.FUZZ -w topleveldomains.txt -re
This is a quick way to generate a list of country specific domains ⏱
Install dnsx here 👉
Today, we are proud to announce the private beta of Nuclei Cloud – expanding the power of nuclei with enterprise-grade SaaS capabilities built on top of the open-source project.
Sign up today
🆕 NEW release: cdncheck v.1.0.0! 🆕
🌀 cdncheck is a tool for identifying the technology associated with dns and ip network addresses including:
📡 CDN detection
☁️ CLOUD detection
🔥 WAF detection
Full release details 👇
#hackwithautomation
🔗
🚨 Explore the CVE jungle with ProjectDiscovery's cvemap! 🌐🛡️
A powerful tool integrating KEV, EPSS, POCs, and more data, for a comprehensive threat analysis. Stay on top of cybersecurity challenges with
#cvemap
!
#CyberSecurity
#HackWithAutomation
Get CIDR ranges owned by an organisation with asnmap, extract domain names using dnsx then check for CDNs, WAFs and cloud providers with cdncheck! 💡
Install these tools:
asnmap 👉
dnsx 👉
cdncheck 👉
A bug bounty hunters guide to building a fast one-shot recon script! 🚀
🎯 DNS enum
subfinder, shuffldns, haktrails, puredns + dnsx
🚢 Port scanning
nmap, httpx (+ naabu)
🕷 Crawling
gospider (+ katana)
Learn how 👇
#hackwithautomation
How to get a list of endpoints using Katana! 🥷
Option - Field (-f): Allows you to select a specific field.
Field - qurl: Only display the urls with a query parameter in it
💉 Useful for XSS, Injection attacks, CSRF and more! 🚀
#hackwithautomation
#shuffledns
1.0.3 update:-
Wildcard handling has always been an issue in DNS brute-forcing (especially in targets that have large assets). With the latest update, shuffledns handles most of the edge cases and huge improvements in speed too.
Screenshotting with httpx! 📸
🌀 Use the -screenshot (-ss) option to capture screenshots of specific URLs, pages, or endpoints, including the rendered DOM! 😱
Install now 👉
#hackwithAutomation
NEW-RELEASE 📢📢
We've opensourced a web client for interactsh - A web-based user interface to visualize all the interactions.
Web Client -
GitHub Project:
#hackwithautomation
#oob
#opensource
Scan all of the IPs associated with the DNS record for a target using the scan-all-ips flag!
⌨️ naabu -scan-all-ips -host <target>
Install naabu 🔗
#hackwithautomation
#portscanning
#security
We are open-sourcing another problem-solving utility tool —
#mapCIDR
mapCIDR lets you split the subnet into the desired number of subnets, by host/subnet count, useful when you doing distributed scanning of a large network or internet-wide scans.
#network
#security
#infosec
Find well-hidden subdomains using the power of ✨permutations✨ with chaos, alterx and dnsx! 💪
Generate subdomain permutations using alterx on an existing list of passive subdomains from chaos and resolve using dnsx!
This yielded us 7 new subdomains! 👇
Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI.
GitHub Project -
#AI
#LLM
#CLI
#OpenAI
#Opensource
Get IP ranges from an ASN with asnmap!
🌀 ASNs are extremely useful for reconnaissance because they allow you to enumerate IP prefixes owned by that organization 💪
Install asnmap 👉 🔗
#hackwithautomation
#security
#bugbounty
SimpleHTTPserver is a go enhanced version of the well known python simplehttpserver with an additional, fully customizable TCP server supporting TLS!
Install today! 👇
#hackwithautomation
[RELEASE-UPDATE]
New release of Naabu include a lot of new and long awaited features like IPv6 Port scan and also starting with this release, now it's possible to perform Host Discovery before port scan.
Release changelog:
#hackwithautomation
#portscan
Did you know you can use subfinder to list the IP address of each subdomain?
🌀 Here's how you can do it 👇
⌨️ subfinder -d <target> -oI -active
#hackwithautomation
#bugbounty
#security
It's been a year since we published
@pdnuclei
project, We completed 1000+ templates including 300+ cves templates ready to scan/use by everyone, Community contributions have made the project what it is.
#Opensource
#Community
#CyberSecurity
#httpx
v1.0.6 is out with multiple additions and fixes.
