Security is a trade-off. Choose wisely. ☕️

#infosec #SysAdmin #Linux #CyberSec

HTTP Request Smuggling is not just a WAF bypass trick.

Most people miss the real issue:

The vulnerability comes from differences in how HTTP requests are parsed between:

* reverse proxy (frontend)
* backend server

CL.TE / TE.CL are only the basic cases. The deeper issues are more subtle:

* HTTP/2 to HTTP/1.1 translation ambiguity
* parsing inconsistencies across proxy chains
* cache poisoning via request desynchronization
* session hijacking without traditional auth or RCE bugs

Core idea:
One request can be interpreted as two different requests depending on which layer processes it.

The exploit happens in that mismatch.

It is not an application bug in the usual sense.

It is a systemic parsing disagreement across the HTTP stack.

#infosec #pentesting #websecurity #bugbounty

Top 3 on Shipit this week!
GhostIntel – the API-free OSINT framework trusted by security pros.
Instantly extract & analyze public data like a pro.

👉 Try it now on Shipit: https://www.shipit.buzz/products/ghostintel
Or check the GitHub repo: https://github.com/ruyynn/GhostIntel

#OSINT #CyberSecurity #Infosec #OpenSource #GhostIntel

👻 Hey #infosec folks! GhostIntel v2.5 is out 🎉

Web UI for easy browsing
Email breach detection
Batch scanning across 129+ platforms
Still free, no API keys needed.
Check it out, try it, and let’s improve it together 🙏

https://github.com/ruyynn/GhostIntel

#OSINT #OpenSource #CyberSec #InfosecTools

Stop using ffuf with default wordlists for directory busting.

Most companies use predictable patterns:

/api/v1/, /api/v2/

/admin/, /admin-panel/

/backup/, /backups/

Build your own wordlist from observed patterns. Results improve by 10x.

#BugBounty #Recon #ProTip

Watched 3 episodes of Mr. Robot and opened the terminal like Elliot.

Then spent the next 20 minutes googling basic Linux commands.

#Infosec #CyberSecurity #Linux #MrRobot

Hey infosec folks 👋

I built VulnDraft — a free, open-source bug report generator.
MIT licensed — fork it, contribute, do whatever.

What it does:
🐞 H1/Bugcrowd/Intigriti templates
📊 CVSS calculator built-in
📄 Export MD, HTML, JSON
💻 CLI + Web GUI

MIT. Open source. Free.

Try it. Break it. Tell me what sucks.

🔗 https://github.com/ruyynn/VulnDraft

⭐️ A star helps more people find it

#BugBounty #InfoSec #OpenSource #Cybersecurity

Lately I’ve been thinking about what tool I should build next.

Earlier today while scrolling Facebook, I saw someone asking for help because they were confused about how to write a proper bug bounty report. They had already found the vulnerability, but didn’t know how to structure the report or present it clearly.

That got me thinking.

In bug bounty, finding the bug is one challenge — but **writing a clear and well-structured report is another skill entirely**.

So I started considering building a small **Bug Report Generator** to help researchers quickly create structured reports with sections like summary, steps to reproduce, PoC, impact, and clean markdown output for platforms like HackerOne or Bugcrowd.

Before I start building anything, I’m curious how other bug hunters approach reporting.

What does your ideal bug report template look like?
What sections do triagers appreciate the most?
Do you prefer minimal reports or very structured ones?

If you're a bug hunter, I'd love to hear how you write your reports.
Good reports deserve better tooling.

#infosec #bugbounty #security #bugbountytips

Hey infosec folks 👋

I’ve been working on **GhostIntel** — a free, open-source OSINT & threat-intelligence CLI framework written in Python.

MIT licensed — fork it, modify it, integrate it into your workflow.

The idea was simple: during investigations I kept jumping between multiple OSINT sites and tools, so I started building a CLI that could enrich indicators directly from the terminal.

Drop almost anything into GhostIntel and it will try to figure it out automatically:

→ username · email · phone · domain · IP

What it can do right now:

👤 Username → checks 100+ platforms in parallel
📱 Phone → carrier + region intelligence (ID · US · UK · MY · IN)
📧 Email → MX · SPF · DMARC · Gravatar · disposable detection
🌐 Domain → DNS records + HTTP status inspection
🌍 IP → geolocation · reverse DNS · RDAP (ARIN · RIPE · APNIC · LACNIC · AFRINIC) · proxy detection

📊 Reports → export investigation results to JSON · HTML · TXT

Async-powered so lookups can run concurrently.

No API keys required.
No configuration needed.
Everything uses publicly available OSINT sources.

Built from Indonesia 🇮🇩 for the global OSINT / infosec community.

If anyone here works in:

• threat intelligence
• OSINT investigations
• SOC / DFIR
• bug bounty research

I’d genuinely appreciate your feedback.

→ What sources should be added?
→ What would improve your investigation workflow?
→ Anything broken or behaving weirdly?

Suggestions, criticism, and PRs are all welcome.

🔗 https://github.com/ruyynn/GhostIntel

#OSINT #infosec #threatintel #opensource