Bug Bounty Methodology
VPS Automation (using Screens)
While Doing Bug Bounty There are alot of tasks which we need to automate and they take alot of time so we need to keep them running while we exit from the VPS. For this Purpose we have Screens which i use most of the times
Make a New Screen
screen -S new-screen-name
e.g
screen -S programmerboy
now you will have a new terminal and that will be your screen terminal
Detaching the Screen
CTRL + A + D
List the Screens
screen -ls
Get Back to Screen
screen -r programmerboy
TMUX Usage
We can also use TMUX and that is very useful for bug bounty because we our processes can be running in the backend
tmux new -s <Session-name> # Make a new Session
tmux ls # List the sessions
tmux attach -t <Session-name> # attach to the session
tmux source-file ~/.tmux.conf # after making changes to tmux.conf file
# Prefix Key is CTRL+B
preix key + d # detach the from tmux
prefix key + c # Create a new windows
prefix key + <number of windows> # move to that window
Prefix Key + , # Rename the window
prefix key + [ # Enter Copy Mode
prefix key + % # Split Screen vertically
prefix key + " # Split Screen Horizontally
Subdomains
Amass
amass enum -brute -active -d domain.com -o amass-output.txtAssetfinder
assetfinder --subs-only domain.comSubFinder
subfinder -d domain.com -allGau
gau --threads 5 --subs example.com | unfurl -u domains | sort -u -o output_unfurl.txtWaybackurls
waybackurls example.com | unfurl -u domains | sort -u -o output.txtDiscover the IP Range
Visit this website to find the ip ranges
Alive Subdomains
HTTPX
cat domains.txt | httpx -title -wc -sc -cl -ct -location -web-server -asn -o alive-subdomains.txt Finding JS Files From a Domain
I always find for the Javascript files whenever i am given a domain and i use a tool called GolinkFinder
GoLinkFinder -d https://domain.com 
Nuclei
Nuclei Basic Command
nuclei -target 10.10.161.39
Nuclei with Specific template
nuclei -target 10.10.161.39 -t CVE-2024-57727.yaml
Last updated