This media is not supported in your browser
VIEW IN TELEGRAM
urlhunter: A recon tool that allows searching on URLs that are exposed via shortener services
Link: https://github.com/utkusen/urlhunter
Link: https://github.com/utkusen/urlhunter
🔥18👍3❤2🤝2
Brut Security
From The Author https://www.youtube.com/watch?v=qY6Zl43hMko
YouTube
EpicGames - Live Bug Bounty Hunting on Hackerone (hunting cves)
EpicGames - Live Bug Bounty Hunting on HackerOne (Hunting CVEs) | Using Lazy-Hunter
Tool: https://github.com/iamunixtz/Lazy-Hunter
Join us as we dive into live bug bounty hunting on HackerOne, specifically targeting EpicGames vulnerabilities! In this session…
Tool: https://github.com/iamunixtz/Lazy-Hunter
Join us as we dive into live bug bounty hunting on HackerOne, specifically targeting EpicGames vulnerabilities! In this session…
🔥23👍7
CVE-2025-26794: SQL Injection in Exim 4.98, 7.5 rating❗️
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
👉 Link: https://nt.ls/ge4Iy
👉 Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection.
Search at Netlas.io:
👉 Link: https://nt.ls/ge4Iy
👉 Dork: smtp.banner:"Exim 4.98"
Vendor's advisory: https://www.exim.org/static/doc/security/CVE-2025-26794.txt
🔥35👍10🐳1
Please open Telegram to view this post
VIEW IN TELEGRAM
👍14🔥3🐳1🗿1
CVE-2025-1128: RCE in Everest Forms WordPress Plugin, 9.8 rating 🔥
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
👉 Link: https://nt.ls/q6pgJ
👉 Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
The vulnerability allows an unauthenticated attacker to perform a wide range of actions with the site: upload arbitrary files, RCE, delete config files.
Search at Netlas.io:
👉 Link: https://nt.ls/q6pgJ
👉 Dork: http.body:"plugins/everest-forms"
Read more: https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/
🔥11👍1
𝗚𝗮𝗺𝗲 𝗼𝗳 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆
👻 👻 GOAD is a pentest active directory LAB project. This lab aims to give pentesters a vulnerable AD environment ready to use to practice usual attack techniques.
🔥 https://github.com/Orange-Cyberdefense/GOAD
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥17👍7❤2
🔗 BApp Store: https://portswigger.net/bappstore/a321360c6e114b3dab6f2c67d68c241a
💻 Source Code: https://github.com/portswigger/spoofproof
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥20❤6👍4🤨2
Don't forget to react guys 😔
Please open Telegram to view this post
VIEW IN TELEGRAM
🗿21🔥10👍6👏4🐳2🤣1🫡1
CVE-2025-20029: Command Injection in F5 BIG-IP, 8.8 rating❗️
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
👉 Link: https://nt.ls/e17gN
👉 Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
The vulnerability allows an attacker to escalate privileges, execute arbitrary commands, and manipulate system files. Not the latest vulnerability, but the PoC was published just recently!
Search at Netlas.io:
👉 Link: https://nt.ls/e17gN
👉 Dork: http.headers.server:"BigIP"
Vendor's advisory: https://my.f5.com/manage/s/article/K000148587
👍7❤3😱2
CVE-2025-24752: XSS in Elementor Page Builder, 7.1 rating❗️
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
👉 Link: https://nt.ls/8wpei
👉 Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
Reflected XSS in a large number of sites. Thanks to our friend Chirag Artani for suggesting the query!
Search at Netlas.io:
👉 Link: https://nt.ls/8wpei
👉 Dork: http.body:"plugins/elementor" AND host_type:domain
Read more: https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
❤4👍3
Please open Telegram to view this post
VIEW IN TELEGRAM
app.netlas.io
Discover, Research and Monitor any Assets Available Online
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
🔥4
This media is not supported in your browser
VIEW IN TELEGRAM
Active link finding with xnLinkFinder! 🚀
Command breakdown:
-i http://bugcrowd.com → Target domain
-sp https://bugcrowd.com → Scope prefix
-sf "bugcrowd.*" → Scope filter
-d 2 → Crawl depth
-v → Verbose output
Command breakdown:
-i http://bugcrowd.com → Target domain
-sp https://bugcrowd.com → Scope prefix
-sf "bugcrowd.*" → Scope filter
-d 2 → Crawl depth
-v → Verbose output
👍10❤9
This media is not supported in your browser
VIEW IN TELEGRAM
Popping alert(1) doesn't show REAL impact.
Escalate your XSS by stealing cookies instead👇
Escalate your XSS by stealing cookies instead👇
🗿15🔥4❤2