BB Tip: Finding Potential SSRF Endpoints During Recon
SSRF often hides in plain sight. Many applications accept URLs or file paths as parameters, and those become prime targets.
A simple trick during recon is mining historical URLs and filtering parameters that typically fetch remote resources.
Example workflow:
What this does:
β’ Pulls archived endpoints from Wayback Machine
β’ Filters parameters commonly used for external requests
β’ Helps you quickly identify SSRF-like parameters
You will often find endpoints like:
Once you find them, start testing with payloads such as:
If the server makes the request on your behalf, you might have an SSRF.
Small recon tricks like this save hours of manual hunting.
#bugbounty #bugbountytips #ssrf #recon #pentesting #cybersecurity
SSRF often hides in plain sight. Many applications accept URLs or file paths as parameters, and those become prime targets.
A simple trick during recon is mining historical URLs and filtering parameters that typically fetch remote resources.
Example workflow:
echo "target.com" | waybackurls | grep -E "url=|uri=|path=|dest=|redirect=|window=|next=|target=|file=|html=|data=|reference="
What this does:
β’ Pulls archived endpoints from Wayback Machine
β’ Filters parameters commonly used for external requests
β’ Helps you quickly identify SSRF-like parameters
You will often find endpoints like:
/showimage.php?file=
/redirect?url=
/api/fetch?uri=
/download?path=
Once you find them, start testing with payloads such as:
http://127.0.0.1
http://169.254.169.254
http://burp-collaborator
If the server makes the request on your behalf, you might have an SSRF.
Small recon tricks like this save hours of manual hunting.
#bugbounty #bugbountytips #ssrf #recon #pentesting #cybersecurity
β€13π₯4π1
Claude Bug Bounty Hunter - Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation
https://github.com/shuvonsec/claude-bug-bounty
https://github.com/shuvonsec/claude-bug-bounty
π₯15β€6π±3πΏ3
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2
π₯ FREE for the first 20 people β no catch.
I just launched the Bug Bounty Masterclass PDF on Topmate.
Built for absolute beginners. No fluff. No theory for the sake of theory. Just the exact process real hunters use.
βββββββββββββββ
π FIRST 20 GET IT FREE
βββββββββββββββ
Use coupon code: 1awe
π
https://topmate.io/saumadip/2009859?coupon_code=1awe
Share with anyone learning cybersecurity π
β Saumadip | Brut Security
@brutsecurity
I just launched the Bug Bounty Masterclass PDF on Topmate.
Built for absolute beginners. No fluff. No theory for the sake of theory. Just the exact process real hunters use.
βββββββββββββββ
π FIRST 20 GET IT FREE
βββββββββββββββ
Use coupon code: 1awe
π
https://topmate.io/saumadip/2009859?coupon_code=1awe
Share with anyone learning cybersecurity π
β Saumadip | Brut Security
@brutsecurity
β€9π’3
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2026-25769 - Remote Code Execution via Insecure Deserialization in Wazuh Cluster
https://github.com/hakaioffsec/CVE-2026-25769
https://github.com/hakaioffsec/CVE-2026-25769
π₯7π1
π Eid Mubarak! β¨
May this Eid bring peace, happiness, and endless blessings to you and your loved ones π€
~DarkShadow
May this Eid bring peace, happiness, and endless blessings to you and your loved ones π€
~DarkShadow
β€13
Check it out! π
https://github.com/gh0stkey/Web-Fuzzing-Box
Please open Telegram to view this post
VIEW IN TELEGRAM
β€5π1
Hey Hunter's,
DarkShadow is here back again!
πLFI via misconfigured image parameterβ
> In most of cases hackers only test blind SSRF in image handler parameter.
But if you test the right payload it can disclose many hidden bugs!
So guys if you enjoy to read such methods, show your love β€οΈ
#bugbountytips #lfi
DarkShadow is here back again!
πLFI via misconfigured image parameterβ
> In most of cases hackers only test blind SSRF in image handler parameter.
But if you test the right payload it can disclose many hidden bugs!
So guys if you enjoy to read such methods, show your love β€οΈ
#bugbountytips #lfi
π₯10β€4π1
The terminal doesn't lie. Neither does this guide. π Bug Bounty Masterclass is live β 11 chapters, real HackerOne PoCs, step-by-step recon workflow. First 20 get it FREE. Code: 1awe π https://topmate.io/saumadip/2009859?coupon_code=1awe
1π₯5πΏ2β€1
π¨XPFarm - An open-source vulnerability scanner that wraps well-known open-source security tools behind a single web UI.
