Mahesh Yadav

Yay, I was awarded a $400 bounty on @Hacker0x01! hackerone.com/hackruler #TogetherWeHitHarder

We've been heads-down shipping some major upgrades to Jsmon. Here’s what’s new 👇 ⚡ 6.2× Faster Scans: We migrated our infrastructure from NoSQL → SQL and refactored core backend components. Result: scans are 6.2× faster. 🔎 Configurable Scan Depth (1–4) • Depth 1 - Target page only • Depth 2 - Target + linked pages • Depth 3 - Recursive crawl (1 level deeper) • Depth 4 - Full deep recursive crawl 🛡 WAF Bypass Support: Jsmon now simulates a browser-like environment, allowing scans on assets that were previously unreachable. More improvements coming soon. Feedback welcome👇 Happy hacking 🎯

@PortSwigger Anyone else facing this issue?

No jailbreak. No problem. 🔓 I built a tool that bypasses iOS SSL Pinning using OpenVPN + iptables — works with Burp Suite & mitmproxy out of the box. 👇 GitHub github.com/SahilH4ck4you/… #CyberSecurity #BugBounty #iOS #Pentesting

There are dozens of JS analysis tools available for bug hunters. Each one has its own unique strengths. Here are 4 tools I personally use to streamline my workflow: 🧵

The JS Recon Iceberg!

Here's how you can do better API-contextful fuzzing by using JS files: 1. Scan domain/URL at jsmon.sh 2. Go to JS Intelligence > API Paths 3. Export all the API endpoints Make a wordlist and use ffuf or kiterunner to fuzz on dev/prod/staging APIs. #bugbountytips

We’re hosting a live webinar on ‘Listening like a Hacker with Jsmon’. Join us with the below link Webinar link : meet.zoho.in/wtqn-ujx-hcv #cybersecurity #hackers

If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀 Check for it quicker using this cool new tool by JSMon: app.jsmon.sh/tools/npm-vali… 👇

From your feedback, to our team’s hard work → Jsmon 2.0 is here. ✨ Cleaner design 📊 Easier reporting ⚡ More power under the hood Thank you for helping us build the future of JavaScript security 💜 Check it out → jsmon.sh

Hey i am at psy9 booth at besides Ahmedabad

@3nc0d3dGuY Okkk sir will be waiting for you 🙌😄

I'll be attending Bsides Ahmedabad.

@sumgr0 @bsidesahmedabad Sure sir 🙌

I’ll be attending the @bsidesahmedabad 2025. If you see a Long Bearded Bald guy (matching the profile picture), that’s me 😉 Come say Hi! #security #bugbountytip

New search query implemented today, over domain + subdomains of the domain for searching over JS URLs. This've increased the searches JS URLs count by a lot.

🚀 JS Explorer is live now! Discover JS URLs from domains for free. Powered with 500M JS URLs and updating every week. Visit jsmon.sh/jsexplorer/ now. ✅ Retweet, bookmark and share link with your friends in bugbounty, cybersecurity and OSINT research.

🚀 New blog post! Unlock 403 Forbidden bypass techniques. Dive into essential tricks: HTTP methods, header spoofing, path traversal & more. Boost your bug hunting & pen testing skills today! Read more: blogs.jsmon.sh/403-bypass-tri… #bugbounty #bugbountytips

🎉 We just crossed 2,000 users on Jsmon! From day 1, we've been focused on helping developers uncover JavaScript-based security risks in frontends, and today, 2,000 of you trust us to do just that. Thank you for the support, feedback & belief in the mission.

🥤 BOOM! Jsmon strikes again. We found another S3 Bucket Takeover, this time in a JavaScript file from Coca-Cola’s RDP (via @intigriti)! ⚠️ Triaged as High Severity 🏆 Got reward coupons Our JS Intelligence doesn’t miss. #BugBounty #CyberSecurity #Intigriti #S3Takeover

Yayy!! Jsmon got awarded $250 bounty on @Hacker0x01 for a S3 bucket takeover in a JS file. Try it now at jsmon.sh

@jsmonsh @jsmonsh @3nc0d3dGuY

🎉 GIVEAWAY TIME! 🎉 Want to try Jsmon Pro for free? We're giving away 3 one-month subscriptions (worth $195 total)! Here's how to enter: ✅ Follow @jsmonsh 🔁 Retweet this post 📸 Share a screenshot of your scan and tag us! That's it. Winners announced in 7 days.