Bug Bounty - GitBook
Ir al canal en Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Mostrar más7 461
Suscriptores
+424 horas
+357 días
+17030 días
Archivo de publicaciones
7 464
🔴Replace subdomains.txt with the filename of your subdomains list.
#!/bin/bash
go install -v github.com/tomnomnom/anew@latest
subdomain_list="subdomains.txt"
for sub in $( ( cat $subdomain_list | rev | cut -d '.' -f 3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 && cat subdomains.txt | rev | cut -d '.' -f 4,3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 ) | sed -e 's/^[[:space:]]*//' | cut -d ' ' -f 2);do
subfinder -d $sub -silent -max-time 2 | anew -q passive_recursive.txt
assetfinder --subs-only $sub | anew -q passive_recursive.txt
amass enum -timeout 2 -passive -d $sub | anew -q passive_recursive.txt
findomain --quiet -t $sub | anew -q passive_recursive.txt
done7 464
🔖Subdomain Enumeration - Recursive
💡Note:
This technique is only useful when your target has a large number of multi-level subdomains(not effective for small & medium scope targets). Execute this technique as the final step.🧑💻Workflow: 🔴Step-1
Read the list of subdomains from the file "subdomains.txt".🔴Step-2
Process the subdomains in two steps: a) Find the Top-10 most frequent occuring Second-Level Domain names with the help of tools like cut, sort, rev, uniq, etc. b) Find the Top-10 most frequent occuring Third-Level domains.🔴Step-3
Now run passive subdomain enumeration on these 10 Second-level domain names and 10 Third-level domain names using tools like amass, subfinder, assetfinder, findomain.🔴Step-4
Keep appending the results to passive_recursive.txt file.🔴Step-5
Now after finding out the a list of domain names, run puredns to DNS resolve them and find the alive subdomains. Replace subdomains.txt with the filename of your subdomains list.👇🏻Check the Example Script on the next post.
7 464
💠 Command Injection: Leveraging OS Commands for Exploits
🔗 https://hacklido.com/blog/989-command-injection-leveraging-os-commands-for-exploits
7 464
■■■■□ Leaking the email of any YouTube user for $10,000.
https://brutecat.com/articles/leaking-youtube-emails
7 464
► DVWA Lab16 — XSS Stored — Pentest
Published: Thu, 13 Feb 2025 11:01:38 GMT
Link: https://medium.com/p/e41788f32faf
7 464
► Day 8: Self-XSS + Login & Logout CSRF + OAuth Hijacking
Published: Thu, 13 Feb 2025 08:47:41 GMT
Link: https://medium.com/p/83c848ad9a1e
7 464
Exclusive
👻🥳HTB Academy - Senior Web Penetration Tester learning path🌐☄️ 👻🥳 Download Full Course Now
