Bug Bounty Methodology

Last updated 7 months ago

Bug Bounty Methodology

VPS Automation (using Screens)

While Doing Bug Bounty There are alot of tasks which we need to automate and they take alot of time so we need to keep them running while we exit from the VPS. For this Purpose we have Screens which i use most of the times

Make a New Screen

screen -S new-screen-name

e.g

screen -S programmerboy

now you will have a new terminal and that will be your screen terminal

Detaching the Screen

CTRL + A + D

List the Screens

screen -ls

Get Back to Screen

screen -r programmerboy

TMUX Usage

We can also use TMUX and that is very useful for bug bounty because we our processes can be running in the backend

tmux new -s <Session-name> # Make a new Session

tmux ls  # List the sessions

tmux attach -t <Session-name> # attach to the session 

tmux source-file ~/.tmux.conf # after making changes to tmux.conf file

# Prefix Key is CTRL+B

preix key + d  # detach the from tmux

prefix key + c # Create a new windows

prefix key + <number of windows>  # move to that window

Prefix Key + ,  # Rename the window

prefix key + [  # Enter Copy Mode

prefix key + % # Split Screen vertically

prefix key + " # Split Screen Horizontally

Subdomains

Amass

amass enum -brute -active -d domain.com -o amass-output.txt

Assetfinder

assetfinder --subs-only domain.com

SubFinder

subfinder -d domain.com -all

Gau

gau --threads 5 --subs example.com |  unfurl -u domains | sort -u -o output_unfurl.txt

Waybackurls

waybackurls example.com |  unfurl -u domains | sort -u -o output.txt

Discover the IP Range

Visit this website to find the ip ranges

Alive Subdomains

HTTPX

cat domains.txt | httpx -title -wc -sc -cl -ct -location -web-server -asn -o alive-subdomains.txt

Finding JS Files From a Domain

I always find for the Javascript files whenever i am given a domain and i use a tool called GolinkFinder

GoLinkFinder -d https://domain.com

PreviousMethodology NextXSS

Last updated 7 months ago