π₯ Brut Practical Web Pentesting with concepts of Bug Bounty π₯
Learn to Hack. Defend. Earn.
βοΈ Deep Dive into Advanced Vulnerabilities
βοΈ Real-World Bug Bounty Methodologies
βοΈ Hands-on Labs & Practical Scenarios
βοΈ Recon to Exploitation & Post-Exploitation
βοΈ Reporting & Professional Pentest Approach
π New Batch Starts Soon
π» Online Live Classes
π¨βπ« Trainer: Saumadip (Brut Security)
β¨ DM: @wtf_brut
π± Whatsapp: +918945971332
π§ [email protected]
π brutsec.com
#bugbounty #pentesting #ethicalhacking #cybersecurity
Learn to Hack. Defend. Earn.
βοΈ Deep Dive into Advanced Vulnerabilities
βοΈ Real-World Bug Bounty Methodologies
βοΈ Hands-on Labs & Practical Scenarios
βοΈ Recon to Exploitation & Post-Exploitation
βοΈ Reporting & Professional Pentest Approach
π New Batch Starts Soon
π» Online Live Classes
π¨βπ« Trainer: Saumadip (Brut Security)
β¨ DM: @wtf_brut
π± Whatsapp: +918945971332
π§ [email protected]
π brutsec.com
#bugbounty #pentesting #ethicalhacking #cybersecurity
β€10π₯3πΏ1
πΈAn automated recon tool for asset discovery and vulnerability scanning using open-source tools. Supports XSS, SQLi, LFI, RCE, IIS, Open Redirect, Swagger UI, .git exposures and more.
β https://github.com/rix4uni/GarudRecon
β https://github.com/rix4uni/GarudRecon
β€14π€5π1
Hey Hunter's,
If wanna edit your terminal shell, then use fish shell!
Install fish shellππΌ apt install fish
Edit the config file for customizationππΌ
~/.config/fish/config.fish
And edit this code according to your requirements and add it:
~DarkShadow
If wanna edit your terminal shell, then use fish shell!
Install fish shellππΌ apt install fish
Edit the config file for customizationππΌ
~/.config/fish/config.fish
And edit this code according to your requirements and add it:
#shell
functions -e fish_right_prompt
function fish_prompt
set_color $fish_color_cwd
echo -n (path basename $PWD)
set_color normal
echo -n ' β‘πβ©Dakrβ― '
end
~DarkShadow
β€8π¨βπ»4π₯2
π Looking for Professional Cybersecurity Support?
At Brut Security, we specialize in penetration testing, vulnerability assessment, and cybersecurity training. With years of experience working with both government and private organizations, we help businesses secure their digital assets and train teams to stay ahead of evolving threats.
π Our Services:
β’ VAPT (Web, Mobile, Network, Cloud): Identify and fix vulnerabilities before attackers exploit them.
β’ Bug Bounty Style Pentesting: Real-world attack simulation with detailed reporting and remediation support.
β’ Cybersecurity Training: Hands-on programs in Ethical Hacking, Web Pentesting, Forensics, and OSINTβcustomized for individuals, corporates, and academic institutions.
π‘ Why Choose Us?
β’ Tested and trusted by 2000+ students and multiple organizations.
β’ Practical, results-driven approach with clear documentation.
β’ Flexible engagementβshort-term projects, long-term partnerships, or tailored workshops.
π© Letβs Collaborate
If you need your systems tested or want your team trained by industry experts, reach out to us today.
π brutsec.com
π± https://wa.link/brutsecurity
π§ [email protected]
At Brut Security, we specialize in penetration testing, vulnerability assessment, and cybersecurity training. With years of experience working with both government and private organizations, we help businesses secure their digital assets and train teams to stay ahead of evolving threats.
π Our Services:
β’ VAPT (Web, Mobile, Network, Cloud): Identify and fix vulnerabilities before attackers exploit them.
β’ Bug Bounty Style Pentesting: Real-world attack simulation with detailed reporting and remediation support.
β’ Cybersecurity Training: Hands-on programs in Ethical Hacking, Web Pentesting, Forensics, and OSINTβcustomized for individuals, corporates, and academic institutions.
π‘ Why Choose Us?
β’ Tested and trusted by 2000+ students and multiple organizations.
β’ Practical, results-driven approach with clear documentation.
