HackingHub (@hackinghub

HackingHub

3,297 posts

HackingHub

@hackinghub_io

Educating the next generation of ethical hackers.

United Kingdom

Joined April 2019

HackingHub
@hackinghub_io
Aug 1, 2025
How to fuzz log files using wordlist of dates 👇 1️⃣ Use ffuf to find an active log directory 2️⃣ Grab a wordlist of dates 3️⃣ Run ffuf -w dates.txt -u <URL>/log/FUZZ.log -ac -mc 200 Want to try this out? Try out Content Discovery Hub now! (🔗 link in comments 👇)
00:00
10K
HackingHub
@hackinghub_io
Jul 26, 2025
APIs tell you everything (if you listen). Beginners often jump straight to brute forcing but many APIs actually tell you EXACTLY what data they expect! Make sure to look at the error messages as they often include key field names and content requirements.
00:00
12K
HackingHub
@hackinghub_io
Aug 2, 2025
Struggling to find your first bug? Try @NahamSec's 5 Week Program on HackingHub! What's covered? 💥 Week 1: API Hacking 💥 Week 2: Fuzzing 💥 Week 3: CSRF 💥 Week 4: IDOR 💥 Week 5: XSS Start hacking today👇 app.hackinghub.io/hubs/nahamsec-…
12K
HackingHub
@hackinghub_io
Jul 3, 2025
How to Test and Confirm RCE, Then Exfiltrate Data (no firewall): Step 1: Test if RCE is possible with something like ;whoami Since the app doesn’t return output (blind RCE), you need a side-channel to confirm it. Continued in thread 👇
00:00
14K
HackingHub
@hackinghub_io
Jul 11, 2025
Scanning github repos is a great way to find juicy information, secrets and credentials! Trufflehog makes this easy. With one scan you can find AWS keys, FTP creds, crypto keys and more! Check this out👇
00:00
15K
HackingHub
@hackinghub_io
Aug 23, 2025
How to spot IDOR opportunities without using a second account👇 (🔗 link to this IDOR hub in the comments)
00:00
10K
HackingHub
@hackinghub_io
Aug 31, 2025
Stop copy and pasting XSS payloads. Here's why 👇
00:00
11K
HackingHub
@hackinghub_io
Aug 19, 2025
Struggling to find IDORs? Many stop at simple GET requests and miss deeper bugs. In this video, @NahamSec introduces you to IDORs including what they are, where you can find them and how to exploit them. Watch now to level up your IDOR hunting 👇 youtube.com/watch?v=bCUqio…
7.4K
HackingHub
@hackinghub_io
Aug 10, 2025
IDORs are one of the most common web vulnerabilities but most beginner's test them wrong. Here are 7 steps to properly test for IDORs👇 (p.s most IDORs are missed because people stop after step 3) 1/9
15K
HackingHub
@hackinghub_io
Jan 8, 2022
Hacking is about learning and more importantly lifelong learning. There’s lots of great platforms and people creating brilliant content, check out the accounts of who we follow to continue your learning journey 🧐
HackingHub
@hackinghub_io
Jul 6, 2025
Getting blocked by servers while using cURL? Most sites don’t like requests from cURL and will often block it because it's a red flag for bots or scraping tools. Try changing your User-Agent header, like this: curl "https://hackinghub[.]io" -A "<NEW-USER-AGENT>"
12K
HackingHub
@hackinghub_io
Jul 8, 2025
jq is so much more than just making json look pretty. Did you know you can use jq for url encoding your payloads? try this: echo "<payload>" | jq -sRr @ uri Check it👇
5.5K
HackingHub
@hackinghub_io
Jun 16, 2025
Hunting assets via IP ranges? Try this for combo for mass reverse DNS lookups 👇
7.9K
HackingHub
@hackinghub_io
Jul 5, 2025
Mapping an organization’s Autonomous System Number (ASN) is a great way to uncover IP ranges tied to your target! Use asnmap like this: asnmap -org <TARGET> -json | jq -r .as_number | sort -u Combine this with tools like nmap, amass, or masscan.
6K