Brut Security
15.9K subscribers
1.05K photos
90 videos
298 files
1.14K links
βœ…DM: @wtf_brut
πŸ›ƒWhatsApp: https://wa.link/brutsecurity
🈴Training: https://brutsecurity.com
πŸ“¨Mail: info@brutsec.com
Download Telegram
This media is not supported in your browser
VIEW IN TELEGRAM
Thanks for your submission but it is already submitted by another researcher 🌞
😒19❀1😁1🐳1πŸ‘¨β€πŸ’»1πŸ—Ώ1
πŸ”₯ Bug Bounty Tip: Simple Auth Bypass = Easy Wins

Many devs focus on fancy front-end protections while leaving the backend wide open.

Quick checks that pay off:

1. Direct Admin Access
Try /admin, /dashboard, /panel, /cp without logging in.
Often no redirect or proper auth check.

2. 2FA Bypass
- Skip the 2FA step by modifying the request (remove 2fa param or set to true).
- Replay the login request after the first successful step.
- Try ?bypass=1 or similar hidden params.

3. Password Reset Token Leak
Check if the reset token appears in the JSON response, page source, or confirmation email before the user clicks the link.

Pro tip: These "dumb" bugs are way more common than complex exploits and often lead to critical severity + good bounties.

Test them early in every program.
❀8πŸ‘3
πŸ“ŒBug Bounty Tip: Finding Confidential Documents Fast

βœ…Admins often leave these unredacted files online by mistake, making them a high-medium severity finding for bug bounty programs.
πŸ‘10❀1
Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: πŸ‘‡πŸ»

1. Discovering Exposed Files:
   - intitle:"index of" "site:target.com"
   - filetype:log inurl:log site:target.com
   - filetype:sql inurl:sql site:target.com
   - filetype:env inurl:.env site:target.com

2. Finding Sensitive Directories:
   - inurl:/phpinfo.php site:target.com
   - inurl:/admin site:target.com
   - inurl:/backup site:target.com
   - inurl:wp- site:target.com

3. Exposed Configuration Files:
   - filetype:config inurl:config site:target.com
   - filetype:ini inurl:wp-config.php site:target.com
   - filetype:json inurl:credentials site:target.com

4. Discovering Usernames and Passwords:
   - intext:"password" filetype:log site:target.com
   - intext:"username" filetype:log site:target.com
   - filetype:sql "password" site:target.com

5. Finding Database Files:
   - filetype:sql inurl:db site:target.com
   - filetype:sql inurl:dump site:target.com
   - filetype:bak inurl:db site:target.com

6. Exposed Git Repositories:
   - inurl:".git" site:target.com
   - inurl:"/.git/config" site:target.com
   - intitle:"index of" ".git" site:target.com

7. Finding Publicly Exposed Emails:
   - intext:"email" site:target.com
   - inurl:"contact" intext:"@target.com" -www.target.com
   - filetype:xls inurl:"email" site:target.com

8. Discovering Vulnerable Web Servers:
   - intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
   - intitle:"Index of /" "Apache Server" site:target.com
   - intitle:"Welcome to nginx" site:target.com

9. Finding API Keys:
   - filetype:env "DB_PASSWORD" site:target.com
   - intext:"api_key" filetype:env site:target.com
   - intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com

10. Exposed Backup Files:
    - filetype:bak inurl:backup site:target.com
    - filetype:bak inurl:backup site:target.com
    - filetype:zip inurl:backup site:target.com
    - filetype:tgz inurl:backup site:target.com

Replace target.com with the domain or target you are focusing on.

#GoogleDorks
#BugHunting
#OSINT
πŸ”₯6πŸ‘4❀1
⚠️HackLabs is a collection of hands-on vulnerable labs designed to practice web exploitation, privilege escalation, Active Directory attacks, and general pentesting techniques in a safe environment.

⚠️ For educational and authorized testing only.

πŸ”— https://github.com/afsh4ck/HackLabs

#CyberSecurity #Pentesting #EthicalHacking #RedTeam #CTF #InfoSec #AppSec
Please open Telegram to view this post
VIEW IN TELEGRAM
❀7πŸ”₯3
#AD

πŸ˜„ Large quantity of premium domains available 😎
For customers seeking the best high-quality domains 😎
βœ… High Traffic Domains
βœ… High DA/PA Domains
βœ… High DR Domains
βœ… Established network-ready domains
βœ… Domains for marketing campaigns

DM πŸ‘‰ @Mm_fit
🦊Channel https://t.me/cve0day

#AD
❀4πŸ”₯1
WAF Bypass Techniques + Tools

Here are some powerful tools and methods to help you bypass Web Application Firewalls during bug hunting:

### Tools:
- wafw00f β€” WAF fingerprinting tool
β†’ https://github.com/EnableSecurity/wafw00f
- bypass-firewalls-by-DNS-history β€” Discover origin IPs via old DNS records
β†’ https://github.com/vincentcox/bypass-firewalls-by-DNS-history
- CloudFail β€” Excellent for bypassing Cloudflare
β†’ https://github.com/m0rtem/CloudFail

