Gospel's banner

Gospel

@4osp3l • 20,126 subscribers

Hacker . Security Researcher

Shorts

RCE via discord desktop application !

RCE via discord desktop application !

70,645 просмотров

Offensive Security

Offensive Security

17,371 просмотров

Day 2 - Recon #APPLE : Wrote a script that takes a list of Apple-owned subdomains, visits each one, extracts all linked JavaScript files, downloads them, and scans for sensitive information such as API keys, access tokens, secrets, and internal API endpoints.

Day 2 - Recon #APPLE : Wrote a script that takes a list of Apple-owned subdomains, visits each one, extracts all linked JavaScript files, downloads them, and scans for sensitive information such as API keys, access tokens, secrets, and internal API endpoints.

14,474 просмотров

Videos

Anya Rossi

sweetdream.ai

SweetDream.ai•Sponsored•Livecam

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

Exclusive private shows

1.2k viewers online

Private Show

Join now for exclusive access

Free preview available • Premium content

Live Bug Bounty Hunting - My Recon Methodology !!!🐞

Live Bug Bounty Hunting - My Recon Methodology !!!🐞

135,118 просмотров • 1 год назад

Exploiting a DOM-XSS vulnerability in a BBP with DorkixAI

Exploiting a DOM-XSS vulnerability in a BBP with DorkixAI

15,055 просмотров • 1 месяц назад

Built ./Phone: A Mobile Phone Forensic Framework Feature: - Dump Call Logs - Dump SMS - Dump Photos / Videos / Documents - Extract information from documents I.e emails, passwords, phone numbers e.t.c Nana Sei Anyemedu

Built ./Phone: A Mobile Phone Forensic Framework Feature: - Dump Call Logs - Dump SMS - Dump Photos / Videos / Documents - Extract information from documents I.e emails, passwords, phone numbers e.t.c Nana Sei Anyemedu

106,890 просмотров • 1 год назад

Email OSINT : CLI NB: Not all information, data discovered are accurate, perform your analysis perfectly. What can you uncover with just an email address ? >>>>>>>>>>>>>>

Email OSINT : CLI NB: Not all information, data discovered are accurate, perform your analysis perfectly. What can you uncover with just an email address ? >>>>>>>>>>>>>>

65,653 просмотров • 1 год назад

This project is a simple banking application with multiple security vulnerabilities built in. It's designed to help security researchers learn about: - Common web application and API vulnerabilities !!! Github : Cc : Ghost St Badmus

This project is a simple banking application with multiple security vulnerabilities built in. It's designed to help security researchers learn about: - Common web application and API vulnerabilities !!! Github : Cc : Ghost St Badmus

48,136 просмотров • 1 год назад

ByDeF : Generate an undetectable PE ( .exe ), which bypasses windows defender / AV I decided to follow this process, i know it's going to be stressful a bit. The idea i came up with, failed. You can follow the documentaion to achieve same result.

ByDeF : Generate an undetectable PE ( .exe ), which bypasses windows defender / AV I decided to follow this process, i know it's going to be stressful a bit. The idea i came up with, failed. You can follow the documentaion to achieve same result.

48,680 просмотров • 1 год назад

It is possible for hackers to capture your credentials or any sensitive information via MITM while you're browsing through unencrypted connection ( HTTP ).

It is possible for hackers to capture your credentials or any sensitive information via MITM while you're browsing through unencrypted connection ( HTTP ).

41,088 просмотров • 1 год назад

Broken authentication POC.

Broken authentication POC.

25,944 просмотров • 9 месяцев назад

I built ./SECORA : Bug Bounty Hunter's Terminal With SECORA, you don't have to open multiple pane in your terminal to run bug bounty automation tools, it helps you run multiple tools at the same time !!! Github :

I built ./SECORA : Bug Bounty Hunter's Terminal With SECORA, you don't have to open multiple pane in your terminal to run bug bounty automation tools, it helps you run multiple tools at the same time !!! Github :

29,979 просмотров • 1 год назад

0xJS is an AI-powered JS security tool; - it can identify API keys, and other medium to critical severity secrets with high accuracy. - also scans for potential security issues in JS i.e DOM-XSS, postMessage, URL redirect. e..t..c - e..t..c; 0xJS v4.0 ( )

0xJS is an AI-powered JS security tool; - it can identify API keys, and other medium to critical severity secrets with high accuracy. - also scans for potential security issues in JS i.e DOM-XSS, postMessage, URL redirect. e..t..c - e..t..c; 0xJS v4.0 ( )

10,682 просмотров • 3 месяцев назад

I said I'm going to publish a technical article on how to test newsletter subscription functionality for BAC/XSS, I'll just drop it here instead; before we jump into testing these "newsletter subscription" features, we need to find them; here's a dork I use to find them [ site: ("subscribe"|"newsletter"|"unsubscribe") ]... most hackers don't look into these features, so this is a good opportunity; you can find vulnerabilities like XSS, IDOR/BAC, and even SQLi. In some cases the form only asks for your email, no name, country, etc. That doesn't stop you from testing XSS, but it can make IDOR testing harder to spot... if the email you enter is reflected back on the page, that's a great vector to test for XSS.

I said I'm going to publish a technical article on how to test newsletter subscription functionality for BAC/XSS, I'll just drop it here instead; before we jump into testing these "newsletter subscription" features, we need to find them; here's a dork I use to find them [ site: ("subscribe"|"newsletter"|"unsubscribe") ]... most hackers don't look into these features, so this is a good opportunity; you can find vulnerabilities like XSS, IDOR/BAC, and even SQLi. In some cases the form only asks for your email, no name, country, etc. That doesn't stop you from testing XSS, but it can make IDOR testing harder to spot... if the email you enter is reflected back on the page, that's a great vector to test for XSS.

12,567 просмотров • 7 месяцев назад

Android Pentesting : Mobile Hacking Lab SetUP

Android Pentesting : Mobile Hacking Lab SetUP

11,795 просмотров • 1 год назад

Больше нет контента для загрузки