CVE-2024-38819: Path Traversal in Spring Framework, 7.5 ratingβοΈ
Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!
Search at Netlas.io:
π Link: https://nt.ls/AzCtg
π Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38819
Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!
Search at Netlas.io:
π Link: https://nt.ls/AzCtg
π Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38819
π6β€3
Please open Telegram to view this post
VIEW IN TELEGRAM
π³13πΏ8π3π€¨2
π IVRE - The Ultimate Network Reconnaissance Framework
β¨ Key Features:
IVRE allows you to build your self-hosted, fully controlled alternatives to tools like Shodan, ZoomEye, Censys, and GreyNoise.
- Run your Passive DNS service
- Create tailor-made EASM tools
- Collect and analyze network intelligence using Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, and more!
Perfect for security researchers and network analysts.
π Get the tool here: https://github.com/ivre/ivre
β¨ Key Features:
IVRE allows you to build your self-hosted, fully controlled alternatives to tools like Shodan, ZoomEye, Censys, and GreyNoise.
- Run your Passive DNS service
- Create tailor-made EASM tools
- Collect and analyze network intelligence using Nmap, Masscan, Zeek, p0f, ProjectDiscovery tools, and more!
Perfect for security researchers and network analysts.
π Get the tool here: https://github.com/ivre/ivre
GitHub
GitHub - ivre/ivre: Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEyeβ¦
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co...
π4
π Wrapping Up an Amazing Year Together! π
Hey Brut Fam! πAs 2024 comes to a close, I want to thank each and every one of you for being part of this amazing journey. This year, weβve shared 1,500+ resources, learned, grown, and built an incredible community of 8,000+ members. Your support and engagement have made Brut Security what it is today. πͺ
If youβve found value in the resources Iβve shared and want to support me in continuing this journey, you can now buy me a coffee β here:
βοΈ https://buymeacoffee.com/saumadip
Itβs not mandatoryβjust a small way to show appreciation if you feel like it.
Wishing you all a early very Merry Christmas π and a Happy New Year π filled with learning, growth, and success! Hereβs to an even bigger and better 2025! π
Stay curious, stay secure. π
Hey Brut Fam! πAs 2024 comes to a close, I want to thank each and every one of you for being part of this amazing journey. This year, weβve shared 1,500+ resources, learned, grown, and built an incredible community of 8,000+ members. Your support and engagement have made Brut Security what it is today. πͺ
If youβve found value in the resources Iβve shared and want to support me in continuing this journey, you can now buy me a coffee β here:
Itβs not mandatoryβjust a small way to show appreciation if you feel like it.
Wishing you all a early very Merry Christmas π and a Happy New Year π filled with learning, growth, and success! Hereβs to an even bigger and better 2025! π
Stay curious, stay secure. π
Please open Telegram to view this post
VIEW IN TELEGRAM
β€3π3π¨βπ»2π₯1π³1
Brut Security pinned Β«π Wrapping Up an Amazing Year Together! π Hey Brut Fam! πAs 2024 comes to a close, I want to thank each and every one of you for being part of this amazing journey. This year, weβve shared 1,500+ resources, learned, grown, and built an incredible communityβ¦Β»
CVE-2024-50379, -54677: RCE and DoS in Apache Tomcat, 5.3 - 9.8 rating π₯
New vulnerabilities allow attackers to upload and execute malicious files disguised as legitimate ones, as well as cause OutOfMemoryError to shut down the server.
Search at Netlas.io:
π Link: https://nt.ls/WHRGO
π Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Read more: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
New vulnerabilities allow attackers to upload and execute malicious files disguised as legitimate ones, as well as cause OutOfMemoryError to shut down the server.
Search at Netlas.io:
π Link: https://nt.ls/WHRGO
π Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Read more: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
β€2
π AnalyticsRelationships - Discover related domains and subdomains through Google Analytics IDs!
β¨ How it works:
- Extract Google Analytics IDs from a webpage.
- Query services like BuiltWith and HackerTarget to find domains and subdomains associated with those IDs.
- A simple yet effective tool for OSINT and reconnaissance!
π Get the tool here: https://github.com/Josue87/AnalyticsRelationships
β¨ How it works:
- Extract Google Analytics IDs from a webpage.
- Query services like BuiltWith and HackerTarget to find domains and subdomains associated with those IDs.
- A simple yet effective tool for OSINT and reconnaissance!
π Get the tool here: https://github.com/Josue87/AnalyticsRelationships
π1π₯1
π The Art of Auditing
β¨ What it offers:
The first community-driven resource consolidating thousands of hours of expertise from top industry professionals. Ideal for security auditors, researchers, and enthusiasts, this comprehensive guide is a must-read.
π Explore it here: https://web3-sec.gitbook.io/art-of-auditing
β¨ What it offers:
The first community-driven resource consolidating thousands of hours of expertise from top industry professionals. Ideal for security auditors, researchers, and enthusiasts, this comprehensive guide is a must-read.
