Please open Telegram to view this post
VIEW IN TELEGRAM
β€9π₯4
Media is too big
VIEW IN TELEGRAM
Backdoor vs WAF π€£
As like the same think happens when WAF try to detect backdoor and the backdoor hide there self using encoding etc.π
As like the same think happens when WAF try to detect backdoor and the backdoor hide there self using encoding etc.π
π13β€2π2π€¨2
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯14π2β€1
Hey Hunterβs
DarkShadow here back again!
bugbounty tip:
[easy to find critical bugs, follow this method]
1. find a api sensitive endpoint (must be leak sensitive info)
2. look headers "Cache-Control, CF-Cache-Status, Via, X-Cache, ETag, Age" confirm they store cache or not. (if stored try web cache deception)
3. change the HTTP request method (like: GET to POST, GET to HEAD, POST to PUT etc.)
4. if you find endpoints like: /api/users/123 use array based iDOR vulnerability (like: /api/users/123,122)
Donβt forget to show your love guys.
#bugbountytip #authbypass
DarkShadow here back again!
bugbounty tip:
[easy to find critical bugs, follow this method]
1. find a api sensitive endpoint (must be leak sensitive info)
2. look headers "Cache-Control, CF-Cache-Status, Via, X-Cache, ETag, Age" confirm they store cache or not. (if stored try web cache deception)
3. change the HTTP request method (like: GET to POST, GET to HEAD, POST to PUT etc.)
4. if you find endpoints like: /api/users/123 use array based iDOR vulnerability (like: /api/users/123,122)
Donβt forget to show your love guys.
#bugbountytip #authbypass
β€32π₯5π3π2π¨βπ»1
assetfinder *.com | gau | egrep -v '(.css|.svg)' | while read -r url; do js=$(curl -s --fail "$url") || continue; vars=$(printf "%s" "$js" | grep -Po 'var\s+\K[A-Za-z0-9_]+' | sed 's/$/=xss/' | sort -u); [ -n "$vars" ] && printf '\e[1;33m%s\n\e[1;32m%s\n' "$url" "$vars"; done
1. assetfinder + gau gathers reachable assets.
2. The loop pulls each URL, extracts var names from JS, and appends =xss so you get quick candidate parameters to fuzz.
3. You can feed those param names into quick fuzzers, Burp intruder, or manual probes to check for reflection, improper CSP, or unsafe eval usage.
1. Look for parameter-ish names (token, apiKey, path, callback, next, etc.).
2. Check if any appear in query strings or DOM sinks.
3. Verify whether values are reflected without encoding or used in eval()/innerHTML.
Please open Telegram to view this post
VIEW IN TELEGRAM
β€20
If you ever get a chance to comment or rate Brut Security, how much would you rate it? π
Anonymous Poll
47%
100%
37%
80%
11%
50%
11%
20%
π₯7β€5
Forwarded from Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
javascript:(async function(){let scanningDiv=document.createElement("div");scanningDiv.style.position="fixed",scanningDiv.style.bottom="0",scanningDiv.style.left="0",scanningDiv.style.width="100%",scanningDiv.style.maxHeight="50%",scanningDiv.style.overflowY="scroll",scanningDiv.style.backgroundColor="white",scanningDiv.style.color="black",scanningDiv.style.padding="10px",scanningDiv.style.zIndex="9999",scanningDiv.style.borderTop="2px solid black",scanningDiv.innerHTML="<h4>Scanning...</h4>",document.body.appendChild(scanningDiv);let e=[],t=new Set;async function n(e){try{const t=await fetch(e);return t.ok?await t.text():(console.error(`Failed to fetch ${e}: ${t.status}`),null)}catch(t){return console.error(`Error fetching ${e}:`,t),null}}function o(e){return(e.startsWith("/")||e.startsWith("./")||e.startsWith("../"))&&!e.includes(" ")&&!/[^\x20-\x7E]/.test(e)&&e.length>1&&e.length<200}function s(e){return[...e.matchAll(/['"]((?:\/|\.\.\/|\.\/)[^'"]+)['"]/g)].map(e=>e[1]).filter(o)}async function c(o){if(t.has(o))return;t.add(o),console.log(`Fetching and processing: ${o}`);const c=await n(o);if(c){const t=s(c);e.push(...t)}}const l=performance.getEntriesByType("resource").map(e=>e.name);console.log("Resources found:",l);for(const e of l)await c(e);const i=[...new Set(e)];console.log("Final list of unique paths:",i),console.log("All scanned resources:",Array.from(t)),scanningDiv.innerHTML=`<h4>Unique Paths Found:</h4><ul>${i.map(e=>`<li>${e}</li>`).join("")}</ul>`})();
Please open Telegram to view this post
VIEW IN TELEGRAM
β€26π1π₯1π¨βπ»1
π¨βπ³ Damn-Vulnerable-RESTaurant π¨βπ³
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
β‘οΈAn intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.
