295
PROTON CYBER SECURITY OFFICIAL WEBSITE 🌐 protoncybersec.in
OSINT BOOKS
Github repo with list of books about Open Source Intelligence, investigations techniques, online privacy etc
https://github.com/ubikron/OSINT-Books
Top 9 HACKING eBooks 📚
Books
Hacking Web Applications - Hacking Exposed 🕯
https://mega.nz/file/LCYWWRYI#QQ8O9k6lp7vmYWzrbxbs8ItSVbYpSluYfktCxWURZGs
Hacking for Dummies 🤑
https://mega.nz/file/iKQ2jZSQ#ur1W05ChW7_ipTYtEK6QKpIlyoqLyS82RGsEUEzFQDQ
Network Security Bible 💻
https://mega.nz/file/mLAUEbDQ#PXzqsNN2PPc-PUVyAwbfknTHEA-QBvjwvpjjQgZnYMo
Ethical Hacking and Countermeasures 🛡️
https://mega.nz/file/2fAyRb4C#tpFivx91Ips2rR3UnVdtlgvx1oOmi-qEtCu29DlO9uQ
The Little Black Book of Computer Viruses 🧙
https://mega.nz/file/SDICALSJ#3r2oy2AsGXR3P7f8K7xvL2kEVjR6ccze83cAmz9VIBc
XSS Attacks - Cross Site Scripting Exploits and Defense 💼
https://mega.nz/file/3XJCyD5C#qAda14pWUjd5u4wjOYmzCI52UMa1rUFulh7V0kBGZk8
The Shellcoder's Handbook 🏥
https://mega.nz/file/3OZgwT6Z#8yNyiuSHVQ3gOib4rKJYtwsCwSfqAfoFj2lQtwUyI8o
Wireshark for Security Professionals 💻
https://mega.nz/file/7TRUCZCZ#ZPFmeFnccvR4ltf_2lwTdi8PqHIArRx_bkqRP9wwq4k
CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices.
PoC: https://github.com/win3zz/CVE-2025-5777
RCE through Path Traversal
https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/:
1. Security engineer by day While testing a web application as part of a bug bounty program, I uncovered a critical RCE vulnerability by chaining directory traversal with a subtle CSV parsing abuse.
2. The exploit chain involved a combination of directory traversal and subtle abuse of how the application used the pandas CSV parser, ultimately allowing me to overwrite the wsgi.py file and execute arbitrary code server-side.
3. The traceback included a path like: This nested layout is exactly what you get when a Django app is created using django-admin startproject backend — where the outer backend/ is the project root and the inner one holds settings, wsgi.py, and other core files.
real Insta Likes and Followers
https://www.mixx.com/free-instagram-followers
https://www.easygetinnta.com/
https://poprey.com/free-ig-followers
https://instamoda.org/
https://www.idigic.net/trial/
https://skweezer.net/free-instagram-followers
https://megafamous.com/free-instagram-followers
https://boostgrams.com/free-instagram-followers/
https://twicsy.com/free-instagram-followers
https://ca.mrpopular.net/get-free-instag...lowers.php
https://www.socialplug.io/free-services/...-followers
https://www.qqtube.com/free-instagram-followers
https://expressfollowers.com/free-instagram-followers/
https://instume.com/free-instagram-followers/
https://www.followeryab.com/en/free
https://www.getinsfollowers.com/
https://gwaa.net/free-instagram-followers
https://www.getafollower.com/free-instag...lowers.php
https://www.like4like.org/free-instagram...-followers
https://instantviews.net/freefollowers-cpa/
https://www.famety.com/get-free-instagram-followers
Link. https://avatarapi.com/
This tool reveals the profile picture and name associated with an email address.
No sign-up is necessary to use this site.
Link. https://castrickclues.com/
The free version of this website provides information about the owner’s name, profile picture, Google reviews, Google ID, and Skype username associated with an email.
No sign-up is required on this site.
Link. https://epieos.com/
The free version of Epieos provides access to a profile picture, name, Skype account details, data breaches, and checks for social networks or websites linked to an email address.
