Live Recon and Automation on Shopify's Bug Bounty Program with
HTML-код
- Опубликовано: 21 авг 2024
- Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Live Every Friday, Saturday Sunday and Monday on Twitch:
/ nahamsec
Free $100 DigitalOcean Credit:
m.do.co/c/3236...
Follow me on social media:
/ nahamsec
/ nahamsec
twitch.com/nah...
hackerone.com/...
/ nahamsec1
Github:
github.com/nah...
Nahamsec's Discord:
discordapp.com...
this is some GOD-LEVEL recon !!! We want more sessions from Tom. Thanks nahamsec for bringing this to the community and thanks Tom for sparing your time for this!!!
Lol .. 😂…GOD level would leave you speechless
@@alexander_adnan what god level according to you?
@@alexander_adnanyou don't have a clue then. For mass recon, this is GOD-tier automation. These guys can even automate the entire process if they wanted.
@@godspeed2124 looks like you will find out before others.
Not a good idea to do reverse psychology, with strangers.
I would be rational though, there’s no recipe for recon, it depends on your target while Technics matters less than the potential.
The calmness that Tom have is really unique, great and fancy.
+ The way he do his things is really epic
Really a great guy
It's funny because I can tell from Nahamsec's faces that he just loves Tomnomnom. At the same time it makes him laugh that he is so calm when explaining things.
Haha! Tom is one of the most genuine and nicest people I have had on the show.
I think he's also realizing the greatness he's capturing at the moment, he isn't fully comprehending it yet but he knows it.
I would love to be a Shopify developer watching this unfold
fantastic video , Tom really knows his stuff
Mind blowing. Thank you so much for giving back to community.
Every week i rewatch your videos; I am learning new things 💙.
hora
@@SankizTime :D
“ass, is that a new tool to compete with meg? I don’t know” had me rolling lololz
Thank you both for this great content.
We want more videos with @TomNomNom.
Start at 5:59
amazing, this could be probably one of the biggest information that i have ever been given. we need such playlist more and more in upcoming days. i hope i made you understand the things that i wanted to make you understand.. again, we need such playlist more and more in upcoming days.
This is byfar the most incredible live recon i have watched on youtube
I started watching this with hope of learning something. Ended with depression and one conclusion - I should stop learning this stuff if I'm gonna need to compete with maaany, maaany people as Tom. And as he said - it was his first attempt since like two years ago. I would need like a week to check all the things that he checked. Now I get it why entry-level positions needs few years of experience but in the same time I don't see a way to get this experience
If you think that the competitors out there are all as skillful as tom . You are very wrong
Tom is really really good! He knows what he is doing! Amazing! Thanks Nahamsec for this video.
This is epic!! I've have to watch this video over 10 times just to understand Tomnomnom's recon process. The guy is really really good at what he does. Thanks @nahamsec & @Tomnomnom🙏🏽🙏🏽🙏🏽
I can watch these 50 times daily I love nomnom
these vim and bash skills are really something to behold
maan seeing how tom is working makes me feel down, this dude is so good
Tom is a genius I must confess 🖤💯
i was literaly looking for something just like anew to use in my automation since i run scans everday i want to add stuff to already existing txt files. i have seen people use it and idk why i only found out about it rn, great video thanks so much
Could you please upload all the other recons
I love this man!
best video ive seen in a long time
finally, the two underrated hunters!!
*TomNomNom* is a FKIN G 💯👏
I improve my bash skill much when watching this video. thanks Tomnomnom & Nahamsec
Awesome video, I loved you Tom
That is why Hacking is time and patience game. i love the way he spend days to come on this i love this channel
"...previous versions can be a goldmine" wow!
Would be interesting to see how different the process/tools look 3 years on.
I wish I had vim mastered in this way, I use nano which has some of the same features but vim has way more flexibility it's a language all it's own and it's why hackers prefer it, I mean true command based hackers..windows has spoiled this generation..nothing wrong with a GUI but hacking is about control and putting that level of control in a GUI is a major resource hog..TOM you are a dying breed, my hats off to you..grey that is
Was it Recon Only ? Completely Mind Blowing stuff I saw today 🙌🙌🙌🙌🙌
He is truly a Genius!!!!!!!
Tom is best!
Thanks Tom!
Very nice and interesting video bro!
#TOMNOMNOM FOR EVER!
Two masters at work
Tom is such a wizard
insane 🔥
please which terminal theme tomnomnom used ?
farhan ahmed was here at 10-31-22
It would be cool if you could list every command tomnomnom uses in this video in the description with a timestamp so people can go directly to that section to see what it does.. Or just watch the video.