β Get: https://github.com/theowni/Damn-Vulnerable-RESTaurant-API-Game
β€10π₯3
Need to quickly check for exposed backup files? Check out fuzzuli, a simple tool by @musana to quickly check for sensitive files! π€
π github.com/musana/fuzzuli
π github.com/musana/fuzzuli
β€10π₯3πΏ1
π¨New Batch Starting in November! Few seats are left. Hurry Up!
DM to Enroll +918945971332 or wa.link/brutsecurity
DM to Enroll +918945971332 or wa.link/brutsecurity
HUNTER : https://product.name="https://ASP.NET Core"
Please open Telegram to view this post
VIEW IN TELEGRAM
β€12π₯7π3
One of my student in very 1st day of the Advanced Web Pentesing session, just performed a basic automation scan and got sensitive information disclosure.
β If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
β If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
β€7π5π1
π₯Top 25 Bug Bounty Platform π°
01. Bugcrowd
02. HackerOne
03. Intigriti
04. YesWeHack
05. Synack, Inc.
06. HackenProof | Web3 bug bounty platform
07. Open Bug Bounty
08. Immunefi
09. Cobalt
10. Zerocopter
11. Yogosha
12. SafeHats
13. Vulnerability Research Labs, LLC
14. AntiHACKme Pte Ltd
15. RedStorm Information Security
16. Cyber Army Indonesia
17. Hacktrophy
18. Nordic Defender
19. Capture The Bug
20. Bugbounter
21. Detectify
22. BugBase
23. huntr
24. Pentabug
25. SecureBug
Happy Huntβ€οΈ
01. Bugcrowd
02. HackerOne
03. Intigriti
04. YesWeHack
05. Synack, Inc.
06. HackenProof | Web3 bug bounty platform
07. Open Bug Bounty
08. Immunefi
09. Cobalt
10. Zerocopter
11. Yogosha
12. SafeHats
13. Vulnerability Research Labs, LLC
14. AntiHACKme Pte Ltd
15. RedStorm Information Security
16. Cyber Army Indonesia
17. Hacktrophy
18. Nordic Defender
19. Capture The Bug
20. Bugbounter
21. Detectify
22. BugBase
23. huntr
24. Pentabug
25. SecureBug
Happy Hunt
Please open Telegram to view this post
VIEW IN TELEGRAM
β€26π€¨2πΏ2
π΅οΈββοΈ Hunting for Business Logic Bugs? Try this:
β‘Exploit Flow:
1.Sign up with a new username
2.Activate the account
3.Delete the account
4.Try creating a new account using that same username
π If it stops you β thatβs a Business Logic flaw!
π‘ Usernames from deleted accounts shouldn't stay reserved unless there's a valid reason.
β‘Exploit Flow:
1.Sign up with a new username
2.Activate the account
3.Delete the account
4.Try creating a new account using that same username
π If it stops you β thatβs a Business Logic flaw!
π‘ Usernames from deleted accounts shouldn't stay reserved unless there's a valid reason.
β€12π³6π₯4
This media is not supported in your browser
VIEW IN TELEGRAM
Tired of all the hassle when moving small files around?
Try this absolute gem
cat filename.txt | nc termbin.com 9999
https://termbin.com/abcd β share it, save it, or just keep it for later. No login, no setup. Just pure terminal magic. β¨Perfect for notes, PoCs, or scripts when you're working remotely on a VPS. π»π
#bugbounty #cybersecurity #linuxTips #vps #infosec #hacking #brutsecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
β€18
Tired of switching tabs for OSINT and recon? Just join our Discord and type sudo help to unlock powerful tools in seconds!
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
β€12