X

@TheMsterDoctor1 • 35,501 subscribers

🧠 Retired Hacker | AppSec & Bug Bounty 💣 Found bugs others miss 🏆 CVEs • $500K bounties • real exploits 📌 Follow for daily hacker playbooks

Shorts

Offensive Security Tool: TerminatorZ TerminatorZ is developed by Chris Abou-Chabké from Black Hat Ethical Hacking and is an efficient web security tool designed to scan for potential vulnerabilities in your web applications. It uses a combination of advanced techniques and popular tools like 'waybackurls' and 'curl', to perform passive and quick scans, providing a rapid overview of potential issues. The results are displayed in an easy-to-read format in the terminal, with only the vulnerable findings saved for further investigation. 🟢New Version 2.0 Released! This update includes 8 NEW Proofs of Concept (POCs), bringing the total to 24 POCs, along with several other enhancements. ➡️New POCs: ◾File Upload Vulnerability ◾Command Injection ◾Host Header Injection ◾HTTP Parameter Pollution (HPP) ◾Clickjacking ◾CORS Misconfiguration ◾Sensitive Data Exposure ◾Session Fixation Read the post: Installation git clone cd TerminatorZ chmod +x ./TerminatorZ ⁠#securityassessments #pentesting #bugbounty #hacking #infosec #informationsecurity #cybersecurity #offensivesecurity #redteam

Offensive Security Tool: TerminatorZ TerminatorZ is developed by Chris Abou-Chabké from Black Hat Ethical Hacking and is an efficient web security tool designed to scan for potential vulnerabilities in your web applications. It uses a combination of advanced techniques and popular tools like 'waybackurls' and 'curl', to perform passive and quick scans, providing a rapid overview of potential issues. The results are displayed in an easy-to-read format in the terminal, with only the vulnerable findings saved for further investigation. 🟢New Version 2.0 Released! This update includes 8 NEW Proofs of Concept (POCs), bringing the total to 24 POCs, along with several other enhancements. ➡️New POCs: ◾File Upload Vulnerability ◾Command Injection ◾Host Header Injection ◾HTTP Parameter Pollution (HPP) ◾Clickjacking ◾CORS Misconfiguration ◾Sensitive Data Exposure ◾Session Fixation Read the post: Installation git clone cd TerminatorZ chmod +x ./TerminatorZ ⁠#securityassessments #pentesting #bugbounty #hacking #infosec #informationsecurity #cybersecurity #offensivesecurity #redteam

77,255 次观看

Offensive Security Tool: SQLMutant SQLMutant is written by Chris Abou-Chabké from Black Hat Ethical Hacking and its a comprehensive SQL injection tool. It uses a variety of techniques to detect vulnerabilities, including pattern matching, error analysis, and timing attacks, ensuring that no stone is left unturned. In addition to its powerful features, SQLMutant also integrates with Waybackurls and Arjun, enabling it to find even more parameters and merge all results together. This integration is highly beneficial as it provides automated subdomain enumeration and SQL injection testing capabilities. Requirements: To use SQLMutant, you need to have the following tools installed: figlet & lolcat: pip install lolcat & apt-get install figlet Waybackurls : go install Arjun: pip install arjun SQLMap: git clone --depth 1 sqlmap-dev Installation git clone cd SQLMutant chmod +x ./SQLMutant.sh Read the full post: #sqli #sqlinjection #hacking #bugbounty #pentesting #infosec #informationsecurity #offensivesecurity #redteam

Offensive Security Tool: SQLMutant SQLMutant is written by Chris Abou-Chabké from Black Hat Ethical Hacking and its a comprehensive SQL injection tool. It uses a variety of techniques to detect vulnerabilities, including pattern matching, error analysis, and timing attacks, ensuring that no stone is left unturned. In addition to its powerful features, SQLMutant also integrates with Waybackurls and Arjun, enabling it to find even more parameters and merge all results together. This integration is highly beneficial as it provides automated subdomain enumeration and SQL injection testing capabilities. Requirements: To use SQLMutant, you need to have the following tools installed: figlet & lolcat: pip install lolcat & apt-get install figlet Waybackurls : go install Arjun: pip install arjun SQLMap: git clone --depth 1 sqlmap-dev Installation git clone cd SQLMutant chmod +x ./SQLMutant.sh Read the full post: #sqli #sqlinjection #hacking #bugbounty #pentesting #infosec #informationsecurity #offensivesecurity #redteam

42,587 次观看

Videos

Anya Rossi

sweetdream.ai

SweetDream.ai•Sponsored•Livecam

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

Exclusive private shows

1.2k viewers online

Private Show

Join now for exclusive access

Free preview available • Premium content

Offensive Security notes 🔥📢 Embarking on the OSCP journey? Check out this insightful guide on "How to Pass OSCP Like a Boss"’. 🚀 #OSCP #Cybersecurity #InfoSec #EthicalHacking If you'd like to receive these notes 100% Free For First 1000 User's.. Simply: 1. Follow (So I Will Dm) 📥 2. Like and Repost 3. Comment “ Send ” to receive your copies!! 📚 "I do not own this content. For any issues or concerns, please contact the rightful owner directly."

