/Bug-Bounty-Scripts

The scripts I write to help me on my bug bounty hunting

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Bug Bounty scripts

The scripts I write to help me on my bug bounty hunting.

Usage:

cors.py: PoC generator for misconfigured CORS

Use: python cors.py https://example.com/api


jscollect: Grabs js file endpoints found from gau, then uses SecretFinder to analyze them for secrets.

Use: bash jcollect subs.txt


lazy.sh: Combining subfinder, assetfinder, crobat-client and subbrute for subdomain discovery and subjack for subdomain takeover discovery. It then uses httprobe to discover responsive domains, feeds them to waybackurls and anti-burl and grabing possible vulnerable SSRF or Open Redirection endpoints. I tried to do an all-in-one thing ¯\_(ツ)_/¯

Use: bash lazy.sh subdomain.com


ids.py: Originally used to find all possible hex values/IDs of a product (writeup here and on my website). Now it's a more general approach on finding all possible user IDs

Use: python3 ids.py [all possible characters in an ID value] [length of the ID value string]


Featured tools:

P.S. curl https://raw.githubusercontent.com/victoni/Bug-Bounty-Scripts/master/penguin