๐จcloud_enum๐จ
๐Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
๐https://github.com/initstring/cloud_enum
#bugbounty #bugbountytips
๐Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
๐https://github.com/initstring/cloud_enum
#bugbounty #bugbountytips
GitHub
GitHub - initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. - initstring/cloud_enum
๐2
This media is not supported in your browser
VIEW IN TELEGRAM
Hey everyone๐ฃ ,
โ ๏ธ Can you believe it's already June? We've covered six months, but have we really dived into cybersecurity or web penetration testing yet? Have any of us snagged our first bug bounty or made it into a Hall of Fame?
๐ Let's use the next six months to change that. Dedicate yourself fully to learning and practicing. Imagine where you could be by the end of the yearโskilled, confident, and maybe even recognized in the cybersecurity world.
๐ฅ Letโs go all in and fight for our freedom through knowledge and skills. Whoโs ready to take on this challenge?
Cheers,
The Brut Security Teamโ๏ธ
Cheers,
The Brut Security Team
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ10๐1๐ฏ1๐ฟ1
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Find Hidden Subdomains & IPs | RSEScan | RSECloud | Bug Bounty Recon | Brut Security
๐ขRSEScan is a command-line utility for interacting with the RSECloud. It allows you to fetch subdomains and IPs from certificates for a given domain or organization.
๐จ Registration Open for July 1st Batch: Extreme Web Application Penetration Testing ๐จ
โ๏ธRegistrationโฆ
๐จ Registration Open for July 1st Batch: Extreme Web Application Penetration Testing ๐จ
โ๏ธRegistrationโฆ
๐3๐ฅ1
Brut Security pinned ยซโ RSEScanโ ๐ฃ A command-line utility for interacting with the RSECloud. It allows you to fetch subdomains and IPs from certificates for a given domain or organization. A command-line utility for interacting with the RSECloud. It allows you to fetch subdomainsโฆยป
Reconnaissance- Phase1.pdf
1.5 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ1
#bugbounty #bugbountytips
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - YA551N3/Bug-Bounty-Wordlists
Contribute to YA551N3/Bug-Bounty-Wordlists development by creating an account on GitHub.
๐6
๐ฅBug Bounty Tip: Don't Overlook Image Endpoints!๐ฅ
๐Did you know 95% of hunters remove image files from their endpoint scans? Here's how Orwa found sensitive information by focusing on them:
1. Gather All Target Endpoints: Collect endpoints from your target.
2. Filter for Image Extensions: Use a simple command to isolate image URLs.
cat endpoints.txt | egrep 'jpg|jpeg|png' > results.txt
3. Check for Live URLs: Ensure the filtered image URLs are active.
4. Use a Screenshot Tool: Automate the process of taking screenshots of these URLs to quickly spot sensitive information.
โน๏ธ Success Story by GodfatherOrwa:
-He found a passport image at
- Visiting
- The result? Tons of exposed PII!
๐Always check image file endpoints (.jpg, .jpeg, .png, etc.). You might find more than you expect!
Happy hunting, everyone! โฅ
Credit: @godfatherorwa
#bugbountytips #bugbountytip #bugbounty
๐Did you know 95% of hunters remove image files from their endpoint scans? Here's how Orwa found sensitive information by focusing on them:
1. Gather All Target Endpoints: Collect endpoints from your target.
2. Filter for Image Extensions: Use a simple command to isolate image URLs.
cat endpoints.txt | egrep 'jpg|jpeg|png' > results.txt
3. Check for Live URLs: Ensure the filtered image URLs are active.
4. Use a Screenshot Tool: Automate the process of taking screenshots of these URLs to quickly spot sensitive information.
โน๏ธ Success Story by GodfatherOrwa:
-He found a passport image at
app[.]com/xxxx/cdn/file/xxx.jpg.- Visiting
app[.]com/xxxx/cdn/ revealed an open directory listing.- The result? Tons of exposed PII!
๐Always check image file endpoints (.jpg, .jpeg, .png, etc.). You might find more than you expect!
Happy hunting, everyone! โฅ
Credit: @godfatherorwa
#bugbountytips #bugbountytip #bugbounty
๐5
Media is too big
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐คฏ6โค1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ3โค1
subfinder -dL domainlist1.txt | dnsx | shuf | (gau | | hakrawler) | anew | egrep -iv "\.(jpg|jpeg|gif|tif|tiff|png|ttf|woff|woff2|php|ico|pdf|svg|txt|js)$" | urless | nilo | dalfox pipe -b https://xss.hunter
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ8๐1
Brut Security pinned ยซKeep checking my old Posts to continue your learning Process!ยป
Methods for Dump LSASS.pdf
33.4 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ2