Show Some Love Guyss ππ
https://brutsecurity.medium.com/brutdroid-the-ultimate-beginners-tool-to-set-up-an-android-pentesting-lab-15d2e92e2d67
Medium
π BrutDroid: The Ultimate Beginnerβs Tool to Set Up an Android Pentesting Lab
β¨ Build your own Android Pentesting playground with zero headaches.
β€13π₯6π1
Brut Security pinned Β«Show Some Love Guyss ππ
https://brutsecurity.medium.com/brutdroid-the-ultimate-beginners-tool-to-set-up-an-android-pentesting-lab-15d2e92e2d67Β»
β‘Detects sensitive files on the web server.
cat allurls.txt | grep -E "\.xls|\.xml|\.xlsx|\.json|\.pdf|\.sql|\.doc|\.docx|\.pptx|\.txt|\.zip|\.tar\.gz|\.tgz|\.bak|\.7z|\.rar|\.log|\.cache|\.secret|\.db|\.backup|\.yml|\.gz|\.config|\.csv|\.yaml|\.md|\.md5"
β€21π5π2
a free online tool designed to generate dorks for precise, professional search. Built for the #OSINT community, ready to use. Better queries lead to better intelligence.π§
π syntax.goldenowl.ai
π syntax.goldenowl.ai
π€9π₯7β€5π1
π―wtfis - Passive hostname, domain and IP lookup tool for non-robots
β https://github.com/pirxthepilot/wtfis
β https://github.com/pirxthepilot/wtfis
β€8
CVE-2025-48367: DoS in Redis, 7.0 ratingβοΈ
One of two recent vulnerabilities discovered in Redis. Allows an attacker to perform a DoS, while the other allows an attacker to write out of bounds on hyperloglog operations, potentially leading to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/Lve8A
π Dork: redis:*
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
One of two recent vulnerabilities discovered in Redis. Allows an attacker to perform a DoS, while the other allows an attacker to write out of bounds on hyperloglog operations, potentially leading to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/Lve8A
π Dork: redis:*
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
π₯8π€1
π― TryHackMe Voucher Giveaway at 1000 Members! π―
Weβre on the road to 1,000 members in our Discord community! π
Currently at 700+ strong, and once we hit 1K, weβll be giving away a TryHackMe Voucher to Three lucky member! ππ»
π’ What You Need to Do:
Join the Discord: https://discord.gg/u7uMFV833h
Stay active, invite your friends
Once we reach 1,000 members, the giveaway will go live!
π’ Letβs grow this amazing community together β learning, hacking, and winning! π₯
Weβre on the road to 1,000 members in our Discord community! π
Currently at 700+ strong, and once we hit 1K, weβll be giving away a TryHackMe Voucher to Three lucky member! ππ»
π’ What You Need to Do:
Join the Discord: https://discord.gg/u7uMFV833h
Stay active, invite your friends
Once we reach 1,000 members, the giveaway will go live!
π’ Letβs grow this amazing community together β learning, hacking, and winning! π₯
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 950 other members and enjoy free voice and text chat.
π₯3β€2
CVE-2025-42963: Deserialization of Untrusted Data in SAP NetWeaver Application server for Java, 9.1 rating π₯
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
π Link: https://nt.ls/0c6Ud
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
π Link: https://nt.ls/0c6Ud
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
π₯5
βΆοΈ It's LIVE!
πSubWatch β your next favorite tool for automated VPS subdomain monitoring! π
β Supported On VPS
β Runs every 6 hours
β Sends newly found subdomains directly to your Discord
β Includes .txt file + message alerts
β Perfect for bug bounty hunters & recon workflows
π½οΈ Watch the YouTube video & get started now:
π https://youtu.be/BkpSQKSTFUI
π₯ Download & Readme on GitHub:
π https://github.com/Brut-Security/SubWatch
π§ Powered by: subfinder, anew, jq, notify
Built with π by Brut Security
β€οΈ Give it a try, share it with your team, and drop your reactions below!
πSubWatch β your next favorite tool for automated VPS subdomain monitoring! π
β Supported On VPS
β Runs every 6 hours
β Sends newly found subdomains directly to your Discord
β Includes .txt file + message alerts
β Perfect for bug bounty hunters & recon workflows
π½οΈ Watch the YouTube video & get started now:
π https://youtu.be/BkpSQKSTFUI
π₯ Download & Readme on GitHub:
π https://github.com/Brut-Security/SubWatch
π§ Powered by: subfinder, anew, jq, notify
Built with π by Brut Security
β€οΈ Give it a try, share it with your team, and drop your reactions below!
YouTube
π¨ New Subdomain Monitoring Tool for Bug Bounty Hunters! | Brut Security
π‘οΈ Introducing SubWatch: Automated Subdomain Monitoring Script by Brut Security
Stay one step ahead in your recon game!
This tool continuously monitors your target domains for new subdomains using subfinder, stores historical data, and sends alerts directlyβ¦
Stay one step ahead in your recon game!
This tool continuously monitors your target domains for new subdomains using subfinder, stores historical data, and sends alerts directlyβ¦
β€15
π¨CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
β€3π₯3
CVE-2025-49704: Code Injection in Microsoft SharePoint, 8.8 ratingβοΈ
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrVπ Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrVπ Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
β€4
π¨ Bug Bounty Tip: Takeover Vulnerable S3 Buckets in Under a Minute! βοΈ
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
π Then check for public S3 buckets:
π If the bucket name isnβt obvious:
β οΈ Found a vulnerable bucket? Donβt delete anything!
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
echo REDACTED.COM | cariddi | grep js | tee js_files | httpx -mc 200 | nuclei -tags aws,amazon
π Then check for public S3 buckets:
aws s3 ls s3://REDACTEDCOM.s3.amazonaws.com
π If the bucket name isnβt obvious:
echo REDACTED.COM | cariddi -e -s -info
β οΈ Found a vulnerable bucket? Donβt delete anything!
# Do NOT run this. Just for awareness:
aws s3 rm s3://REDACTEDCOM.s3.amazonaws.com --recursive
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
β€11π7π₯4πΏ2
π‘οΈ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
β Bypass Payload
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
(select(0)from(select(sleep(10)))v) β 403 Forbidden
β Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
β€35π5πΏ4π1
β‘SSTImap - Automatic SSTI detection tool with interactive interface
β https://github.com/vladko312/SSTImap
β https://github.com/vladko312/SSTImap
β€11π3
Tired of switching tabs for OSINT and recon? Just join our Discord and type sudo help to unlock powerful tools in seconds!
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
1π«‘8β€4