X's banner
X's profile picture

X

@TheMsterDoctor135,501 subscribers

🧠 Retired Hacker | AppSec & Bug Bounty 💣 Found bugs others miss 🏆 CVEs • $500K bounties • real exploits 📌 Follow for daily hacker playbooks

Shorts

Offensive Security Tool: TerminatorZ TerminatorZ is developed by Chris Abou-Chabké from Black Hat Ethical Hacking and is an efficient web security tool designed to scan for potential vulnerabilities in your web applications. It uses a combination of advanced techniques and popular tools like 'waybackurls' and 'curl', to perform passive and quick scans, providing a rapid overview of potential issues. The results are displayed in an easy-to-read format in the terminal, with only the vulnerable findings saved for further investigation. 🟢New Version 2.0 Released! This update includes 8 NEW Proofs of Concept (POCs), bringing the total to 24 POCs, along with several other enhancements. ➡️New POCs: ◾File Upload Vulnerability ◾Command Injection ◾Host Header Injection ◾HTTP Parameter Pollution (HPP) ◾Clickjacking ◾CORS Misconfiguration ◾Sensitive Data Exposure ◾Session Fixation Read the post: Installation git clone cd TerminatorZ chmod +x ./TerminatorZ ⁠#securityassessments #pentesting #bugbounty #hacking #infosec #informationsecurity #cybersecurity #offensivesecurity #redteam

Offensive Security Tool: TerminatorZ TerminatorZ is developed by Chris Abou-Chabké from Black Hat Ethical Hacking and is an efficient web security tool designed to scan for potential vulnerabilities in your web applications. It uses a combination of advanced techniques and popular tools like 'waybackurls' and 'curl', to perform passive and quick scans, providing a rapid overview of potential issues. The results are displayed in an easy-to-read format in the terminal, with only the vulnerable findings saved for further investigation. 🟢New Version 2.0 Released! This update includes 8 NEW Proofs of Concept (POCs), bringing the total to 24 POCs, along with several other enhancements. ➡️New POCs: ◾File Upload Vulnerability ◾Command Injection ◾Host Header Injection ◾HTTP Parameter Pollution (HPP) ◾Clickjacking ◾CORS Misconfiguration ◾Sensitive Data Exposure ◾Session Fixation Read the post: Installation git clone cd TerminatorZ chmod +x ./TerminatorZ ⁠#securityassessments #pentesting #bugbounty #hacking #infosec #informationsecurity #cybersecurity #offensivesecurity #redteam

77,269 görüntüleme

Offensive Security Tool: SQLMutant SQLMutant is written by Chris Abou-Chabké from Black Hat Ethical Hacking and its a comprehensive SQL injection tool. It uses a variety of techniques to detect vulnerabilities, including pattern matching, error analysis, and timing attacks, ensuring that no stone is left unturned. In addition to its powerful features, SQLMutant also integrates with Waybackurls and Arjun, enabling it to find even more parameters and merge all results together. This integration is highly beneficial as it provides automated subdomain enumeration and SQL injection testing capabilities. Requirements: To use SQLMutant, you need to have the following tools installed: figlet & lolcat: pip install lolcat & apt-get install figlet Waybackurls : go install Arjun: pip install arjun SQLMap: git clone --depth 1 sqlmap-dev Installation git clone cd SQLMutant chmod +x ./SQLMutant.sh Read the full post: #sqli #sqlinjection #hacking #bugbounty #pentesting #infosec #informationsecurity #offensivesecurity #redteam

Offensive Security Tool: SQLMutant SQLMutant is written by Chris Abou-Chabké from Black Hat Ethical Hacking and its a comprehensive SQL injection tool. It uses a variety of techniques to detect vulnerabilities, including pattern matching, error analysis, and timing attacks, ensuring that no stone is left unturned. In addition to its powerful features, SQLMutant also integrates with Waybackurls and Arjun, enabling it to find even more parameters and merge all results together. This integration is highly beneficial as it provides automated subdomain enumeration and SQL injection testing capabilities. Requirements: To use SQLMutant, you need to have the following tools installed: figlet & lolcat: pip install lolcat & apt-get install figlet Waybackurls : go install Arjun: pip install arjun SQLMap: git clone --depth 1 sqlmap-dev Installation git clone cd SQLMutant chmod +x ./SQLMutant.sh Read the full post: #sqli #sqlinjection #hacking #bugbounty #pentesting #infosec #informationsecurity #offensivesecurity #redteam

42,587 görüntüleme

Videos

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

Offensive Security notes 🔥📢 Embarking on the OSCP journey? Check out this insightful guide on "How to Pass OSCP Like a Boss"’. 🚀 #OSCP #Cybersecurity #InfoSec #EthicalHacking If you'd like to receive these notes 100% Free For First 1000 User's.. Simply: 1. Follow (So I Will Dm) 📥 2. Like and Repost 3. Comment “ Send ” to receive your copies!! 📚 "I do not own this content. For any issues or concerns, please contact the rightful owner directly."
0:36
TheMsterDoctor1's profile picture

Offensive Security notes 🔥📢 Embarking on the OSCP journey? Check out this insightful guide on "How to Pass OSCP Like a Boss"’. 🚀 #OSCP #Cybersecurity #InfoSec #EthicalHacking If you'd like to receive these notes 100% Free For First 1000 User's.. Simply: 1. Follow (So I Will Dm) 📥 2. Like and Repost 3. Comment “ Send ” to receive your copies!! 📚 "I do not own this content. For any issues or concerns, please contact the rightful owner directly."