### Effective Bypass Techniques:

1. Origin IP Discovery β€” Use historical DNS records (Censys, etc.) to find the real server IP and connect directly.
2. Dev/Staging Subdomains β€” These often don’t have WAF protection.
3. Case Variations β€” Try SeLeCt instead of SELECT
4. Comment Injection β€” SE//LECT
5. Multiple Encodings β€” URL β†’ Double URL β†’ Unicode, etc.
6. Parameter Pollution β€” ?id=1&id=2
7. HTTP Method Swap β€” Change from GET β†’ POST β†’ PUT
8. Content-Type Swap β€” Switch between form-data, JSON, XML
9. HTTP/2 Cleartext β€” Some WAFs only inspect HTTP/1.1

Quick WAF Detection Command:
curl -I https://target.com | grep -iE "server|cdn|cf-|x-"


Save this for your next bug bounty hunt! πŸ”₯

#BugBounty #WAFBypass #BugBountyTips #Infosec
❀7πŸ”₯4🫑4πŸ‘2😱1
Let me know in comments what guides you are looking for.. will try to share soon!!
❀1πŸ‘1
Hey Hunter's,
DarkShadow is here back again!

πŸ–₯ 100 Web Vulnerabilities, categorized into various types : πŸ˜€

⚑ Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)

⚑ Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse

⚑ Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling

⚑ Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration

⚑ XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb

⚑ Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control

⚑ Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection

⚑ API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation

⚑ Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols

⚑ Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues

⚑ Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service

⚑ Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse

⚑ Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering

⚑ IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities

⚑ Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues

⚑ Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass

⚑ Server-Side Request Forgery (SSRF):
87. Blind SSR
88. Time-Based Blind SSRF

⚑ Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass

⚑ Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws

⚑ Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits


Let me know i there any vulnerability i missed?!
πŸ”₯8❀5πŸ‘1
Test
🀨8❀3πŸ‘3πŸ—Ώ2😱1
🚨 cPanelSniper β€” CVE-2026-41940

CRITICAL auth bypass in cPanel & WHM (CVSS 10.0)

Zero credentials β†’ Full root WHM access via CRLF injection + session file poisoning.

~70 million domains affected.

### Exploit Chain (4 stages):
1. Pre-auth session minting
2. CRLF injection via Authorization header
3. do_token_denied gadget (raw β†’ cache flush)
4. /json-api/version β†’ PWNED

What you get:
- βœ… Interactive WHM root shell
- βœ… Account enumeration
- βœ… Command execution
- βœ… Backdoor admin creation
- βœ… Ready for bulk scanning (stdlib only, no extra deps)

https://github.com/ynsmroztas/cPanelSniper
1πŸ”₯5❀3πŸ‘1🫑1
Forwarded from Brut Security
⚑Google Dorks - Cloud Storage: site:http://s3.amazonaws.com "target[.]com" site:http://blob.core.windows.net "target[.]com" site:http://googleapis.com "target[.]com" site:http://drive.google.com "target[.]com"

πŸ‘‰Find buckets and sensitive data.
Combine:

site:
http://s3.amazonaws.com | site:http://blob.core.windows.net | site:http://googleapis.com | site:http://drive.google.com "target[.]com"

Add something to narrow the results: "confidential” β€œprivileged" β€œnot for public release”

βœ…Credit- Mike Takahashi
❀3πŸ”₯3πŸ‘2
url/?f=etc/passwd ==> 403
encode etc/passwd as base64

url/?f=L2V0Yy9wYXNzd2Q= ==> 200

#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...

By:@GodfatherOrwa

#bugbountytips #BugBounty
❀23πŸ‘5
Common Security Issues in Financially Oriented Web Applications
❀4πŸ”₯1
πŸ”₯Google Dork - Exposed Configs πŸ”

site:example[.]com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess | ext:json

Β©TakSec
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ‘9❀5🀨3😁1
A tool to find open S3 buckets in AWS or other cloud providers:

- AWS
- DigitalOcean
- DreamHost
- GCP
- Linode
- Scaleway
- Custom

Source: https://github.com/sa7mon/s3scanner
πŸ”₯7❀4πŸ‘4
🚨 10 coupon codes available for the Brut Offensive Playbook V1 β€” full Web App Bug Bounty Methodology (59 pages, 20 chapters).

πŸ₯³First 10 people to reply "PLAYBOOK" get a code. Once they're claimed, offer's closed.

❀️ https://topmate.io/saumadip/2054509
Please open Telegram to view this post
VIEW IN TELEGRAM
❀1πŸ‘1
🚨Nobody owes you a cybersecurity job in 2026.

You've done 10 courses. You have zero projects. You're wondering why no one's calling back.

The industry has 4.8M+ unfilled roles globally β€” and you're still unemployed. That's not bad luck. That's a bad strategy.

In this article we break down exactly what's broken in how beginners are approaching cybersecurity careers right now β€” and the 7 steps that actually get you hired in 2026:

▢️ https://brutsecurity.medium.com/nobody-owes-you-a-cybersecurity-job-in-2026-heres-how-to-earn-one-anyway-a259005275a1

No fluff. No "just get certified." Just what actually works.

πŸŽ“ Want to build the skills this article talks about? Brut Practical Web Pentesting is open for enrollment β€” link in bio / website.

#CyberSecurity #InfoSec #CareerAdvice #PenTesting #BrutSecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
❀5πŸ”₯2πŸ™2πŸ‘1
Brut Security pinned «🚨Nobody owes you a cybersecurity job in 2026. You've done 10 courses. You have zero projects. You're wondering why no one's calling back. The industry has 4.8M+ unfilled roles globally β€” and you're still unemployed. That's not bad luck. That's a bad strategy.…»