π Explore it here: https://web3-sec.gitbook.io/art-of-auditing
web3-sec.gitbook.io
Preface | Art Of Auditing
β€5
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - 0dayhunter/Facebook-BugBounty-Writeups: Collection of Facebook Bug Bounty Writeups
Collection of Facebook Bug Bounty Writeups. Contribute to 0dayhunter/Facebook-BugBounty-Writeups development by creating an account on GitHub.
β€6π1
π¨CVE-2024-50379: Apache Tomcat - RCE via write-enabled default servlet.
πDorks
HUNTER:/product.name="Apache Tomcat"
FOFA:product="APACHE-Tomcat"
SHODAN:product:"Apache Tomcat"
π°https://lnkd.in/g_nmV2MM
πDorks
HUNTER:/product.name="Apache Tomcat"
FOFA:product="APACHE-Tomcat"
SHODAN:product:"Apache Tomcat"
π°https://lnkd.in/g_nmV2MM
β€4
π¨ [CVE-2024-56145] Exploit released! π¨
Details, PoC, and setup instructions:
π https://github.com/Chocapikk/CVE-2024-56145
Learn more:
π https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
#bugbountytips #BugBounty
Details, PoC, and setup instructions:
π https://github.com/Chocapikk/CVE-2024-56145
Learn more:
π https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
#bugbountytips #BugBounty
π8
βοΈ Exciting News for Aspiring Bug Hunters! βοΈ
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Get ready to dive deep into the world of ethical hacking and bug bounty hunting, guided by industry professionals. Whether you are a complete beginner or looking to advance your skills, this course is tailored for you.
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
π Classes Begin: January 2025 (PAID COURSE)
π Contact: Whatsapp for details and enrollment.
π Visit: Brut Security
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Get ready to dive deep into the world of ethical hacking and bug bounty hunting, guided by industry professionals. Whether you are a complete beginner or looking to advance your skills, this course is tailored for you.
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
Please open Telegram to view this post
VIEW IN TELEGRAM
π3
Extract all endpoints from a JS File and take your bug π
β Method one
β Method two
#infosec #cybersec #bugbountytips
β Method one
waybackurls HOSTS | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?
15*[=: 1\5*[ '\"]?[^'\"]+.js[^'|"> ]*" | awk -F '/'
'{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh
-c "curl -k -s \"%)" | sed \"s/[;}\)>]/\n/g\" | grep -Po \" (L'1|\"](https?: )?[/1{1,2}[^'||l"> 1{5,3)|(\.
(get|post|ajax|load)\s*\(\5*['||\"](https?:)?[/1{1,2}[^'||\"> ]
{5,})\"" | awk -F "['|"]" '{print $2}' sort -fu
β Method two
cat JS.txt | grep -aop "(?<=(\"|\'|' ))\/[a-zA-Z0-9?&=\/-#.](?= (\"||'|'))" | sort -u | tee JS.txt
#infosec #cybersec #bugbountytips
1π32β€11π₯10π€¨3π³2
Donβt forget the reactions and stars!
They fuel my energy to post such contentsπ β¨ .
They fuel my energy to post such contents
Please open Telegram to view this post
VIEW IN TELEGRAM
π17
β‘οΈA list of companies that accept Responsible Disclosure
β bug-bounties.as93.net
#bugbountytips #bugbounty
β bug-bounties.as93.net
#bugbountytips #bugbounty
π7π€¨4β€1π₯1π¨βπ»1
Using TLDFinder with the Netlas Module π
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
π Read now: https://netlas.io/blog/tldfinder_and_netlas/
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
π Read now: https://netlas.io/blog/tldfinder_and_netlas/
netlas.io
Using TLDFinder with Netlas - Netlas Blog
This article will look at using the TLDFinder tool to find top level domains and subdomains using the Netlas integration.
π5β€4
β‘οΈCVE-2024-50379/CVE-2024-56337 : Apache Tomcat Patches Critical RCE Vulnerability
π₯Exploit : https://github.com/SleepingBag945/CVE-2024-50379
πDorks:
HUNTER :/product.name="Apache Tomcat"
FOFA : product="Apache-Tomcat"
SHODAN : product:"Apache-Tomcat"
π₯Exploit : https://github.com/SleepingBag945/CVE-2024-50379
πDorks:
HUNTER :/product.name="Apache Tomcat"
FOFA : product="Apache-Tomcat"
SHODAN : product:"Apache-Tomcat"
β€7π2
π Merry Christmas from Brut Security! π
Wishing you and your loved ones a season filled with joy, peace, and happiness. May this festive time bring warmth to your heart and cherished moments with your loved ones.
Thank you for being a part of our community!
Happy Holidays! π
#MerryChristmas #Cybersecurity #BrutSecurity
Wishing you and your loved ones a season filled with joy, peace, and happiness. May this festive time bring warmth to your heart and cherished moments with your loved ones.
Thank you for being a part of our community!
Happy Holidays! π
#MerryChristmas #Cybersecurity #BrutSecurity
1β€14π2π₯2