Luke Stephens (hakluke)
Luke Stephens (hakluke)
Don't think this is possible anymore. Just found a subdomain displaying that message and received this error when attempting to take it over.  In the hackerone link provided above,...
There may be some edge case I'm not aware of
I think that if the program team has rejected the report as invalid, it should be able to be publicly disclosed without any punitive measures, simply because according to the...
Ah, I see what you're saying. So what do y'all propose the resolution is? i.e. when should it be okay to disclose? Maybe: - When the program rejects the bug...
Totally agree! I think maybe a good action item for platforms would be to have a visible binary switch on programs. Are acquisitions in scope Y/N. Do you think that...
In this case, if the bug was originally validated + triaged by the platform, I think that it should be paid in full. Taking the asset offline may have been...
Agreed! I might add this at some point, but to be honest, you could just use ffuf ;)
Hey @babaloveyou, what version of go are you using?
If you're looking for URLs contained within the JavaScript files, this tool won't do it. I'd recommend using hakrawler to discover the JS files, and then use something like https://github.com/xnl-h4ck3r/xnLinkFinder...