Linux Commands Cheat sheet for Web Application Hacking
Below cheat sheet commands are useful for finding bugs in web application. These are especially used by bug bounty hunters for finding vulnerabilities in web application.
Many cyber security enthusiasts especially relating to bug bounty and penetration testing domain get confused in beginning phase to get started.
These are the commands that I used most often while penetration testing and while doing bug bounties.
So lets get started
Tools Used:
i) Subfinder
ii) Assetfinder
iii) Amass
iv) Httpx
v) Aquatone
vi) Gau
vii) Waybackurls
viii) GF
ix) ffuf
Commands Used:
> subfinder -d target.com | tee subf.txt (subdomain enumeration 1)
> assetfinder -subs-only target.com | tee ast.txt (subdomain enum 2)
> amass enum — passive -d target.com | tee amass.txt (subdomain enum 3)
> cat subf.txt ast.txt amass.txt | sort -u | tee subdomains.txt (sorting sudomains)
> cat subdomains.txt | httpx | tee liveSubdomains.txt (filtering live subdomains)
> cat liveSubdomains.txt | aquatone (taking screenshot of subdomains)
> cat liveSubdomains.txt | gau | tee gau.txt (fetching urls 1)
> cat liveSubdomains.txt | waybackurls | tee wayback.txt (fetching urls 2)
> cat gau.txt wayback.txt | sort -u | fff | tee urls.txt (sorting)
> cat urls.txt | gf xss | tee xss.txt (xss vulnerable endpoints)
> cat urls.txt | gf ssrf| tee ssrf.txt (ssrf vulnerable endpoints)
> cat urls.txt | gf upload-fields| tee upload-fields.txt (upload-fieldsss vulnerable endpoints)
> cat urls.txt | gf sqli| tee sqli.txt (sqli vulnerable endpoints)
> cat urls.txt | gf rce| tee rce.txt (rce vulnerable endpoints)
> ffuf -u https://target.com/FUZZ -w /root/Desktop/wordlistlocationfile.txt (fuzzing)
Bonus Dorks
i) inurl /bug bounty, inurl:security “reward” — -> for finding bug bounty programs
ii) ssl:“target.com” — -> shodan dorks
iii) [ “target.com” password ], [*.target.com], [“target.com” key], [“target.com” credentials] — -> github dorks for sensitive disclosure
iv) seclists — -> payload
v) Project Discovery — -> For finding bug bounty targets
Thanks.
Shubham Dhungana
Cyber Security Researcher