Intigriti

Intigriti’s Blog

Hacking Salesforce Lightning: A Guide for Bug Hunters Cover Image

Hacking Salesforce Lightning: A Guide for Bug Hunters

Hacking Tools

July 4, 2024

Salesforce Experience (or Community) Cloud is a CRM platform that helps software companies and organizations manage their customer relationships. Software companies and organizations often use it to manage their customer relationships, share information, and work with employees and customers (docume

Exploring Third-Party Services for Open Signups: Security Risks and Best Practices

Hacking Tools

July 4, 2024

Most software companies resort to using third-party solutions for completing certain tasks within their company. A common example is a ticketing platform that helps teams and companies stay organized with issues that internal employees or customers may experience. Unfortunately, due to lack of time

Five easy ways to hack GraphQL targets

Hacking Tools

May 31, 2024

GraphQL is a widely used query language that provides developers with the ability to query data easily. Unlike via a REST API, developers can send a schema in a single HTTP request and retrieve back all the necessary data. It’s an awesome query language that can help simplify several aspects during

4 bug bounty mistakes and how to avoid them

Hacking Tools

April 17, 2024

Getting into bug bounties is no easy task, we know. There’s so much to consider and your path to becoming a bug bounty hunter can vary in so many ways. Bug bounty hunting can be fraught with challenges, and even the most skilled individuals can fall victim to common mistakes. 1. Striking the wrong b

Aggressive scanning in bug bounty (and how to avoid it)

Hacking Tools

March 18, 2024

Presented by CryptoCat What is aggressive scanning? In bug bounty, researchers are expected to configure automated tools and scanners to remain within the defined limits of the program’s requirements. Any activity outside these limits can be defined as “aggressive” or “intrusive”. Hunters with exper

Testing static websites and uncovering hidden security vulnerabilities

Hacking Tools

March 14, 2024

By not conducting tests on the static websites of your targets, you may be overlooking numerous potential vulnerabilities. In today’s post, we will go through the top 3 most common ways of finding security vulnerabilities in static websites. What are static websites? You’ve probably come across a st

Turbo Intruder – Hacker Tools: Going faster than ever! 👩‍💻

Hacking Tools

March 1, 2022

How often do you find yourself running scans that take ages to complete? How often do you cancel a scan because it has been taking too long? But what if you left it to run for 3 more minutes? Would that have given you a breakthrough result? Today, we’re going to go fast, really fast! Let’s take a lo

Meg – Hacker Tools: Endpoint scan the masses! 👩‍💻

Hacking Tools

February 1, 2022

You’ve just enumerated all the subdomains of your target and what? There’s 400 of them? Are you going to start individual scans to find endpoints on them? No you’re not! You’re going to use Meg, of course! 🙋‍♂️ What is Meg? Meg is not the girl nextdoor, no it’s an amazing tool you need to know abou

EyeWitness – Hacker Tools: Hacking through screenshots 👩‍💻

Hacking Tools

January 11, 2022

EyeWitness is an incredible tool that allows you to quickly get a feel for what assets to target first. We all know hundreds of content discovery tools that give us vast amounts of data, but do we ever focus on efficiently parsing all that data? How do you go through hundreds of endpoints? If you’re

GoSpider – Hacker Tools: Enumerate the web! 👩‍💻

Hacking Tools

November 23, 2021

As a bug bounty hunter, you need to get a good view of all the pages and endpoints your targets host. Manually enumerating these can become labour intensive, boring and on top of that, is prone to errors. Today we’re going to look at GoSpider, a tool that can do all this for us! Photo by Pixabay on

CRLFuzz – Hacker Tools: Injecting CRLF for bounties 👩‍💻

Hacking Tools

October 5, 2021

A CRLF injection is the injection of newlines in places where the server doesn’t expect newlines. This can cause a plethora of vulnerabilities including XSS, session fixation, cookie injection, open redirect, and much more! What are we waiting for? Let’s check out CRLFuzz, the tool that can help you

Waybackurls – Hacker Tools: Time-traveling for bounties 👩‍💻

Hacking Tools

September 24, 2021

The past can tell stories, show things that should’ve never been uncovered and today we will be looking at that past. We can go hunt for subdomains, secret endpoints, tokens, and secrets, all with the help of Waybackurls. Wayback Machine Logo 🙋‍♂️ What is Waybackurls? Waybackurls by @TomNomNom is a

Dalfox – Hacker Tools: XSS Scanning Made Easy 👩‍💻

Hacking Tools

September 14, 2021

Finding XSS can sometimes be a repetitive and laborious task. Many attempts at automating the process have been made, yet very little actually come close to getting it right. Today, we’re covering Dalfox, a tool that did get it right. Let’s find some cross-site scripting vulnerabilities! 🙋‍♂️ What

KiteRunner – Hacker Tools: Next-level API hacking 👩‍💻

Hacking Tools

September 7, 2021

When facing API endpoints, older tools for directory busting tend to be very ineffective. The days where a webserver is just a directory tree are behind us. The more modern ‘routes’ have taken over and wildly bruteforcing filenames isn’t effective anymore. We need to be smarter and scan based on pop

👩‍💻 Hacker Tools: WPScan – Your WordPress isn’t safe!

Hacking Tools

August 31, 2021

WordPress is huge! Some even estimate 30% of public websites run it in some way or another. In fact, you’re reading this on a WordPress page. Are all of these sites secure? No! Not at all. While the latest up to date version of WordPress is very likely to be secure (until someone finds a zero-day in

👩‍💻 Hacker Tools: ReNgine – Automatic recon

Hacking Tools

August 24, 2021

Every bug bounty journey starts in the same way: Reconnaissance. We need to scope out our target. Find out what they are hosting, what services are running, what ports are open and so on. This can be extremely time-consuming when done manually, not to think of the nightmare to organise all these ins

👩‍💻 Hacker Tools: How to set up XSSHunter

Hacking Tools

August 18, 2021

Cross-site scripting or XSS vulnerabilities are incredibly common and not to be underestimated. Oftentimes, they can even occur in the dark, in places where you can’t see the result. In this week’s instance of Hacker Tools, we’re going to look at XSSHunter, a tool to help you find blind XSS vulnerab

Hacker Tools: Ciphey – Automatic decryption, decoding & cracking

Hacking Tools

August 11, 2021

Have you ever come across an encoded string, hash, or encrypted message and wondered: “What type of encoding is this?”? Then Ciphey is the tool for you! What is Ciphey? “What type of encryption is this?”, “What hashing algorithm produced this hash?”, “What cipher is being used?”. The answer to those

Hacker Tools: NoSQLMap – No SQL, Yes exploitation

Hacking Tools

August 4, 2021

Ever since big data and real-time applications have become the norm, we’ve increasingly needed different database solutions. MongoDB, CouchDB, Redis, Cassandra, and so many more NoSQL databases have sprouted, but what about their security? How do we go about finding misconfigurations and vulnerabili

Hacker Tools: JWT_Tool – The JSON Web Token Toolkit

Hacking Tools

July 27, 2021

When you log in to a website and start surfing, why don’t you need to type in your password for every subsequent request? JWT is a very likely reason for that. It allows information transmission and authorization in a simple format. However, sometimes it is implemented incorrectly and that can lead