✅ Display redirect chain status code
✅ Added allow/deny flag whitelist/block IPs/CIDRs
✅ Added extract-regex flag to print custom data
GitHub Release:
#hackwithautomation
#bugbountytool
#pentest
🚀 Just released our in-depth analysis of CVE-2023-22527, a critical RCE vulnerability in Atlassian Confluence Data Center & Server. 🛡️ Don't miss out on our findings and learn how to detect and protect your systems! 🔍
#cybersecurity
#CVE
#RCE
…
Customizable Index page along with static file hosting for frequently used online payloads for attacks such as XSS/XXE and more is now supported with self-hosted interactsh server 🎉🎉
Changelog:
#hackwithautomation
#oast
#appsec
#security
How to set up an upstream proxy with Burpsuite 🏊♀️
✍️ Setting Proxify as an upstream proxy for your web browser or
@Burp_Suite
is a great way to keep fully detailed logs that can be reviewed later.
Install Proxify 👉
This is how it's done👇
How to use dnsx for subdomain bruteforcing for quick and easy enumeration 🚀
dnsx -d <domain> -w <subdomain-wordlist>
Install dnsx now and try for yourself 👉
#hackwithautomation
#shuffleDNS
is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
#bugbounty
#subdomains
[ RELEASE-UPDATE] -
#httpx
v1.0.7 come with severe bug fixes and feature addition.
Now it's possible to see destination URLs in the CLI output using 𝚏𝚘𝚕𝚕𝚘𝚠-𝚛𝚎𝚍𝚒𝚛𝚎𝚌𝚝𝚜 flag, let you quickly inspect the target URLs.
Changelog-
#osint
#recon
Nuclei V2.0 is here — a community powered scanner. We just wrote an article on its features and how could it fit in your security testing and DevOps workflow.
, do share feedbacks if you enjoyed reading it.
#hackwithautomation
#infosec
#pentesting
Proxify is a CLI tool for proxying, capturing, and manipulating HTTP(S) traffic 🚦
Runs in the CLI and written in Golang, proxify can be used on almost any device and is portable to remote servers without the need for a GUI! 😱
Try it now 👇
How to update all your projectdiscovery tools to their latest version with pdtm 🛍
All you need to do is use the Update All (-ua) option! 👇
Install pdtm now 👉
Latest subfinder release alert 🎉
Install v2.5.6 now: 👇
go install -v
Shout out to our new contributors:
👋 vzamanillo
👋 owenrumney
👋 EndPositive
See the full release details here 👇
Get a template started immediately while reading about the newest
#vulnerability
, by using
#opensourcesecurity
, AI, and the blog you read it in.
#Nuclei
Template AI Browser Extension. Now available.
Unsure when your payload will get a pingback? And need to close the interactsh session for some reason? worry no more 😎 resumable session files are now supported in the newest Interactsh release.
Credits to
@ldionmarcil
for the idea.
#hackwithautomation
#bugbounty
#oast
Introducing openrisk, our first AI-powered tool! This new tool creates a simple risk score by feeding a nuclei scan output into OpenAI GPT-3.
Fun fact: Some code *in* openrisk was written by GPT-3 too.
Hot new blog today on a recent
#CVE
#vulnerability
:
#Atlassian
#confluence
authentication bypass.
For those keeping track, this CVE's release date was only 2 days ago, and we already have a template for you all. 🔥
Read all about it here:
CDN, CLOUD and WAF detection with cdncheck! 😱
🌀 Supports IP + DNS input
🌀 Text + JSONL output
🌀 Easily extendable providers
Install now 👉
#hackwithautomation
#security
#bugbounty
Did you know you can use 'tee' to pipe the output of one command into multiple commands simultaneously?
Subdomain enumeration one liner
🪄 Pass a domain to subfinder AND dnsx (subdomain bruteforcing) and output to a file.
Here's how 👇
#hackwithautomation
Quickly map organization network ranges using asnmap and then pipe them to mapcidr to print all IP addresses!
🌀 Install asnmap 👉
🌀 Install mapcidr 👉
#hackwithautomation
#networking
#security
Working with a large network?
Split an entire network range into manageable subnets of 256 hosts with mapcidr.
⏱ 65536 subnets in less than a second 😮
Install mapcidr now 👉
Here's how👇
#hackwithautomation
Unlock the potential of Alterx in your enumeration pipeline! 🔥
💎 Seamlessly integrate it with subfinder and dnsx for comprehensive subdomain discovery and unveil hidden treasures!
Read this blog to level up your recon 👇
#hackwithautomation