Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
  • CVEs
    • Simplehelp CVE-2024-57727
    • Next.js CVE-2025-29927
Powered by GitBook
On this page
  • VPS Automation (using Screens)
  • Make a New Screen
  • Detaching the Screen
  • List the Screens
  • Get Back to Screen
  • TMUX Usage
  • Subdomains
  • Amass
  • Assetfinder
  • SubFinder
  • Gau
  • Waybackurls
  • Discover the IP Range
  • Alive Subdomains
  • HTTPX
  • Finding JS Files From a Domain
  • Nuclei
  • Nuclei Basic Command
  • Nuclei with Specific template
  1. Bug Bounty

Bug Bounty Methodology

PreviousMethodologyNextXSS

Last updated 1 month ago

VPS Automation (using Screens)

While Doing Bug Bounty There are alot of tasks which we need to automate and they take alot of time so we need to keep them running while we exit from the VPS. For this Purpose we have Screens which i use most of the times

Make a New Screen

screen -S new-screen-name

e.g

screen -S programmerboy

now you will have a new terminal and that will be your screen terminal

Detaching the Screen 

CTRL + A + D

List the Screens

screen -ls

Get Back to Screen

screen -r programmerboy

TMUX Usage

We can also use TMUX and that is very useful for bug bounty because we our processes can be running in the backend

tmux new -s <Session-name> # Make a new Session

tmux ls  # List the sessions

tmux attach -t <Session-name> # attach to the session 

tmux source-file ~/.tmux.conf # after making changes to tmux.conf file

# Prefix Key is CTRL+B

preix key + d  # detach the from tmux

prefix key + c # Create a new windows

prefix key + <number of windows>  # move to that window

Prefix Key + ,  # Rename the window

prefix key + [  # Enter Copy Mode

prefix key + % # Split Screen vertically

prefix key + " # Split Screen Horizontally

Subdomains

Amass

amass enum -brute -active -d domain.com -o amass-output.txt

Assetfinder

assetfinder --subs-only domain.com

SubFinder

subfinder -d domain.com -all

Gau 

gau --threads 5 --subs example.com |  unfurl -u domains | sort -u -o output_unfurl.txt

Waybackurls

waybackurls example.com |  unfurl -u domains | sort -u -o output.txt

Discover the IP Range

Visit this website to find the ip ranges

Alive Subdomains

HTTPX

cat domains.txt | httpx -title -wc -sc -cl -ct -location -web-server -asn -o alive-subdomains.txt

Finding JS Files From a Domain

I always find for the Javascript files whenever i am given a domain and i use a tool called GolinkFinder

GoLinkFinder -d https://domain.com

Nuclei

Nuclei Basic Command

nuclei -target 10.10.161.39

Nuclei with Specific template

nuclei -target 10.10.161.39 -t CVE-2024-57727.yaml

https://bgp.he.net/bgp.he.net
GitHub - 0xsha/GoLinkFinder: A fast and minimal JS endpoint extractorGitHub
Logo
after this you will be back in your screen