Brut Security 2.0
4.51K subscribers
115 photos
42 videos
8 files
142 links
Bringing you Bug Bounty Video POCs from top hunters around the globe!
Download Telegram
Forwarded from Brut Security
🚨CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices

🎯Severity: CRITICAL ⚠️

βœ…PoC: https://github.com/win3zz/CVE-2025-5777
❀6πŸ”₯4
❀13πŸ‘5πŸ”₯3
dON'T fORGET tO gIVE rEACTIONS
❀11πŸ‘Œ8πŸ”₯5🀯5
Forwarded from Brut Security
🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.

βœ…
https://github.com/ill-deed/CVE-2025-34085-Multi-target
❀11πŸ”₯3
Forwarded from Brut Security
⚑BrutDroid 2.0 is a powerful, Windows-optimized toolkit designed specifically for Android Studio, streamlining the setup of a mobile penetration testing lab. Built to make Android pentesting effortless, it automates emulator creation, rooting, Frida server setup, and Burp Suite certificate installation. With a vibrant new UI and support for custom Frida scripts, BrutDroid empowers security researchers to focus on testing, not setup. Linux support is coming soon!

βœ…
https://github.com/Brut-Security/BrutDroid

⭐Don't forget to leave a star :)
❀20⚑5πŸ‘2πŸ—Ώ1
Asset inventory of over 800 public bug bounty programs.
https://github.com/trickest/inventory
❀11πŸ™3
BB Target- https://www.nooks.ai/responsible-disclosure-process
❀4
Forwarded from Brut Security
🚨CVE-2025-0133 : Payload + Template

Payload: %3Csvg%20xmlns%3D%22http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E

Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9

Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
❀12πŸ‘2πŸ‘1
❀16πŸ‘1
Bug Bounty Programs Dork - Coordinated Vulnerability Disclosure "app.zerocopter.com"
πŸ”₯20❀10
dON'T fORGET tO gIVE rEACTIONS
❀18
Forwarded from Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
⚑Safari Address Bar Spoof via Cursor Overlap

βœ…
https://github.com/RenwaX23/X/blob/master/safari_bug2.md
πŸ”₯9❀4πŸ‘2
dON'T fORGET tO gIVE rEACTIONS
πŸ‘15⚑6❀4🐳3
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ”₯13❀8πŸ€”3
Please open Telegram to view this post
VIEW IN TELEGRAM
❀15πŸ”₯6
😘dON'T fORGET tO gIVE rEACTIONS🫑
Please open Telegram to view this post
VIEW IN TELEGRAM
❀17πŸ‘1
Forwarded from Brut Security
Happy Durga Puja to all Brut Security members! May Maa Durga bless you with strength, wisdom, and protection in every battle you fight, both in life and in cyberspace. πŸ˜‡πŸ˜‡πŸ˜‡
Please open Telegram to view this post
VIEW IN TELEGRAM
πŸ™12❀7πŸ€”1
A quick way to find "all" paths for Next.js websites:

console.log(__BUILD_MANIFEST.sortedPages)
javascript​:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));
πŸ”₯15❀5
Forwarded from Brut Security
Common Security Issues in FinanciallyOriented Web Applications
❀4πŸ‘3