Welcome back everyone to Bug Bytes, the weekly newsletter curated by members of the Bug Bounty community! As you may have read in the last issue the previous author of Bug Bytes, Mariem / PentesterLand, left Intigriti and the torch of Bug Bytes to whomever would take it up. Every week she kept us all […]
How often do you find yourself running scans that take ages to complete? How often do you cancel a scan because it has been taking too long? But what if you left it to run for 3 more minutes? Would that have given you a breakthrough result?
EyeWitness is an incredibly tool that allows you to quickly get a feel for what assets to target first. We all know hundreds of content discovery tools that give us vast amounts of data, but do we ever focus on efficiently parsing all that data? How do you go through hundreds of endpoints? If you’re doing it manually, then be sure to read this article as EyeWitness may be of great help to you!
As a bug bounty hunter, you need to get a good view of all the pages and endpoints your targets host. Manually enumerating these can become labour intensive, boring and on top of that, is prone to errors. Today we’re going to look at GoSpider, a tool that can do all this for us! 🙋♂️ […]
Every security researcher has their specialty, their range of bugs that they focus on or that they have spent the past years researching and perfecting. The greatest power of bug bounty comes into play when considering that all of these bright individuals with diverse skillsets can become a single superbrain when put together. At Intigriti, […]
A CRLF injection is the injection of newlines in places where the server doesn’t expect newlines. This can cause a plethora of vulnerabilities including XSS, session fixation, cookie injection, open redirect, and much more! What are we waiting for? Let’s check out CRLFuzz, the tool that can help you! 🙋♂️ What is CRLFuzz? CRLFuzz is […]
The past can tell stories, show things that should’ve never been uncovered and today we will be looking at that past. We can go hunt for subdomains, secret endpoints, tokens, and secrets, all with the help of Waybackurls. 🙋♂️ What is Waybackurls? Waybackurls by @TomNomNom is a small utility written in Go that will fetch […]
Finding XSS can sometimes be a repetitive and laborious task. Many attempts at automating the process have been made, yet very little actually come close to getting it right. Today, we’re covering Dalfox, a tool that did get it right. Let’s find some cross-site scripting vulnerabilities! 🙋♂️ What is Dalfox? DalFox is a fast, powerful […]
OWASP top 10; Over the last 4 years, the cybersecurity field has continued to see incredible leaps forward at an unimaginable pace. As attacks that used to be prevalent 15 years ago are slowly dying out, new attack vectors are being discovered day in and day out. Security researchers and bug bounty hunters alike often […]