Gospel's banner

Gospel

@4osp3l • 20,126 subscribers

Hacker . Security Researcher

Shorts

RCE via discord desktop application !

RCE via discord desktop application !

70,645 görüntüleme

Offensive Security

Offensive Security

17,371 görüntüleme

Day 2 - Recon #APPLE : Wrote a script that takes a list of Apple-owned subdomains, visits each one, extracts all linked JavaScript files, downloads them, and scans for sensitive information such as API keys, access tokens, secrets, and internal API endpoints.

Day 2 - Recon #APPLE : Wrote a script that takes a list of Apple-owned subdomains, visits each one, extracts all linked JavaScript files, downloads them, and scans for sensitive information such as API keys, access tokens, secrets, and internal API endpoints.

14,474 görüntüleme

Videos

Anya Rossi

sweetdream.ai

SweetDream.ai•Sponsored•Livecam

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

Exclusive private shows

1.2k viewers online

Private Show

Join now for exclusive access

Free preview available • Premium content

Live Bug Bounty Hunting - My Recon Methodology !!!🐞

Live Bug Bounty Hunting - My Recon Methodology !!!🐞

135,118 görüntüleme • 1 yıl önce

Exploiting a DOM-XSS vulnerability in a BBP with DorkixAI

Exploiting a DOM-XSS vulnerability in a BBP with DorkixAI

15,055 görüntüleme • 1 ay önce

Built ./Phone: A Mobile Phone Forensic Framework Feature: - Dump Call Logs - Dump SMS - Dump Photos / Videos / Documents - Extract information from documents I.e emails, passwords, phone numbers e.t.c Nana Sei Anyemedu

Built ./Phone: A Mobile Phone Forensic Framework Feature: - Dump Call Logs - Dump SMS - Dump Photos / Videos / Documents - Extract information from documents I.e emails, passwords, phone numbers e.t.c Nana Sei Anyemedu

106,890 görüntüleme • 1 yıl önce

Email OSINT : CLI NB: Not all information, data discovered are accurate, perform your analysis perfectly. What can you uncover with just an email address ? >>>>>>>>>>>>>>

Email OSINT : CLI NB: Not all information, data discovered are accurate, perform your analysis perfectly. What can you uncover with just an email address ? >>>>>>>>>>>>>>

65,653 görüntüleme • 1 yıl önce

This project is a simple banking application with multiple security vulnerabilities built in. It's designed to help security researchers learn about: - Common web application and API vulnerabilities !!! Github : Cc : Ghost St Badmus

This project is a simple banking application with multiple security vulnerabilities built in. It's designed to help security researchers learn about: - Common web application and API vulnerabilities !!! Github : Cc : Ghost St Badmus

48,136 görüntüleme • 1 yıl önce

ByDeF : Generate an undetectable PE ( .exe ), which bypasses windows defender / AV I decided to follow this process, i know it's going to be stressful a bit. The idea i came up with, failed. You can follow the documentaion to achieve same result.

ByDeF : Generate an undetectable PE ( .exe ), which bypasses windows defender / AV I decided to follow this process, i know it's going to be stressful a bit. The idea i came up with, failed. You can follow the documentaion to achieve same result.

48,680 görüntüleme • 1 yıl önce

It is possible for hackers to capture your credentials or any sensitive information via MITM while you're browsing through unencrypted connection ( HTTP ).

It is possible for hackers to capture your credentials or any sensitive information via MITM while you're browsing through unencrypted connection ( HTTP ).

41,088 görüntüleme • 1 yıl önce

Broken authentication POC.

Broken authentication POC.

25,944 görüntüleme • 9 ay önce

I built ./SECORA : Bug Bounty Hunter's Terminal With SECORA, you don't have to open multiple pane in your terminal to run bug bounty automation tools, it helps you run multiple tools at the same time !!! Github :

I built ./SECORA : Bug Bounty Hunter's Terminal With SECORA, you don't have to open multiple pane in your terminal to run bug bounty automation tools, it helps you run multiple tools at the same time !!! Github :

29,979 görüntüleme • 1 yıl önce

0xJS is an AI-powered JS security tool; - it can identify API keys, and other medium to critical severity secrets with high accuracy. - also scans for potential security issues in JS i.e DOM-XSS, postMessage, URL redirect. e..t..c - e..t..c; 0xJS v4.0 ( )

0xJS is an AI-powered JS security tool; - it can identify API keys, and other medium to critical severity secrets with high accuracy. - also scans for potential security issues in JS i.e DOM-XSS, postMessage, URL redirect. e..t..c - e..t..c; 0xJS v4.0 ( )

10,682 görüntüleme • 3 ay önce

I said I'm going to publish a technical article on how to test newsletter subscription functionality for BAC/XSS, I'll just drop it here instead; before we jump into testing these "newsletter subscription" features, we need to find them; here's a dork I use to find them [ site: ("subscribe"|"newsletter"|"unsubscribe") ]... most hackers don't look into these features, so this is a good opportunity; you can find vulnerabilities like XSS, IDOR/BAC, and even SQLi. In some cases the form only asks for your email, no name, country, etc. That doesn't stop you from testing XSS, but it can make IDOR testing harder to spot... if the email you enter is reflected back on the page, that's a great vector to test for XSS.

I said I'm going to publish a technical article on how to test newsletter subscription functionality for BAC/XSS, I'll just drop it here instead; before we jump into testing these "newsletter subscription" features, we need to find them; here's a dork I use to find them [ site: ("subscribe"|"newsletter"|"unsubscribe") ]... most hackers don't look into these features, so this is a good opportunity; you can find vulnerabilities like XSS, IDOR/BAC, and even SQLi. In some cases the form only asks for your email, no name, country, etc. That doesn't stop you from testing XSS, but it can make IDOR testing harder to spot... if the email you enter is reflected back on the page, that's a great vector to test for XSS.

12,567 görüntüleme • 7 ay önce

Android Pentesting : Mobile Hacking Lab SetUP

Android Pentesting : Mobile Hacking Lab SetUP

11,795 görüntüleme • 1 yıl önce

Daha fazla içerik yok.