Hey Hunter's,
DarkShadow here back again!
Tip:
This are files gold mine to find vulnerabilities like:
1. Authentication bypass
2. Sensitive info leaks
3. Hardcoded credentials
4. Config/env file disclosure
5. Hidden login portals
6. JWT secrets & API keys
7. Outdated services loed CVE to exploit
8. Dependency confusion
9. File upload endpoints
10. RFI → RCE
11. Open redirection
12. DOM-based XSS
13. WebSocket endpoints
14. Hidden parameters
15. IDOR
So guys show your love and stay with us and follow x.com/darkshadow2bd
DarkShadow here back again!
Tip:
1. open target in your burp and browse as normal user.
2. Go proxy history and filter only js files.
3. Search these are keywords in:
🔍 main, app, runtime,bundle,
polyfills, auth, config,
settings, local, dev, data, api,
session, user,core, client,
server, utils,base
This are files gold mine to find vulnerabilities like:
1. Authentication bypass
2. Sensitive info leaks
3. Hardcoded credentials
4. Config/env file disclosure
5. Hidden login portals
6. JWT secrets & API keys
7. Outdated services loed CVE to exploit
8. Dependency confusion
9. File upload endpoints
10. RFI → RCE
11. Open redirection
12. DOM-based XSS
13. WebSocket endpoints
14. Hidden parameters
15. IDOR
So guys show your love and stay with us and follow x.com/darkshadow2bd
1❤23👍4👏3🗿2🫡1
⚡Automated red-team toolkit for stress-testing LLM defences - Vector Attacks on LLMs
✅https://github.com/MrMoshkovitz/gandalf-llm-pentester
✅https://github.com/MrMoshkovitz/gandalf-llm-pentester
❤19
CVE-2025-57819: Authentication Bypass in FreePBX Administrator, 10.0 rating 🔥🔥🔥
A critical zero-day vulnerability in FreePBX could allow an attacker to perform SQL injection and RCE. Exploitation has already been observed in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/ebwk9
👉 Dork: http.favicon.hash_sha256:dfc3cc989bec09d968e978cde336709c655fa85469fd482ac10e17942da80be9
Vendor's advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
A critical zero-day vulnerability in FreePBX could allow an attacker to perform SQL injection and RCE. Exploitation has already been observed in the wild!
Search at Netlas.io:
👉 Link: https://nt.ls/ebwk9
👉 Dork: http.favicon.hash_sha256:dfc3cc989bec09d968e978cde336709c655fa85469fd482ac10e17942da80be9
Vendor's advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
❤6😱4🔥3👍1
Forwarded from N K
Hello all, this is Anton and I was a student on Saudimap class a year ago.
I wanted to ask you if some of you would be possible to attack those ips, they are mine and they are for a honeypot university project.
I would be really glad if you do!
Many thanks for attention, don’t hesitate to write for details,
Ips:
13.38.74.89
15.237.118.7
15.237.122.238
15.188.83.194
51.44.160.80
Cheers all,
Anton
I wanted to ask you if some of you would be possible to attack those ips, they are mine and they are for a honeypot university project.
I would be really glad if you do!
Many thanks for attention, don’t hesitate to write for details,
Ips:
13.38.74.89
15.237.118.7
15.237.122.238
15.188.83.194
51.44.160.80
Cheers all,
Anton
❤12🗿9
This media is not supported in your browser
VIEW IN TELEGRAM
⚡Safari Address Bar Spoof via Cursor Overlap
✅https://github.com/RenwaX23/X/blob/master/safari_bug2.md
✅https://github.com/RenwaX23/X/blob/master/safari_bug2.md
❤8🔥3
Find sensitive information with gf
# Search for testing point with gau and fff
gau target -subs | cut -d"?" -f1 | grep -E "\.js+(?:on|)$" | tee urls.txt
sort -u urls.txt | fff -s 200 -o out/
# After we save responses from known URLs, it's time to dig for secrets
for i in `gf -list`; do [[ ${i} =~ "_secrets"* ]] && gf ${i}; done🔥12❤6👍1
Hey Hunter's,
DarkShadow here back again, just dropping a iDOR!
