Emad Shanab - أبو عبد الله
@Alra3ees
Father | Lawyer | Bug Bounty Hunter | Complete newbie | Every Law has its own Bugs. http://hackerone.com/egyptghost1 http://bugcrowd.com/egyptghost
Google Hall Of Fame. medium.com/@Alra3ees/goog…
Another WAF bypass, this time using only ProxyChains to evade IP rate limits and the --hex option to obfuscate the payload. No risk or level flags were needed. The target was a shopping website with a massive database of other external sites also..
Hello friends, I have some health issues, and I will take some time off from twitter and social media. Please keep me in your prayers. I will logout from twitter, so I can’t see any DMs. Sorry for not answering any DMs. Stay safe.
I earned €800 for my submission on @YogoshaOfficial
If you have found port 8009 opened,try Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938) You can read and write files on the server. Run nmap on your targets file to find port 8009. The exploit is available here:- Best of luck. #bugbountytips github.com/00theway/Ghost…
🚀 🚀 Hope this approach helps you getting bounties quicker 🔥 Please do Subscribe and Share. #BugBounty #bugbountytips #hackerone #Pentesting #infosec youtube.com/watch?v=PXwOYt…
Found another 6 SQLI vulnerabilities, I will report them after finishing my work. My target is PHP,Mysql, behind cloudflare. Using proxychains to bypass the WAF.
New reports submitted today. 5 SQLi. 1 DOM-based XSS. 1 XSS-reflected. 3 Information Disclouser.
New reports submitted today. 5 SQLi. 1 DOM-based XSS. 1 XSS-reflected. 3 Information Disclouser.
I have submitted three SQLi reports today to a self hosted bug bounty program. Hopefully they can fix it soon. If you can’t find anything on bug bounty platforms, try external programs, to avoid burnout.
I have submitted three SQLi reports today to a self hosted bug bounty program. Hopefully they can fix it soon. If you can’t find anything on bug bounty platforms, try external programs, to avoid burnout.
I created a simple RFC 822 email validator that you can use to test for email-based XSS payloads.. link:github.com/coffinxp/RFC82…
رَبِّ إِنِّي لِمَا أَنْزَلْتَ إِلَيَّ مِنْ خَيْرٍ فَقِيرٌ حسبنا الله سَيُؤْتِينَا اللَّهُ مِنْ فَضْلِهِ وَرَسُولُهُ إِنَّا إِلَى اللَّهِ رَاغِبُونَ اللهم إني أسألك من فضّلك ورحمتك فإنه لا يملكها إلا أنت. اللهم اكفني بحلالك عن حرامك وأغنني بفضلك عمن سواك.
pip3 install pocsuite3 pocsuite -f batch.txt --plugins poc_from_pocs,html_report pocsuite -f batch.txt -r /root/nuclei-templates/cves/ github.com/knownsec/pocsu… pocsuite.org/guide/what-is-… some_pocsuite github.com/emadshanab?sub…
GitHub - atiilla/sqlmap-ai: This script automates SQL injection testing using SQLMap with AI-powered decision making. github.com/atiilla/sqlmap…
Hello, I wrote the best version of Regex to search for Leaked Data in JS files, you can use it now With different KeyWords Key[-_]?Word\s*[:=\"'\s]*\s*([a-zA-Z0-9_\-]{8,}[^'\":;\s,]*) #BugBounty #bugbountytip #bugHunting #CyberSecurity #cybersecuritytips
“The Ultimate Guide to 403 Forbidden Bypass (2025 Edition)” by @coffinxp7 osintteam.blog/the-ultimate-g…
🚀 Follow these tips while selecting a Bug Bounty Program to avoid duplicates. 100% working method. Give it a try: youtube.com/watch?v=6eYh4y…
In April, I submitted 5 vulnerabilities to 2 programs on @Hacker0x01. #TogetherWeHitHarder hackerone.com/last-month 1 RCE to 1 program on @zerocopter 8 vulnerabilities to 2 programs on @YogoshaOfficial
I earned €800 for my submission on @YogoshaOfficial Leaderboard 27th (last 30 days)
I don't care who's doing better than me because the truth is I'm not in competition with anyone else. The only person I need to be better than is the person I was yesterday. My growth,my journey, that’s my legacy.