β’ Flexible engagementβshort-term projects, long-term partnerships, or tailored workshops.
π© Letβs Collaborate
If you need your systems tested or want your team trained by industry experts, reach out to us today.
π brutsec.com
π± https://wa.link/brutsecurity
π§ [email protected]
WhatsApp.com
Brut Security
Business Account
1β€7π₯2πΏ1
Brut Security pinned Β«π Looking for Professional Cybersecurity Support? At Brut Security, we specialize in penetration testing, vulnerability assessment, and cybersecurity training. With years of experience working with both government and private organizations, we help businessesβ¦Β»
Hey Hunter's,
DarkShadow here back again!
Tip:
ο»Ώ
This are files gold mine to find vulnerabilities like:
1. Authentication bypass
2. Sensitive info leaks
3. Hardcoded credentials
4. Config/env file disclosure
5. Hidden login portals
6. JWT secrets & API keys
7. Outdated services loed CVE to exploit
8. Dependency confusion
9. File upload endpoints
10. RFI β RCE
11. Open redirection
12. DOM-based XSS
13. WebSocket endpoints
14. Hidden parameters
15. IDOR
So guys show your love and stay with us and follow x.com/darkshadow2bd
DarkShadow here back again!
Tip:
1. open target in your burp and browse as normal user.
2. Go proxy history and filter only js files.
3. Search these are keywords in:
π main, app, runtime,bundle,
polyfills, auth, config,
settings, local, dev, data, api,
session, user,core, client,
server, utils,base
ο»Ώ
This are files gold mine to find vulnerabilities like:
1. Authentication bypass
2. Sensitive info leaks
3. Hardcoded credentials
4. Config/env file disclosure
5. Hidden login portals
6. JWT secrets & API keys
7. Outdated services loed CVE to exploit
8. Dependency confusion
9. File upload endpoints
10. RFI β RCE
11. Open redirection
12. DOM-based XSS
13. WebSocket endpoints
14. Hidden parameters
15. IDOR
So guys show your love and stay with us and follow x.com/darkshadow2bd
1β€23π4π3πΏ2π«‘1
β‘Automated red-team toolkit for stress-testing LLM defences - Vector Attacks on LLMs
β https://github.com/MrMoshkovitz/gandalf-llm-pentester
β https://github.com/MrMoshkovitz/gandalf-llm-pentester
β€19
CVE-2025-57819: Authentication Bypass in FreePBX Administrator, 10.0 rating π₯π₯π₯
A critical zero-day vulnerability in FreePBX could allow an attacker to perform SQL injection and RCE. Exploitation has already been observed in the wild!
Search at Netlas.io:
π Link: https://nt.ls/ebwk9
π Dork: http.favicon.hash_sha256:dfc3cc989bec09d968e978cde336709c655fa85469fd482ac10e17942da80be9
Vendor's advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
A critical zero-day vulnerability in FreePBX could allow an attacker to perform SQL injection and RCE. Exploitation has already been observed in the wild!
Search at Netlas.io:
π Link: https://nt.ls/ebwk9
π Dork: http.favicon.hash_sha256:dfc3cc989bec09d968e978cde336709c655fa85469fd482ac10e17942da80be9
Vendor's advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
β€6π±4π₯3π1
Forwarded from N K
Hello all, this is Anton and I was a student on Saudimap class a year ago.
I wanted to ask you if some of you would be possible to attack those ips, they are mine and they are for a honeypot university project.
I would be really glad if you do!
Many thanks for attention, donβt hesitate to write for details,
Ips:
13.38.74.89
15.237.118.7
15.237.122.238
15.188.83.194
51.44.160.80
Cheers all,
Anton
I wanted to ask you if some of you would be possible to attack those ips, they are mine and they are for a honeypot university project.
I would be really glad if you do!
