Begin n Bounty @beginnbounty

👉Practical Bug bounty tips 👉Beginner friendly 👉Pentesting DM for queries

Joined February 2021
Eid Mubarak!
5
4⃣GraphQL Cop GraphQL Cop is an open-source GraphQL security auditing tool that is capable of performing over +10 security tests for GraphQL Check it out on Github! 👇 github.com/dolevf/graphql-co…

GitHub - dolevf/graphql-cop: Security Auditor Utility for GraphQL APIs

Security Auditor Utility for GraphQL APIs. Contribute to dolevf/graphql-cop development by creating an account on GitHub.

github.com
1
1
3⃣Misconfig Mapper Misconfig Mapper is a project by Intigriti for the community to help you find, detect and resolve common security misconfigurations in various popular services, technologies and SaaS-based solutions that your targets use! github.com/intigriti/misconf…

GitHub - intigriti/misconfig-mapper: Misconfig Mapper is a fast tool to help you uncover security...

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets! - intigriti/misconfig-mapper

github.com
1
2
2⃣BatchQL Developed by Assetnote, BatchQL is an open-source tool designed to assist you in testing GraphQL targets for mutations and batch queries. github.com/assetnote/batchql

GitHub - assetnote/batchql: GraphQL security auditing script with a focus on performing batch...

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations - assetnote/batchql

github.com
1
Automated tools for GraphQL testing🔥👇 1️⃣ InQL Burpsuite Extension A Burpsuite extension called InQL makes it easier for you to test GraphQL targets within your proxy interceptor. Check it out on Github! 👇 github.com/doyensec/inql

GitHub - doyensec/inql: InQL is a robust, open-source Burp Suite extension for advanced GraphQL...

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. - doyensec/inql

github.com
1
12
38
🔥 TOP 5 recon tools used in web app Pentesting👇 1️⃣ Burp Suite 2️⃣ Nmap 3️⃣ Recon-ng 4⃣ Nuclei 5⃣ Subfinder #infosecurity #appsecurity
1
1
6
“Authentication: disabled” port:445 product:”Samba” hostname:”*.${target}” title:”Login — Adminer” hostname:”*.${target}” title:”Login — Adminer” ssl.cert.subject.cn:”${target}” http.title:”sign up” ssl.cert.subject.cn:”${target}”z
1
2
ssl.cert.subject.commonName:”.${target}” http.title:”Index of /” hostname:”.${target}”* http.title:”Index of /” ssl.cert.subject.cn:”${target}” ftp port:”10000" hostname:”*.${target}” ftp port:”10000" ssl.cert.subject.cn:”${target}”
1
1
5
Shodan dorks help you filter specific types of devices and information 👇 ssl.cert.fingerprint:”${target}” ssl:”${target}” org:”${target}” hostname:”${target}” ssl.cert.issuer.cn:”${target}” ssl.cert.subject.cn:”${target}” #infosecurity #appsec
1
2
10
A cloud metadata service and you could retrieve the AWS metadata.
1
SSRF on FIle imports feature👇 👉 Suppose if an API relies on a URL to import a file. Some times you may endup with the SSRF vulnerability. You could simply pass this URL http://169.254.169.254
1
1
7
Attacking organizations with big scopes: from zero to hero by @HusseiN98D A well explained, excellent breakdown🔥👇 piped.video/watch?v=vFk0XtHf…

Attacking organizations with big scopes: from zero to hero

This presentation delves into the crucial role of reconnaissance in bug bounty hunting, providing strategies to uncover vulnerabilities efficiently. Particip...

youtube.com
2
9
Some unknown Dorks to find more assets 👇 → site:*<example>* → site:example>* → site:*<example.*>* → site:*<*example.*>* → site:*example.* → ip:127.0.01 credit @HusseiN98D
4
20
Bug Bounty Methodology ( Tactics, Techniques, and Procedures) V 2.0 A well explained, excellent breakdown 🔥👇 infosecsanyam.medium.com/bug…

Bug Bounty Methodology (TTP- Tactics, Techniques, and Procedures) V 2.0

Hello Folks, I am Sanyam Chawla (@infosecsanyam) I hope you are doing hunting very well

infosecsanyam.medium.com
2
3
👉 GET /userSearch?name=NAME%23AB&back=/home Truncating query strings: You can use encoded # Injecting invalid parameters: Use encoded `&` character to add a second parameter Override Existing Parameters by adding a second parameter
1
Essential tip for testing server-side parameter pollution Testing for pollution in query strings👇
1
2
Effective GraphQL Test Cases: A Quick Guide 👇 anmolksachan.github.io/graph…
6
Detecting API endpoints and source code with JS Miner A well explained, excellent breakdown 🔥👇 danaepp.com/detecting-api-en…

Detecting API endpoints and source code with JS Miner

Learn how to detect API endpoints and extract source code from web app frontends using JS Miner, a FREE Burp Suite Professional extension.

danaepp.com
6
43
Content Discovery with FFUF’s recursion🤑 This switch tells ffuf to start the scan on any directory you encounter, until no directory is left👇
4
11
Thank you for reading this far! We hope you've learned something new from this thread! If you have enjoyed this thread: 1. Follow us @beginnbounty for more of these threads! 🐛 2. Retweet the first Tweet to share it with your friends
2
Load more