Brut Security – Telegram
Brut Security
@brutsecurity
14.6K subscribers
901 photos
72 videos
287 files
956 links
Queries: @wtf_brut
🛃WhatsApp: wa.link/brutsecurity
🈴Training: brutsec.com
📨E-mail: info@brutsec.com
Download Telegram
About
Blog
Apps
Platform
Join
Brut Security
14.6K subscribers
Brut Security
Bug Bounty Reports Extractor - CLI tool that fetches resolved & disclosed HackerOne reports by vulnerability and exports them to CSV.

https://github.com/newstartlikenoneanthor-pixel/report-extractor
17🔥6😱2
4.6K views
Brut Security
😁56👍5🗿2👨‍💻1🫡1
4.12K views
Brut Security
☄️Read the article if you plan to start Bug Bounty

⚠️https://medium.com/@brutsecurity/best-bug-bounty-and-pentesting-methodology-for-beginners-a-step-by-step-guide-e8087dbcf879
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
Best Bug Bounty and Pentesting Methodology for Beginners: A Step-by-Step Guide
Bug bounty programs and penetration testing (pentesting) are popular ways for ethical hackers to make money while helping companies enhance…
113👍4🔥3👏1
4.08K views
Brut Security
https://brutsecurity.medium.com/the-unfiltered-2025-guide-to-web-pentesting-bug-bounties-from-zero-to-hired-24b3ffb10bc9
Medium
The Unfiltered 2025 Guide to Web Pentesting & Bug Bounties: From Zero to Hired
Everyone wants to tell you what to learn to become an ethical hacker. Few tell you how to actually break into the industry, especially with…
👍72
3.86K views
Brut Security
File Upload Vulnerabilities Checklist.pdf
66.3 KB
👍106
3.96K views
Brut Security
⚡️Recently updated Proof-of-Concepts

✔️Link to Download - https://github.com/0xMarcio/cve
Please open Telegram to view this post
VIEW IN TELEGRAM
17🔥5👍4👏1
4.44K views
Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
☄️Find new associated domains with this simple Google dork:

"© <COMPANY>. all rights reserved." -".<COMPANY>.com"
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥177👍4😱1
4.32K viewsedited  
Brut Security
dON'T fORGET tO gIVE rEACTIONS
22🗿8🔥2🤨2
3.92K views
Brut Security
Hey Hunter's,
DarkShadow here back again!

A hidden backdoor was in PHP version which allow remote code execution In user-agent header.

Guess Guy's which version it is?

#backdoor
19😁2👨‍💻1
3.95K viewsDarkShadow ShellSec, edited  
Brut Security
🔥Google Dork - Exposed Configs 🔍

site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json

©TakSec
Please open Telegram to view this post
VIEW IN TELEGRAM
30👍13🔥6
4.56K views
Brut Security
☄️JSRecon-Buddy - A simple browser extension to quickly find interesting security-related information on a webpage.

🔴https://github.com/TheArqsz/JSRecon-Buddy
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥248👍4👏4🤝1
5.31K viewsedited  
Brut Security
dON'T fORGET tO gIVE rEACTIONS
🔥15
3.85K views
Brut Security
☄️ Malicious PDF Generator - Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

https://github.com/jonaslejon/malicious-pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
14👍9👏2
4.41K views
Brut Security
Google Dork - XSS Prone Parameters 🔥

site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&
Please open Telegram to view this post
VIEW IN TELEGRAM
👍118🤨1
4.75K views
Brut Security
☄️ Cheapest VPS for Bug Bounty & Pentesting

⚠️ https://brutsecurity.medium.com/cheapest-vps-for-bug-bounty-pentesting-fc6686572ee3
Please open Telegram to view this post
VIEW IN TELEGRAM
10👍4🔥3👏2
4.61K views
Brut Security
Brut Security pinned a photo
Brut Security
🔥Oneliner to download ALL of @assetnote's wordlists:

⌨️ wget -r --no-parent -R "index.html*" wordlists-cdn.assetnote.io/data/ -nH -e robots=off
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥13
4.35K views
Brut Security
✈️OWASP Noir is an open-source tool designed to help security professionals and developers identify the attack surface of their applications. By performing static analysis on source code, Noir can discover API endpoints, web pages, and other potential entry points that could be targeted by attackers.

🗿owasp-noir.github.io/noir/
Please open Telegram to view this post
VIEW IN TELEGRAM
owasp-noir.github.io
OWASP Noir
👍13
4.04K views
Brut Security
Hey Hunter's,
DarkShadow here back again!

SSRF in pdf generation!

this api endpoint send the pdf generation request:
POST /api/v1/convert/markdown/pdf

Add this payload:
<img src=‘burp collab url’ />

comes 200ok and hit request in burp collaborator.

You can follow me in my x.com/darkshadow2bd

#ssrf #bugbountytips
14🔥4
4.66K viewsDarkShadow ShellSec
Brut Security
😂
😁55🗿104🐳3
4.69K viewsDarkShadow ShellSec