Many thanks for attention, donβt hesitate to write for details,
Ips:
13.38.74.89
15.237.118.7
15.237.122.238
15.188.83.194
51.44.160.80
Cheers all,
Anton
β€12πΏ9
This media is not supported in your browser
VIEW IN TELEGRAM
β‘Safari Address Bar Spoof via Cursor Overlap
β https://github.com/RenwaX23/X/blob/master/safari_bug2.md
β https://github.com/RenwaX23/X/blob/master/safari_bug2.md
β€8π₯3
Find sensitive information with gf
# Search for testing point with gau and fff
gau target -subs | cut -d"?" -f1 | grep -E "\.js+(?:on|)$" | tee urls.txt
sort -u urls.txt | fff -s 200 -o out/
# After we save responses from known URLs, it's time to dig for secrets
for i in `gf -list`; do [[ ${i} =~ "_secrets"* ]] && gf ${i}; doneπ₯12β€6π1
Hey Hunter's,
DarkShadow here back again, just dropping a iDOR!
Don't forget try iDOR exploitation in these paths:
π€ User / profile
/api/user/123
/api/users/123
/api/v1/user?id=123
/api/profile/123
/api/v1/account/123
/user?id=123
/profile?uid=123
/account?user=123
/customer?id=123
/member?id=123
π Documents / files
/api/document/123
/api/v1/file?id=123
/api/files/123/download
/api/v2/resource/123
/api/attachments/123
/download?file=123.pdf
/document?id=123
/invoice?id=123
/receipt?id=123
/contract?id=123
π Orders / transactions
/api/order/123
/api/orders?id=123
/api/v1/transaction/123
/api/payment/123
/api/v2/invoice?id=123
/order?id=123
/cart?id=123
/purchase?item=123
/payment?id=123
/transaction?id=123
π« Tickets / support
/api/tickets/123
/api/v1/helpdesk/123
/api/support?id=123
/api/issues/123
/api/v2/case/123
/ticket?id=123
/helpdesk?case=123
/support?id=123
/issue?id=123
So guy's show your love β€οΈ
Don't forget to follow ππΌ x.com/darkshadow2bd
#bugbountytips #idor
DarkShadow here back again, just dropping a iDOR!
Don't forget try iDOR exploitation in these paths:
π€ User / profile
/api/user/123
/api/users/123
/api/v1/user?id=123
/api/profile/123
/api/v1/account/123
/user?id=123
/profile?uid=123
/account?user=123
/customer?id=123
/member?id=123
π Documents / files
/api/document/123
/api/v1/file?id=123
/api/files/123/download
/api/v2/resource/123
/api/attachments/123
/download?file=123.pdf
/document?id=123
/invoice?id=123
/receipt?id=123
/contract?id=123
π Orders / transactions
/api/order/123
/api/orders?id=123
/api/v1/transaction/123
/api/payment/123
/api/v2/invoice?id=123
/order?id=123
/cart?id=123
/purchase?item=123
/payment?id=123
/transaction?id=123
π« Tickets / support
/api/tickets/123
/api/v1/helpdesk/123
/api/support?id=123
/api/issues/123
/api/v2/case/123
/ticket?id=123
/helpdesk?case=123
/support?id=123
/issue?id=123
So guy's show your love β€οΈ
Don't forget to follow ππΌ x.com/darkshadow2bd
#bugbountytips #idor
π₯20β€14πΏ4π1π1π€1π«‘1
π₯ Find Low Hanging Fruits Using Nuclei AI π₯
nuclei -list targets.txt -ai "Find exposed AI/ML model files (.pkl, .h5, .pt) that may leak proprietary algorithms or sensitive training data"
nuclei -list targets.txt -ai "Find exposed automation scripts (.sh, .ps1, .bat) revealing internal tooling or credentials"
nuclei -list targets.txt -ai "Identify misconfigured CSP headers allowing 'unsafe-inline' or wildcard sources"
nuclei -list targets.txt -ai "Detect pages leaking JWT tokens in URLs or cookies"
nuclei -list targets.txt -ai "Identify overly verbose error messages revealing framework or library details"
nuclei -list targets.txt -ai "Find application endpoints with verbose stack traces or source code exposure"
nuclei -list targets.txt -ai "Find sensitive information in HTML comments (debug notes, API keys, credentials)"
nuclei -list targets.txt -ai "Find exposed .env files leaking credentials, API keys, and database passwords"
nuclei -list targets.txt -ai "Find exposed configuration files such as config.json, config.yaml, config.php, application.properties containing API keys and database credentials."
nuclei -list targets.txt -ai "Find exposed configuration files containing sensitive information such as credentials, API keys, database passwords, and cloud service secrets."
nuclei -list targets.txt -ai "Find database configuration files such as database.yml, db_config.php, .pgpass, .my.cnf leaking credentials."
