Forwarded from Brut Security
🚨 New Batch Starting – August 2025 🚨
Brut Practical Web Penetration Testing (bPWP)
We’re back with a fresh batch of our most in-demand training – Brut Practical Web Penetration Testing – starting this August!
🔍 Learn the art of Web Hacking with:
✅ 100% Practical Sessions
✅ Bug Bounty Approach
✅ Real-World Lab Scenarios
✅ Lifetime Community Access
✅ Beginner-Friendly with Advanced Techniques
💻 Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
📆 Limited Seats – Enroll Now
🌐 https://brutsec.com/bPWP
📩 For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
Email: info@brutsec.com
Brut Practical Web Penetration Testing (bPWP)
We’re back with a fresh batch of our most in-demand training – Brut Practical Web Penetration Testing – starting this August!
🔍 Learn the art of Web Hacking with:
✅ 100% Practical Sessions
✅ Bug Bounty Approach
✅ Real-World Lab Scenarios
✅ Lifetime Community Access
✅ Beginner-Friendly with Advanced Techniques
💻 Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
📆 Limited Seats – Enroll Now
🌐 https://brutsec.com/bPWP
📩 For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
+918945971332Email: info@brutsec.com
❤5
⭐Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
🚨Features:
Filters S3Buckets
Extract ACL permissions
Download recorded buckets
Manage recorded buckets
Tab-specific bucket recording
✅https://github.com/AlecBlance/S3BucketList
🚨Features:
Filters S3Buckets
Extract ACL permissions
Download recorded buckets
Manage recorded buckets
Tab-specific bucket recording
✅https://github.com/AlecBlance/S3BucketList
🔥16❤4
⭐PACU - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
✅https://github.com/RhinoSecurityLabs/pacu
✅https://github.com/RhinoSecurityLabs/pacu
❤13🔥8
⭐CYFARE-Reconner - Advanced Link Reconnaissance Extension For Firefox
✨ Features
Deep Discovery
Secret Detection
URL Analysis
✅https://github.com/CYFARE/CYFARE-Reconner
✨ Features
Deep Discovery
Secret Detection
URL Analysis
✅https://github.com/CYFARE/CYFARE-Reconner
❤12👍2
Akamai CloudTest - XXE Injection
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection through the /concerto/services/RepositoryService SOAP endpoint.
Get: https://github.com/MuhammadWaseem29/CVE-2025-49493-Poc
References:
1. https://xbow.com/blog/xbow-akamai-cloudtest-xxe/
2. https://techdocs.akamai.com/cloudtest/changelog/june-2-2025-enhancements-and-bug-fixes
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection through the /concerto/services/RepositoryService SOAP endpoint.
Get: https://github.com/MuhammadWaseem29/CVE-2025-49493-Poc
References:
1. https://xbow.com/blog/xbow-akamai-cloudtest-xxe/
2. https://techdocs.akamai.com/cloudtest/changelog/june-2-2025-enhancements-and-bug-fixes
🔥5❤4
Looking for a freelancer, familiar with FB, Instagram and Whatsapp marketing.
Send your resume to info@ncybersecurity.com
Send your resume to info@ncybersecurity.com
🚨CVE-2025-0133 : Payload + Template
Payload:
Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
Payload:
%3Cnoscript%20xmlns%3D%22http%3A%2F%http://2Fwww.w3.org%2F2000%2Fnoscript%22%3E%3Cnoscript%3Eprompt%28%22XSS%22%29%3C%2Fnoscript%3E%3C%2Fnoscript%3EWrite-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
❤7👍4
⚡️AWS PENTESTING NOTES
✅https://docs.google.com/spreadsheets/d/1PfxDsIcORE4NYi_vY_T9Sdq3ZooDRvco/htmlview#
✅
Google Docs
AWS Pentesting Notes.xlsx
❤10🔥5🐳1
↳ s3dns - a lightweight DNS server that helps uncover cloud storage buckets (AWS S3, Google Cloud Storage, and Azure Blob) by resolving DNS requests, tracing CNAMEs, and matching known bucket URL patterns.
What it does?
