hyk3n

If you're using Nuclei but not leveraging community templates, you're leaving bugs on the table 👀 The Nuclei-Templates-Collection is a curated hub of custom templates to supercharge your scans, from CVEs to real-world bug bounty cases. More templates = more coverage = more findings 🔥 🔗 github.com/emadshanab/Nuc… #BugBounty #Nuclei #Infosec #AppSec #CyberSecurity

WORDLIST + DISCOVERY THREAD - GET YOUR TOOLS 1. Generate password wordlists github.com/edoardottt/lon… github.com/agusmakmun/pyt… github.com/berzerk0/BEWGor 2. Look at Wayback github.com/mhmdiaa/chronos 3. Set up hashcat github.com/n0kovo/hashcat… 4. Find all params github.com/ImAyrix/fallpa… 5. Combine into a toolkit github.com/CodingRanjith/… 6. Tidy up your wordlists github.com/sts10/tidy

If you're serious about mastering client-side bugs, this repo is a goldmine. A curated roadmap covering: • XSS (DOM-based & advanced) • postMessage exploitation • CSP bypass techniques • Prototype Pollution • Real-world writeups & labs Stop jumping randomly between topics, follow a structured path. 🔗 github.com/zomasec/client… #BugBounty #WebSecurity #XSS #AppSec #InfoSec

🚨 Bug Bounty / Red Team Tip CVE-2026-21643 — Critical Pre-Auth SQL Injection (CVSS 9.1) in FortiClient EMS 7.4.4 (multi-tenant mode only) Unauthenticated attackers can inject arbitrary SQL via the Site HTTP header to the public endpoint /api/v1/init_consts (or login endpoint). This happens before authentication and hits the PostgreSQL backend with superuser-level access in many setups → full DB dump, schema extraction, or RCE (via PostgreSQL features like COPY FROM PROGRAM). - Affected: Only FortiClient EMS 7.4.4 (multi-tenant/Sites feature enabled) - Not affected: 7.2.x, 8.0.x, single-site deployments - Fixed: Upgrade to 7.4.5 or later - Status: Actively exploited in the wild + public PoCs available Main Detail Article (Highly Recommended): Bishop Fox deep-dive with exploitation paths, payloads (e.g., pg_sleep(5) for blind testing), and lab results → bishopfox.com/blog/cve-2026-… Public PoC (GitHub): github.com/0xBlackash/CVE… Useful Google/Shodan Dorks: - http.title:"FortiClient EMS" "7.4.4" - http.html:"FortiClient Enterprise Management Server" - http.favicon.hash: -specific-hash (or search for EMS login page) - Shodan: "Model: FCTEMS" or "FortiClient EMS" Quick Check: If your EMS login page is internet-facing and running 7.4.4 with multi-tenant enabled → patch ASAP or block public access. Thousands of instances are exposed (Shadowserver ~2k+, Shodan ~1k+). High-value target for hunters. Patch or restrict immediately! #BugBounty #RedTeam #Fortinet #CVE202621643 #SQLi

🔥 If you’re serious about bug bounty, this repo is pure gold. 📦 Bug Bounty Reference by @ngalongc 🔗 github.com/ngalongc/bug-b… 📌 Why it’s a game-changer: ✅ Real-world disclosed reports — not just theory ✅ Organized by bug class: XSS, SSRF, IDOR, RCE, you name it ✅ Peek inside the actual hacker mindset 🧠 ✅ Connect the dots across different targets & reports 🚀 Pro-level way to use it: Pick a vulnerability class Read 5+ reports in that category Map out sources → sinks → attack chains Apply those patterns to live targets ⚠️ Stop memorizing payloads. Start recognizing patterns. #BugBounty #InfoSec #CyberSecurity #EthicalHacking #WebSecurity #HackerMindse

True

chat, we got a winner! 🏆

@intigriti That's true when I faced in beginning they say I got $$$ just look deeper yo how the heck did find staring at screen doesn't help

recox.hackerz.space is outperforming most recon tools 🔥🚀: 🔴waybackurls → 10,184 ✅recox → 53,030 🔥 🔴subfinder → 896 🔴subd...c99nl → 896 ✅recox → 901 ⚡ check it out : recox.hackerz.space #bugbounty #bugbountytips

🛡️ Many modern web apps run on Next.js — and where there’s code, there are bugs 👀 This security checklist highlights common risks like: 🔹 Input validation issues 🔹 Exposed secrets 🔹 Dependency vulnerabilities 🔹 Missing security headers Great read for bug bounty hunters 🔍 🔗 blog.arcjet.com/next-js-securi… #BugBounty #AppSec #WebSecurity #NextJS 🐞

Simple XSS payload for AngularJS testing. Older AngularJS versions are still vulnerable to expression injection. {{$on.constructor('alert(document.domain)')()}} #BugBounty #XSS #bugbountytips #hackerone

Did you collect subdomains but don’t know which ones are real? That’s where the real work begins. Passive enumeration maps the surface. Resolution and wildcard filtering build the foundation. Let Subfinder discover them. Let Shuffledns verify them. Clean pipeline below 👇

Time-Based SQL Injection Is Still Everywhere!🔥 You can fingerprint the backend DB version with '; IF (SUBSTRING(@@VERSION,1,1) = 'M') WAITFOR DELAY '0:0:15' -- Delay = proof. #RedTeam #BugBounty #SQLi #bugbountytips #hackerone

# Default Credentials 1. Cisco ``` User: cisco Password: cisco ``` 2. Citrix ``` User: nsroot Password: nsroot ``` 3. Dell iDRAC ``` User: root Password: calvin ``` 4. Juniper ``` User: super Password: juniper123 ``` 5. pfSense ``` User: admin Password: pfsense ``` 6. SAP ``` User: SAP* Password: 06071992 ``` 7. Tomcat ``` User: tomcat Password: tomcat ``` 8. UniFi ``` User: ubnt Password: ubnt ``` 9. Weblogic ``` User: weblogic Password: weblogic1 ``` 10. Zabbix ``` User: Admin Password: zabbix ``` 11. Windows ``` User: Administrator Password: P@ssw0rd ```

🔥SQL injection in json endpoint💀 Join my BugBounty telegram channel t.me/ShellSec Tip: Always check blind SQL injection in json, js endpoints. Even it's show you 404 but if the Backend process after .json';{yourpayload} then you can get only blind base SQLi. ㅤ

Me and a friend just landed a bounty for an RCE using a technique I addict it earlier and have kept refining ever since. Grateful for the results. Alhamdulillah. More here: sl4x0.xyz/turning-depend… or sl4x0.medium.com/turning-depend…

Stop missing attack surface behind Round Robin DNS. 🛑 By default, tools often check just one IP. Force httpx to enumerate ALL resolved A records for every subdomain using -probe-all-ips. Use this Command👇 httpx -l live_hosts.txt -probe-all-ips -silent -o multi_ip_hosts.txt Essential for finding hidden origins and inconsistent WAF protections. #recon #httpx #infosec

XSSNow - The Ultimate XSS Payload Database xssnow.in

Need a simple scanner to test for React2Shell at scale? 🤑 React2shell-scanner by @assetnote is a Python-based command-line tool that detects CVE-2025-55182 and CVE-2025-66478 in Next.js applications. It even includes support for bypassing WAF filters! 😎 🔗 github.com/assetnote/reac…