This tweet suggests a methodology for finding potential targets for WAF bypass or other vulnerabilities using public internet scanning services like Censys and Shodan. It advises discovering the IP address of a target and using nmap with the vuln script to scan for known vulnerabilities. The tweet hints that if no WAF is present, it might be easier to find a bypass and earn money through bug bounty programs. Although the tweet does not describe a specific WAF bypass payload or technique, it emphasizes reconnaissance and vulnerability scanning as preliminary steps to identify targets potentially protected by a WAF and vulnerable to exploits. This approach highlights the importance of using reconnaissance tools before attempting to bypass WAFs or exploit vulnerabilities.
For more details, check out the original tweet here: https://twitter.com/afi0pchik/status/1956743152313745454