__pytools__

 Hey guys how are you?, hope you are doing well . Today we are going to talk about how Hacking is look like in the movie, so let's get started. First of all don't wear formals that's not dress-code of  Hacker's , get hoodie and specs.  Just kidding guy's 😅 Now go to htpps://hackertyper.com and type anything randomly. Site will take care of code by itself and press alt key three time's to get access granted message  And boom people around you think that you are genius but nobody really knows that you are dumb script kiddies. Just kidding guy's hope u like this article and also guys pls don't forget to follow us on Instagram and GitHub and do like our content on Instagram. https://instagram.com/__pytools__ https://GitHub.com/pytools786

Are you a coder or white-hat hacker looking to make some money on the side? Bug bounty hunting might be the perfect gig for you. What is bug bounty? As name implies finding bugs on website and getting bounty is called bug bounty. You can earn lots of money by just simply finding vulnerabilitie on website and reporting them For more information about bug bounty and how to earn money via bug bounty pls do watch this video: https://youtu.be/tV9DtSgexgM That's all for today guys hope you are enjoying our content and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram: https://instagram.com/__pytools__ https://GitHub.com/pytools786

Hey guys how are you? Hope you are fine and doing well.today we are going to discuss about another vulnerabilitie called rate limiting flaw . So without doing further delay let's get started. What is rate limiting?   A rate limiting algorithm is used to check if the user session (or IP-address) has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status code 429: Too Many Requests. How to find this vulnerabilitie? For this do watch this video: https://drive.google.com/file/d/1Z4dgsk1YBFaDNOBDwdZG02unjVmhthD7/view?usp=drivesdk That's all for today guys hope you are enjoying our content and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram: https://instagram.com/__pytools__ https://GitHub.com/pytools786

  Hey guys how are you hope you are doing well today we are going to discuss about another vulnerabilitie called URL redirection . As name implies we are redirecting URL. So without doing further delay let's gets started. What is URL redirection? URL Redirection is a vulnerability which allows an attacker to force users of your application to an untrusted external site. The attack is most often performed by delivering a link to the victim, who then clicks the link and is unknowingly redirected to the malicious website How to find this vulnerabilitie? For this do watch this video: https://youtu.be/0q0CZTliQ7A That's all for today guys and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram. https://instagram.com/__pytools__ https://GitHub.com/pytools786

Hey friends how are you hope you are doing well today we are going to discuss about another vulnerabilitie called subdomain takeover. So let's get started. What is subdomain takeover? A  subdomain takeover is a website vulnerabilitie which  occurs when an attacker gains control over a  subdomain  of a target domain. Typically, this happens when the  subdomain  has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it. ...  How to find this vulnerabilitie? For this do watch this video: https://youtu.be/h3XzpGOksYs That's all for today guys hope you are enjoying our content and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram. https://instagram.com/__pytools__ https://GitHub.com/pytools786

  Hey guys what's up? Today we are going to discuss about very interesting and critical vulnerabilitie called file uploade vulnerabilitie. As name implies in this vulnerabilities we are going to upload malacious files on website. What is file upload vulnerabilitie? A file upload vulnerability is a vulnerability where an application allows a user to upload a malicious file directly which is then executed on web server. How to test file upload vulnerabilitie? This is too simple you just have to upload any malicious file on file uploaded pages like profile upload page, resume upload pages and many more. How to exploit this vulnerabilitie? For this do watch this video: https://youtu.be/jFRYPmCulh4 That's all for today guys and also don't forget to follow us on Instagram and GitHub and do our content on Instagram: https://instagram.com/__pytools__ https://GitHub.com/pytools786

  Hey guys what's up today we are going to discuss about clickjacking. As name implies we are going to hijacking the clicks. What is clickjacking? Clickjacking is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages How to find and exploit this vulnerabilitie? For this do watch this video: https://youtu.be/Unu41TIk8CY That's all for today's guys pls do visit our Instagram and GitHub profile and do like our content on Instagram: https://instagram.com/__pytools__ https://GitHub.com/pytools786

