Full Walkthrough - https://youtu.be/bDxgilaYcE8
YouTube
BrutDroid 2.0 - Automate Android Studio Pentesting with Frida & Burp Suite
🚀 Unleash the power of BrutDroid 2.0, the ultimate Android Studio Pentest Automator! Built for Windows and optimized for Android Studio, this tool automates emulator rooting, Frida server setup, and Burp Suite certificate installation, making mobile pentesting…
❤16🔥1
We are on headlines. Thanks Everyone!
https://esgeeks.com/brutdroid-kit-automatizacion-emuladores-android/
https://esgeeks.com/brutdroid-kit-automatizacion-emuladores-android/
EsGeeks
BrutDroid: Kit de Automatización para Emuladores Android » EsGeeks
Automatiza pruebas de seguridad en emuladores Android con BrutDroid. Rootea, configura Frida y Burp. Ideal para pentesters y red teamers.
🫡7❤6
Forwarded from Brut Security 2.0
Asset inventory of over 800 public bug bounty programs.
https://github.com/trickest/inventory
❤8👍6
CVE-2025-53770: Deserialization of Untrusted Data in Microsoft SharePoint, 9.8 rating 🔥
The most high-profile recent vulnerability allows an attacker to perform RCE on a Microsoft SharePoint server. Hackers are already exploiting it, so be careful!
Search at Netlas.io:
👉 Link: https://nt.ls/Ix8gb
👉 Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
The most high-profile recent vulnerability allows an attacker to perform RCE on a Microsoft SharePoint server. Hackers are already exploiting it, so be careful!
Search at Netlas.io:
👉 Link: https://nt.ls/Ix8gb
👉 Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
🔥11❤3
Mapperplus is an advanced tool by @silentgh00st that helps find and extract JavaScript sourcemap files from JS files using a headless browser!🤠
https://github.com/midoxnet/mapperplus
https://github.com/midoxnet/mapperplus
GitHub
GitHub - midoxnet/mapperplus: MapperPlus facilitates the extraction of source code from a collection of targets that have publicly…
MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files. - midoxnet/mapperplus
❤10
Forwarded from Brut Security
🚨 New Batch Starting – August 2025 🚨
Brut Practical Web Penetration Testing (bPWP)
We’re back with a fresh batch of our most in-demand training – Brut Practical Web Penetration Testing – starting this August!
🔍 Learn the art of Web Hacking with:
✅ 100% Practical Sessions
✅ Bug Bounty Approach
✅ Real-World Lab Scenarios
✅ Lifetime Community Access
✅ Beginner-Friendly with Advanced Techniques
💻 Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
📆 Limited Seats – Enroll Now
🌐 https://brutsec.com/bPWP
📩 For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
Email: [email protected]
Brut Practical Web Penetration Testing (bPWP)
We’re back with a fresh batch of our most in-demand training – Brut Practical Web Penetration Testing – starting this August!
🔍 Learn the art of Web Hacking with:
✅ 100% Practical Sessions
✅ Bug Bounty Approach
✅ Real-World Lab Scenarios
✅ Lifetime Community Access
✅ Beginner-Friendly with Advanced Techniques
💻 Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
📆 Limited Seats – Enroll Now
🌐 https://brutsec.com/bPWP
📩 For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
+918945971332Email: [email protected]
❤5
⭐Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
🚨Features:
Filters S3Buckets
Extract ACL permissions
Download recorded buckets
Manage recorded buckets
Tab-specific bucket recording
✅https://github.com/AlecBlance/S3BucketList
🚨Features:
Filters S3Buckets
Extract ACL permissions
Download recorded buckets
Manage recorded buckets
Tab-specific bucket recording
✅https://github.com/AlecBlance/S3BucketList
🔥16❤4
⭐PACU - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
✅https://github.com/RhinoSecurityLabs/pacu
✅https://github.com/RhinoSecurityLabs/pacu
❤13🔥8
⭐CYFARE-Reconner - Advanced Link Reconnaissance Extension For Firefox
✨ Features
Deep Discovery
Secret Detection
URL Analysis
✅https://github.com/CYFARE/CYFARE-Reconner
✨ Features
Deep Discovery
Secret Detection
URL Analysis
✅https://github.com/CYFARE/CYFARE-Reconner
❤12👍2
Akamai CloudTest - XXE Injection
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection through the /concerto/services/RepositoryService SOAP endpoint.
Get: https://github.com/MuhammadWaseem29/CVE-2025-49493-Poc
References:
1. https://xbow.com/blog/xbow-akamai-cloudtest-xxe/
2. https://techdocs.akamai.com/cloudtest/changelog/june-2-2025-enhancements-and-bug-fixes
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection through the /concerto/services/RepositoryService SOAP endpoint.
Get: https://github.com/MuhammadWaseem29/CVE-2025-49493-Poc
References:
1. https://xbow.com/blog/xbow-akamai-cloudtest-xxe/
2. https://techdocs.akamai.com/cloudtest/changelog/june-2-2025-enhancements-and-bug-fixes
🔥5❤4
Looking for a freelancer, familiar with FB, Instagram and Whatsapp marketing.
Send your resume to [email protected]
Send your resume to [email protected]
🚨CVE-2025-0133 : Payload + Template
Payload:
Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
Payload:
%3Csvg%20xmlns%3D%22http%3A%2F%https://2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3EWrite-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
❤7👍4
⚡️AWS PENTESTING NOTES
✅https://docs.google.com/spreadsheets/d/1PfxDsIcORE4NYi_vY_T9Sdq3ZooDRvco/htmlview#
✅
Google Docs
AWS Pentesting Notes.xlsx
❤10🔥5🐳1
↳ s3dns - a lightweight DNS server that helps uncover cloud storage buckets (AWS S3, Google Cloud Storage, and Azure Blob) by resolving DNS requests, tracing CNAMEs, and matching known bucket URL patterns.
What it does?
• Resolves CNAME records to uncover hidden S3 locations
• Detects AWS S3 bucket URL patterns
• Helps find potentially exposed S3 buckets
• Easy to deploy via Docker
Installation
Repository: Github
What it does?
• Resolves CNAME records to uncover hidden S3 locations
• Detects AWS S3 bucket URL patterns
• Helps find potentially exposed S3 buckets
• Easy to deploy via Docker
Installation
git clone https://github.com/olizimmermann/s3dns.git
cd s3dns
pip install -r requirements.txt
Repository: Github
❤10👍4🗿3