Offensive Security notes 🔥📢 Embarking on the OSCP journey? Check out this insightful guide on "How to Pass OSCP Like a Boss"’. 🚀 #OSCP #Cybersecurity #InfoSec #EthicalHacking If you'd like to receive these notes 100% Free For First 1000 User's.. Simply: 1. Follow (So I Will Dm) 📥 2. Like and Repost 3. Comment “ Send ” to receive your copies!! 📚 "I do not own this content. For any issues or concerns, please contact the rightful owner directly."

118,301 次观看 • 2 年前

🔥Recon is where most bounties are won. 👌Argus is a Python-powered toolkit built for serious hunters: • Faster intel • Cleaner signals • Better targets Stop guessing. Start seeing. 🦅

🔥Recon is where most bounties are won. 👌Argus is a Python-powered toolkit built for serious hunters: • Faster intel • Cleaner signals • Better targets Stop guessing. Start seeing. 🦅

21,839 次观看 • 4 个月前

🚀 **Hack Like a Pro:** Extract IPs from Shodan HTML in Seconds! 🔥 Sick of digging through HTML? Let `grep` do the work! 💻 ```bash grep -oP '(? ).*?(?= )' ip.html > ips ``` 1️⃣ **Save Shodan page source as HTML** 2️⃣ **Run this command** 3️⃣ **BOOM 💥** — All IPs extracted to `ips`! Master your toolkit! #KaliLinux #HackingTips #CyberSecurity #Shodan #OSINT

🚀 Hack Like a Pro: Extract IPs from Shodan HTML in Seconds! 🔥 Sick of digging through HTML? Let `grep` do the work! 💻 ```bash grep -oP '(? ).*?(?= )' ip.html > ips ``` 1️⃣ Save Shodan page source as HTML 2️⃣ Run this command 3️⃣ BOOM 💥 — All IPs extracted to `ips`! Master your toolkit! #KaliLinux #HackingTips #CyberSecurity #Shodan #OSINT

18,971 次观看 • 3 个月前

🚨 POC for CVE-2025-55182 that works on Next.js 16.0.6 Here are the exact, battle-tested queries you need — Censys, Shodan, FOFA, ZoomEye, Quake, BinaryEdge, and Nuclei matchers — all tuned specifically to find Next.js RSC / React Server Components instances vulnerable to CVE-2025-55182 (React2Shell). ⸻ ✅ 1. SHODAN QUERY (380K+ ASSETS) Find all servers leaking RSC Server Actions: Basic Query "Vary: RSC, Next-Router-State-Tree" More Aggressive Variant http.headers.vary:"RSC" AND http.headers.vary:"Next-Router-State-Tree" Superwide Coverage "Next-Router-State-Tree" OR "x-nextjs-cache" OR "server-actions" OR "__RSC__" Focused on Vulnerable Cache Indicators "x-nextjs-cache: HIT" "Next-Router-State-Tree" ⸻ ✅ 2. CENSYS QUERY (270K+ ASSETS) (match the screenshot you posted) Exact Censys Search services.http.response.headers.vary: "RSC, Next-Router-State-Tree" Safer Multi-Matcher services.http.response.headers.vary: "RSC" AND services.http.response.headers.vary: "Next-Router-State-Tree" Detect RSC Payload Exposure (critical) services.http.response.body: "__RSC__" Detect Flight Data Leaks services.http.response.body: "server-reference-manifest" ⸻ ✅ 3. FOFA QUERY (CHINA’S OSINT GIANT) (VERY POWERFUL for RSC/Next.js) Exact Header Based header="Next-Router-State-Tree" && header="RSC" Alternative (match screenshot patterns) "Next-Router-State-Tree" && "x-nextjs-cache" For massive result count body="__RSC__" || header="server-actions" ⸻ ✅ 4. ZOOMEYE QUERY ZoomEye scans often catch Node.js apps Shodan misses. Exact Unicode-Ready Query "Next-Router-State-Tree" && "RSC" Advanced app:"Next.js" && header:"RSC" ⸻ ✅ 5. QUAKE SEARCH (360K+ MATCHES) header:"Next-Router-State-Tree" AND header:"RSC" ⸻ ✅ 6. BINARYEDGE QUERY http.response.headers.vary:"Next-Router-State-Tree" ⸻ ✅ 7. QUERY headers:"Next-Router-State-Tree" && headers:"RSC" ⸻ 🎯 8. NUCLEI MATCHER (to detect RSC without scanning payloads) If you want a nuclei detector you can plug into your scanner: matchers: - type: word part: header words: - "RSC" - "Next-Router-State-Tree" - "server-actions" - "__RSC__" ⸻ 🚩 BONUS — THE MOST ADVANCED CROSS-ENGINE QUERY Use this when you want maximum global coverage: "Next-Router-State-Tree" OR "RSC" OR "__RSC__" OR "server-actions" OR "x-nextjs-cache" OR "Next-Server-Action" This identifies: •Next.js App Router •RSC endpoints •Server Actions •Flight data APIs •Pages exposing cache HITs (required for exploitation) •Systems likely vulnerable to CVE-2025-55182 (React2Shell)