X

118,301 görüntüleme • 2 yıl önce

🔥Recon is where most bounties are won. 👌Argus is a Python-powered toolkit built for serious hunters: • Faster intel • Cleaner signals • Better targets Stop guessing. Start seeing. 🦅
0:24
TheMsterDoctor1's profile picture

🔥Recon is where most bounties are won. 👌Argus is a Python-powered toolkit built for serious hunters: • Faster intel • Cleaner signals • Better targets Stop guessing. Start seeing. 🦅

X

21,839 görüntüleme • 4 ay önce

🚀 **Hack Like a Pro:** Extract IPs from Shodan HTML in Seconds! 🔥 Sick of digging through HTML? Let `grep` do the work! 💻 ```bash grep -oP '(? ).*?(?= )' ip.html > ips ``` 1️⃣ **Save Shodan page source as HTML** 2️⃣ **Run this command** 3️⃣ **BOOM 💥** — All IPs extracted to `ips`! Master your toolkit! #KaliLinux #HackingTips #CyberSecurity #Shodan #OSINT
1:16
TheMsterDoctor1's profile picture

🚀 **Hack Like a Pro:** Extract IPs from Shodan HTML in Seconds! 🔥 Sick of digging through HTML? Let `grep` do the work! 💻 ```bash grep -oP '(? ).*?(?= )' ip.html > ips ``` 1️⃣ **Save Shodan page source as HTML** 2️⃣ **Run this command** 3️⃣ **BOOM 💥** — All IPs extracted to `ips`! Master your toolkit! #KaliLinux #HackingTips #CyberSecurity #Shodan #OSINT

X

18,971 görüntüleme • 3 ay önce

🚨 POC for CVE-2025-55182 that works on Next.js 16.0.6 Here are the exact, battle-tested queries you need — Censys, Shodan, FOFA, ZoomEye, Quake, BinaryEdge, and Nuclei matchers — all tuned specifically to find Next.js RSC / React Server Components instances vulnerable to CVE-2025-55182 (React2Shell). ⸻ ✅ 1. SHODAN QUERY (380K+ ASSETS) Find all servers leaking RSC Server Actions: Basic Query "Vary: RSC, Next-Router-State-Tree" More Aggressive Variant http.headers.vary:"RSC" AND http.headers.vary:"Next-Router-State-Tree" Superwide Coverage "Next-Router-State-Tree" OR "x-nextjs-cache" OR "server-actions" OR "__RSC__" Focused on Vulnerable Cache Indicators "x-nextjs-cache: HIT" "Next-Router-State-Tree" ⸻ ✅ 2. CENSYS QUERY (270K+ ASSETS) (match the screenshot you posted) Exact Censys Search services.http.response.headers.vary: "RSC, Next-Router-State-Tree" Safer Multi-Matcher services.http.response.headers.vary: "RSC" AND services.http.response.headers.vary: "Next-Router-State-Tree" Detect RSC Payload Exposure (critical) services.http.response.body: "__RSC__" Detect Flight Data Leaks services.http.response.body: "server-reference-manifest" ⸻ ✅ 3. FOFA QUERY (CHINA’S OSINT GIANT) (VERY POWERFUL for RSC/Next.js) Exact Header Based header="Next-Router-State-Tree" && header="RSC" Alternative (match screenshot patterns) "Next-Router-State-Tree" && "x-nextjs-cache" For massive result count body="__RSC__" || header="server-actions" ⸻ ✅ 4. ZOOMEYE QUERY ZoomEye scans often catch Node.js apps Shodan misses. Exact Unicode-Ready Query "Next-Router-State-Tree" && "RSC" Advanced app:"Next.js" && header:"RSC" ⸻ ✅ 5. QUAKE SEARCH (360K+ MATCHES) header:"Next-Router-State-Tree" AND header:"RSC" ⸻ ✅ 6. BINARYEDGE QUERY http.response.headers.vary:"Next-Router-State-Tree" ⸻ ✅ 7. QUERY headers:"Next-Router-State-Tree" && headers:"RSC" ⸻ 🎯 8. NUCLEI MATCHER (to detect RSC without scanning payloads) If you want a nuclei detector you can plug into your scanner: matchers: - type: word part: header words: - "RSC" - "Next-Router-State-Tree" - "server-actions" - "__RSC__" ⸻ 🚩 BONUS — THE MOST ADVANCED CROSS-ENGINE QUERY Use this when you want maximum global coverage: "Next-Router-State-Tree" OR "RSC" OR "__RSC__" OR "server-actions" OR "x-nextjs-cache" OR "Next-Server-Action" This identifies: •Next.js App Router •RSC endpoints •Server Actions •Flight data APIs •Pages exposing cache HITs (required for exploitation) •Systems likely vulnerable to CVE-2025-55182 (React2Shell)
0:32
TheMsterDoctor1's profile picture

