Hey Hunter's,
DarkShadow here back again, just dropping a iDOR!
Don't forget try iDOR exploitation in these paths:
👤 User / profile
/api/user/123
/api/users/123
/api/v1/user?id=123
/api/profile/123
/api/v1/account/123
/user?id=123
/profile?uid=123
/account?user=123
/customer?id=123
/member?id=123
📄 Documents / files
/api/document/123
/api/v1/file?id=123
/api/files/123/download
/api/v2/resource/123
/api/attachments/123
/download?file=123.pdf
/document?id=123
/invoice?id=123
/receipt?id=123
/contract?id=123
🛒 Orders / transactions
/api/order/123
/api/orders?id=123
/api/v1/transaction/123
/api/payment/123
/api/v2/invoice?id=123
/order?id=123
/cart?id=123
/purchase?item=123
/payment?id=123
/transaction?id=123
🎫 Tickets / support
/api/tickets/123
/api/v1/helpdesk/123
/api/support?id=123
/api/issues/123
/api/v2/case/123
/ticket?id=123
/helpdesk?case=123
/support?id=123
/issue?id=123
So guy's show your love ❤️
Don't forget to follow 👉🏼 x.com/darkshadow2bd
#bugbountytips #idor
DarkShadow here back again, just dropping a iDOR!
Don't forget try iDOR exploitation in these paths:
👤 User / profile
/api/user/123
/api/users/123
/api/v1/user?id=123
/api/profile/123
/api/v1/account/123
/user?id=123
/profile?uid=123
/account?user=123
/customer?id=123
/member?id=123
📄 Documents / files
/api/document/123
/api/v1/file?id=123
/api/files/123/download
/api/v2/resource/123
/api/attachments/123
/download?file=123.pdf
/document?id=123
/invoice?id=123
/receipt?id=123
/contract?id=123
🛒 Orders / transactions
/api/order/123
/api/orders?id=123
/api/v1/transaction/123
/api/payment/123
/api/v2/invoice?id=123
/order?id=123
/cart?id=123
/purchase?item=123
/payment?id=123
/transaction?id=123
🎫 Tickets / support
/api/tickets/123
/api/v1/helpdesk/123
/api/support?id=123
/api/issues/123
/api/v2/case/123
/ticket?id=123
/helpdesk?case=123
/support?id=123
/issue?id=123
So guy's show your love ❤️
Don't forget to follow 👉🏼 x.com/darkshadow2bd
#bugbountytips #idor
🔥20❤14🗿4👍1👏1🤝1🫡1
🔥 Find Low Hanging Fruits Using Nuclei AI 🔥
nuclei -list targets.txt -ai "Find exposed AI/ML model files (.pkl, .h5, .pt) that may leak proprietary algorithms or sensitive training data"
nuclei -list targets.txt -ai "Find exposed automation scripts (.sh, .ps1, .bat) revealing internal tooling or credentials"
nuclei -list targets.txt -ai "Identify misconfigured CSP headers allowing 'unsafe-inline' or wildcard sources"
nuclei -list targets.txt -ai "Detect pages leaking JWT tokens in URLs or cookies"
nuclei -list targets.txt -ai "Identify overly verbose error messages revealing framework or library details"
nuclei -list targets.txt -ai "Find application endpoints with verbose stack traces or source code exposure"
nuclei -list targets.txt -ai "Find sensitive information in HTML comments (debug notes, API keys, credentials)"
nuclei -list targets.txt -ai "Find exposed .env files leaking credentials, API keys, and database passwords"
nuclei -list targets.txt -ai "Find exposed configuration files such as config.json, config.yaml, config.php, application.properties containing API keys and database credentials."
nuclei -list targets.txt -ai "Find exposed configuration files containing sensitive information such as credentials, API keys, database passwords, and cloud service secrets."
nuclei -list targets.txt -ai "Find database configuration files such as database.yml, db_config.php, .pgpass, .my.cnf leaking credentials."
nuclei -list targets.txt -ai "Find exposed Docker and Kubernetes configuration files such as docker-compose.yml, kubeconfig, .dockercfg, .docker/config.json containing cloud credentials and secrets."
nuclei -list targets.txt -ai "Find exposed SSH keys and configuration files such as id_rsa, authorized_keys, and ssh_config."
