🕵️ Top Essential OSINT Tools Open Source Intelligence Toolkit 🌐🔍 Open-Source Intelligence (OSINT) is the practice of collecting and analyzing publicly available data from the internet.

🖇️ OAuth Security: Understanding OAuth's redirect_uri Security Blog: blog.voorivex.team/drilling-the-r… author: YS #infosec

Day 18 - Bug Bounty ( Going Solo ) - Wasn't feeling good to hunt today, so i took the time to study more on web cache deceptions also read few writeups from H1. - Great blog by "Manas Harsh", infosecwriteups.com/poisoning-the-… Total earned : $0

STAY TUNED :)

#day_56 of trying to get my first bounty 🔎 hunting: # h 📚 studying: 0 h 🐞 bugs reported: 1

🚨CVE-2025-8875 and CVE-2025-8876: Vulnerability Detection Script using Nuclei GitHub: github.com/rxerium/CVE-20…

NMAP COMMANDS

ok, so, when in doubt for http request smuggling or http pipelining, use the bambda by James Kettle github.com/PortSwigger/ba…

💡 Bug Bounty Tip - SSRF Bypass in Webhooks Some apps block 127.0.0.1 or metadata URLs, but you can bypass it: 1️⃣ 303 Redirect → Host a page that redirects to an internal URL 2️⃣ DNS Rebinding → Use 127.0.0.1.nip.io (resolves to localhost) 3️⃣ Userinfo Injection →

💡ImHex: A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. GitHub: github.com/WerWolv/ImHex 🚀 Feature Highlights: 🔹 Hex View + C++-like Pattern Parsing 🔹 Theming, Import/Export, Bookmarks 🔹 Data Inspector & Node

I am officially now a member of best AI jailbreaking group in the world, #BT6. Thanks for having me Pliny the Liberator 🐉󠅫󠄼󠄿󠅆󠄵󠄐󠅀󠄼󠄹󠄾󠅉󠅭 and crew! 🫶

🚨🚨Critical Plesk Obsidian Flaw CVE-2025-54336 (CVSS 9.8) exposes servers to FULL compromise. Authentication logic bug lets attackers bypass admin login under specific conditions. Search by vul.cve Filter👉vul.cve="CVE-2025-54336" ZoomEye Dork👉app="Plesk Obsidian" Reveals

Bug-Hunt tips for new hunters Remote Timing Attacks for Blind Injection -> payload: `' OR IF(1=1,SLEEP(5),0)--` Use this basic exploit to detect blind SQLi or command injection. Peace and Salam✌️

WordPress site typical file/folder hierarchy

I found this blog: Ability to unlock any Google Pixel phone without knowing the passcode. Google fixed the issue in the November 5, 2022, security patch. Update your devices! Read the story: - bugs.xdavidhu.me/google/2022/11… #infosec #cybersec #bugbountytips

GoSearch: Search anyone's digital footprint across 300+ websites GitHub: github.com/ibnaleem/gosea…

Remote Code Execution in Adobe AEM Forms via CVE-2025-54253 (Struts2 DevMode misconfig: auth bypass + OGNL eval) and CVE-2025-49533 (Insecure Deserialization). Both rated critical, identified in a VDP (now patched). Original research: tinyurl.com/mprcjp9b

Just published my first blog post "Hunting for postMessage Vulnerabilities" blog.ryukudz.com/posts/postmess… It covers 11 postMessage vulnerabilities I discovered on bug bounty targets. enjoy ☕️ #BugBounty #bugbountytips #websecurity

⚠️⚠️ CVE-2025-55746: Critical Directus Flaw Exposes Servers to Unauthenticated File Upload and RCE 🎯73k+ Results are found on the en.fofa.info nearly year 🔗FOFA Link:en.fofa.info/result?qbase64… FOFA Query:app="Monospace-directus" 🔖Refer:securityonline.info/cve-2025-55746… #OSINT

🔎 OSINT Toolkit – Essential Open Source Intelligence Tools 🕵️‍♂️ Open-Source Intelligence (OSINT) focuses on collecting and analyzing publicly available data from the internet. It’s a critical skillset for cybersecurity professionals, investigators, journalists, and researchers.