Web Security
-
GitHub Recon for finding Sensitive data in js files| By Alham Rizvi
API Key Leak, Automation Tools, Bounty Hunting, bug bounty, Credential Leak, cybersecurity, Ethical Hacking, GitDorker, GitHub Dorks, GitHub Enumeration, GitHub Recon, GitHub Recon Tips, GitHub Secrets, GitHub Security, Gitleaks, Gitrob, Information Disclosure, OSINT, Penetration Testing, Reconnaissance, Secret Scanning, Security Research, Security Tools, Sensitive Data Exposure, Source Code Analysis, Token Exposure, TruffleHog, Vulnerability Hunting, Web SecurityGitHub is one of the most common places where developers accidentally leak sensitive information. For bug bounty hunters, learning GitHub recon is a great way to find exposed secrets, config files, and credentials that can lead to valid reports. What Sensitive Files Can Be Leaked on GitHubWhile exploring public repositories, you might find files that…
-
Sensitive Data Exposure in .js Files |By Alham Rizvi
Alham Rizvi, API Key Exposure, Bounty Report Writing, bug bounty, Bug Bounty Tips, Bug Hunter Guide, Credential Exposure, cybersecurity, Data Leakage, Ethical Hacking, GetJS, Hacking Guide, httpx, Information Disclosure, JavaScript Security, JS Bundle Analysis, JS File Analysis, Katana, LinkFinder, Mantra, Penetration Testing, Recon Tools, Reconnaissance, ripgrep, Secret Key Finder, Security Research, Security Tools, Sensitive Data Exposure, Sensitive Information in JS, Source Map Exposure, subjs, Token Leak, Vulnerability Hunting, Web Application Security, Web Security1. Why JS Files Are Useful for Hunters Web apps send a lot of code to the browser. JavaScript bundles, source maps, and inline scripts can leak: • Hardcoded config like API endpoints and environment flags.• API keys, tokens, and credentials left in code or comments.• URLs to staging or internal services.• Source maps that…
-
Sensitive Data Exposure in .js Files |By Alham Rizvi
Alham Rizvi, API Key Exposure, Bounty Report Writing, bug bounty, Bug Bounty Tips, Bug Hunter Guide, Credential Exposure, cybersecurity, Data Leakage, Ethical Hacking, GetJS, Hacking Guide, httpx, Information Disclosure, JavaScript Security, JS Bundle Analysis, JS File Analysis, Katana, LinkFinder, Mantra, Penetration Testing, Recon Tools, Reconnaissance, ripgrep, Secret Key Finder, Security Research, Security Tools, Sensitive Data Exposure, Sensitive Information in JS, Source Map Exposure, subjs, Token Leak, Vulnerability Hunting, Web Application Security, Web Security1. Why JS Files Are Useful for Hunters Web apps send a lot of code to the browser. JavaScript bundles, source maps, and inline scripts can leak: • Hardcoded config like API endpoints and environment flags.• API keys, tokens, and credentials left in code or comments.• URLs to staging or internal services.• Source maps that…
-
How Hackers Compromise Subdomains: Subdomain Takeover in Depth Explanation with notes | By Alham Rizvi
active-directory, Asset Inventory, Automation, AWS, azure, bug bounty, bug hunting, Certificate Misuse, Cloud Services, Cloudflare, CNAME Takeover, DNS Misconfiguration, DNS Security, Domain Security, Ethical Hacking, GCP, hacking, Host Misconfiguration, Incident Response, networking, Penetration Testing, Public Footprinting, Recon Tools, Reconnaissance, Remediation, Secure Configuration, Security Research, Subdomain Enumeration, Subdomain Hijacking, Subdomain Takeover, Vulnerability Hunting, Web SecurityA subdomain takeover happens when a DNS record points a subdomain to a third-party service that no longer hosts it, and an attacker can claim that service and serve content from the victim’s subdomain. 1) What is a subdomain takeover? A subdomain takeover happens when sub.example.com has a DNS record (usually a CNAME or ALIAS)…