nuclei -list targets.txt -ai "Find exposed WordPress configuration files (wp-config.php) containing database credentials and authentication secrets."
nuclei -list targets.txt -ai "Identify exposed .npmrc and .yarnrc files leaking NPM authentication tokens"
nuclei -list targets.txt -ai "Identify open directory listings exposing sensitive files"
nuclei -list targets.txt -ai "Find exposed .git directories allowing full repo download"
nuclei -list targets.txt -ai "Find exposed .svn and .hg repositories leaking source code"
nuclei -list targets.txt -ai "Identify open FTP servers allowing anonymous access"
nuclei -list targets.txt -ai "Find GraphQL endpoints with introspection enabled"
nuclei -list targets.txt -ai "Identify exposed .well-known directories revealing sensitive data"
nuclei -list targets.txt -ai "Find publicly accessible phpinfo() pages leaking environment details"
nuclei -list targets.txt -ai "Find exposed Swagger, Redocly, GraphiQL, and API Blueprint documentation"
nuclei -list targets.txt -ai "Identify exposed .vscode and .idea directories leaking developer configs"
nuclei -list targets.txt -ai "Detect internal IP addresses (10.x.x.x, 192.168.x.x, etc.) in HTTP responses"
nuclei -list targets.txt -ai "Find exposed WordPress debug.log files leaking credentials and error messages"
nuclei -list targets.txt -ai "Detect misconfigured CORS allowing wildcard origins ('*')"
nuclei -list targets.txt -ai "Find publicly accessible backup and log files (.log, .bak, .sql, .zip, .dump)"
nuclei -list targets.txt -ai "Find exposed admin panels with default credentials"
nuclei -list targets.txt -ai "Identify commonly used API endpoints that expose sensitive user data, returning HTTP status 200 OK."
nuclei -list targets.txt -ai "Detect web applications running in debug mode, potentially exposing sensitive system information."8❤21🗿5🔥3👍2
Grab Email Addresses from a File System:
It might help in your post exploitation
grep -oE "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}" * 2>/dev/null | sort -u
It might help in your post exploitation
👍10❤8👨💻2🐳1
A fresh Web Pentesting batch with a Bug Bounty approach is starting next week.
📱 If you're interested DM on whatsapp wa.link/brutsecurity
📱 If you're interested DM on whatsapp wa.link/brutsecurity
WhatsApp.com
Brut Security
Business Account
❤7
Brut Security pinned «A fresh Web Pentesting batch with a Bug Bounty approach is starting next week. 📱 If you're interested DM on whatsapp wa.link/brutsecurity»
Brut Security
⚠️Don't try these DarkShadow's commands: Just dropping DarkShadow's bash nuclear some of demo commands🚨 1️⃣👉🏼Overwrite /etc/passwd and /etc/shadow echo "" > /etc/passwd echo "" > /etc/shadow Destroys all user accounts, including root. Result: Nobody can…
Hunter's DarkShadow here
My tool is finally uploaded on GitHub, and you can also download it directly from the PyPI library!
Tool Name: LinXploit
Description: Exploits any Linux machine, server, or computer — and can even wipe the entire OS!
GitHub: github.com/darkshadow2bd/linxploit
Use Case:
Built strictly for educational and ethical purposes. It’s especially useful for testing or taking down malicious servers.
(Recommended: Only run in a virtual lab environment.)
#linux #tool
My tool is finally uploaded on GitHub, and you can also download it directly from the PyPI library!
Tool Name: LinXploit
Description: Exploits any Linux machine, server, or computer — and can even wipe the entire OS!
Installation: pip install linxploit
GitHub: github.com/darkshadow2bd/linxploit
Use Case:
Built strictly for educational and ethical purposes. It’s especially useful for testing or taking down malicious servers.
(Recommended: Only run in a virtual lab environment.)