🚨 POC for CVE-2025-55182 that works on Next.js 16.0.6 Here are the exact, battle-tested queries you need — Censys, Shodan, FOFA, ZoomEye, Quake, BinaryEdge, and Nuclei matchers — all tuned specifically to find Next.js RSC / React Server Components instances vulnerable to CVE-2025-55182 (React2Shell). ⸻ ✅ 1. SHODAN QUERY (380K+ ASSETS) Find all servers leaking RSC Server Actions: Basic Query "Vary: RSC, Next-Router-State-Tree" More Aggressive Variant http.headers.vary:"RSC" AND http.headers.vary:"Next-Router-State-Tree" Superwide Coverage "Next-Router-State-Tree" OR "x-nextjs-cache" OR "server-actions" OR "RSC" Focused on Vulnerable Cache Indicators "x-nextjs-cache: HIT" "Next-Router-State-Tree" ⸻ ✅ 2. CENSYS QUERY (270K+ ASSETS) (match the screenshot you posted) Exact Censys Search services.http.response.headers.vary: "RSC, Next-Router-State-Tree" Safer Multi-Matcher services.http.response.headers.vary: "RSC" AND services.http.response.headers.vary: "Next-Router-State-Tree" Detect RSC Payload Exposure (critical) services.http.response.body: "RSC" Detect Flight Data Leaks services.http.response.body: "server-reference-manifest" ⸻ ✅ 3. FOFA QUERY (CHINA’S OSINT GIANT) (VERY POWERFUL for RSC/Next.js) Exact Header Based header="Next-Router-State-Tree" && header="RSC" Alternative (match screenshot patterns) "Next-Router-State-Tree" && "x-nextjs-cache" For massive result count body="RSC" || header="server-actions" ⸻ ✅ 4. ZOOMEYE QUERY ZoomEye scans often catch Node.js apps Shodan misses. Exact Unicode-Ready Query "Next-Router-State-Tree" && "RSC" Advanced app:"Next.js" && header:"RSC" ⸻ ✅ 5. QUAKE SEARCH (360K+ MATCHES) header:"Next-Router-State-Tree" AND header:"RSC" ⸻ ✅ 6. BINARYEDGE QUERY http.response.headers.vary:"Next-Router-State-Tree" ⸻ ✅ 7. QUERY headers:"Next-Router-State-Tree" && headers:"RSC" ⸻ 🎯 8. NUCLEI MATCHER (to detect RSC without scanning payloads) If you want a nuclei detector you can plug into your scanner: matchers: - type: word part: header words: - "RSC" - "Next-Router-State-Tree" - "server-actions" - "RSC" ⸻ 🚩 BONUS — THE MOST ADVANCED CROSS-ENGINE QUERY Use this when you want maximum global coverage: "Next-Router-State-Tree" OR "RSC" OR "RSC" OR "server-actions" OR "x-nextjs-cache" OR "Next-Server-Action" This identifies: •Next.js App Router •RSC endpoints •Server Actions •Flight data APIs •Pages exposing cache HITs (required for exploitation) •Systems likely vulnerable to CVE-2025-55182 (React2Shell)

10,424 次观看 • 5 个月前

🤬CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: FOFA Query: app="roundcube" Results: 51,584,735 Advisory: CVSS: 9.9

🤬CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: FOFA Query: app="roundcube" Results: 51,584,735 Advisory: CVSS: 9.9

14,409 次观看 • 11 个月前

🚀 NextSploit: Next.js CVE-2025-29927 Scanner & Exploiter NextSploit is a tool that detects and exploits CVE-2025-29927, a security flaw in Next.js Check it out: CREDIT:AnonKryptiQuz #CyberSecurity #Pentesting #NextJS #Exploit #CTF #EthicalHacking #RedTeam #infosec

🚀 NextSploit: Next.js CVE-2025-29927 Scanner & Exploiter NextSploit is a tool that detects and exploits CVE-2025-29927, a security flaw in Next.js Check it out: CREDIT:AnonKryptiQuz #CyberSecurity #Pentesting #NextJS #Exploit #CTF #EthicalHacking #RedTeam #infosec

13,226 次观看 • 1 年前

没有更多内容可加载