🚨 POC for CVE-2025-55182 that works on Next.js 16.0.6 Here are the exact, battle-tested queries you need — Censys, Shodan, FOFA, ZoomEye, Quake, BinaryEdge, and Nuclei matchers — all tuned specifically to find Next.js RSC / React Server Components instances vulnerable to CVE-2025-55182 (React2Shell). ⸻ ✅ 1. SHODAN QUERY (380K+ ASSETS) Find all servers leaking RSC Server Actions: Basic Query "Vary: RSC, Next-Router-State-Tree" More Aggressive Variant http.headers.vary:"RSC" AND http.headers.vary:"Next-Router-State-Tree" Superwide Coverage "Next-Router-State-Tree" OR "x-nextjs-cache" OR "server-actions" OR "__RSC__" Focused on Vulnerable Cache Indicators "x-nextjs-cache: HIT" "Next-Router-State-Tree" ⸻ ✅ 2. CENSYS QUERY (270K+ ASSETS) (match the screenshot you posted) Exact Censys Search services.http.response.headers.vary: "RSC, Next-Router-State-Tree" Safer Multi-Matcher services.http.response.headers.vary: "RSC" AND services.http.response.headers.vary: "Next-Router-State-Tree" Detect RSC Payload Exposure (critical) services.http.response.body: "__RSC__" Detect Flight Data Leaks services.http.response.body: "server-reference-manifest" ⸻ ✅ 3. FOFA QUERY (CHINA’S OSINT GIANT) (VERY POWERFUL for RSC/Next.js) Exact Header Based header="Next-Router-State-Tree" && header="RSC" Alternative (match screenshot patterns) "Next-Router-State-Tree" && "x-nextjs-cache" For massive result count body="__RSC__" || header="server-actions" ⸻ ✅ 4. ZOOMEYE QUERY ZoomEye scans often catch Node.js apps Shodan misses. Exact Unicode-Ready Query "Next-Router-State-Tree" && "RSC" Advanced app:"Next.js" && header:"RSC" ⸻ ✅ 5. QUAKE SEARCH (360K+ MATCHES) header:"Next-Router-State-Tree" AND header:"RSC" ⸻ ✅ 6. BINARYEDGE QUERY http.response.headers.vary:"Next-Router-State-Tree" ⸻ ✅ 7. QUERY headers:"Next-Router-State-Tree" && headers:"RSC" ⸻ 🎯 8. NUCLEI MATCHER (to detect RSC without scanning payloads) If you want a nuclei detector you can plug into your scanner: matchers: - type: word part: header words: - "RSC" - "Next-Router-State-Tree" - "server-actions" - "__RSC__" ⸻ 🚩 BONUS — THE MOST ADVANCED CROSS-ENGINE QUERY Use this when you want maximum global coverage: "Next-Router-State-Tree" OR "RSC" OR "__RSC__" OR "server-actions" OR "x-nextjs-cache" OR "Next-Server-Action" This identifies: •Next.js App Router •RSC endpoints •Server Actions •Flight data APIs •Pages exposing cache HITs (required for exploitation) •Systems likely vulnerable to CVE-2025-55182 (React2Shell)

X

10,424 görüntüleme • 5 ay önce

🤬CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: FOFA Query: app="roundcube" Results: 51,584,735 Advisory: CVSS: 9.9
0:28
TheMsterDoctor1's profile picture

🤬CVE-2025-49113: Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization FOFA Link: FOFA Query: app="roundcube" Results: 51,584,735 Advisory: CVSS: 9.9

X

14,409 görüntüleme • 11 ay önce

🚀 NextSploit: Next.js CVE-2025-29927 Scanner & Exploiter NextSploit is a tool that detects and exploits CVE-2025-29927, a security flaw in Next.js Check it out: CREDIT:AnonKryptiQuz #CyberSecurity #Pentesting #NextJS #Exploit #CTF #EthicalHacking #RedTeam #infosec
1:56
TheMsterDoctor1's profile picture

🚀 NextSploit: Next.js CVE-2025-29927 Scanner & Exploiter NextSploit is a tool that detects and exploits CVE-2025-29927, a security flaw in Next.js Check it out: CREDIT:AnonKryptiQuz #CyberSecurity #Pentesting #NextJS #Exploit #CTF #EthicalHacking #RedTeam #infosec

X

13,226 görüntüleme • 1 yıl önce

Daha fazla içerik yok.