  Hey guys how are you, today we're going to discuss about another website vulnerabilitie called SQL injection. What is SQL injection? SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input . Types of SQL injection: Their are 4 main types of SQL injection: 1) get based SQL injection 2) post based SQL injection 3) cookie based SQL injection 4) header based SQL injection How to find SQL injection? Want to know how To find get based SQL injection? For this do watch this video: https://drive.google.com/file/d/1-o1aHWa9eVbsvb4MrqgUK1TX7ZFmeZk5/view?usp=drivesdk Want to know how To find post based SQL injection? For this do watch this video: https://drive.google.com/file/d/1_2JzkvBewDotqKqVQkP17qMzXm_jufkB/view?usp=drivesdk Want to Know how To find header based SQL injection? For this do watch this video: h...

 Hey friend how are you, In this section, we'll explain what server-side request forgery is, describe some common examples, and explain how to find and exploit this vulnerabilities. As name implies server is going to send request behalf of you. What is ssrf? Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization's infrastructure, or to external third-party systems. How to find this vulnerabilitie? For this do watch this video: https://drive.google.com/file/d/13lWq4ji6X-1wAXe1qKIT-C4bs3eOQ2uY/view?usp=drivesdk How to exploit this vulnerabilitie? For this do watch this video: https://drive.google.com/file/d/1rdIQyMxKpO41Fg0ueTEWz9H8_ZjOfuUK/view?usp=drivesdk That...

  Hey guys how are you, today we're going to discuss about another vulnerabilitie called host header injection. As Name implies, we are injecting something malicious in host header. So without getting further delay let's get started. What is a Host Header Attack? It is common practice for the same web server to host several websites or web applications on the same IP address. This why the host header exists. The host header specifies which website or web application should process an incoming HTTP request. The web server uses the value of this header to dispatch the request to the specified website or web application. Each web application hosted on the same IP address is commonly referred to as a virtual host. So what constitutes a host header attack? What happens if we specify an invalid Host Header? Most web servers are configured to pass the unrecognized host header to the first virtual host in the list. Therefore, it’s possible to send requests with arbitrary host headers t...

  Hey guys how are you, today we're going to discuss about cross site request forgery. so without doing further delay let's get started. What is csrf? Cross-site request forgery attacks (CSRF or XSRF for short) are used to send malicious requests from an authenticated user to a web application.   When a website requests data from another website on behalf of a user, there are no security concerns as long as the request is unauthenticated, i.e. the session cookie is not sent. However, when the user’s session cookie is sent with the request, attackers can launch a cross-site request forgery attack that abuses the trust relationship between the victim’s browser and the web server. Combined with social engineering to persuade users to open a malicious link, CSRF attacks can have serious consequences . An attacker’s aim for carrying out a CSRF attack is to force the user to submit a state-changing request .  Examples : Submitting or deleting a record. Submitting a transaction....

Hey guys how are you? hope you are doing great. In this section, we are going to discuss about what cross-site scripting is, describe the different varieties of cross-site scripting vulnerabilities, and spell out how to find cross-site scripting. What is cross-site scripting (XSS)? Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data. How to find and test for XSS vulnerabiliti...

  Hello guys! , whats up ? , hope your doing great & having fun learning from me. Today we are going to discuss about xml-rpc. What is XML RPC? XML-RPC on WordPress is actually an API or “application program interface“. It gives developers who make mobile apps, desktop apps and other services the ability to talk to your WordPress site. The XML-RPC API that WordPress provides gives developers a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface. These include: Publish a post Edit a post Delete a post. Upload a new file (e.g. an image for a post) Get a list of comments Edit comments How to exploit this vulnerabilitie? For this do watch this video: https://youtu.be/KILbwKCg9ek That's all for today guys and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram: https://instagram.com/__pytools__ https://GitHub.com/pytools786