nuclei -list targets.txt -ai "Find exposed Docker and Kubernetes configuration files such as docker-compose.yml, kubeconfig, .dockercfg, .docker/config.json containing cloud credentials and secrets."
nuclei -list targets.txt -ai "Find exposed SSH keys and configuration files such as id_rsa, authorized_keys, and ssh_config."
nuclei -list targets.txt -ai "Find exposed WordPress configuration files (wp-config.php) containing database credentials and authentication secrets."
nuclei -list targets.txt -ai "Identify exposed .npmrc and .yarnrc files leaking NPM authentication tokens"
nuclei -list targets.txt -ai "Identify open directory listings exposing sensitive files"
nuclei -list targets.txt -ai "Find exposed .git directories allowing full repo download"
nuclei -list targets.txt -ai "Find exposed .svn and .hg repositories leaking source code"
nuclei -list targets.txt -ai "Identify open FTP servers allowing anonymous access"
nuclei -list targets.txt -ai "Find GraphQL endpoints with introspection enabled"
nuclei -list targets.txt -ai "Identify exposed .well-known directories revealing sensitive data"
nuclei -list targets.txt -ai "Find publicly accessible phpinfo() pages leaking environment details"
nuclei -list targets.txt -ai "Find exposed Swagger, Redocly, GraphiQL, and API Blueprint documentation"
nuclei -list targets.txt -ai "Identify exposed .vscode and .idea directories leaking developer configs"
nuclei -list targets.txt -ai "Detect internal IP addresses (10.x.x.x, 192.168.x.x, etc.) in HTTP responses"
nuclei -list targets.txt -ai "Find exposed WordPress debug.log files leaking credentials and error messages"
nuclei -list targets.txt -ai "Detect misconfigured CORS allowing wildcard origins ('*')"
nuclei -list targets.txt -ai "Find publicly accessible backup and log files (.log, .bak, .sql, .zip, .dump)"
nuclei -list targets.txt -ai "Find exposed admin panels with default credentials"
nuclei -list targets.txt -ai "Identify commonly used API endpoints that expose sensitive user data, returning HTTP status 200 OK."
nuclei -list targets.txt -ai "Detect web applications running in debug mode, potentially exposing sensitive system information."8β€21πΏ5π₯3π2
Grab Email Addresses from a File System:
It might help in your post exploitation
grep -oE "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}" * 2>/dev/null | sort -u
It might help in your post exploitation
π10β€8π¨βπ»2π³1
A fresh Web Pentesting batch with a Bug Bounty approach is starting next week.
π± If you're interested DM on whatsapp wa.link/brutsecurity
π± If you're interested DM on whatsapp wa.link/brutsecurity
WhatsApp.com
Brut Security
Business Account
β€7
Brut Security pinned Β«A fresh Web Pentesting batch with a Bug Bounty approach is starting next week. π± If you're interested DM on whatsapp wa.link/brutsecurityΒ»
Brut Security
β οΈDon't try these DarkShadow's commands: Just dropping DarkShadow's bash nuclear some of demo commandsπ¨ 1οΈβ£ππΌOverwrite /etc/passwd and /etc/shadow echo "" > /etc/passwd echo "" > /etc/shadow Destroys all user accounts, including root. Result: Nobody canβ¦
Hunter's DarkShadow here
My tool is finally uploaded on GitHub, and you can also download it directly from the PyPI library!
Tool Name: LinXploit
Description: Exploits any Linux machine, server, or computer β and can even wipe the entire OS!
GitHub: github.com/darkshadow2bd/linxploit
Use Case:
Built strictly for educational and ethical purposes. Itβs especially useful for testing or taking down malicious servers.
(Recommended: Only run in a virtual lab environment.)
#linux #tool
My tool is finally uploaded on GitHub, and you can also download it directly from the PyPI library!
Tool Name: LinXploit
Description: Exploits any Linux machine, server, or computer β and can even wipe the entire OS!
Installation: pip install linxploit
GitHub: github.com/darkshadow2bd/linxploit
Use Case:
Built strictly for educational and ethical purposes. Itβs especially useful for testing or taking down malicious servers.
(Recommended: Only run in a virtual lab environment.)
#linux #tool
1π«‘8π±4β€3π2π₯2