Donato Scaramuzzo

📌 My Top Burp Suite Extension 1. Autorize 2. JS Miner 3. Param Miner 4. Reshaper (just discovered) 5. 403 Bypasser 6. HTTP Request Smuggler 7. Wsdler 8. Backslash Powered Scanner #pentesting #cybersecurity #burpsuite #BugBounty

90+ recon modules 48 secret-regex patterns 80+ dorks 9 read-only credential validators 27 attack-path templates 5,500+ lines of structured tradecraft. Might be helpful. Try: github.com/elementalsouls…

The $20/month Claude plan is enough. But only if you stop making these 17 mistakes: 1: You upload PDFs raw. One page = 3,000 tokens. Fix: Paste the text into a Google doc. Download as .md format. Under 200 tokens. 2: You build files inside Cowork too early. Fix: Plan in Chat first. Move to Cowork only when you know exactly what you want. 3: You write 500-word prompts that reload. Fix: Write 29 words instead: "I want to [task] to [goal]. Ask me questions using AskUserQuestion." 4: You say "redo the whole thing" to correct part 3. Fix: "Only redo section 3. Keep everything else. No commentary. Just the output." 5: You send 3 separate messages for 3 tasks. Fix: One message, three tasks. "Summarize this, list the points, suggest a headline." 6: You type "No, I meant," stacking on the history. Fix: Click 'Edit' on your original message. Fix it. Regenerate. History replaced, not added. 7: You use the Opus model for a grammar check. Fix: Sonnet or Haiku for quick tasks. Save Opus + Extended Thinking for deep work. 8: You dump 50 files into Cowork "just in case." Fix: Only include what this task needs. Zero folders for quick tasks like email drafts. 9: You never restart fresh & keep having long chats. Fix: Every 15-20 messages → summarize, copy the brief, start a fresh session. 10: You keep 3 topics in 1 chat. Claude re-reads all. Fix: New topic = new chat. Always. Dead context is dead tokens. 11: Your about-me file is 22,000 words (too long). Fix: Trim to under 2,000 words. End sessions with "Write a session-notes.md." Paste my .md file prompt: ruben.substack.com/p/how-to-stop-… 12: You leave search & connectors on by default. Fix: Default everything off. Turn features on per task, not per account. 13: You upload the same PDF to 5 different chats. Fix: Use Projects. Upload once. Every chat inside references it without re-burning tokens. 14: You skip Personal Preferences & waste setup. Fix: Settings → Personal Preferences. Set your tone and style once. It persists forever. 15: You rewrite prompts from scratch every time. Fix: Keep a prompt library. Same structure, swap the variable. Stable prompts get cached. 16: You manually run the same report every week. Fix: Use /schedule. "Every Monday at 7am, create my weekly briefing." Wake up to a finished doc. 17: You use Claude for things it can't do. Fix: Know your tools. Images → Gemini. Real-time search → Grok. Stop burning tokens on dead ends. ----- To download all of my Claude infographics: Step 1. Go to how-to-ai.guide. Step 2. Subscribe for free. Don't pay anything. Step 3. Open my welcome email (most skip this). Step 4. Hit the automatic reply button inside. Step 5. Download my infographics from my Notion. Bonus. Enjoy my best copy-paste prompts, too.

well thats fucking it - anthropic has officially replaced software engineers. claude is now a 24 hr autonomous coding agent. claude can now operate your entire computer and CLAUDE CODE = end-to-end software engineering: - claude writes the code for you - then literally opens the app it coded - clicks through the entire app and find bugs - then fixes the bugs and improves the app in hours. previously claude generated code, you run it and give claude feedback. thats completely gone now. all in a continuous loop without leaving your terminal 😂 we're barely through monday. well done lol

The OSAI+ syllabus is finally here! Every module includes hands-on labs designed to mirror how real AI systems are built, integrated, and attacked in production environments ⚔️ And if you haven't already heard: OSAI+ is available now in pre-sale, with an exclusive pre-release offer on our [Extended] Course & Certification Bundle. Get 120 days of course + lab access for the price of 90 for a limited time only. Offer ends March 30 when bundle returns to 90 days of access. 💸 Purchase through pre-sale: portal.offsec.com/checkout/produ… 🔍 Learn more: offsec.com/courses/OSAI/

I have been doing bug bounty since 2011 and ran a program for a multinational bank. Put everything I've learned into bugbounty.info. Target selection, recon pipelines, chain patterns, report templates, the business side. Free, no paywall, no course upsell.

