Brut Security pinned Β«π₯ A collection of awesome one-liner scripts especially for bug bountyπ₯ π https://github.com/dwisiswant0/awesome-oneliner-bugbounty Β»
Please open Telegram to view this post
VIEW IN TELEGRAM
β‘2
Brut Security pinned Β«π Exposed Pinata API Key Nuclei Template π https://raw.githubusercontent.com/karkis3c/bugbounty/main/nuclei-templates/info-disclosure/pinata-keys-exposed.yaml Β»
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
awesome-list/topics/cybersec.md at main Β· 0xor0ne/awesome-list
Cybersecurity oriented awesome list. Contribute to 0xor0ne/awesome-list development by creating an account on GitHub.
β€3πΏ2π±1
What makes you hacker?π€¨
Please open Telegram to view this post
VIEW IN TELEGRAM
def passwdFile = new File("/etc/passwd")
println passwdFile.text
Please open Telegram to view this post
VIEW IN TELEGRAM
β€9β‘6π₯2π1
prv8_nuclei_templates.zip
3.9 MB
β‘ 6000+ Private Nuclei Templates β‘
β€βπ₯28π€£5π2β€1β‘1π₯1π€1
CVE-2024-8073: Command Injection in Hillstone Networks Firewalls, 9.8 rating π₯
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
π Link: https://nt.ls/YZWqU
π Dork: http.title:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
π Link: https://nt.ls/YZWqU
π Dork: http.title:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
π₯5π2π€£1
Telegram CEO is arrested, so there is a probability that telegram will end the services or it's services will be blocked on different countries. So as a backup you can join our discord channel. Thanks!
https://discord.gg/NTU2q8gU5K
https://discord.gg/NTU2q8gU5K
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 1001 other members and enjoy free voice and text chat.
π€£1
This media is not supported in your browser
VIEW IN TELEGRAM
Wake Up! Your Mom and Dad are waiting for your success π€© They're both running out of time.
Please open Telegram to view this post
VIEW IN TELEGRAM
β€19π’4β€βπ₯2π2π€£1
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - AutoRecon/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration ofβ¦
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. - AutoRecon/AutoRecon
π€£3
CVE-2024-6386: RCE in WPML WordPress Plugin, 9.9 rating π₯
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
π Link: https://nt.ls/caxUk
π Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
π Link: https://nt.ls/caxUk
π Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
π6π€£1
Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: ππ»
1. Discovering Exposed Files:
- intitle:"index of" "site:target.com"
- filetype:log inurl:log site:target.com
- filetype:sql inurl:sql site:target.com
- filetype:env inurl:.env site:target.com
2. Finding Sensitive Directories:
- inurl:/phpinfo.php site:target.com
- inurl:/admin site:target.com
- inurl:/backup site:target.com
- inurl:wp- site:target.com
3. Exposed Configuration Files:
- filetype:config inurl:config site:target.com
- filetype:ini inurl:wp-config.php site:target.com
- filetype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords:
- intext:"password" filetype:log site:target.com
- intext:"username" filetype:log site:target.com
- filetype:sql "password" site:target.com
5. Finding Database Files:
- filetype:sql inurl:db site:target.com
- filetype:sql inurl:dump site:target.com
- filetype:bak inurl:db site:target.com
6. Exposed Git Repositories:
- inurl:".git" site:target.com
- inurl:"/.git/config" site:target.com
- intitle:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails:
- intext:"email" site:target.com
- inurl:"contact" intext:"@target.com" -www.target.com
- filetype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers:
- intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
- intitle:"Index of /" "Apache Server" site:target.com
- intitle:"Welcome to nginx" site:target.com
9. Finding API Keys:
- filetype:env "DB_PASSWORD" site:target.com
- intext:"api_key" filetype:env site:target.com
- intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files:
- filetype:bak inurl:backup site:target.com
- filetype:bak inurl:backup site:target.com
- filetype:zip inurl:backup site:target.com
- filetype:tgz inurl:backup site:target.com
Replace target.com with the domain or target you are focusing on.
#GoogleDorks
#BugHunting
#OSINT
1. Discovering Exposed Files:
- intitle:"index of" "site:target.com"
- filetype:log inurl:log site:target.com
- filetype:sql inurl:sql site:target.com
- filetype:env inurl:.env site:target.com
2. Finding Sensitive Directories:
- inurl:/phpinfo.php site:target.com
- inurl:/admin site:target.com
- inurl:/backup site:target.com
- inurl:wp- site:target.com
3. Exposed Configuration Files:
- filetype:config inurl:config site:target.com
- filetype:ini inurl:wp-config.php site:target.com
- filetype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords:
- intext:"password" filetype:log site:target.com
- intext:"username" filetype:log site:target.com
- filetype:sql "password" site:target.com
5. Finding Database Files:
- filetype:sql inurl:db site:target.com
- filetype:sql inurl:dump site:target.com
- filetype:bak inurl:db site:target.com
6. Exposed Git Repositories:
- inurl:".git" site:target.com
- inurl:"/.git/config" site:target.com
- intitle:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails:
- intext:"email" site:target.com
- inurl:"contact" intext:"@target.com" -www.target.com
- filetype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers:
- intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
- intitle:"Index of /" "Apache Server" site:target.com
- intitle:"Welcome to nginx" site:target.com
9. Finding API Keys:
- filetype:env "DB_PASSWORD" site:target.com
- intext:"api_key" filetype:env site:target.com
- intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files:
- filetype:bak inurl:backup site:target.com
- filetype:bak inurl:backup site:target.com
- filetype:zip inurl:backup site:target.com
- filetype:tgz inurl:backup site:target.com
Replace target.com with the domain or target you are focusing on.
#GoogleDorks
#BugHunting
#OSINT
β€13π8π₯5π€£1