Automation of some bug bounty tools for my personal use. Below, you can find the short documentation and requirements of each tools.
- Give an argument to run the scripts. Example: ./script_name.sh example.com or -h
Combination of domain enumeration tools including amass with asn number enumeration. It requires you to configure your own amass config file with API keys. If you don't put your API keys, you will get less results.
Note: Do not forget to change some of the relative paths such as amass config path to your own.
Required Tools to run the script:
- Amass
- Sublist3r.py
- Assetfinder
- subfinder
This shell script that I've written is calling an API from "https://api.recon.dev" to find sub-domains of given domain. https://api.recon.dev is being hosted by Nahamsec
Combination of useful one-liner commands to gather js paths then use it to create a wordlist for further enumeration.
Required Tools to run the script:
- hakrawler
- getjswords.py
Combination of useful one-liner commands to gather js paths then use it to create a wordlist for further enumeration. You can use both getjs_paths_words script to get output then sort unique to have more results.
Required Tools to run the script:
- gau
- getjswords.py
- httpx
The script is using three different sub-domain enumeration tool, saves the output of both tool and sort as unique to give you more results about sub-domains.
Note: It has absolute path for Subilst3r.py which is /root/opt/ directory, if you are using different path to store your tools then don't forget to change it.
Required Tools to run the script:
- Sublist3r.py
- Assetfinder
- subfinder
API calls to https://rapiddns.io with the given domain name such as example.com
Another useful one-liner to find all URL from the domain and put "xss" word to potential vulnerable parameters.
Usage : Give a file as an argument such as, ./xsstest.sh domain.txt
Required Tools to run the script:
- gau
If you are pleased with this work, you can buy me a coffee :)