This is huge for iOS pentesting and #bugbounty hunting. You no longer need iPhones with specific older versions for jb. Which was a major PITA.

AI won't replace the human intuition needed to find bugs, but it will amplify the hackers who use it. If you are new to this, start small with n8n to remove friction from your workflow.👇

Captures Android network traffic without proxies or certificates github.com/ProxymanApp/at…

how to build a bootstrapped startup without funding: 1. pick a problem you personally have. if you don't use your own product daily, quit now 2. skip the pitch deck. open your code editor. ship something ugly in a weekend 3. charge money from day 1. free users give you nothing but support tickets 4. use boring tech. PHP, SQLite, vanilla JS. frameworks are a trap that mass waste your time 5. host on cheap VPS ($5-20/mo). not AWS. you don't need kubernetes for 1,000 users 6. do customer support yourself. it's the fastest product feedback loop that exists 7. automate everything you do more than twice. cron jobs > employees. 8. grow on Twitter/X by building in public. your journey IS the marketing 9. keep your burn rate near zero so you never need to raise. ramen profitable > series A 10. say no to investors, cofounders, and "advisors" who want equity for intros i've been doing this for 10+ years now. no employees, no funding, no board meetings the entire VC game is designed to make you think you need permission to start you don't

Here's a freebie tip on building agents in any AI framework: Mindmap your agent flow. Order of operations, tools, variables, file paths, backup workflows... all has to be documented in .md or prompts to make them repeatable and amazing.

claude cowork crash course in 49 seconds for building out your ideas

Static JS analysis just got smarter. jsluice is a Go-based tool that parses JavaScript using ASTs to extract endpoints, secrets, and interesting artifacts — no noisy regex scraping. 🔗source: github.com/BishopFox/jslu… Perfect for bug bounty hunters who actually read JS instead of just grepping it. 🔎⚡ If you’re serious about client-side recon, this deserves a spot in your toolkit. #BugBounty #AppSec #JavaScript #Recon

Each of the big 3 (Gemini, Anthropic, ChatGPT) have 3 different ways they want you to use AI. ChatGPT wants to keep you inside a chatbox. That's their entire goal. That's why they are putting ads in chat, instead of trying to connect ChatGPT to everything. Anthropic wants you to connect claude to everything you own. They want to become the center of your AI world. Plus, they want to become the platform everyone uses to build. Think "The AI OS". That's why they built MCP, Agents and Cowork. It's also why they don't have a really good "Talk to Claude" feature. At least on par with ChatGPT or Gemini Google on the other hand, does not actually want you to use the Gemini App. They want you to use Gemini in their other products. Gmail, Google Search, Google Docs, Excel, etc. This is why each of them excels at different things. ChatGPT will double down on trying to make the best possible chatting experience. They will try to get you to experience the inteenet from inside a chatbot Claude will try to get you to use them to build anything. Skills, Agents, MCP...the whole shebang. Gemini will try to get you to use different products with the same account. Opal, Antigravity, NoteBookLM, Gemini in Meet, Excel, Drive, etc. They don't even have a dedicated projects folder ffs, and their chatbot is meh. So, depending on what you are trying to do, pick the best one.

AI wrapped 2025: – MCP became the USB port for AI – vibe coding is now the default method to build software – more agents: we started letting AI "work" for us – AI learned how to "think" before it speaks – programming changed forever – OpenAI, Anthropic, and Google are in a race – context windows got massive as now you can give an AI a 2,000-page book or a whole folder of videos – we ran out of internet to train on – we have enough chips, but we don't have enough electricity – RLVR > RLHF – we haven't achieved AGI yet

THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free. Updated monthly. Try: curl ip.thc.org/1.1.1.1 Raw data (187GB): ip.thc.org/docs/bulk-data… (The fine work of messede 👌)

instead use this way~ cat domains.txt | httpx-toolkit -silent -sc -td | grep -Ei "Next\.js|React" cat domains.txt | httpx-toolkit -silent -sc -td | grep -Ei "Next\.js|React" | awk '{print $1}' | nuclei -t .local/nuclei-templates/http/cves/2025/CVE-2025-55182.yaml -silent after this use manual payloads+bypass methods or simply use extension..

🚩 #React2Shell 🌐📡 → Censys (+270K assets): services.http.response.headers: (key: `Vary` and value.headers: `RSC, Next-Router-State-Tree`) → Shodan (+380K assets): "Vary: RSC, Next-Router-State-Tree"