Bug Bounty Tools & Writeups | Hide Club

@Hide_Club

Channel's geo and language: Iran, English

Category: Technologies

🔻 Welcome to HideClub!
🐞 Bug Bounty tools & tips
💉 Vulnerability exploits
💻 Web App Security
🔐 Hunting insights & Write-up analysis

Related channels | Similar channels

Channel's geo and language

Iran, English

Bug Bounty Tools & Writeups | Hide Club

30 Jan, 18:43

🔖 I’ve added a new feature to 📱 Robofinder—you can now extract old parameters from archived robots.txt files! This is a powerful addition to your recon process, as it helps uncover hidden or deprecated parameters that other tools might miss.

(New🔥) You can use this command to extract parameters and save them to a file:
robofinder -u https://example.com -p

#CyberSecurity #bugbountyTools #bugbounty #Recon #reconnaissance #infosec #Archive #bugbountytips
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club

548 0 16 11

Bug Bounty Tools & Writeups | Hide Club

29 Jan, 20:51

🔖Hacking GraphQL APIs

GraphQL pentesting focuses on identifying security vulnerabilities in applications that use GraphQL for data querying. Unlike REST APIs, GraphQL allows clients to request specific data, which can expose underlying issues if not properly secured. Key areas of concern include improper authorization checks, excessive data exposure, and insufficient input validation. Pentesters should look for flaws such as introspection queries revealing sensitive schema details, or complex queries leading to denial of service. Ensuring robust input validation, implementing strict authorization checks, and limiting query complexity are essential practices to secure GraphQL endpoints.

🖥 Articles and Blog Posts

🔗 Hacktricks - GraphQL and Security
🔗 Five easy ways to hack GraphQL targets
🔗 Portswigger - Graphql
🔗 ApiSecurity

⬇️ GitHub Resources

📱 PayloadsAllTheThings
📱 hacking graphql
📱 Awesome Graphql Security
📱 Hack-graphql

⬇️Videos

🖤 NahamCon2024: GraphQL is the New PHP
🖤 Finding Your Next Bug: GraphQL
🖤 GraphQL API Pentesting

⬇️Books

📕 Black Hat GraphQL
📕 Hacking APIs - Breaking Web Application ...
📕 API Security in Action

#BugBounty #Recon #BugBountyTips #CyberSecurity #Infosec #Reconnaissance #graphql
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club

1.1k 0 70 14

Bug Bounty Tools & Writeups | Hide Club

28 Jan, 22:35

Cybersecurity - Bug Bounty Write-Ups:
@Daily_Writeups ✍️

Bug Bounty Notes:
@Spider_Crew 🕷

1.6k 0 4 3 13

Bug Bounty Tools & Writeups | Hide Club

28 Jan, 21:29

🔖Essential Browser Extensions for Bug Bounty Hunters

⬇️FireFox

🔍 Link Gopher
🔍 Adblock Plus
🔍 FoxyProxy Standard
🔍 Video Speed Controller
🔍 Check XSS
🔍 HackTools
🔍 Bulk URL Opener
🔍 Temp Mail
🔍 JS Beautify CSS HTML
🔍 Multi-Account Containers

⬇️Chrome

🌐 TruffleHog
🌐 Code Formatter
🌐 Freedium Extension
🌐 BuiltWith
🌐 Wappalyzer
🌐 WhatRuns
🌐 Retire.js
🌐 Cookie Extractor
🌐 Wayback Machine
🌐 EXIF Data Viwer
🌐 Shodan
🌐 S3 Bucket List
🌐 Ublock Origin
🌐 Resources Saver
🌐 Dot Git
🌐 EndPointer

#BugBounty #Recon #BugBountyTips #CyberSecurity #Infosec #Reconnaissance
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club

1.6k 0 107 23

Bug Bounty Tools & Writeups | Hide Club

27 Jan, 18:16

Thank you so much for donating stars ⭐️
I truly appreciate each one of you ♥️

1.9k 0 2 30

Bug Bounty Tools & Writeups | Hide Club

27 Jan, 17:53

🔖All You Need to Master IDOR: A Complete Resource Guide

⬇️GitHub Repositories

All these GitHub Repositories contains 1000+ Hackerone reports to read from which you can learn how bug bounty hunters did recon to find IDOR Vulnerability, I suggest read atleast 300 reports to get your own unique perspective on IDOR Vulnerability.

