Terrons
Tiniest blog
Osint to PWN
[X] BigAnt admin hardcoded credentials
[X] Find vulnerable admin login panels
[X] Android Debug Bridge misconfiguration
[X] Cassandra exposed databases auth-free
[X] Find exposed discord webhooks
[X] Firebase misconfiguration
[X] Find FTP servers with anonymous login allowed
[X] Jenkins misconfig leads to RCE
[X] Many exposed MongoDBs
[X] Access SMB servers auth-free
[X] ALGO IP Speakers & more with hardcoded passwords
[X] SIMATIC HMI default credentials
[X] Explore AXIS open IP Cameras on Google
[X] Hunt exposed Files with Directory Listing
[X] Find open Redis istances
[X] Find exposed files on Rsync
[X] Thousands of misconfigured Elasticsearch instances
[X] There are many public S3 buckets
Misc & tools
CVE POCs
About Me