Please open Telegram to view this post
VIEW IN TELEGRAM
HackerOne
HackerOne disclosed on HackerOne: Domain highlighting on External...
There have been multiple issues with External Link Warning in the past. Sometimes it's Homograph, sometimes more than 2 slashes in link, sometimes domain highlighting and/or weird markdown. And...
π€£9π«‘1
Please open Telegram to view this post
VIEW IN TELEGRAM
1π₯17π±4β€3
β‘The Ultimate PNPT Study Guide β Master Pentesting & Crush the Exam!
πLink: https://github.com/TrshPuppy/PNPT-study-guide
πLink: https://github.com/TrshPuppy/PNPT-study-guide
β€10π₯4π3
https://medium.com/me/stats/post/f6ae24cdcdfa
https://medium.com/securing/exploring-25k-aws-s3-buckets-f22ec87c3f2a
https://suleyman-celik8.medium.com/enumerate-s3-buckets-using-lazys3-d2f5de14d31
Please open Telegram to view this post
VIEW IN TELEGRAM
π10β€3π₯3
β‘SubDomain Grabber - A bug bounty tool to download, unzip, and clean subdomains from Chaos ProjectDiscovery.
π¨Converts *.abc.com to https://abc.com, organizes into directories, and removes ZIPs. Offers a colorful CLI, filters (BugCrowd, HackerOne, etc.), sorting, and pagination.
β https://github.com/MuhammadWaseem29/SubDomain-Grabber
π¨Converts *.abc.com to https://abc.com, organizes into directories, and removes ZIPs. Offers a colorful CLI, filters (BugCrowd, HackerOne, etc.), sorting, and pagination.
β https://github.com/MuhammadWaseem29/SubDomain-Grabber
π₯10π6
Subdominator - Unleash the Power of Subdomain Enumeration
https://github.com/RevoltSecurities/Subdominator
https://github.com/RevoltSecurities/Subdominator
β€19π3
Please open Telegram to view this post
VIEW IN TELEGRAM
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 950 other members and enjoy free voice and text chat.
π4
Brut Security pinned Β«π» Looking for a Discord Moderator!π» β οΈ We need an active mod to help manage the Brut Security server. Based on performance, youβll be rewarded with swags, gift cards, or TryHackMe vouchers! π₯ Join & Apply Now: https://discord.gg/u7uMFV833hΒ»
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯14β€4
βΊοΈYour support keeps me motivated to share more valuable content! If you found this helpful, drop a like & send stars β to help me keep going.
π¬ For queries, message me on Telegram: @wtf_brut
π For course enrollment, reach out on WhatsApp: wa.link/brutsecurity
π¬ For queries, message me on Telegram: @wtf_brut
π For course enrollment, reach out on WhatsApp: wa.link/brutsecurity
4π31π₯9β€3π¨βπ»1π«‘1
π Want to find exploitable CVEs for cybersecurity testing?
Use CVEmap to spot vulnerabilities with public proof-of-concept, marked exploitable by CISA, remotely exploitable, and without Nuclei templates yet!
Flags to use: -k (CISA exploitable), -t=false (no template), -poc (has proof-of-concept), -re (remote).
Happy hunting! π οΈ
Use CVEmap to spot vulnerabilities with public proof-of-concept, marked exploitable by CISA, remotely exploitable, and without Nuclei templates yet!
Flags to use: -k (CISA exploitable), -t=false (no template), -poc (has proof-of-concept), -re (remote).
Happy hunting! π οΈ
π18β€9
If you found a file upload function for an image, try introducing an image with XSS in the filename like so:
<img src=x onerror=alert('XSS')>.png
"><img src=x onerror=alert('XSS')>.png
"><svg onmouseover=alert(1)>.svg
<<script>alert('xss')<!--a-->a.png
β€13π6
Use Vulhub to reproduce Next.js Middleware Authorization Bypass (CVE-2025-29927)
https://github.com/vulhub/vulhub/tree/master/next.js/CVE-2025-29927
https://github.com/vulhub/vulhub/tree/master/next.js/CVE-2025-29927
π₯7β€3π2π¨βπ»2
π¨ 0day Hunters, Pay Attention! π¨
CVE-2025-29927 β Next.js Middleware Auth Bypass [EXPLOIT]
Ever wondered what happens when middleware security checks fail silently? This vuln lets you slip past authentication like a ghost.
π₯ Reproduce it with Vulhub. Exploit it with Nuclei.
Itβs waiting in our Discord.
π [Exploit Download]
CVE-2025-29927 β Next.js Middleware Auth Bypass [EXPLOIT]
Ever wondered what happens when middleware security checks fail silently? This vuln lets you slip past authentication like a ghost.
π₯ Reproduce it with Vulhub. Exploit it with Nuclei.
Itβs waiting in our Discord.
π [Exploit Download]
π₯13π3
Who wants a Spotify Premium 4-month coupon? π§π₯
Drop your favorite hacking playlist, and the best one wins the coupon! π₯πΆ
Drop your favorite hacking playlist, and the best one wins the coupon! π₯πΆ
β€18π5
π ExplainShell β Decode Shell Commands
Found a complex command in a PoC or exploit? Paste it into ExplainShell and see a breakdown of each argument.
π Great for analyzing payloads, understanding Linux commands, and improving your skills.
Essential for Bug Bounty & Pentesting.
Found a complex command in a PoC or exploit? Paste it into ExplainShell and see a breakdown of each argument.
π Great for analyzing payloads, understanding Linux commands, and improving your skills.
Essential for Bug Bounty & Pentesting.
π₯21π5β€2
Dalfox v2.10.0 released! It uses way less CPU while XSS scanning even faster than before.
github.com/hahwul/dalfox
#DAST #Security #BugBounty
github.com/hahwul/dalfox
#DAST #Security #BugBounty
πΏ27π10
Unknown vulnerability in CrushFTP, no ratingβοΈ
The vulnerability allows attackers to gain unauthenticated access if any HTTP(S) port is exposed in the configuration.
Search at Netlas.io:
π Link: https://nt.ls/tI4nF
π Dork: http.headers.server:"CrushFTP"
Read more: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
The vulnerability allows attackers to gain unauthenticated access if any HTTP(S) port is exposed in the configuration.
Search at Netlas.io:
π Link: https://nt.ls/tI4nF
π Dork: http.headers.server:"CrushFTP"
Read more: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
π4
Best Fast Google Dork Scanner
https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan
https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan
GitHub
GitHub - IvanGlinkin/Fast-Google-Dorks-Scan: The OSINT project, the main idea of which is to collect all the possible Google dorksβ¦
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widesprea...
β€7