@hackR That's Cool.
tomnomnom the goat
could you please share your recon methodology you applied on redbull as target.
Hello Ben 😊. please make a video about "Finding origin IP behind AWS CDN", because i searched a lot, but i found only video about Cloudflair bypass 🙏
i didn't understand how he learn all this things and how he remember this all this commands and their particular options of a tools..
Probably because it's an hobby for him.
When you're not forced to do something that you love, you usually become an expert at it.
💯
Nice :)
We want more live with tom #request
Is he previewing the `find` results? Does anyone know how to do that?
anew installation as mentioned in github not working for me. Anyone facing issues?
hey!!))) where i can find list configfiles ?))
Anyone got the list of all tomnomnom tools used in the video?
Still in a dilemma how to filter hosts on basis of response body from fff; since, every host is responding with 200 OK 😢.
they are not filtering hosts they are just checking those hosts which thet have got liittle bit doubt
How I can start with lve website bug bounty hunting
naham bro this is gf and fff methodology or bug bounty methodology?))))
I like tom
Is tom operating himself on 1.5x?
I am not even sure what i am looking at. I know what he is looking at but i have no clue what to do with what he is looking at.
Huh man ...
Here Kali Linux is used right ?
In the webpaste part the value he uses @1:06:26 are
Code:
[...document.querySelectorAll('div.g a:first-child')].map(n=>n.href)
On Success:
document.location=document.querySelectorAll('a#pnnext')[0].href;
🕵♀
Hi 👋
In this video I learned a lot of things thank you so much Nahamsec
Just gave up her cover
what's up behrouz ?? how are you ??
So what's this worth this bug
Hi did you miss me
Where do we get the ass tool?
Just to point out that Auv5 is the Shopify security team member. Does anyone know if they have a twitter account?
...And this, ladies and gentlemen, is how you know you have failed recon101! 😅😜😉
@@lilyrosestracke4591 don't know why my comments keep getting deleted but I'll try posting it again
@@lilyrosestracke4591 I'm actually really good at recon. I have a public playlist (all osint videos) with at the time of writing this comment it's has 407 videos in it so from that you can tell that I know a lot about the topic.
@@lilyrosestracke4591 also, I have checked Google with Google dorks and Twitter and I didn't find anything related to the username.
@@lilyrosestracke4591 and another thing, you shouldn't be rude to others in general. I asked because I already did some research and I couldn't find it so I was asking.
It's OK to ask questions, if anything its good and its how humans learn.
Also, it's a social engineering skill which is used a lot in infosec so please don't share the idea that asking questions (after doing research and not finding anything useful/related) is bad because it's 100% not bad.
Whoxy the website can get historical whois.
😁😀😁😁😁😁😁
Problem number one I'm on Windows
Hey @Nahamsec what you deal with 403 subdomains
Just keep bruteforcing for directories, maybe /login will return 200 or /api will return 400
i had a scenario where i have found a directory which returns 403 forbidden, so i kept brute forcing on that directory and eventually i got PhpMyAdmin mysql page and it was accessible for anyone and i was able to successfully login with a weak credentials :), thats why u shouldn't stop on a 403 they made it forbidden for a reason and simple miss configuration may give you a high result.
@@bobmarley8644and for 401?
Na bhai tune subtitles diye, na tune tools explain kre, aur apni accent mei tum log bol kya rhe ho ghanta samajh nhi aa rha ... Khud hi seekh le bhai, jab ye samajh aa jae ki "padhate kaise hai" tab video upload kr dena
Ist: it's not his problem if you don't understand english
first clear your basics then come here.
they both are doing great work
@@hellb0y794 Fucking Dimwit, atleast read what I've written before commenting. I wrote "accent".
Simplifying it for you,
What it means is that, I do know English however I am having difficulty understanding their accent (Google the meaning of accent for more information)
Also if you've even seen the starting of the video, you'll notice they are not teaching the basics here, they are talking about approaching a target i.e., their methodology.
So, your statement about basics don't even make sense.
I mean I don't mind you standing up for the hackers you admire but at least make some logical statement.
Even I know these hackers know a lot more than me, but they have little to no idea "how to teach". This could've been structured into a nice course.
Tom is not someone to follow . No
My brain cells 😪 😭😭😭😭😭
I think this is the most useful technical video that is related to recon / bug bounty
thank you @nahamsec
thank you @tomnomnom
Cat from-findomain | why i m unable to run the command
github dork not working please help
[...document.querySelectorAll('.codesearch-results a.v-align-middle')].map(n=>n.href) it is not working