Bug Bounty Methodology

VPS Automation (using Screens)

While Doing Bug Bounty There are alot of tasks which we need to automate and they take alot of time so we need to keep them running while we exit from the VPS. For this Purpose we have Screens which i use most of the times

Make a New Screen

screen -S new-screen-name

e.g

screen -S programmerboy

now you will have a new terminal and that will be your screen terminal

Detaching the Screen

CTRL + A + D

List the Screens

screen -ls

Get Back to Screen

screen -r programmerboy

TMUX Usage

We can also use TMUX and that is very useful for bug bounty because we our processes can be running in the backend

tmux new -s <Session-name> # Make a new Session

tmux ls  # List the sessions

tmux attach -t <Session-name> # attach to the session 

tmux source-file ~/.tmux.conf # after making changes to tmux.conf file

# Prefix Key is CTRL+B

preix key + d  # detach the from tmux

prefix key + c # Create a new windows

prefix key + <number of windows>  # move to that window

Prefix Key + ,  # Rename the window

prefix key + [  # Enter Copy Mode

prefix key + % # Split Screen vertically

prefix key + " # Split Screen Horizontally

Subdomains

Amass

amass enum -brute -active -d domain.com -o amass-output.txt

Assetfinder

assetfinder --subs-only domain.com

SubFinder

subfinder -d domain.com -all

Gau

gau --threads 5 --subs example.com |  unfurl -u domains | sort -u -o output_unfurl.txt

Waybackurls

waybackurls example.com |  unfurl -u domains | sort -u -o output.txt

Discover the IP Range

Visit this website to find the ip ranges

Hurricane Electric BGP Toolkitbgp.he.net

Alive Subdomains

HTTPX

cat domains.txt | httpx -title -wc -sc -cl -ct -location -web-server -asn -o alive-subdomains.txt

Finding JS Files From a Domain

I always find for the Javascript files whenever i am given a domain and i use a tool called GolinkFinder

GitHub - 0xsha/GoLinkFinder: A fast and minimal JS endpoint extractorGitHub

GoLinkFinder -d https://domain.com

Nuclei

Nuclei Basic Command

nuclei -target 10.10.161.39

Nuclei with Specific template

nuclei -target 10.10.161.39 -t CVE-2024-57727.yaml

PreviousMethodology NextXSS

Last updated 10 months ago

hashtagVPS Automation (using Screens)

hashtagMake a New Screen

hashtagDetaching the Screen

hashtagList the Screens

hashtagGet Back to Screen

hashtagTMUX Usage

hashtagSubdomains

hashtagAmass

hashtagAssetfinder

hashtagSubFinder

hashtagGau

hashtagWaybackurls

hashtagDiscover the IP Range

hashtagAlive Subdomains

hashtagHTTPX

hashtagFinding JS Files From a Domain

hashtagNuclei

hashtagNuclei Basic Command

hashtagNuclei with Specific template