📱 Awesome-Bugbounty-Writeups - IDOR
📱 HackerOne Reports - Top IDOR
📱 HackerOneReports - IDOR

⬇️Critical/Highest bounty through IDOR Vulnerability
🖤 IDOR - how to predict an identifier? Bug bounty case study
🖤 $5,000 YouTube IDOR - Bug Bounty Reports Explained
🖤 $28k IDOR that broke Apple Shortcuts - Apple bug bounty

⬇️All possible parameters for IDOR and real life examples of each
🖤 Bug Bounty Hunting for IDORs - Part-I
🖤 Bug Bounty Hunting for IDORs - Part-II
🖤 Bug Bounty Hunting for IDORs - Part-III

⬇️Book
📕 Bug Bounty Bootcamp - By Vickie Li

#BugBounty #Recon #BugBountyTips #CyberSecurity #Infosec #Reconnaissance #IDOR
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club

1.9k 0 115 35

Bug Bounty Tools & Writeups | Hide Club

26 Jan, 19:59

Do you enjoy these kinds of posts?

2k 0 2 4 44

Bug Bounty Tools & Writeups | Hide Club

26 Jan, 18:26

Google-Drive-@Hide_Club.txt

893b

🔖Sensitive Files Exposure via Google Dorking

Check out this critical bug report submitted to the DoD (Department of Defense):
👉 HackerOne Report #2926447

🤔What happened?
An attacker discovered sensitive military files on Google Drive containing PII (Personally Identifiable Information), including names, Social Security Numbers (SSNs), and more.

🧐How to find similar leaks using Google Dorks?
You can use these dorks for Google Drive/Docs:

site:drive.google.com inurl:folder
site:drive.google.com inurl:open
site:docs.google.com inurl:d
site:drive.google.com "confidential"
site:docs.google.com inurl:d filetype:docx

✖️ Want more dorks? Check the file I’ve attached to this post.

#BugBounty #Recon #dork #BugBountyTips #CyberSecurity #Infosec #Reconnaissance
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club

2.2k 0 82 1 26

Bug Bounty Tools & Writeups | Hide Club

25 Jan, 20:02

391315812-42a22b8e-a8da-40d7-b65f-275c09ec5484.png

85.7Kb

🔖Bystander - Passive Web Vulnerability Detection Tool

Bystander is a chrome extension which monitors the network request and detect the potential web vulnerabilities, all on the user's browser. So, browse as usual and bystander will notify you if it detects any potential web vulnerabilities.

⬇️Features

🔴Detect Actual Web Vulnerabilities like CSRF, Clickjacking, etc.
🔴Detect Potential Code Sink's like NoSQLi, SSTI, SSI etc.
🔴Detect API token leakage
🔴Detect Other Important PII leakage like PAN Number, Hash disclosure, etc.
🔴Look for Insights like staging domain, admin dashboard in frontend code and network traffic.

📱 Github: 🔗Link

#BugBounty #Recon #Automation #BugBountyTips #CyberSecurity #Infosec #Reconnaissance
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club

2.4k 0 75 1 19

Bug Bounty Tools & Writeups | Hide Club

24 Jan, 17:32

If you'd like to support Hide Club,
Please give this repository a star on 📱 GitHub: https://github.com/Spix0r/writeup-miner

Thank you all! I'll be back tomorrow with more content. ❤️

2.5k 0 12 17

Bug Bounty Tools & Writeups | Hide Club

24 Jan, 17:29

🔖119 Vulnerabilities In LTE/5G Core Infrastructure

A team was discovered 119 vulnerabilities in LTE/5G core infrastructure, each of which could lead to persistent denial of cell service for an entire metropolitan area or city. Some of these vulnerabilities may also be exploited to remotely compromise and access the cellular core. Their research encompasses seven LTE implementations (Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN) and three 5G implementations (Open5GS, Magma, OpenAirInterface). They found vulnerabilities in every single LTE/5G implementation tested.