β Download: https://github.com/canuk40/xpfarm/
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
β Download: https://github.com/canuk40/xpfarm/
#CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity
π8β€2
π₯ Phantom β Autonomous AI Red Team Agent
βοΈ LLM-Powered Offensive Security Automation Framework
π https://github.com/kmdn-ch/phantom-ethical-redteam
βοΈ LLM-Powered Offensive Security Automation Framework
π https://github.com/kmdn-ch/phantom-ethical-redteam
β€7
Brut Security
π₯ FREE for the first 20 people β no catch. I just launched the Bug Bounty Masterclass PDF on Topmate. Built for absolute beginners. No fluff. No theory for the sake of theory. Just the exact process real hunters use. βββββββββββββββ π FIRST 20 GET IT FREEβ¦
10 Free Coupons - https://topmate.io/saumadip/2009859?coupon_code=awxe
topmate.io
Bug Bounty Masterclass with Saumadip Mandal
Beginner to bug bounty hunter β tools, recon & real PoCs.
π₯5β€1π¨βπ»1
π₯ XSS Tip: Unicode Normalization
Don't give up if <, >, " or ' are filtered ! Many apps normalize Unicode after the WAF/security layer.
Some bypass variants (URL-encoded):
πΉ < β %EF%BC%9C
πΉ > β %EF%BC%9E
πΉ " β %EF%BC%A2
πΉ ' β %EF%BC%87
πΉ ` β %EF%BD%80
For example, inject %EF%BC%9Cscript%EF%BC%9E and check if it reflects as <script> in the DOM.
Automate these quirks with recollapse : https://github.com/0xacb/recollapse
#BugBounty #BugBountyTips #XSS #Pentest #Infosec #CyberSecurity
Don't give up if <, >, " or ' are filtered ! Many apps normalize Unicode after the WAF/security layer.
Some bypass variants (URL-encoded):
πΉ < β %EF%BC%9C
πΉ > β %EF%BC%9E
πΉ " β %EF%BC%A2
πΉ ' β %EF%BC%87
πΉ ` β %EF%BD%80
For example, inject %EF%BC%9Cscript%EF%BC%9E and check if it reflects as <script> in the DOM.
Automate these quirks with recollapse : https://github.com/0xacb/recollapse
#BugBounty #BugBountyTips #XSS #Pentest #Infosec #CyberSecurity
GitHub
GitHub - 0xacb/recollapse: REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizationsβ¦
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications - 0xacb/recollapse
β€12π1
Hey Hunterβs,
DarkShadow is here back again!
"Sensitive Information Leak & Missing Authorization via API Endpoint"
- to find info leak bugs in wordpress use my this quick wordlist:
So guys if you really enjoy to read such methods shows your loveπ₯
#bugbountytips #info_leak
DarkShadow is here back again!
"Sensitive Information Leak & Missing Authorization via API Endpoint"
- to find info leak bugs in wordpress use my this quick wordlist:
/api/v1/export/data
/api/v1/config
/api/debug/env
/api/v2/auth/sessions
/api/v1/admin/users
/wp-json/wordfence/v1/config
/api/v1/billing/details
/api/v1/db/stats
/api/v1/logs
/api/v1/health
/api/v1/status
/api/v1/internal/settings
/api/v1/cloud/credentials
/api/v1/user/profile
/api/v1/system/info
/api/v1/backup/list
/wp-json/wp/v2/users
/wp-json/wp/v2/settings
/wp-json/wp/v2/media
/wp-json/wp/v2/posts?status=any
/wp-json/wp/v2/pages?status=private
/wp-json/elementor/v1/system-info
So guys if you really enjoy to read such methods shows your loveπ₯
#bugbountytips #info_leak
β€11π₯5
Hey Hunterβs,
DarkShadow is here back again!
π₯Private Messages Leaks via api endpointπ
tip:
if you guyβs want to know more info leak bugs methods, let me knowβ¦
#bugbountytips #info_leak
DarkShadow is here back again!
π₯Private Messages Leaks via api endpointπ
tip:
> if your target using any open source projects, then collect all /api routes from github.
> use ffuf, burp, gf (do recon as much possible) it can uncovered information leak bugs.
if you guyβs want to know more info leak bugs methods, let me knowβ¦
#bugbountytips #info_leak
β€9π1
This media is not supported in your browser
VIEW IN TELEGRAM
π«‘11π’3β€2
Please open Telegram to view this post
VIEW IN TELEGRAM
β€11