Brut Security
๐ Bug Bounty Tip โ PDF Keyword Crawler Hunting for sensitive info in public PDFs? ๐งฉ Use PDF Keyword Crawler Firefox add-on ๐ Load your urls.txt (with .pdf links) ๐ It scans for sensitive keywords automatically! ๐ง Great for discovering leaked secrets, credsโฆ
Otterly
Mass Hunting for Leaked Sensitive Documents For Bug Bounties - Otterly
I will cover my own approach, how it is possible to massively hunt for leaked documents which contains PII or other sensitive data.
โค8๐ฅ5
โกPoC Exploit for the NTLM reflection SMB flaw CVE-2025-33073
โ https://github.com/mverschu/CVE-2025-33073
๐Follow Brut on X
โ https://github.com/mverschu/CVE-2025-33073
๐Follow Brut on X
โค5๐ฅ3๐1
โก๏ธOutdated but Helpful Some MySQL tricks to break some #WAFs out there. โ๏ธ by @BRuteLogic
#infosec #cybersec #bugbountytips
SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`#infosec #cybersec #bugbountytips
โค35๐7๐ฑ3๐ฟ2๐ซก1
Where is the reactions? Please Keep Supporting Us by giving reactoins!
1๐22โค11๐ฅ7๐5
๐จ CVE-2025-0133 - medium ๐จ
PAN-OS - Reflected Cross-Site Scripting
> A reflected cross-site scripting (XSS) vulnerability in the GlobalProtectโข gateway
๐พ https://t.co/pk8n5FJa8K
PAN-OS - Reflected Cross-Site Scripting
> A reflected cross-site scripting (XSS) vulnerability in the GlobalProtectโข gateway
๐พ https://t.co/pk8n5FJa8K
cloud.projectdiscovery.io
PAN-OS - Reflected Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtectโข gateway and portal features of Palo Alto Networks PAN-OSยฎ software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when theyโฆ
โค11
Get a 15-day free ZoomEye membership โ just follow https://x.com/zoomeye_team and DM โ
Brut Securityโ to claim, no payment needed!X (formerly Twitter)
ZoomEye (@zoomeye_team) on X
A cyberspace search engine built for security researcher
Daily Tricks || Latest Vulnerability Updates
Email: [email protected]
https://t.co/AUq5jNpKkl
Daily Tricks || Latest Vulnerability Updates
Email: [email protected]
https://t.co/AUq5jNpKkl
๐8โค1
CVE-2025-4278, -5121, 2254 and other: Multiple vulnerabilities in GitLab, 3.7 - 8.7 ratingโ๏ธ
In recent patch notes, GitLab reported ten vulnerabilities, including HTML injection, XSS, DoS, and more.
Search at Netlas.io:
๐ Link: https://nt.ls/dq6qU
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/#cve-2025-5121---missing-authorization-issue-impacts-gitlab-ultimate-ee
In recent patch notes, GitLab reported ten vulnerabilities, including HTML injection, XSS, DoS, and more.
Search at Netlas.io:
๐ Link: https://nt.ls/dq6qU
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/#cve-2025-5121---missing-authorization-issue-impacts-gitlab-ultimate-ee
โค9
CF-Hero is a simple tool that helps you discover the origin IP of Cloudflare-protected servers using multiple sources! ๐
๐ github.com/musana/CF-Hero
๐ github.com/musana/CF-Hero
GitHub
GitHub - musana/CF-Hero: CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses ofโฆ
CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications - musana/CF-Hero
๐ฅ10โค4๐ฟ1
๐ฎ๐ณ Operation CyberShakti
Independence Day Special Batch
Only for Beginners
๐ป Ethical Hacking & Web Pentesting
๐ Duration: 2 Months (Live Classes)
๐ฅ 10 Students Per Batch
๐ฐ โน3999
๐ https://brutsec.com/CyberShakti.pdf
๐ฉ Join / Ask Queries
Telegram: @wtf_brut
WhatsApp: wa.link/brutsecurity
https://wa.me/+918945971332
No experience? No problem.
Learn from scratch. Build real skills.
Only at Brut Security.
#OperationCyberShakti #BrutSecurity #EthicalHacking #BugBounty #Cybersecurity #BeginnersOnly
Independence Day Special Batch
Only for Beginners
๐ป Ethical Hacking & Web Pentesting
๐ Duration: 2 Months (Live Classes)
๐ฅ 10 Students Per Batch
๐ฐ โน3999
๐ https://brutsec.com/CyberShakti.pdf
๐ฉ Join / Ask Queries
Telegram: @wtf_brut
WhatsApp: wa.link/brutsecurity
https://wa.me/+918945971332
No experience? No problem.
Learn from scratch. Build real skills.
Only at Brut Security.
#OperationCyberShakti #BrutSecurity #EthicalHacking #BugBounty #Cybersecurity #BeginnersOnly
1โค12๐ฅ2๐ค1
This media is not supported in your browser
VIEW IN TELEGRAM
๐ต๏ธโโ๏ธ Bug Bounty Tip - Extract JavaScript File URLs from Any Page!
Forget opening DevTools - use this bookmarklet to instantly extract all .js file URLs and download them in a .txt file.
๐ Why this matters:
Quickly collect all linked JavaScript files
Use them for static analysis (LinkFinder, SecretFinder, etc.)
