Want a free month of Discord Nitro? Here's your chance to win!
To enter:
1️⃣ Follow me on Medium: https://medium.com/@0xbrut
2️⃣ Send a screenshot as proof to my Telegram bot
That’s it!
Don’t miss out – support me and get a shot at Nitro!
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤4🔥2🗿2😢1
This media is not supported in your browser
VIEW IN TELEGRAM
⚡ csprecon - Discover new target domains using Content Security Policy
🚨https://github.com/edoardottt/csprecon
🚨https://github.com/edoardottt/csprecon
🔥12❤2
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Brut Security - Bug Bounty POC's
▶️New bug bounty target! Check out ⡈⠇⣂⡠⡁⠌⡁⠔⠪⣁⠥⢃⡡⣄⢆⠪⡐⢐⠇⢰⡰⠬⢆⡘⠆⢤⢰⠸⡠⡔⢨⣁⠃⢔⡑⡂⠓⢠⢅⢤⡠⡢⡑⣁⡒⢤⢨ for details on their vulnerability disclosure program. Happy hunting! 👑✨
❤11
⭐ Hacking XSS with Browsers https://hackerone.com/reports/1209098
🤣39❤3🔥2🗿1
?rest_route) to detect installed plugins without brute-force.https://github.com/Chocapikk/wpprobePlease open Telegram to view this post
VIEW IN TELEGRAM
❤16🔥6
Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Brut Security - Bug Bounty POC's
⚡️Browse and search bug bounty programs from various platforms.
☄️https://menaxa.xyz/programs
❗️For Queries @brutsecurity_bot
☄️https://menaxa.xyz/programs
❗️For Queries @brutsecurity_bot
❤10
Hey Hunter's,
DarkShadow here back again, just dropping a simple dork that find every VDP in worl wide 😎
#bugbountytips #infosec #dork
DarkShadow here back again, just dropping a simple dork that find every VDP in worl wide 😎
(body="/responsible-disclosure" || body="/.well-known/security.txt") && port="443"
#bugbountytips #infosec #dork
🔥16❤8😁4🐳2🗿2👍1
Hey guys, DarkShadow here — back again.
You ever tried peeking inside a login panel that hits you with a 401 Unauthorized?
No login, no creds — just pure access to the content behind it.
I’ve got a wild dorking trick for that.
Not your regular Google dork — this one’s different. Real different. 😈
You interested?
Let me know — this one’s gonna blow your mind. 💥
You ever tried peeking inside a login panel that hits you with a 401 Unauthorized?
No login, no creds — just pure access to the content behind it.
I’ve got a wild dorking trick for that.
Not your regular Google dork — this one’s different. Real different. 😈
You interested?
Let me know — this one’s gonna blow your mind. 💥
🔥32👍5😱5🗿4❤3
Please open Telegram to view this post
VIEW IN TELEGRAM
❤17🐳1
Which Android emulator do you use for mobile pentesting?
Anonymous Poll
42%
Android Studio
29%
Genymotion
7%
Bluestacks
16%
Nox Player
7%
LDAP Player
😢9❤3👨💻1
Brut Security
Which Android emulator do you use for mobile pentesting?
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9
Brut Security
Hey guys, DarkShadow here — back again. You ever tried peeking inside a login panel that hits you with a 401 Unauthorized? No login, no creds — just pure access to the content behind it. I’ve got a wild dorking trick for that. Not your regular Google dork…
Hey Hunters,
DarkShadow here — back with a slick trick to bypass basic auth on certain subdomains! 😎
Seen those subdomains with login pop-ups? Yep, the classic 401 Unauthorized. Usually, you can’t access anything without creds.
But here’s the twist…
🔍 Find 401 subdomains with:
Got one? Nice.
💥 Bypass trick:
If the target leaks any files or fingerprints (like JS, PDF, XLS, etc.) in public indexes (like FOFA), you can often access them without auth!
🧠 FOFA dork to find leaked files:
If you got 200 OK, boom 💣 — you’re in.
In my test, I found a JS file that loaded fully in FOFA, even though it normally prompts for login.
So guys, did you like my basic this recon trick? Want more from DarkShadow?
#bypass
DarkShadow here — back with a slick trick to bypass basic auth on certain subdomains! 😎
Seen those subdomains with login pop-ups? Yep, the classic 401 Unauthorized. Usually, you can’t access anything without creds.
But here’s the twist…
🔍 Find 401 subdomains with:
domain="target.com" && status_code="401"
Got one? Nice.
💥 Bypass trick:
If the target leaks any files or fingerprints (like JS, PDF, XLS, etc.) in public indexes (like FOFA), you can often access them without auth!
🧠 FOFA dork to find leaked files:
domain="401.target.subdomain" && (body=".php"body=".pdf" body=".xls"body=".html" body=".js"body=".json" body=".jpg"body=".conf" body=".jsp" || body=".css")
If you got 200 OK, boom 💣 — you’re in.
In my test, I found a JS file that loaded fully in FOFA, even though it normally prompts for login.
💡 Pro tip: Save the code, render it locally — and access internal content without creds!
So guys, did you like my basic this recon trick? Want more from DarkShadow?
#bypass
👏24❤15🔥6👍5🗿2🐳1
#BrutDroid #AndroidHacking #BugBounty #Frida #BurpSuite #Pentesting #AutomationTools #BrutSecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Android SSL Pinning Bypass | Magisk, Frida & Burp Suite Configuration for Android Studio | BrutDroid
🚀 BrutDroid v1.0.0 is here — your all-in-one Android emulator pentesting toolkit for pentesters, red teamers & bug bounty hunters!
⚡ Automate Frida server setup, root Android emulators with Magisk + rootAVD, install Burp certs system-wide, and bypass SSL…
⚡ Automate Frida server setup, root Android emulators with Magisk + rootAVD, install Burp certs system-wide, and bypass SSL…
🔥45❤7👍7😁2
Brut Security pinned «🚨 Introducing BrutDroid – The Ultimate Android Emulator Automation Toolkit🚨 ✨ Root, Bypass, Intercept — all in just a few clicks. ✨ Powered by Frida, Magisk & Burp. Designed for Hackers. 💥 Automate your mobile testing workflow. 💥 Clean UI, real power, zero hassle.…»