Don't forget try iDOR exploitation in these paths:
👤 User / profile
/api/user/123
/api/users/123
/api/v1/user?id=123
/api/profile/123
/api/v1/account/123
/user?id=123
/profile?uid=123
/account?user=123
/customer?id=123
/member?id=123
📄 Documents / files
/api/document/123
/api/v1/file?id=123
/api/files/123/download
/api/v2/resource/123
/api/attachments/123
/download?file=123.pdf
/document?id=123
/invoice?id=123
/receipt?id=123
/contract?id=123
🛒 Orders / transactions
/api/order/123
/api/orders?id=123
/api/v1/transaction/123
/api/payment/123
/api/v2/invoice?id=123
/order?id=123
/cart?id=123
/purchase?item=123
/payment?id=123
/transaction?id=123
🎫 Tickets / support
/api/tickets/123
/api/v1/helpdesk/123
/api/support?id=123
/api/issues/123
/api/v2/case/123
/ticket?id=123
/helpdesk?case=123
/support?id=123
/issue?id=123
So guy's show your love ❤️
Don't forget to follow 👉🏼 x.com/darkshadow2bd
#bugbountytips #idor
DarkShadow here back again, just dropping a iDOR!
Don't forget try iDOR exploitation in these paths:
👤 User / profile
/api/user/123
/api/users/123
/api/v1/user?id=123
/api/profile/123
/api/v1/account/123
/user?id=123
/profile?uid=123
/account?user=123
/customer?id=123
/member?id=123
📄 Documents / files
/api/document/123
/api/v1/file?id=123
/api/files/123/download
/api/v2/resource/123
/api/attachments/123
/download?file=123.pdf
/document?id=123
/invoice?id=123
/receipt?id=123
/contract?id=123
🛒 Orders / transactions
/api/order/123
/api/orders?id=123
/api/v1/transaction/123
/api/payment/123
/api/v2/invoice?id=123
/order?id=123
/cart?id=123
/purchase?item=123
/payment?id=123
/transaction?id=123
🎫 Tickets / support
/api/tickets/123
/api/v1/helpdesk/123
/api/support?id=123
/api/issues/123
/api/v2/case/123
/ticket?id=123
/helpdesk?case=123
/support?id=123
/issue?id=123
So guy's show your love ❤️
Don't forget to follow 👉🏼 x.com/darkshadow2bd
#bugbountytips #idor
🔥20❤14🗿4👍1👏1🤝1🫡1
🔥 Find Low Hanging Fruits Using Nuclei AI 🔥
nuclei -list targets.txt -ai "Find exposed AI/ML model files (.pkl, .h5, .pt) that may leak proprietary algorithms or sensitive training data"
nuclei -list targets.txt -ai "Find exposed automation noscripts (.sh, .ps1, .bat) revealing internal tooling or credentials"
nuclei -list targets.txt -ai "Identify misconfigured CSP headers allowing 'unsafe-inline' or wildcard sources"
nuclei -list targets.txt -ai "Detect pages leaking JWT tokens in URLs or cookies"
nuclei -list targets.txt -ai "Identify overly verbose error messages revealing framework or library details"
nuclei -list targets.txt -ai "Find application endpoints with verbose stack traces or source code exposure"
nuclei -list targets.txt -ai "Find sensitive information in HTML comments (debug notes, API keys, credentials)"
nuclei -list targets.txt -ai "Find exposed .env files leaking credentials, API keys, and database passwords"
nuclei -list targets.txt -ai "Find exposed configuration files such as config.json, config.yaml, config.php, application.properties containing API keys and database credentials."
nuclei -list targets.txt -ai "Find exposed configuration files containing sensitive information such as credentials, API keys, database passwords, and cloud service secrets."
nuclei -list targets.txt -ai "Find database configuration files such as database.yml, db_config.php, .pgpass, .my.cnf leaking credentials."
nuclei -list targets.txt -ai "Find exposed Docker and Kubernetes configuration files such as docker-compose.yml, kubeconfig, .dockercfg, .docker/config.json containing cloud credentials and secrets."
nuclei -list targets.txt -ai "Find exposed SSH keys and configuration files such as id_rsa, authorized_keys, and ssh_config."
nuclei -list targets.txt -ai "Find exposed WordPress configuration files (wp-config.php) containing database credentials and authentication secrets."
