Methodology
Methodology
Methodology
  • 🧑‍🏫My Methodologies
  • 🕶️Google Dorks
  • 🌀Possible "Content-Type" Header values
  • 📜Scripts written by me for XSS
  • 🔼Subdomain Takeover
  • ✍️Tips and Write-ups
  • 🔧Tools and their Uses
  • 🎯XSS nuclei template CVE-2023-24488.yaml
  • 🕵️Recon strategies by other Hackers
    • 🔎Blind SQL Injection Detection and Exploitation (Cheat Sheet)
    • 🔎How i got more than 100 vulnerabilities in just one site? (zseano-challenge)
    • 🔎JS is l0ve ❤️.
    • 🔎My top 5 bookmarks that I consistently use for bug bounty and penetration testing.
    • 🔎Find the treasure hidden inside JavaScript
    • 🔎Deep-Subdomains-Enumeration-Methodology
    • 🔎Extensive Recon Guide For Bug Hunting
    • 🔎Finding Time Based SQLi injections : Edition 2023
    • 🔎From Self XSS to Account Take Over(ATO)
    • 🔎How I hacked NASA and got 8 bugs ?
    • 🔎How I was able to find 4 Cross-site scripting (XSS) on vulnerability disclosure program ?
    • 🔎Leakage of credential data for full control over the target.
    • 🔎Recon Like a Boss
    • 🔎Recon With Me
    • 🔎Simple Recon Methodology
    • 🔎SQL injection through HTTP headers
    • 🔎How to Get Unique Subdomains on Large scope
    • 🔎Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters
  • 🎯subdomain-enumeration
  • 🛠️CRLF
  • ❌xss
  • ⛴️Ghetto XSS Cheatsheet
  • 🚀Oneliners
Powered by GitBook
On this page

subdomain-enumeration

$ amass enum -brute -passive -d target.com | httpx -silent -status-code | tee domain.txt
$ cat domain.txt | grep 200 | cut -d "[" -f1 > urls.txt
$ gf xss domain.txt | grep -Eo 'https?://[^\"]+' > domain.txt

Track new subdomains:

gungnir -r all-domains.txt | anew all-subs.txt | tee -a new-assets.txt | notify -id asset
PreviousStatic Analysis of Client-Side JavaScript for pen testers and bug bounty huntersNextCRLF

Last updated 1 year ago

🎯