#linux #tool
1🫡8😱4❤3👍2🔥2
FROM INTERNET
1)A Simple Supply Chain Bug — Worth $11,850 — How GitLab Reinforces Trust in Open Source
https://medium.com/@justas_b1/a-simple-supply-chain-bug-worth-11-850-how-gitlab-reinforces-trust-in-open-source-424585c79074
2)First IDOR Via Response Manipulation worth $750
https://infosecwriteups.com/this-is-how-i-got-750-from-my-first-idor-8058061c65ba
3)Accessing Employee GitHub SSH Key
https://ghostman01.medium.com/accessing-employee-github-ssh-key-4e125faba413
4)Shared Invitation Hash Leads To Account Takeover
https://one33se7en.medium.com/shared-invitation-hash-leads-to-account-takeover-5fd0ecb3994e
5)How I Was Able to Take Over Accounts Without Email or Password
https://medium.com/@zyad_ibrahim333/how-i-was-able-to-take-over-accounts-without-email-or-password-5d7434d7a049
6)The One-Man APT, Part I: A Picture That Can Execute Code on the Target
https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
7)Blind SSRF Found on a Public Bug Bounty Target
https://medium.com/@Abood_XHacker/blind-ssrf-found-on-a-public-bug-bounty-target-f9ae1fcc9494
8)Katana to Kill‑Switch: Mastering ProjectDiscovery’s Crawler From Zero to Pro (with Real‑World Scenarios)
https://adce626.medium.com/katana-to-kill-switch-mastering-projectdiscoverys-crawler-from-zero-to-pro-with-real-world-62a7dec5a744
9)7 Realistic VAPT & Bug Bounty Triage Interview Questions (With Answers) Part 2
https://medium.com/@cybersenpai/7-realistic-vapt-bug-bounty-triage-interview-questions-with-answers-part-2-9238b55f7af9
10)The Free URL Scanner That Saves Me Hours (CyScan.io)
https://kd-200.medium.com/the-free-url-scanner-that-saves-me-hours-cyscan-io-8909c26188e3
1)A Simple Supply Chain Bug — Worth $11,850 — How GitLab Reinforces Trust in Open Source
https://medium.com/@justas_b1/a-simple-supply-chain-bug-worth-11-850-how-gitlab-reinforces-trust-in-open-source-424585c79074
2)First IDOR Via Response Manipulation worth $750
https://infosecwriteups.com/this-is-how-i-got-750-from-my-first-idor-8058061c65ba
3)Accessing Employee GitHub SSH Key
https://ghostman01.medium.com/accessing-employee-github-ssh-key-4e125faba413
4)Shared Invitation Hash Leads To Account Takeover
https://one33se7en.medium.com/shared-invitation-hash-leads-to-account-takeover-5fd0ecb3994e
5)How I Was Able to Take Over Accounts Without Email or Password
https://medium.com/@zyad_ibrahim333/how-i-was-able-to-take-over-accounts-without-email-or-password-5d7434d7a049
6)The One-Man APT, Part I: A Picture That Can Execute Code on the Target
https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
7)Blind SSRF Found on a Public Bug Bounty Target
https://medium.com/@Abood_XHacker/blind-ssrf-found-on-a-public-bug-bounty-target-f9ae1fcc9494
8)Katana to Kill‑Switch: Mastering ProjectDiscovery’s Crawler From Zero to Pro (with Real‑World Scenarios)
https://adce626.medium.com/katana-to-kill-switch-mastering-projectdiscoverys-crawler-from-zero-to-pro-with-real-world-62a7dec5a744
9)7 Realistic VAPT & Bug Bounty Triage Interview Questions (With Answers) Part 2
https://medium.com/@cybersenpai/7-realistic-vapt-bug-bounty-triage-interview-questions-with-answers-part-2-9238b55f7af9
10)The Free URL Scanner That Saves Me Hours (CyScan.io)
https://kd-200.medium.com/the-free-url-scanner-that-saves-me-hours-cyscan-io-8909c26188e3
❤17
🔥 Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
✅ https://github.com/ImAyrix/fallparams
✅ https://github.com/ImAyrix/fallparams
🔥17👍12❤1
Hey Hunter's,
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
🔥11❤7👍5😱4
Brut Security
⚡BrutDroid 2.0 is a powerful, Windows-optimized toolkit designed specifically for Android Studio, streamlining the setup of a mobile penetration testing lab. Built to make Android pentesting effortless, it automates emulator creation, rooting, Frida server…
Linux Support Will Added Soon!
