👑 OFJAAAH 👑

I am very happy for the donation I had from @zseano I am very grateful because I am inspired by you, my friend, always a good man. Thank you for everything and I wish you many good things, be well my friend and thank you very much. I was very happy. #bugbounty #twitch

Introducing: Browser Use CLI 2.0 🔥 The most efficient browser automation CLI tool > 2x the speed, half the cost > Easily connect to running Chrome > Uses direct CDP Try it now 🔗↓

This is how you can get started: >Point Claude Code at any bug bounty target. >It maps the attack surface, runs your scanners, validates findings through a 4-gate checklist, and writes submission-ready reports >all from a single conversation. github.com/shuvonsec/clau…

Brilliant, worth checking!! #BugBounty

🕵️‍♂️ graphql-cop: Automated Security Auditing for GraphQL APIs I came across graphql-cop, a Python 🐍 tool that automatically tests GraphQL endpoints for common vulnerabilities. It helps security researchers quickly identify misconfigurations without manually crafting attack queries. 🔍 What it detects: 🧠 Introspection exposure (schema leaks) ⚡ Alias overloading & batching abuse (DoS vectors) 🐛 Debug/tracing modes left enabled 🌐 GET-based query execution (CSRF risks) 💡 Field suggestion leaks & misconfigurations For bug bounty hunters 🏴‍☠️ and pentesters, tools like this provide a fast baseline of GraphQL-specific attack surfaces. But remember—automated scanning is just the first step. The real impact comes from manual testing of authorization logic, query complexity, and business logic flaws 🎯 📦 Source: github.com/dolevf/graphql… #BugBounty #GraphQL #APIsecurity #AppSec #InfoSec

🚨BREAKING: Someone just opensource'd a platform that replaces your entire DevOps monitoring stack. It's called xyOps. Job scheduling + workflow automation + server monitoring + alerting + incident response -- one self-hosted dashboard. When an alert fires, it auto-attaches running jobs, server snapshots, CPU load, and network data. One Docker command to deploy. Scales from 5 servers to 5,000. No SaaS fees. No telemetry. No paywalls. 100% Opensource.

IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

The AI-powered hacking space is moving fast. CAI was already pretty solid, and Strix just dropped last week. 👉 CAI: github.com/aliasrobotics/… 👉 Strix: github.com/usestrix/strix Anyone tried these yet?

Forcing Quirks Mode with PHP Warnings + CSS Exfiltration without Network Requests blog.arkark.dev/2025/09/08/asi… Published author writeup for pure-leak in ASIS CTF Quals 2025!

Just released Wayback-Recon – my Burp Suite extension to pull historical URLs from the Wayback Machine directly into Burp with the better ui. Perfect for recon during manual bug hunting and works seamlessly with my other tools Passive Recon. github.com/aditisingh2707…

Audit your Active Directory in minutes with ADPulse. This open-source tool runs 35 automated security checks via LDAP(S) to uncover critical misconfigurations. meterpreter.org/beyond-the-per…

Acabei de rodar localmente o Qwen3.5-27B destilado do Claude 4.6 Opus via Ollama. 27 bilhoes de parametros, reasoning chain-of-thought visivel, ~10 tokens/segundo no MacBook. Modelo open source com capacidade de raciocinio de nivel laboratorio bilionario rodando na sua maquina. Isso e o futuro da IA descentralizada.

BOOM! New open source model! We are testing this now at The Zero-Human Company! Qwen3.5-27B-Claude-4.6-Opus-Reasoning-Distilled. This Frankenstein of an AI model runs fast local consumer hardware! More soon! huggingface.co/Jackrong/Qwen3…

@hakluke @xnl_h4ck3r 4️⃣ JSAnalyzer JSAnalyzer by @_jensec automatically extracts API endpoints, secrets, URLs, and sensitive files from JS responses, with smart noise filtering to reduce false positives! 🤠 🔗 github.com/jenish-sojitra…

Hey guys, I just launched argosdns.io - if you are into IT security, bug bounty hunting, red teaming, ... this is interesting for you! argosdns.io

High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 459 detection rules with live credential validation. github.com/praetorian-inc…

I made a Burp extension to automatically check for Maps/Gemini API key leaks, this will check to see if any keys have access to the generative language APIs and report any issues as high. github.com/njcve/gkey-burp #bugbounty

Burp plugin

Ngl this looks pretty cool github.com/praetorian-inc…

I hear tale Google API keys may make you $$ in bounty now: trufflesecurity.com/blog/google-ap… Anybody pulled this off yet?