The scripts I write to help me on my bug bounty hunting.
cors.py: PoC generator for misconfigured CORS
Use: python cors.py https://example.com/api
jscollect: Grabs js file endpoints found from gau, then uses SecretFinder to analyze them for secrets.
Use: bash jcollect subs.txt
lazy.sh: Combining subfinder, assetfinder, crobat-client and subbrute for subdomain discovery and subjack for subdomain takeover discovery. It then uses httprobe to discover responsive domains, feeds them to waybackurls and anti-burl and grabing possible vulnerable SSRF or Open Redirection endpoints. I tried to do an all-in-one thing ¯\_(ツ)_/¯
Use: bash lazy.sh subdomain.com
ids.py: Originally used to find all possible hex values/IDs of a product (writeup here and on my website). Now it's a more general approach on finding all possible user IDs
Use: python3 ids.py [all possible characters in an ID value] [length of the ID value string]
Featured tools:
P.S. curl https://raw.githubusercontent.com/victoni/Bug-Bounty-Scripts/master/penguin