Sign-up is required for this site.
Link. https://scamsearch.io/
This open-source database allows you to check if an email has been involved in scam activities.
No sign-up is required to access this database.
Link. https://osint.rocks/
The Holehe tool verifies if an email is registered on platforms like Twitter, Flickr, Instagram, and others.
It gathers information from sites that use a “forgot password” feature.
No sign-up is needed to use this tool.
You can find additional information in the tool’s GitHub repository.
CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
🔰 Resources To Crack PDF Files Ultimately 🔰
https://soft.rubypdf.com/software/pdfcrypt
https://www.4dots-software.com/free-pdf-password-remover/
https://www.systoolsgroup.com/pdf-unlocker.html
GpxExpeditor 3D Sattelite View
gpxeditor.co.uk/map
Stealing HttpOnly cookies with the cookie sandwich technique
https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique
Stealing HttpOnly cookies with the cookie sandwich technique
https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique
THE ART OF WEB RECONNAISSANCE BUG BOUNTY ETHICAL HACKING COURSE
https://mega.nz/folder/Qn5CibIC#JRmgMNgy9BqjrVNBq6VyUQ
Tool for OSINT: 🔍 Searching people's digital footprint and leaked passwords across various social networks, written in Go.
https://github.com/ibnaleem/gosearch
Awesome AI Web Search
List of open source and proprietary web search tools
https://github.com/felladrin/awesome-ai-web-search
ODIN
IP search engine.
Search by ip, domain name, ASN, geolocation, BGP prefix, ASN number, WHOIS updated date and other parameters.
search.odin.io
GeoMastr
Huge database of unique objects for different countries on road photos:
- Bollards
- Fuel Stations
- License Plate
- Post Company
- Road Lines
- Street Signs
- alphabet
and more.
https://geomastr.com/
#geoint
IDCrawl
Search social media profiles by username:
Instagram, Twitter, Facebook, YouTube etc (results with profile pics and additional data) + email addresses
https://www.idcrawl.com/username-search
FBack - A lightning-fast CLI tool for generating target-specific wordlists to fuzz backup files
Github: https://github.com/Spix0r/fback
■■■■□ Cable – A Post-Exploitation Toolkit For Active Directory Reconnaissance & Exploitation.
🔡🔡🔡🔡🔡https://cybersecuritynews.com/cable-active-directory-toolkit/
SSL-bypass: Root Detection & SSL Bypass Script - It utilizes Frida's powerful JavaScript injection capabilities to bypass both root detection and SSL certificate pinning in Android applications.
https://github.com/0xCD4/SSL-bypass
Bypassing character blocklists with unicode overflows
https://portswigger.net/research/bypassing-character-blocklists-with-unicode-overflows
Introducing GhostGPT—The New Cybercrime AI Used By Hackers.
https://www.forbes.com/sites/daveywinder/2025/01/23/introducing-ghostgpt-the-new-cybercrime-ai-used-by-hackers/
Wishing you all a very Happy 76th Republic Day!
Читать полностью…
SearchPof
Google CSE to quick search profiles in:
Facebook
Twitter
Instagram
YouTube
Pinterest
Snapchat
https://searchpof.com/
All About Dorking
dorki.io
taksec.github.io/google-dorks-bug-bounty/dorksearch.com
dorkme.com
dorkgenius.com
Grabbing target country domains by Subfinder.
Link Download:
https://github.com/projectdiscovery/subfinder/releases/download/v2.6.7/subfinder_2.6.7_windows_arm64.zip
URLFinder
URLFinder is a high-speed, passive URL discovery tool designed to simplify and accelerate web asset discovery, ideal for penetration testers, security researchers, and developers looking to gather URLs without active scanning.
— Passive source discovery
— JSON/file/stdout output
— Optimized speed & efficiency
https://github.com/projectdiscovery/urlfinder
GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487).
https://projectdiscovery.io/blog/github-enterprise-saml-authentication-bypass