无标题

Create domain.txt list

copy past from HACKERONE

subfinder / feroxbuster /dirseach / gobuster

subfinder -dL domain.txt -all -recursive -a subdomain.txt

Check total value

cat subdomain.txt | wc -l

Copy from crt.sh website and reduce same domain

curl -s https://crt.sh/\?q=amazon.com\&output\=json | jq -r ‘.[].name_value’ | grep -Po ‘(w+.\w+.\w+)$’ | anew > subdomain.txt

Read and list down status code for webdomain

cat subdomains.txt | httpx-toolkit -l subdomains.txt -ports 80,443,8000,8080,8888, –threads 200 > subdomains_alive.txt

List and direct scan with nmap (-sV, -sC)

naabu -list subdomains.txt -c 50 -nmap-cli ‘nmap -sV -sC’ -o naabu-full.txt

Dirsearch and searching possible domains

dirsearch -l subdomains_alive.txt -x 500,502,429,404,400 -R 5 –random-agent -t 100 -F -o directory.txt -w /usr/share/wordlists/onelistforallshort.txt

Create param list # # Params = hash lists

cat subdomain.alive.txt | gau > param.txt

Organize params.txt

cat params.txt | uro -o filterparam.txt

Create jsfile.txt

cat filterparam.txt | grep “.js$” > jsfiles.txt

Filter double file

cat jsfiles.txt | uro | anew jsfiles.txt

Secret Finder

cat jsfiles.txt | while read url; do python3 /home/inquisitive/SecretFinder/SecretFinder.py -i $url -o cli >> secret.txt; done

Nuclei

nuclei -list filterparam.txt -c 70 -rl 200 -fhr -lfa -t /home/inquisitive/Custom-Nuclei-Templates/ -o nuclei.txt -es info