1024 Cyber Services

Bug bounty recon toolkit, Makes the entire workflow easier hackermd-toolkit.netlify.app #bugbountytips #cybersecurity

🆕 New GitHub Release: Criminal IP Asset Exposure Scanner A lightweight tool that extracts identifiers from unstructured banner, SSL, and HTML data in Criminal IP Asset Search results and structures them for exposure analysis. ✔️ Identifier extraction (email, tracking IDs, Telegram links) ✔️ Latest port state analysis using confirmed_time ✔️ Duplicate port filtering ✔️ Noise reduction with conservative regex Explore the repo 👇 github.com/criminalip/ass… #ThreatIntel #Cybersecurity #GitHub

Use this prompt for a thorough JS analysis: You are an expert JavaScript reverse engineer and code analyst. I will provide you with a JavaScript file. Perform a structured analysis with the following objectives: ## 1. High-Level Overview - What is this code's purpose? - Architecture pattern - Key dependencies and frameworks used - Execution flow: how does the code initialize and what is the main entry path? ## 2. Attack Surface & Endpoints Extract and list ALL of the following in structured tables: | Category | Examples to look for | |-----------------------|---------------------------------------------------------| | API routes/endpoints | paths, HTTP methods, route patterns | | Parameters | query params, body fields, URL params, headers expected | | Auth mechanisms | tokens, cookies, session logic, OAuth flows, API keys | | WebSocket events | event names, channels, message schemas | | External calls | fetch/axios URLs, third-party APIs, webhook targets | ## 3. Hidden & Interesting Artifacts Look beneath the surface for: - Hardcoded strings: URLs, IPs, hostnames, ports, internal service names - Environment variables referenced (process.env.*) - Database schemas, table/collection names, field names - Role names, permission levels, feature flags - Debug/admin/test routes or commented-out functionality - Error messages that reveal internal structure - Regex patterns (what are they validating/extracting?) - File system paths (uploads, logs, configs, temp dirs) ## 4. Data Flow Map Trace how user input moves through the code: - Entry point (where does external data come in?) - Transformations (parsing, validation, sanitization, or lack thereof) - Storage (where does it end up: DB, file, cache, external service?) - Output (what gets returned/rendered to the user?) ## Formatting Rules - Use tables for structured data (endpoints, params, env vars) - Use code snippets with line references for each finding - Flag anything that seems intentionally obscured or unusual - If the code is minified/obfuscated, note patterns and attempt to identify the original framework or library --- Here is the code:

2FA Bypass Attack Checklist github.com/awais0x1/2fa-b… #bugbountytips #penetrationtesting

Bug bounty tip 🧵 When testing APIs, always modify every parameter, even the ones that look irrelevant. Example: role=user → role=admin type=basic → type=premium user_id=123 → user_id=124 Sometimes the bug is hiding in the parameter nobody thought to check. #bugbountytip

#bugbountytip #claudeai #penetrationtesting

How to Use Claude (in Chrome) to Map Attack Surfaces...

Finally: "Summarize everything you've found into an attack surface report with sections for: Endpoints, Input Vectors, Auth Mechanisms, Third-Party Integrations, and High-Priority Test Areas

Step 6 — Generate a recon report:

While browsing, tell Claude: "Look at the JavaScript files loaded on this page. List any API endpoints, tokens, or internal URLs you can find referenced in the source."

Step 5 — JS & API enumeration assist:

If the app has multiple roles (user, admin, moderator): "Compare the features available to a regular user vs what you saw in the admin panel. Flag any endpoints a regular user might be able to access." This directly targets privilege escalation and access control bugs.

Step 4 — Role-based comparison"

Once Claude has observed the app, ask: "Based on what you've seen, what are the top 5 attack vectors I should prioritize? Consider IDOR, broken auth, input validation, and privilege escalation." Claude will reason about the app's architecture and give you a prioritized list.

Step 3 — Ask for threat modeling

Log in manually, then tell Claude: "I'm now logged in as a regular user. Browse every section of the app and identify all API calls,forms,file upload features, and user-controlled parameters." This maps the authenticated attack surface, which is where we get most busines logic

Step 2 — Authenticated surface mapping..

Step 1 — Point Claude at the target Open the web app in Chrome, activate Claude & Prompt: "Browse this application as an unauthenticated user. List every visible page,form,input field & external link you find" It will crawl what's visible & return a list of the attack surface.

What is "Claude in Chrome"? It's a browser extension / agent where Claude can actively browse a web application alongside you, observe the UI, read page content, and reason about what it sees in real time

Stop ignoring JS files. Hidden API endpoints, hardcoded tokens, and forgotten dev routes are hiding in plain sight inside .js bundles. Linkfinder + manual review = 💰 #BugBounty #JavaScript #WebSecurity #PenTest