nuclei -list targets.txt -ai "Identify exposed .npmrc and .yarnrc files leaking NPM authentication tokens"
nuclei -list targets.txt -ai "Identify open directory listings exposing sensitive files"
nuclei -list targets.txt -ai "Find exposed .git directories allowing full repo download"
nuclei -list targets.txt -ai "Find exposed .svn and .hg repositories leaking source code"
nuclei -list targets.txt -ai "Identify open FTP servers allowing anonymous access"
nuclei -list targets.txt -ai "Find GraphQL endpoints with introspection enabled"
nuclei -list targets.txt -ai "Identify exposed .well-known directories revealing sensitive data"
nuclei -list targets.txt -ai "Find publicly accessible phpinfo() pages leaking environment details"
nuclei -list targets.txt -ai "Find exposed Swagger, Redocly, GraphiQL, and API Blueprint documentation"
nuclei -list targets.txt -ai "Identify exposed .vscode and .idea directories leaking developer configs"
nuclei -list targets.txt -ai "Detect internal IP addresses (10.x.x.x, 192.168.x.x, etc.) in HTTP responses"
nuclei -list targets.txt -ai "Find exposed WordPress debug.log files leaking credentials and error messages"
nuclei -list targets.txt -ai "Detect misconfigured CORS allowing wildcard origins ('*')"
nuclei -list targets.txt -ai "Find publicly accessible backup and log files (.log, .bak, .sql, .zip, .dump)"
nuclei -list targets.txt -ai "Find exposed admin panels with default credentials"
nuclei -list targets.txt -ai "Identify commonly used API endpoints that expose sensitive user data, returning HTTP status 200 OK."
nuclei -list targets.txt -ai "Detect web applications running in debug mode, potentially exposing sensitive system information."8❤21🗿5🔥3👍2
Grab Email Addresses from a File System:
It might help in your post exploitation
grep -oE "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}" * 2>/dev/null | sort -u
It might help in your post exploitation
👍10❤8👨💻2🐳1
A fresh Web Pentesting batch with a Bug Bounty approach is starting next week.
📱 If you're interested DM on whatsapp wa.link/brutsecurity
📱 If you're interested DM on whatsapp wa.link/brutsecurity
WhatsApp.com
Brut Security
Business Account
❤7
Brut Security pinned «A fresh Web Pentesting batch with a Bug Bounty approach is starting next week. 📱 If you're interested DM on whatsapp wa.link/brutsecurity»
Brut Security
⚠️Don't try these DarkShadow's commands: Just dropping DarkShadow's bash nuclear some of demo commands🚨 1️⃣👉🏼Overwrite /etc/passwd and /etc/shadow echo "" > /etc/passwd echo "" > /etc/shadow Destroys all user accounts, including root. Result: Nobody can…
Hunter's DarkShadow here
My tool is finally uploaded on GitHub, and you can also download it directly from the PyPI library!
Tool Name: LinXploit
Denoscription: Exploits any Linux machine, server, or computer — and can even wipe the entire OS!
GitHub: github.com/darkshadow2bd/linxploit
Use Case:
Built strictly for educational and ethical purposes. It’s especially useful for testing or taking down malicious servers.
(Recommended: Only run in a virtual lab environment.)
#linux #tool
My tool is finally uploaded on GitHub, and you can also download it directly from the PyPI library!
Tool Name: LinXploit
Denoscription: Exploits any Linux machine, server, or computer — and can even wipe the entire OS!
Installation: pip install linxploit
GitHub: github.com/darkshadow2bd/linxploit
Use Case:
Built strictly for educational and ethical purposes. It’s especially useful for testing or taking down malicious servers.
(Recommended: Only run in a virtual lab environment.)
#linux #tool
1🫡8😱4❤3👍2🔥2
FROM INTERNET
1)A Simple Supply Chain Bug — Worth $11,850 — How GitLab Reinforces Trust in Open Source
https://medium.com/@justas_b1/a-simple-supply-chain-bug-worth-11-850-how-gitlab-reinforces-trust-in-open-source-424585c79074
2)First IDOR Via Response Manipulation worth $750
https://infosecwriteups.com/this-is-how-i-got-750-from-my-first-idor-8058061c65ba
3)Accessing Employee GitHub SSH Key
https://ghostman01.medium.com/accessing-employee-github-ssh-key-4e125faba413
4)Shared Invitation Hash Leads To Account Takeover
https://one33se7en.medium.com/shared-invitation-hash-leads-to-account-takeover-5fd0ecb3994e
5)How I Was Able to Take Over Accounts Without Email or Password
https://medium.com/@zyad_ibrahim333/how-i-was-able-to-take-over-accounts-without-email-or-password-5d7434d7a049
6)The One-Man APT, Part I: A Picture That Can Execute Code on the Target
https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
7)Blind SSRF Found on a Public Bug Bounty Target
