c0dejump

HExHTTP v2.5 is out ! 🥳 - Many fixes for bugs & FP (a huge reduction !) - HHMP (Host Header Manipulation Poisoning) & CFP (Change Format Page) CPDoS module - Generates an interactive HTML report from scan results with -o option (export json/csv in HTML) & more in CHANGELOG.md, If you find it useful, consider supporting the project - even a small contribution helps a lot ! github.com/c0dejump/HExHT…

Hello, A short post about a fairly simple CPDoS method that I haven't seen anywhere else (AFAIK) I hope you enjoy it, happy reading ! CPDoS via Content Negotiation Mechanism: @bbcodejump/cpdos-via-content-negotiation-mechanism-4fdb438ad7d0" target="_blank" rel="nofollow noopener">medium.com/@bbcodejump/cp…

Plop ! New tool in "Beta" version: - GimmeYourPassword : GYP is a tool designed to perform tests on reset password features on websites and analyze the results to identify vulnerabilities and interesting behaviors. github.com/c0dejump/Gimme… If any of you have already encountered this type of vulnerability in a bug bounty program, it would be great if you could contact me, please :) Have fun !

github.com/sponsors/c0dej… If a rich bug hunter happens to be passing by here👀

@medusa_0xf github.com/c0dejump/wcDet… ;)

Just dropped a New video on automating Web Cache Deception Bugs🔥 Free tool + live demo and testing check it out👇 youtu.be/xR6oFcwK3pU?si… #BugBounty #hacking

Happy new year ! What's new on my GitHub ? - wcDetect v1.3: github.com/c0dejump/wcDet… New README & Logo Add payloads Fixed design/bugs & more - Instaguard: github.com/c0dejump/OSINT… Instagram analysis apk with a trusting score indicating if it's a fake/scammer account

Hello, A quick update for the holidays before taking a break from HExHTTP, as I'm going to focus on other new projects (which I hope you'll also enjoy), so give me as many stars and as much support as you can as a Christmas gift ! ❤️‍🔥 HExHTTP v2.4 now available ! Have a great holiday season and Hack the planet ! github.com/c0dejump/HExHT… #BugBounty

Thanks you @yeswehack ! 🫶

The Cache Poisoning Bible: Part 2 — Exotic Header Exploitation Full article: @Aacle/the-cache-poisoning-bible-part-2-exotic-header-exploitation-d074746690cb" target="_blank" rel="nofollow noopener">medium.com/@Aacle/the-cac… 👉 Inside: • 50+ exploitable headers with examples • Real HackerOne reports + bounty amounts • Framework-specific vulnerabilities • Automation scripts + Burp extensions • Complete testing methodology Analysed from public writeups, hackerone reports, guides and etc

Plop ! HExHTTP v2.3: - Renames files and directory - Linting - Fixed bugs - Remake simple cache poisoning module - New payloads - Menu in README(.)md - CVE-2025-57822 module check - Add random user-agent during cpdos to avoid overly strict waf & more ! :) HF ! github.com/c0dejump/HExHT… PS: If you have benefited from my work, you can support me financially through github sponsors or just buy me a coffe: github.com/sponsors/c0dej… #BugBounty

HExHTTP – Le chimiste des headers (only FR atm) redp.fr/blog/post?slug…

🎉Happy to realease HExHTTP v2 !🎉 github.com/c0dejump/HExHT… Thanks to @KharaTheOne @Geluchat @Nishacid @__PH4NTOM__ for the help ! 🙏 & Thanks to BB FR community ! 😁 Have Fun & Hack the Planet ! 🌍 ( & If you would like to contribute, pls feel free to give a little coffe :)

Want to sharpen your SSTI, cache poisoning or business logic error skills? 🧠 The hunters who topped our 2024 leaderboards for these CWEs – @LdrTom, @c0dejump and @kto_94_ – kindly shared their best-practice tips with us 👇 #BugBountyTips yeswehack.com/learn-bug-boun…

Hi all, While waiting for v2 of HExHTTP, here is a small update of wcDetect (web cache deception scanner) with new payloads and minor corrections 🙂 github.com/c0dejump/wcDet… As well as a little teaser of the new script projects I have in mind (I'll let you guess what they'll be used for): - DjaNoGo - WileThrottle Have fun !

@RoxyhunkPush Sure, wait v2 😛

HExHTTP v2 coming soon 😁 github.com/c0dejump/HExHT…

Hello everyone, A little out of context this time, I'm leaving my current job to start a new adventure on my own. I wanted to thank you for all the strength you give me and for all your feedback on my tools ! 🤜🤛❤️ I love what I do and I'll keep doing it, but it's always nice to see that what I do isn't for nothing 😁 Anyway, thank you all and if you want to support me in the future, don't hesitate to get me a cup of coffe (links on my github) ! ☕ P.S: the new HExHTTP v2 will be released on 10/10/2025 👀

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4