# Bug Bounty Methodology
## VPS Automation (using Screens)
While Doing Bug Bounty There are alot of tasks which we need to automate and they take alot of time so we need to keep them running while we exit from the VPS. For this Purpose we have **Screens** which i use most of the times
### Make a New Screen
```
screen -S new-screen-name
e.g
screen -S programmerboy
```
now you will have a new terminal and that will be your screen terminal
### Detaching the Screen
```
CTRL + A + D
```
### List the Screens
```
screen -ls
```
### Get Back to Screen
```
screen -r programmerboy
```
after this you will be back in your screen
## TMUX Usage
We can also use TMUX and that is very useful for bug bounty because we our processes can be running in the backend
```python
tmux new -s # Make a new Session
tmux ls # List the sessions
tmux attach -t # attach to the session
tmux source-file ~/.tmux.conf # after making changes to tmux.conf file
# Prefix Key is CTRL+B
preix key + d # detach the from tmux
prefix key + c # Create a new windows
prefix key + # move to that window
Prefix Key + , # Rename the window
prefix key + [ # Enter Copy Mode
prefix key + % # Split Screen vertically
prefix key + " # Split Screen Horizontally
```
## Subdomains
### Amass
```python
amass enum -brute -active -d domain.com -o amass-output.txt
```
### Assetfinder
```
assetfinder --subs-only domain.com
```
### SubFinder
```
subfinder -d domain.com -all
```
### Gau
```
gau --threads 5 --subs example.com | unfurl -u domains | sort -u -o output_unfurl.txt
```
### Waybackurls
```
waybackurls example.com | unfurl -u domains | sort -u -o output.txt
```
## Discover the IP Range
Visit this website to find the ip ranges
{% embed url="" %}
## Alive Subdomains
### HTTPX
```
cat domains.txt | httpx -title -wc -sc -cl -ct -location -web-server -asn -o alive-subdomains.txt
```
## Finding JS Files From a Domain
I always find for the Javascript files whenever i am given a domain and i use a tool called GolinkFinder
{% embed url="" %}
```python
GoLinkFinder -d https://domain.com
```
## Nuclei
### Nuclei Basic Command
```
nuclei -target 10.10.161.39
```
### Nuclei with Specific template
```
nuclei -target 10.10.161.39 -t CVE-2024-57727.yaml
```
#### Nuclei with list of domains
```
nuclei -l targets.txt -o nuclei_results.txt
```
#### Nuclei Stealth Scan
```python
nuclei -l domains.txt -tags cve,misconfig,takeover -severity critical,high -rl 50 -c 10 -no-interactsh -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)" -o nuclei_results.txt
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://notes.programmersecurity.com/bug-bounty/bug-bounty-methodology.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.