Great for recon, endpoint discovery & auth bypasses
๐ Bookmarklet Code:
๐ก How to use:
Create a new bookmark in your browser.
Paste the above code into the URL field.
Visit a target site and click the bookmark.
A javascript_urls.txt file will be downloaded with all .js links.
๐ฅ Now you can feed that into:
LinkFinder
SecretFinder
JSParser
Or manual analysis!
Forget opening DevTools - use this bookmarklet to instantly extract all .js file URLs and download them in a .txt file.
๐ Why this matters:
Quickly collect all linked JavaScript files
Use them for static analysis (LinkFinder, SecretFinder, etc.)
Great for recon, endpoint discovery & auth bypasses
๐ Bookmarklet Code:
javascript:(function(){let urls=[];document.querySelectorAll('*').forEach(e=>{urls.push(e.src,e.href,e.url)});urls=[...new Set(urls)].filter(u=>u&&u.endsWith('.js')).join('\n');let blob=new Blob([urls],{type:'text/plain'});let a=document.createElement('a');a.href=URL.createObjectURL(blob);a.download='javascript_urls.txt';a.click();})();๐ก How to use:
Create a new bookmark in your browser.
Paste the above code into the URL field.
Visit a target site and click the bookmark.
A javascript_urls.txt file will be downloaded with all .js links.
๐ฅ Now you can feed that into:
LinkFinder
SecretFinder
JSParser
Or manual analysis!
๐ฅ30โค21๐2๐2๐ณ1๐ค1
โกDependency Confusion via JS Miner
@GodfatherOrwa just landed a clean P1 by leveraging JS Miner in Burp Suite ๐ฅ
Hereโs how it went down ๐
๐งฉ After crawling all endpoints, he went to:
Target โ Extensions โ JS Miner โ Run All Passive Scans
๐ฅ Thatโs when he spotted: [JS Miner] Dependency Confusion
The vulnerable package was unclaimed on NPM ๐
๐ฆ Next steps he followed:
After claiming the package, he injected an RCE payload via
๐งช Full POC: github.com/orwagodfather/NPM-RCE
๐ฃ Result? A solid P1 vulnerability and a perfect example of how effective Dependency Confusion still is.
Props to @GodfatherOrwa for consistently dropping fire techniques ๐ฅ
@GodfatherOrwa just landed a clean P1 by leveraging JS Miner in Burp Suite ๐ฅ
Hereโs how it went down ๐
๐งฉ After crawling all endpoints, he went to:
Target โ Extensions โ JS Miner โ Run All Passive Scans
๐ฅ Thatโs when he spotted: [JS Miner] Dependency Confusion
The vulnerable package was unclaimed on NPM ๐
๐ฆ Next steps he followed:
npm login
mkdir <package-name> && cd <package-name>
npm init -y
npm publish --access public
After claiming the package, he injected an RCE payload via
package.json๐งช Full POC: github.com/orwagodfather/NPM-RCE
๐ฃ Result? A solid P1 vulnerability and a perfect example of how effective Dependency Confusion still is.
Props to @GodfatherOrwa for consistently dropping fire techniques ๐ฅ
GitHub
GitHub - orwagodfather/NPM-RCE: the POC of package.json RCE
the POC of package.json RCE. Contribute to orwagodfather/NPM-RCE development by creating an account on GitHub.
๐ฅ16โค8๐ฟ4๐1
๐ Bug Bounty Web Checklist
โ Track your web pentesting progress by checking each subcategory.
๐https://nemocyberworld.github.io/BugBountyCheckList/
โ Track your web pentesting progress by checking each subcategory.
๐https://nemocyberworld.github.io/BugBountyCheckList/
โค24๐9
BBRecon Masterflow - 2025.pdf
30.4 KB
๐ Bug Bounty Recon Masterflow โ 2025 Edition ๐
๐9โค6๐4๐จโ๐ป3
Grab all the GF Patterns from different Repositories at one shot !! ๐ฅ
*Link* : https://github.com/thecybertix/GF-Patterns
*Link* : https://github.com/thecybertix/GF-Patterns
GitHub
GitHub - thecybertix/GF-Patterns: This repository contains all the GF-Patterns Repositories. All we have to do is just to run theโฆ
This repository contains all the GF-Patterns Repositories. All we have to do is just to run the given Shell File and it's Done !! - thecybertix/GF-Patterns
๐7๐ฅ2โค1
โ๏ธ Nuclei forge: free tool that helps you visually create Nuclei YAML templates !๐ฅ
created by @payloadartist ! ๐
https://forge.bugbountyhunting.com
created by @payloadartist ! ๐
https://forge.bugbountyhunting.com
๐16โค7
๐ Wayback Subdomain Enumeration via Bash
Want to uncover hidden subdomains archived over time? This handy Bash function pulls subdomains from the Wayback Machine and helps with deep reconnaissance.
โ Add this to your ~/.bashrc:
๐งช Usage:
It filters subdomains from archived URLs and sorts them uniquely.
Want to uncover hidden subdomains archived over time? This handy Bash function pulls subdomains from the Wayback Machine and helps with deep reconnaissance.
โ Add this to your ~/.bashrc:
function wayback() {
curl -sk "https://web.archive.org/cdx/search/cdx?url=*.$1&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u
}๐งช Usage:
wayback target.comIt filters subdomains from archived URLs and sorts them uniquely.
๐ฅ18โค11๐8