Brut Security
A little Automation used and the results are great💥
Simple things make easier. Don't complicate your approaching skills. If you're using automation, there is a 50/50 chance + you need luck to get it triaged. More time devoted to the program, more will be the results. So, I will suggest everyone just doing automation is good, but focus on manual testing is ending with the good results.
❤🔥7👍2
I usually doesn't want to promote bug bounty much, because back in 2015 bugbounty was gold mine, no one knows about it much. Who knows it very well, they mine it till 2022. Afterwards the competition got increased, everyone's want to be full time bug hunter or a cybersecurity professional. When supply increase demand automatically got reduced. So what about the current bugbounty scenario? Yes you can do bugbounty, but without the basic knowledge of any topics don't do that for money only. It'll use your precious time to just waste for nothing. Just want to say Learn and Focus on you, money will follow you. If you reading this till, I hope you have a good day!
👍11❤🔥6❤3
This media is not supported in your browser
VIEW IN TELEGRAM
Cloudflare Bypass Script -
https://github.com/sarperavci/CloudflareBypassForScraping
https://github.com/sarperavci/CloudflareBypassForScraping
❤🔥6🔥2
As I said already it's all about luck!!
You can read about the bug here-
https://hackerone.com/reports/761158 https://hackerone.com/reports/300539
You can read about the bug here-
https://hackerone.com/reports/761158 https://hackerone.com/reports/300539
❤🔥2🤣2
I am posting the bug images intentionally to showcase you that Low fruit bug hunting is not at all hard, but if you do continue enjoying it probably you'll missed something big. These are small happiness which lure you to engage in more automation. Avoid it! And do manual testing! Best Of Luck Everyone👾
❤🔥7👍2
As I said bug bounty is all about luck factor if you do automation. Manual testing is far better than performing automation and reporting each and every bug. If it repeated continuously you will lose your sanity very soon and feel hopeless and burn out.
Whoever is selling bug bounty courses with private automation and other stuffs, they are actual fraud.
If my automation works then why should I share with you? I will continue to earn from that, but no. As a name of private level bug bounty they sell and earn.
Rather than enrolling in bug bounty do learn web pentesting, which have more impact in current world scenario.
If you're reading till here, I hope you have a good day, don't forget to take rest and spend quality time with your parents. Adios Amigos!!
Whoever is selling bug bounty courses with private automation and other stuffs, they are actual fraud.
If my automation works then why should I share with you? I will continue to earn from that, but no. As a name of private level bug bounty they sell and earn.
Rather than enrolling in bug bounty do learn web pentesting, which have more impact in current world scenario.
If you're reading till here, I hope you have a good day, don't forget to take rest and spend quality time with your parents. Adios Amigos!!
👍10❤🔥4❤1
Crushed | Exploiting Arbitrary File Read on CrushFTP! (CVE-2024-4040)
Google Dork: innoscript:"CrushFTP WebInterface" inurl:/WebInterface/login.html
Shodan Dork: http.favicon.hash:-1022206565
POC: https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
Google Dork: innoscript:"CrushFTP WebInterface" inurl:/WebInterface/login.html
Shodan Dork: http.favicon.hash:-1022206565
POC: https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
🤯3👍1
Which of the following is used to access content outside the root of a website?
Final Results
7%
Brute force
12%
Port scanning
14%
SQL injection
68%
Directory traversal
👍4🐳2
🚨LazyEgg - Hunting JS Files🚨
💥Command: waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips'
🔗Download https://lnkd.in/gnRJ5mzw
💥Command: waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips'
🔗Download https://lnkd.in/gnRJ5mzw
❤4👍2
🚨Ready to level up your cybersecurity skills and earn rewards?
📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting!
😉Over 30 days, you'll receive daily tasks to help you master:
Information gathering and reconnaissance
Vulnerability identification and exploitation
Web application security testing
API security testing
Cloud security testing
Fuzz testing
Machine learning and AI in security
Business logic vulnerabilities
Deserialization vulnerabilities
Server-side request forgery (SSRF)
👌Plus, you'll get access to resources and references to help you along the way!
📝Complete the challenge and earn a Certificate of Completion to showcase your skills!
💖Join the community and start your journey to cybersecurity mastery today!
🔗Join Now: https://nas.io/brutsecurity/challenges/bug-bounty-blitz-30-days-of-learning
📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting!
😉Over 30 days, you'll receive daily tasks to help you master:
Information gathering and reconnaissance
Vulnerability identification and exploitation
Web application security testing
API security testing
Cloud security testing
Fuzz testing
Machine learning and AI in security
Business logic vulnerabilities
Deserialization vulnerabilities
Server-side request forgery (SSRF)
👌Plus, you'll get access to resources and references to help you along the way!
📝Complete the challenge and earn a Certificate of Completion to showcase your skills!
💖Join the community and start your journey to cybersecurity mastery today!
🔗Join Now: https://nas.io/brutsecurity/challenges/bug-bounty-blitz-30-days-of-learning
🔥6
Brut Security pinned «🚨Ready to level up your cybersecurity skills and earn rewards? 📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting! 😉Over 30 days, you'll receive daily tasks to help you master: Information gathering and reconnaissance Vulnerability…»