Show Menu
Cheatography
  1. Home >
  2. Cheat Sheets >

Bug Bounty Hunter's Cheat Sheet Cheat Sheet (DRAFT) by

Bug Bounty Hunter's cheat sheet by @hunt4p1zza. This aims to help bug bounty hunters perform common actions or injections or checks quickly.

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Recon

Amass Intel
amass intel -active -p 80,81,­443­,59­1,2­082­,20­87,­209­5,2­096­,30­00,­800­0,8­001­,80­08,­808­0,8­083­,84­43,­883­4,8888 -config /root/­ama­ss/­con­fig.ini -whois -d <DO­MAI­N>
Amass Subs (Passi­ve/­Quick)
amass enum -passive -df ./doma­ins.txt -config /root/­ama­ss/­con­fig­pas­siv­e.ini
Amass Subs (Activ­e/S­low­er/­Tho­rough)
amass enum -active -brute -w /root/­dns­_li­sts­/al­l.txt -df ./doma­ins.txt -config /root/­ama­ss/­con­fig.ini -o ./amas­s_r­esu­lts.txt -p 80,443­,80­00,­808­0,8443 -dir ./amass
Reverse Subdomains Lookup
Google Dork
site:*.*.<­EX­AMP­LE>.com
GitHub Search (@gwen001, git repo)
for d in $(cat parent­_do­mai­ns.t­xt); do python3 ./gith­ub-­end­poi­nts.py -t <GI­T_A­PI_­TOK­EN> -d "­$d"; done
 
GAU GetAllUrls (bash loop over)
for d in $(cat domain­s.txt); do getallurls "­$d"; done | tee -a getall­url­s.txt
 

ffuf Magic

Ffuf tunnel
ssh -nNTvR 9090:l­oca­lho­st:8081 root@<­IP>
 
ffuf <CO­MMA­ND> -repla­y-proxy http:/­/lo­cal­hos­t:9090