👉For more information, you can check 🔗 this paper and 🔗 this blog.

#infosec #hacking #cybersecurity
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

2.5k 0 43 11

Bug Bounty Tools & Writeups | Hide Club

24 Jan, 17:08

Forward from: Spider Crew | Bug Bounty Tips, Tools, Writeups & Exploits

🕷Network+ (Network+ N10-008 book by Mike Myers) Summery Part-12

📱 Chapter-12 IPv6: 🔗 Link

🔗 Previous Chapter

💡Stay tuned for the next chapter—I’ll post it next Friday!

#CyberSecurity #bugbounty #Network #infosec
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 T.me/Spider_Crew
🔸🔸🔸🔸🔸🔸🔸🔸

1.9k 0 18 13

Bug Bounty Tools & Writeups | Hide Club

23 Jan, 19:46

I’m not sure why Telegram has banned some channels from the "Similar Channels" section, and our channel has been affected as well. I reached out to Telegram support, but I haven’t received any response. Does anyone know how we can fix this issue?

2.5k 0 7 13 8

Bug Bounty Tools & Writeups | Hide Club

23 Jan, 16:30

🔖Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel

That was an amazing write-up! I highly recommend you read it.👇🏻
Write-Up: 🔗Link

#infosec #bugbounty #bugbountytips #hacking #cybersecurity
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

2.6k 0 37 16

Bug Bounty Tools & Writeups | Hide Club

23 Jan, 14:14

🔖xss0rRecon

xss0rRecon is a versatile bash script designed to facilitate domain enumeration, URL filtering, parameter discovery, and XSS detection. It is not mandatory to use xss0rRecon alongside xss0r, but doing so provides a significant boost to your scanning efficiency and accuracy. The tool is highly customizable and can be tailored to meet individual user requirements.

📱 Github: 🔗Link
📱 Tool Overview: 🔗Link

#BugBounty #Recon #Automation #BugBountyTips #CyberSecurity #Xss #Infosec #Reconnaissance
🔹 Share & Support Us 🔹
💬 Channel : @Hide_Club

2.6k 0 57 2 9

Bug Bounty Tools & Writeups | Hide Club

22 Jan, 18:43

🔖Stealing HttpOnly cookies with the cookie sandwich technique

In this post, Researcher will introduces the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie. Careful readers may have noticed that legacy cookies allow special characters to be included inside the cookie value. In this post, we're going to abuse that.

🖥Write-Up: 🔗Link

#InfoSec #CyberSecurity #Hacking #BugBounty #bugbountyTools #bugbountytips #Pentest
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

Stealing HttpOnly cookies with the cookie sandwich technique

In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie

2.8k 0 39 12

Bug Bounty Tools & Writeups | Hide Club

22 Jan, 14:26

🔖Discover Sensitive Files by Fuzzing Key .git Paths:

/.git
/.gitkeep
/.git-rewrite
/.gitreview
/.git/HEAD
/.gitconfig
/.git/index
/.git/logs
/.svnignore
/.gitattributes
/.gitmodules
/.svn/entries

#InfoSec #CyberSecurity #Hacking #BugBounty #bugbountyTools #bugbountytips #Pentest #Fuzzing
🔹 Share & Support Us 🔹
📱 Channel : @Hide_Club

2.6k 0 68 14

Bug Bounty Tools & Writeups | Hide Club

21 Jan, 00:10

The challenge has concluded! Thank you all for participating! ♥️ If you didn't win this time, don't worry—more challenges are coming soon!

2.4k 0 12 3 22

Bug Bounty Tools & Writeups | Hide Club

20 Jan, 23:47

No one has submitted the flag yet!
Hint: Use Rockyou.txt

2.9k 0 7 11 11

Bug Bounty Tools & Writeups | Hide Club

20 Jan, 23:30

Challenge.zip

59.6Kb

🔔 The challenge has started🖖

Instructions:
Download the challenge file and dive in. Inside, you'll find everything you need to know. 🔐

✍️ Note: Once you successfully solve the challenge, send me the flag! 🏃 Be quick, the first 3 people to submit the correct flag will win!

Good luck 🤞