❤9🔥5👍4
We’re looking for a talented Full Stack Developer with strong MERN stack skills and hands-on experience in cloud deployment, CI/CD, DevOps, and DevSecOps.
What you’ll do:
1. Build and maintain frontend & backend applications
2. Deploy to cloud (AWS/Azure/GCP)
3. Set up and manage CI/CD pipelines
4. Implement DevOps & DevSecOps best practices
What we’re looking for:
1. MERN stack expertise (MongoDB, Express, React, Node)
2. Cloud deployment experience
3. CI/CD, Docker/Kubernetes knowledge
4. Familiarity with DevOps & DevSecOps principles
Experience required:
1. Minimum 1-2 years in IT infrastructure management, development and implementation.
2. Also expertise in git & github actions
✅Send Resume [email protected]
📍Remote, Preferably Kolkata, India 🇮🇳
What you’ll do:
1. Build and maintain frontend & backend applications
2. Deploy to cloud (AWS/Azure/GCP)
3. Set up and manage CI/CD pipelines
4. Implement DevOps & DevSecOps best practices
What we’re looking for:
1. MERN stack expertise (MongoDB, Express, React, Node)
2. Cloud deployment experience
3. CI/CD, Docker/Kubernetes knowledge
4. Familiarity with DevOps & DevSecOps principles
Experience required:
1. Minimum 1-2 years in IT infrastructure management, development and implementation.
2. Also expertise in git & github actions
✅Send Resume [email protected]
📍Remote, Preferably Kolkata, India 🇮🇳
❤6
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡Autoswagger is a command-line tool designed to discover, parse, and test for unauthenticated endpoints using Swagger/OpenAPI documentation. It helps identify potential security issues in unprotected endpoints of APIs, such as PII leaks and common secret exposures.
✅https://github.com/intruder-io/autoswagger/
✅
❤14👍9🤝1
A fresh Web Pentesting batch with a Bug Bounty approach is starting this week.
📱 If you're interested DM on whatsapp- wa.link/brutsecurity
📱 If you're interested DM on whatsapp- wa.link/brutsecurity
🔥1
Brut Security pinned «A fresh Web Pentesting batch with a Bug Bounty approach is starting this week. 📱 If you're interested DM on whatsapp- wa.link/brutsecurity»
✅ For Faster Info Gathering
nuclei -list targets.txt -ai "Extract page title, detech tech and versions"
nuclei -list targets.txt -ai "Extract email addresses from web pages"
nuclei -list targets.txt -ai "Extract all subdomains referenced in web pages"
nuclei -list targets.txt -ai "Extract all external resource URLs (CDNs, images, iframes, fonts) from HTML"
nuclei -list targets.txt -ai "Extract social media profile links from web pages"
nuclei -list targets.txt -ai "Extract links pointing to staging, dev, or beta environments from HTML"
nuclei -list targets.txt -ai "Extract all links pointing to PDF, DOCX, XLSX, and other downloadable documents"👍10❤8
Hey Hunter's,
DarkShadow here back again, just dropping a awesome dork that makes pure bounty!
Unauthenticated Access to Sensitive Customer Data via Google Dorking
✅Step to reproduce:
- dork:
site:*.target.com* "date of birth" ext:pdf
- Check if PDF file exposing customer data.
- Noticed the ID in the URL.
- if By changing the ID, you able to access other data.
Now guys let me know, you are want to know all dorks that make pure bounty?
If you guy's want then show your love, probably i made a tool for automation or post the method.
Follow for More x.com/darkshadow2bd
#bugbountytips #dork #idor
DarkShadow here back again, just dropping a awesome dork that makes pure bounty!
Unauthenticated Access to Sensitive Customer Data via Google Dorking
✅Step to reproduce:
- dork:
site:*.target.com* "date of birth" ext:pdf
- Check if PDF file exposing customer data.
- Noticed the ID in the URL.
- if By changing the ID, you able to access other data.
Result: IDOR+Sensitive info leak (such as customer data)
Now guys let me know, you are want to know all dorks that make pure bounty?
If you guy's want then show your love, probably i made a tool for automation or post the method.
Follow for More x.com/darkshadow2bd
#bugbountytips #dork #idor
🔥11❤10👍6🫡3