Hi , It's Me Maniesh Neupane(Pwn4arn).

 Ways To Bypass Authentication. 1:) Direct page request; :)a.k.a forced browsing. :)successful authentication => Redir to /admin. :)functionality is inappropriately protected , just go to:  https//your.target.site/admin. 2. Parameter Modification; :) When authentication is verified via fixed parameters. "authenticated" = "yes" "logged_in" = true "is_admin"= true 3. Session ID Prediction; :) Cookies, tokens, etc. :) If ID is predictable => can be bruteforced/guessed. 4. SQL Injection :)improper input sanitization  admin' or '1'='1 More payloads: https://gist.github.com/spenkk/2cd2f7eeb9cac92dd550855e522c558f. :)Use Intruder with default or custom payloads in Burp Suite. 5:) Default accounts ; admin/admin root/admin admin/password 6. Weak Password Change/Reset Feature ;  :)Current password not required. :)Host header poisoning: https://0xn3va.gitbook.io/cheat-sheets/web-application/broken-authentication. Video link: https://yo

Web-Application Pentesting Tools 1. Burp Suite - Framework. 2. ZAP Proxy - Framework. 3. Dirsearch - HTTP bruteforcing. 4. Nmap - Port scanning. 5. Sublist3r - Subdomain discovery. 6. Amass - Subdomain discovery. 7. SQLmap - SQLi exploitation. 8. Metasploit - Framework. 9. WPscan - WordPress exploitation. 10. Nikto - Webserver scanning. 11. HTTPX - HTTP probing. 12. Nuclei - YAML based template scanning. 13. FFUF - HTTP probing. 14. Subfinder - Subdomain discovery. 15. Masscan - Mass IP and port scanner. 16. Lazy Recon - Subdomain discovery. 18. XSS Hunter - Blind XSS discovery. 19. Aquatone - HTTP based recon. 20. LinkFinder - Endpoint discovery through JS files. 21. JS-Scan - Endpoint discovery through JS files. 22. GAU - Historical attack surface mapping. 23. Parameth - Bruteforce GET and POST parameters. 24. truffleHog - Find credentials in GitHub commits.

 Top 25 XSS Dorks according to OpenBugBounty 1. ?q={payload} 2. ?s={payload} 3. ?search={payload} 4. ?id={payload} 5. ?lang={payload} 6. ?keyword={payload} 7. ?query={payload} 8. ?page={payload} 9. ?keywords={payload} 10. ?year={payload} 11. ?view={payload} 12. ?email={payload} 13. ?type={payload} 14. ?name={payload} 15. ?p={payload} 16. ?month={payload} 17. ?immagine={payload} 18. ?list_type={payload} 19. ?url={payload} 20. ?terms={payload} 21. ?categoryid={payload} 22. ?key={payload} 23. ?l={payload} 24. ?begindate={payload} 25. ?enddate={payload}

 Scope Base Recon Methodology for Small, Medium,and Large scope tragedy by @Harsha Bothra

While performing penetration testing on a (website.com) target, I observed that the application allowed me to automatically login to the application as soon as I created a new account. This implies that there is no email verification at all. Similarly, the application also supported multiple social login methods such as Login with Google, Facebook and Apple.  Following the below steps, I was able to perform pre-authentication account takeover successfully. 1:) [Attacker Step] Navigate to the and register a new account with using the victim user’s email. Since the application also has a Google Authentication and Facebook option, I used a Gmail account for registration as a victim account. 2:) Observe that the application successfully logs in a user upon registration process completion, and all the features of the applications are accessible. 3:) Now, log out and navigate back to the target application’s login functionality. 4:) [Victim Step] This time, use Google Authentication and log

  Pentesting Mindmap ! SAML attack;