  Hey guys how are you hope you are doing good. today we are going to discuss about how you can bypass forbidden pages. What is 403 forbidden error : The simple reason why we are seeing this error is that you are trying to access something you don't have the permission for. Throwing a 403 forbidden error is your website's way of stating that you don't have enough permissions to proceed further What if, we bypass this error. then we can read any file on the webserver. And that will be the fun. How to bypass: For this do read this article https://www.google.com/url?sa=t&source=web&rct=j&url=https://kalilinuxtutorials.com/byp4xx/amp/&ved=2ahUKEwiUqbGy2eTvAhUryzgGHa7hAtoQFjAFegQIGxAC&usg=AOvVaw1N8q4KOisoAZqny_POFntr&ampcf=1 And that's all for today guys and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram . https://instagram.com/__pytools__ https://GitHub.com/pytools786

Hey guys how are you hope you are doing well today we are going to discuss about source code disclosure vulnerabilitie . What is source code disclosure: Source code disclosure attacks allow a malicious user to obtain the source code of a server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic. Attackers use source code disclosure attacks to try to obtain the source code of server-side applications. How to find this vulnerabilitie: For this do watch this video: https://drive.google.com/file/d/13Dz23gNpKim5x4xi-czdtI5ITw_ImLwr/view?usp=drivesdk Thanks guys that's all for today hope you are enjoying our content and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram. Https://instagram.com/__pytools__ https://GitHub.com/pytools786

  Hey guys how are you hope you are doing well today we are going to discuss about another vulnerabilitie called critical file found. What is critical file: whenever any web server or a web application having file that contains some kind of sensitive information and can be use for further attacks. It includes files having database passwords, web server authentication data, critical business logic information etc. How to find this vulnerabilitie: For this do watch this video https://drive.google.com/file/d/1xcX4QMqkSIXcv2C5duGXsmRWjwaDGpnY/view?usp=drivesdk That's all for today's guys and don't forget to follow us on Instagram and GitHub and do like our content on Instagram. https://instagram.com/__pytools__ https://GitHub.com/pytools786

 Hey guys how are you hope you are doing well today we are going to discuss about very critical vulnerabilitie called local file inclusion. As Name implies this vulnerabilitie includes local files which are stored on the webserver . Want to know how to find this vulnerabilitie do watch this video: https://drive.google.com/file/d/1zi5r1hThtDCQfEEqgjU9nTG0mFWGX0Xc/view?usp=drivesdk For exploitation of this vulnerabilitie do watch this video: https://drive.google.com/file/d/1ePPoV1vVTAlEN5ft-qdh1jBkX_qmIpco/view?usp=drivesdk That's all for today guys and also don't forget to follow us on Instagram and GitHub and do like our content on Instagram: https://instagram.com/__pytools__ https://GitHub.com/pytools786

  A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack. In short, this means that hackers have attempted to make a website or computer unavailable by flooding or crashing the website with too much traffic . How to do DDoS attack: Their are no of tools on the internet that will do DDoS attack for you but in this article we are going to discuss about the tool called DDos-Attack. This is simple python script that sends malicious request to target website and generate heavy traffic on target webserver.and it may leads to crash the web server. How to download and use DDoS attack tool: For this do watch this video: https://www.youtube.com/watch?v=-e3Iia_P7rA That's all for today guys and don't forget to follow us on Instagram and GitHub and do like our content on Instagram: https://instagram.com/__pytools__ https://Git...

  Hey guys how are you, Today we are going to discuss about insecure cors (cross origin resource sharing). What is CORS An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses, thus enabling attackers to perform privilegied actions or to retrieve potential sensitive information . How to find this vulnerabilitie By checking response headers For this do watch this video: https://drive.google.com/file/d/1C1AGdwEgteV3fk17aYXmRypTK1CDB6nj/view?usp=drivesdk By checking request header: For this do watch this video: https://drive.google.com/file/d/1S_6pFmO4Stod1j3SO4IRwH68lwbZT-1p/view?usp=drivesdk There are a number of HTTP headers related to CORS, but the following three response headers are the most important for security:   Access-Control-Allow-Origin specifies which domains can access a domain’s resources. For instance, if requester.com want to access provider.com’s resources, then develope...