Here is short writeup on how I managed to access 200k+ of PII data by exploiting a simple vulnerability and accessing admin dashboard! 📌Thread📌 1. I created an account with a simple user and one endpoint caught my attention (it was /api/v1/session)

How about critical files monitoring (e.g. 2 min exposed .env file when a server is misconfigured for a short time )🧐

Stay one step ahead of other bug hunters. #Monitor dynamically loaded JS files (chunks, GraphQL, API endpoints, and secrets) and get real-time alerts the moment something new appears. 🧐 You could join the waitlist at : mapperplus.com #MapperPlus

🔥Quick tip: Don't miss any JS files changes! They contain a lot of juicy information about your target app.. * Real time JS monitoring, scraping and alerting with advanced MapperPlus engine with history of file.. (Even if the company accidentally exposed the JS file for a short period, it can still be downloaded, allowing you to read and analyze it... later 🧐) 🎯 ..MapperPlus will be soon ready : mapperplus.com #BugBounty

...👀

For bug bounty hunters ..! 🔥 MapperPlus, Hackers collaborations are possible ... You can share your target notes with your collaborators or teammates ... 🎯 Participating in an #hackerone LHE? or a private hacking event? or hunting on a target with other bug hunter? and want to share what you are working on (notes, subdomains , IPs, findings...) so your team members will be on the same page... Testing this right now, and this is working very fine! You can share specific notes to your team ... and they can share with you as well ...(That's how collaborations are done) You still can join MapperPlus at to get early access: mapperplus.com #bugbounty

#bugbountytips ❌ Stop Doing These 10 Bug Hunting Mistakes ... And revise your methodology if : 1. You spend 2 days or less per program 2. You run automated tools on each URL and wait for unique results 3. You don't scan servers' open ports 4. You don't register an account in the target website 5. You don't read JS files loaded, dynamically or statically 6. You don't care what kind of technologies used 7. You throw payloads blindly everywhere without knowing what could go wrong with the app 8. You don't monitor changes related to your target 9. You don't manually scan for hidden endpoints in all app exposed files 10. You blindly bruteforce directories and endpoints whatever the naming pattern used by the target app Remember, the app is developed by humans, they do mistakes and there is always a pattern of anything ... Ad: If you want to monitor your target scopes .. I am working on a platform called MapperPlus which offers many monitoring features for bug bounty hunters and security professionals .. you could join the waitlist at : mapperplus.com

🔥 Day 1 at @MapperPlus Planned: 50 signups. Reality: 180+ 🚀 (~4x more than expected!) Early access spots are filling FAST, I’ll keep registrations open for now, but only the strongest will make the cut. Register now at : mapperplus.com for early access. Next open source release of MapperPlus cli will be coming in the next few days ... Previous version available at: github.com/midoxnet/mapperpl… #bugbountytips #bugbounty #security

🚀Hackerone/Bugcrowd... programs monitoring 🚀JS files monitoring 🚀Headless JS scraping with lazy loading .. 🚀Custom scanners 🚀Dark Web scanning 🚀Alerting 🚀AI reports generation 🚀Team Management 🚀Workspaces ... and more all in 🔥 #MapperPlus @MapperPlus is almost ready for bug bounty hunters, security pros & enterprises! Not just another Monitoring platform, it’s built to empower pentesters, red teamers & hunters with all-in-one vulnerability tracking + unique features (details soon 👀). ✅ Join the waitlist today to get FREE early access for the first 50 users: mapperplus.com #BugBounty #bugbountytip #mapperplus

Today's bug bounty hunting tip : #bugbountytips #BugBounty

😌 Pentest your targets while you sleep ... with MapperPlus!! Go beyond traditional scanning and surveillance... with AI reports generation and automatic submissions to platforms like @Hacker0x01 or Jira... (You decide 😉) Tip: When you find an open /.git repository : use github.com/arthaud/git-dumpe… to dump/download the source code in your computer for further analysis.. #BugBounty #bugbountytips #MapperPlus

ATO Prevention? 🧐 Yes! 💯 This is integrated also for enterprises users to secure their customers and prevent account takeover based on breaches/infostealer logs with the ability to setup the validation process from the dashboard and validate all credentials against their login endpoints. Bug bounty hunters will have the ability to verify their target's employees accounts (depends on the target program) and other details based on their eligibility at MapperPlus. 🎯 Bug bounty hunters can also verify targets (based on eligibility). 🚀 Many other useful features are included for all security researchers, enterprises and bug bounty hunters ... #bugbountytips #BugBounty #hackerone #mapperplus #Security

💥 This could help bypass SSRF regex restrictions if the backend expect the full format of an IP address v4 or v6.. #BugBounty #bugbountytip #Pentesting #Security

💥 #MapperPlus #BugBounty

💥 Building MapperPlus for bug bounty hunters! 🛠️ Not like other traditional tools... Tested unauthenticated on @Hacker0x01's Hacktivity page: 308 valid JS files extracted, in-depth analyzed! 🔥 Key features: - Dynamic JS scraping - In-depth source code analysis - Real-time monitoring for domains/ASN, subdomains, API endpoints, GraphQL endpoints, secrets, URLs, and more... - GraphQL extraction - Team collaboration for hacking events - Notifications for new CVEs - Cloud integrations ... and more! 🚀 #BugBounty #Cybersecurity #Pentesting #Hackerone #Hacker0x01 #bugbountytips

🔥 MapperPlus CLI is getting love! I've received many great feedback so far from @HackerOn2Wheels ✌️ and others ... MapperPlus parses complex JS with ease and unlocks advanced features for deep JavaScript analysis (like dechunker, source map extractor, webpack source extraction, WAF bypass and CDN recognition...). If you're hunting in a website built with modern JS frameworks, give it a try 💻✨ 🌀There is a cloud version that will be released soon, unlocking many GREAT features for bug bounty hunters especially and companies... (Stay tuned!!!) Link to Github repo: github.com/midoxnet/mapperpl… Feel free to ask or if you need a feature to be implemented, let me know .. #MapperPlus #BugBounty #bugbountytip

#bugbountytip Quick tip and script : ✅️ If you are hunting or scanning a WordPress instance, don't forget to look for exposed plugins' or WP core REST endpoints, under /wp-json.. many plugins like payments gateways are exposing the webhooks or callback plugins in order to update the order status in Woocommerce for example ... By scanning all exposed endpoints against unauthenticated access, you may end up accessing PII or order details... if the plugin exposes an endpoint insecurely... (especially in-house developed plugins 😉) I prepared a nice script that returns all exposed endpoints for you to scan.. you can use all of them in your preferred intruder or verify manually each one against vulns (SQLi, Blind XSS , PII leaks ...) based on the params required... Link to the script : raw.githubusercontent.com/mi… Usage : python3 wp_json.py https:example.com/wp-json/ Happy hacking...! #bugbountytips #hackerone #mapperplus

Here is one of the well written blogs that I found that might help security researchers enhance their offsec skills ..: kayssel.com/ He covers many aspects including (API Security, RBAC issues, Mass assignment ...etc) ... @rsgbengii #BugBounty #bugbountytips