• Resolves CNAME records to uncover hidden S3 locations
• Detects AWS S3 bucket URL patterns
• Helps find potentially exposed S3 buckets
• Easy to deploy via Docker
Installation
Repository: Github
What it does?
• Resolves CNAME records to uncover hidden S3 locations
• Detects AWS S3 bucket URL patterns
• Helps find potentially exposed S3 buckets
• Easy to deploy via Docker
Installation
git clone https://github.com/olizimmermann/s3dns.git
cd s3dns
pip install -r requirements.txt
Repository: Github
❤10👍4🗿3
📱 Android Native Scanner — automatically detects RCE, tokens, API keys, URLs & base64 payloads inside .so files!
🔍 Features:
🧨 system, exec, popen → RCE scoring
🔐 API key / token / JWT detection
🌍 Extracts hardcoded URLs & endpoints
🧬 JNI & native method scanner
📄 Auto-generated TXT reports
📎 Project →
https://github.com/ynsmroztas/AndroidNativeScanner
💣 No more manual hunting in .so files.
⚡ One noscript, full visibility.
🔍 Features:
🧨 system, exec, popen → RCE scoring
🔐 API key / token / JWT detection
🌍 Extracts hardcoded URLs & endpoints
🧬 JNI & native method scanner
📄 Auto-generated TXT reports
📎 Project →
https://github.com/ynsmroztas/AndroidNativeScanner
💣 No more manual hunting in .so files.
⚡ One noscript, full visibility.
❤17👍5🔥4😢1
Hey Hunter's,
DarkShadow here, back again just dropping a POC.
🤫Unauthenticated WordPress Auth bypass 🔥
#bugbountytips #authbypass
DarkShadow here, back again just dropping a POC.
🤫Unauthenticated WordPress Auth bypass 🔥
After sending the 1st request use the provided last Cookie and send request on /wp-admin and BOOM auth bypassed 💥
#bugbountytips #authbypass
🔥20❤7🗿5👏2
Hey Hunter's,
DarkShadow here back again, just dropping a dork🤫
✨google dork searching public exploits from github😎
#dork #bugbountytips
DarkShadow here back again, just dropping a dork🤫
✨google dork searching public exploits from github😎
"CVE-YYYY-NNNN" exploit site:github.com
"CVE-YYYY-NNNN" exploit POC site:github.com
"CVE-YYYY-NNNN" proof of concept site:github.com
#dork #bugbountytips
❤10👍7🔥4
🚨 Brut Security - New Batch Starts 18th August!
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training – practical sessions, real-world attacks, and community support from Day 1.
✅ DM +918945971332 to enroll. Limited slots.
⭐http://wa.me/918945971332
Join our Ethical Hacking Network Pentesting & Web Pentesting / Bug Bounty training – practical sessions, real-world attacks, and community support from Day 1.
✅ DM +918945971332 to enroll. Limited slots.
⭐http://wa.me/918945971332
WhatsApp.com
Brut Security
Business Account
❤7
Hey Hunter's,
DarkShadow hare back again.
𝘿𝙖𝙧𝙠𝙀𝙣𝙙𝙁𝙞𝙣𝙙𝙚𝙧 my own private tool which i used to extract endpoints from browse through passive recon.
✨ Features:
✅ Extract subdomains.
✅ Extract categories endpoints from subdomains.
✅ Extract external domains.
If you find this tool useful, give it a ⭐️ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
DarkShadow hare back again.
𝘿𝙖𝙧𝙠𝙀𝙣𝙙𝙁𝙞𝙣𝙙𝙚𝙧 my own private tool which i used to extract endpoints from browse through passive recon.
✨ Features:
✅ Extract subdomains.
✅ Extract categories endpoints from subdomains.
✅ Extract external domains.
If you find this tool useful, give it a ⭐️ and share it with others in the hacking & BugBounty community!
https://github.com/darkshadow2bd/DarkEndFinder
GitHub
GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
BookMark and Find Subdomains, Endpoints, External Domains in your web browser. - GitHub - darkshadow2bd/DarkEndFinder: BookMark and Find Subdomains, Endpoints, External Domains in your web browser.
❤16👏3👨💻3😁2