Brut Security
@brutsecurity
14.6K subscribers
907 photos
73 videos
287 files
962 links
βœ…Queries: @wtf_brut
πŸ›ƒWhatsApp: wa.link/brutsecurity
🈴Training: brutsec.com
πŸ“¨E-mail: [email protected]
Download Telegram
About
Blog
Apps
Platform
Join
Brut Security
14.6K subscribers
Brut Security
⚑Bug Bounty Reports Extractor - CLI tool that fetches resolved & disclosed HackerOne reports by vulnerability and exports them to CSV.

βœ… https://github.com/newstartlikenoneanthor-pixel/report-extractor
❀17πŸ”₯6😱2
4.63K views
Brut Security
😁56πŸ‘5πŸ—Ώ2πŸ‘¨β€πŸ’»1🫑1
4.14K views
Brut Security
β˜„οΈRead the article if you plan to start Bug Bounty

⚠️https://medium.com/@brutsecurity/best-bug-bounty-and-pentesting-methodology-for-beginners-a-step-by-step-guide-e8087dbcf879
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
Best Bug Bounty and Pentesting Methodology for Beginners: A Step-by-Step Guide
Bug bounty programs and penetration testing (pentesting) are popular ways for ethical hackers to make money while helping companies enhance…
1❀13πŸ‘4πŸ”₯3πŸ‘1
4.1K views
Brut Security
https://brutsecurity.medium.com/the-unfiltered-2025-guide-to-web-pentesting-bug-bounties-from-zero-to-hired-24b3ffb10bc9
Medium
The Unfiltered 2025 Guide to Web Pentesting & Bug Bounties: From Zero to Hired
Everyone wants to tell you what to learn to become an ethical hacker. Few tell you how to actually break into the industry, especially with…
πŸ‘7❀2
3.89K views
Brut Security
File Upload Vulnerabilities Checklist.pdf
66.3 KB
πŸ‘10❀6
3.99K views
Brut Security
⚑️Recently updated Proof-of-Concepts

βœ”οΈLink to Download - https://github.com/0xMarcio/cve
Please open Telegram to view this post
VIEW IN TELEGRAM
❀17πŸ”₯5πŸ‘4πŸ‘1
4.47K views
Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
β˜„οΈFind new associated domains with this simple Google dork:

"Β© <COMPANY>. all rights reserved." -".<COMPANY>.com"
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯17❀7πŸ‘4😱1
4.35K viewsedited  
Brut Security
dON'T fORGET tO gIVE rEACTIONS
❀22πŸ—Ώ8πŸ”₯2🀨2
3.94K views
Brut Security
Hey Hunter's,
DarkShadow here back again!

A hidden backdoor was in PHP version which allow remote code execution In user-agent header.

Guess Guy's which version it is?

#backdoor
❀19😁2πŸ‘¨β€πŸ’»1
3.97K viewsDarkShadow✨ ShellSec, edited  
Brut Security
πŸ”₯Google Dork - Exposed Configs πŸ”

site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json

Β©TakSec
Please open Telegram to view this post
VIEW IN TELEGRAM
❀30πŸ‘13πŸ”₯6
4.6K views
Brut Security
β˜„οΈJSRecon-Buddy - A simple browser extension to quickly find interesting security-related information on a webpage.

πŸ”΄https://github.com/TheArqsz/JSRecon-Buddy
Please open Telegram to view this post
VIEW IN TELEGRAM
1πŸ”₯24❀8πŸ‘4πŸ‘4🀝1
5.36K viewsedited  
Brut Security
dON'T fORGET tO gIVE rEACTIONS
πŸ”₯15
3.88K views
Brut Security
β˜„οΈ Malicious PDF Generator - Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

✨ https://github.com/jonaslejon/malicious-pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
❀14πŸ‘9πŸ‘2
4.45K views
Brut Security
Google Dork - XSS Prone Parameters πŸ”₯

site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘11❀8🀨1
4.78K views
Brut Security
β˜„οΈ Cheapest VPS for Bug Bounty & Pentesting

⚠️ https://brutsecurity.medium.com/cheapest-vps-for-bug-bounty-pentesting-fc6686572ee3
Please open Telegram to view this post
VIEW IN TELEGRAM
❀10πŸ‘4πŸ”₯3πŸ‘2
4.64K views
Brut Security
Brut Security pinned a photo
Brut Security
πŸ”₯Oneliner to download ALL of @assetnote's wordlists:

⌨️ wget -r --no-parent -R "index.html*" wordlists-cdn.assetnote.io/data/ -nH -e robots=off
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯13
4.37K views
Brut Security
✈️OWASP Noir is an open-source tool designed to help security professionals and developers identify the attack surface of their applications. By performing static analysis on source code, Noir can discover API endpoints, web pages, and other potential entry points that could be targeted by attackers.

πŸ—Ώowasp-noir.github.io/noir/
Please open Telegram to view this post
VIEW IN TELEGRAM
owasp-noir.github.io
OWASP Noir
πŸ‘13
4.06K views
Brut Security
Hey Hunter's,
DarkShadow here back again!

SSRF in pdf generation!

this api endpoint send the pdf generation request:
POST /api/v1/convert/markdown/pdf

Add this payload:
<img src=β€˜burp collab url’ />

comes 200ok and hit request in burp collaborator.

You can follow me in my x.com/darkshadow2bd

#ssrf #bugbountytips
❀14πŸ”₯4
4.69K viewsDarkShadow✨ ShellSec
Brut Security
πŸ˜‚
😁55πŸ—Ώ10❀4🐳3
4.71K viewsDarkShadow✨ ShellSec