https://medium.com/@Abood_XHacker/blind-ssrf-found-on-a-public-bug-bounty-target-f9ae1fcc9494
8)Katana to Kill‑Switch: Mastering ProjectDiscovery’s Crawler From Zero to Pro (with Real‑World Scenarios)
https://adce626.medium.com/katana-to-kill-switch-mastering-projectdiscoverys-crawler-from-zero-to-pro-with-real-world-62a7dec5a744
9)7 Realistic VAPT & Bug Bounty Triage Interview Questions (With Answers) Part 2
https://medium.com/@cybersenpai/7-realistic-vapt-bug-bounty-triage-interview-questions-with-answers-part-2-9238b55f7af9
10)The Free URL Scanner That Saves Me Hours (CyScan.io)
https://kd-200.medium.com/the-free-url-scanner-that-saves-me-hours-cyscan-io-8909c26188e3
1)A Simple Supply Chain Bug — Worth $11,850 — How GitLab Reinforces Trust in Open Source
https://medium.com/@justas_b1/a-simple-supply-chain-bug-worth-11-850-how-gitlab-reinforces-trust-in-open-source-424585c79074
2)First IDOR Via Response Manipulation worth $750
https://infosecwriteups.com/this-is-how-i-got-750-from-my-first-idor-8058061c65ba
3)Accessing Employee GitHub SSH Key
https://ghostman01.medium.com/accessing-employee-github-ssh-key-4e125faba413
4)Shared Invitation Hash Leads To Account Takeover
https://one33se7en.medium.com/shared-invitation-hash-leads-to-account-takeover-5fd0ecb3994e
5)How I Was Able to Take Over Accounts Without Email or Password
https://medium.com/@zyad_ibrahim333/how-i-was-able-to-take-over-accounts-without-email-or-password-5d7434d7a049
6)The One-Man APT, Part I: A Picture That Can Execute Code on the Target
https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
7)Blind SSRF Found on a Public Bug Bounty Target
https://medium.com/@Abood_XHacker/blind-ssrf-found-on-a-public-bug-bounty-target-f9ae1fcc9494
8)Katana to Kill‑Switch: Mastering ProjectDiscovery’s Crawler From Zero to Pro (with Real‑World Scenarios)
https://adce626.medium.com/katana-to-kill-switch-mastering-projectdiscoverys-crawler-from-zero-to-pro-with-real-world-62a7dec5a744
9)7 Realistic VAPT & Bug Bounty Triage Interview Questions (With Answers) Part 2
https://medium.com/@cybersenpai/7-realistic-vapt-bug-bounty-triage-interview-questions-with-answers-part-2-9238b55f7af9
10)The Free URL Scanner That Saves Me Hours (CyScan.io)
https://kd-200.medium.com/the-free-url-scanner-that-saves-me-hours-cyscan-io-8909c26188e3
❤17
🔥 Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
✅ https://github.com/ImAyrix/fallparams
✅ https://github.com/ImAyrix/fallparams
🔥17👍12❤1
Hey Hunter's,
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
🔥11❤7👍5😱4
Brut Security
⚡BrutDroid 2.0 is a powerful, Windows-optimized toolkit designed specifically for Android Studio, streamlining the setup of a mobile penetration testing lab. Built to make Android pentesting effortless, it automates emulator creation, rooting, Frida server…
Linux Support Will Added Soon!
❤9🔥5👍4
We’re looking for a talented Full Stack Developer with strong MERN stack skills and hands-on experience in cloud deployment, CI/CD, DevOps, and DevSecOps.
What you’ll do:
1. Build and maintain frontend & backend applications
2. Deploy to cloud (AWS/Azure/GCP)
3. Set up and manage CI/CD pipelines
4. Implement DevOps & DevSecOps best practices
What we’re looking for:
1. MERN stack expertise (MongoDB, Express, React, Node)
2. Cloud deployment experience
3. CI/CD, Docker/Kubernetes knowledge
4. Familiarity with DevOps & DevSecOps principles
Experience required:
1. Minimum 1-2 years in IT infrastructure management, development and implementation.
2. Also expertise in git & github actions
✅Send Resume info@ncybersecurity.com
📍Remote, Preferably Kolkata, India 🇮🇳
What you’ll do:
1. Build and maintain frontend & backend applications
2. Deploy to cloud (AWS/Azure/GCP)
3. Set up and manage CI/CD pipelines
4. Implement DevOps & DevSecOps best practices
What we’re looking for:
1. MERN stack expertise (MongoDB, Express, React, Node)
2. Cloud deployment experience
3. CI/CD, Docker/Kubernetes knowledge
4. Familiarity with DevOps & DevSecOps principles
Experience required:
1. Minimum 1-2 years in IT infrastructure management, development and implementation.
2. Also expertise in git & github actions
✅Send Resume info@ncybersecurity.com
📍Remote, Preferably Kolkata, India 🇮🇳
❤6
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡Autoswagger is a command-line tool designed to discover, parse, and test for unauthenticated endpoints using Swagger/OpenAPI documentation. It helps identify potential security issues in unprotected endpoints of APIs, such as PII leaks and common secret exposures.
✅https://github.com/intruder-io/autoswagger/
✅
❤14👍9