This media is not supported in your browser
VIEW IN TELEGRAM
urlhunter: A recon tool that allows searching on URLs that are exposed via shortener services
Link: https://github.com/utkusen/urlhunter
Link: https://github.com/utkusen/urlhunter
๐ฅ18๐3โค2๐ค2
Brut Security
From The Author https://www.youtube.com/watch?v=qY6Zl43hMko
YouTube
EpicGames - Live Bug Bounty Hunting on Hackerone (hunting cves)
EpicGames - Live Bug Bounty Hunting on HackerOne (Hunting CVEs) | Using Lazy-Hunter
Tool: https://github.com/iamunixtz/Lazy-Hunter
Join us as we dive into live bug bounty hunting on HackerOne, specifically targeting EpicGames vulnerabilities! In this sessionโฆ
Tool: https://github.com/iamunixtz/Lazy-Hunter
Join us as we dive into live bug bounty hunting on HackerOne, specifically targeting EpicGames vulnerabilities! In this sessionโฆ
๐ฅ23๐7
CVE-2025-26794: SQL Injection in Exim 4.98, 7.5 ratingโ๏ธ
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
๐ Link: https://nt.ls/ge4Iy
๐ Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
๐ Link: https://nt.ls/ge4Iy
๐ Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
๐ฅ35๐10๐ณ1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐14๐ฅ3๐ณ1๐ฟ1
CVE-2025-1128: RCE in Everest Forms WordPress Plugin, 9.8 rating ๐ฅ
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
๐ Link: https://nt.ls/q6pgJ
๐ Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
๐ Link: https://nt.ls/q6pgJ
๐ Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
๐ฅ11๐1
๐๐ฎ๐บ๐ฒ ๐ผ๐ณ ๐๐ฐ๐๐ถ๐๐ฒ ๐๐ถ๐ฟ๐ฒ๐ฐ๐๐ผ๐ฟ๐
๐ป ๐ป GOAD is a pentest active directory LAB project. This lab aims to give pentesters a vulnerable AD environment ready to use to practice usual attack techniques.
๐ฅ https://github.com/Orange-Cyberdefense/GOAD
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ17๐7โค2
๐ BApp Store: https://portswigger.net/bappstore/a321360c6e114b3dab6f2c67d68c241a
๐ป Source Code: https://github.com/portswigger/spoofproof
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ20โค6๐4๐คจ2
Don't forget to react guys ๐
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฟ21๐ฅ10๐6๐4๐ณ2๐คฃ1๐ซก1
CVE-2025-20029: Command Injection in F5 BIG-IP, 8.8 ratingโ๏ธ
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
๐ Link: https://nt.ls/e17gN
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
๐ Link: https://nt.ls/e17gN
๐ Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
๐7โค3๐ฑ2
CVE-2025-24752: XSS in Elementor Page Builder, 7.1 ratingโ๏ธ
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
๐ Link: https://nt.ls/8wpei
๐ Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
๐ Link: https://nt.ls/8wpei
๐ Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
โค4๐3
Please open Telegram to view this post
VIEW IN TELEGRAM
app.netlas.io
Discover, Research and Monitor any Assets Available Online
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
๐ฅ4
This media is not supported in your browser
VIEW IN TELEGRAM
Active link finding with xnLinkFinder! ๐
Command breakdown:
-i https://bugcrowd.com โ Target domain
-sp https://bugcrowd.com โ Scope prefix
-sf "bugcrowd.*" โ Scope filter
-d 2 โ Crawl depth
-v โ Verbose output
Command breakdown:
-i https://bugcrowd.com โ Target domain
-sp https://bugcrowd.com โ Scope prefix
-sf "bugcrowd.*" โ Scope filter
-d 2 โ Crawl depth
-v โ Verbose output
๐10โค9
This media is not supported in your browser
VIEW IN TELEGRAM
Popping alert(1) doesn't show REAL impact.
Escalate your XSS by stealing cookies instead๐
Escalate your XSS by stealing cookies instead๐
๐ฟ15๐ฅ4โค2