🔥CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized
Password Resets via Forged JWT Tokens

😘POC -https://github.com/formbricks/formbricks/security/advisories/GHSA-7229-q9pv-j6p4

🫡Dorks : https://product.name="Formbricks"

🔥FlareProx - Simple IP Rotation & URL Redirection via Cloudflare Workers. It automatically deploys HTTP proxy endpoints on Cloudflare Workers for easy redirection of all traffic to any URL you specify. It supports all HTTP methods (GET, POST, PUT, DELETE, etc.) and provides IP masking through Cloudflare's global network. 100k requests per day are free!

😘https://github.com/MrTurvey/flareprox

🌸 Happy Bijaya Dashami 🌸

From the Brut Security family, wishing you all joy, peace, and success on this special day of Bijaya Dashami.
As Maa Durga returns to her divine abode, may her blessings bring strength, wisdom, and prosperity into your life.

🆘November Batch Enrollment is Now Open!

For all beginners and wanna-learners, we’re starting fresh batches for:
•bPEH (Brut Practical Ethical Hacking)
•bPWA / bPBB (Brut Practical Web Pentesting & Bug Bounty)

🎓 Special student discounts are available.
👉 Seats are limited, so do enroll early!
♾wa.link/brutsecurity or +918945971332

🔥LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and easy to add checks for new services.

🫡https://github.com/rohsec/LEAKEY

🚨BB Tip — WAF evasion with weird chars

Here’s the thing: attackers hide simple payloads (eg. cat /etc/passwd) by stuffing params with backslashes, \x.. hex, IFS, and odd punctuation (|/???/\b**\h). Don’t match raw strings — normalize first, then detect.

👉Quick checks:
Decode repeatedly until stable, then run signatures.
Flag mixed-encoding or repeated escape sequences.
Use allowlists for expected param formats.

📎Reference- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection#filter-bypassesAC

🚨 Find Low Hanging Fruits Using Nuclei AI 🚨

nuclei -list targets.txt -ai "Find exposed AI/ML model files (.pkl, .h5, .pt) that may leak proprietary algorithms or sensitive training data"

nuclei -list targets.txt -ai "Find exposed automation scripts (.sh, .ps1, .bat) revealing internal tooling or credentials"

nuclei -list targets.txt -ai "Identify misconfigured CSP headers allowing 'unsafe-inline' or wildcard sources"

nuclei -list targets.txt -ai "Detect pages leaking JWT tokens in URLs or cookies"

nuclei -list targets.txt -ai "Identify overly verbose error messages revealing framework or library details"

nuclei -list targets.txt -ai "Find application endpoints with verbose stack traces or source code exposure"

nuclei -list targets.txt -ai "Find sensitive information in HTML comments (debug notes, API keys, credentials)"

nuclei -list targets.txt -ai "Find exposed .env files leaking credentials, API keys, and database passwords"

nuclei -list targets.txt -ai "Find exposed configuration files such as config.json, config.yaml, config.php, application.properties containing API keys and database credentials."

nuclei -list targets.txt -ai "Find exposed configuration files containing sensitive information such as credentials, API keys, database passwords, and cloud service secrets."

nuclei -list targets.txt -ai "Find database configuration files such as database.yml, db_config.php, .pgpass, .my.cnf leaking credentials."

nuclei -list targets.txt -ai "Find exposed Docker and Kubernetes configuration files such as docker-compose.yml, kubeconfig, .dockercfg, .docker/config.json containing cloud credentials and secrets."

nuclei -list targets.txt -ai "Find exposed SSH keys and configuration files such as id_rsa, authorized_keys, and ssh_config."

nuclei -list targets.txt -ai "Find exposed WordPress configuration files (wp-config.php) containing database credentials and authentication secrets."

nuclei -list targets.txt -ai "Identify exposed .npmrc and .yarnrc files leaking NPM authentication tokens"

nuclei -list targets.txt -ai "Identify open directory listings exposing sensitive files"

nuclei -list targets.txt -ai "Find exposed .git directories allowing full repo download"

nuclei -list targets.txt -ai "Find exposed .svn and .hg repositories leaking source code"

nuclei -list targets.txt -ai "Identify open FTP servers allowing anonymous access"

nuclei -list targets.txt -ai "Find GraphQL endpoints with introspection enabled"

nuclei -list targets.txt -ai "Identify exposed .well-known directories revealing sensitive data"

nuclei -list targets.txt -ai "Find publicly accessible phpinfo() pages leaking environment details"

nuclei -list targets.txt -ai "Find exposed Swagger, Redocly, GraphiQL, and API Blueprint documentation"

nuclei -list targets.txt -ai "Identify exposed .vscode and .idea directories leaking developer configs"

nuclei -list targets.txt -ai "Detect internal IP addresses (10.x.x.x, 192.168.x.x, etc.) in HTTP responses"

nuclei -list targets.txt -ai "Find exposed WordPress debug.log files leaking credentials and error messages"

nuclei -list targets.txt -ai "Detect misconfigured CORS allowing wildcard origins ('*')"

nuclei -list targets.txt -ai "Find publicly accessible backup and log files (.log, .bak, .sql, .zip, .dump)"

nuclei -list targets.txt -ai "Find exposed admin panels with default credentials"

nuclei -list targets.txt -ai "Identify commonly used API endpoints that expose sensitive user data, returning HTTP status 200 OK."

nuclei -list targets.txt -ai "Detect web applications running in debug mode, potentially exposing sensitive system information."

👉Check Well Known Files/Paths - A JS console script to paste into console
It will attempt to identify and uncover potentially useful files for enumeration

➡️Script: https://hackertips.today/cmd/CheckWellKnown.js

🥳How to use:
• Open the script URL and copy it to clipboard.
• Open the target site, Inspect → Console.
• Paste the script and run.
• Look for any requests returning HTTP 200, visit those URLs and validate exposure.

😮What to watch for:
• /.git, /.env, backup files, robots.txt revealing sensitive paths, config files, or public storage with credentials.
• Any unexpected 200 on predictable filenames.

🟢Quick mitigation:
• Remove or restrict public access to sensitive files.
• Block common sensitive filenames at the webserver/WAF.
• Return 403/404 for those paths and avoid leaking contents in error pages.

----------------------------------------------------------------------------
📖 Your Ethical Hacking Journey Starts Here → topmate.io/saumadip/1391531
🎓 Ready to Skill Up? Enroll Now → wa.link/brutsecurity
📢 Join the Community: discord.gg/u7uMFV833h

🥳DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.

🟢 https://github.com/pwnfuzz/diffrays