├── README.md └── main.sh /README.md: -------------------------------------------------------------------------------- 1 | # HunterX 2 | King of Bug Bounty Tips Simple Tool 3 | 4 | ## Command: 5 | 6 | git clone https://github.com/CyberSecurityUP/HunterX 7 | 8 | bash main.sh 9 | 10 | 1 - Install Requeriments 11 | 12 | 2 - Tricks and Tips 13 | 14 | 3 - Automation Recon 15 | 16 | 4 - Credits 17 | 18 | ## King of Bug Bounty Tips Repository 19 | 20 | https://github.com/KingOfBugbounty/KingOfBugBountyTips 21 | 22 | ### Tool under construction and update 23 | -------------------------------------------------------------------------------- /main.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | while :; do 3 | echo "Welcome to HunterX" 4 | echo "Simple Tool based King of bug bounty Tips" 5 | echo "Create by Joas Antonio" 6 | echo "Version 1.0" 7 | echo "" 8 | echo "1 - Install Requeriments" 9 | echo "2 - Tricks and Tips" 10 | echo "3 - Automation Recon" 11 | echo "4 - Credits" 12 | echo "" 13 | read -p "Select Options: " option 14 | echo "" 15 | if [ $option -eq 1 ]; 16 | then 17 | echo "Install Go" 18 | echo "" 19 | apt-get update && apt-get install go -y 20 | echo "" 21 | echo "Download Amass" 22 | echo "" 23 | go get -v github.com/OWASP/Amass 24 | cd $GOPATH/src/github.com/OWASP/Amass 25 | go install ./... 26 | echo "" 27 | echo "Download Anew" 28 | go get -u github.com/tomnomnom/anew 29 | echo "" 30 | echo "Assetfinder" 31 | go get -u github.com/tomnomnom/assetfinder 32 | echo "" 33 | echo "Axiom" 34 | bash <(curl -s https://raw.githubusercontent.com/pry0cc/axiom/master/interact/axiom-configure) 35 | echo "" 36 | echo "Chaos" 37 | GO111MODULE=on go get -v github.com/projectdiscovery/chaos-client/cmd/chaos 38 | echo "" 39 | echo "Findomain" 40 | wget https://github.com/findomain/findomain/releases/latest/download/findomain-linux 41 | chmod +x findomain-linux 42 | ./findomain-linux 43 | echo "" 44 | echo "Httpx" 45 | GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx 46 | echo "" 47 | echo "Waybackupurls" 48 | go get github.com/tomnomnom/waybackurls 49 | echo "" 50 | echo "Subfinder" 51 | go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest 52 | echo "" 53 | echo "Ffuf" 54 | go get -u github.com/ffuf/ffuf 55 | echo "" 56 | echo "Hakcrawler" 57 | go install github.com/hakluke/hakrawler@latest 58 | echo "" 59 | echo "Gospider" 60 | echo "" 61 | GO111MODULE=on go get -u github.com/jaeles-project/gospider 62 | elif [ $option -eq 2 ]; 63 | then 64 | echo "Tips and Tricks Recon" 65 | echo "" 66 | echo "1 - Oneliner Haklistgen" 67 | echo "2 - Using x8 to Hidden parameters discovery" 68 | echo "3 - Search .json gospider filter anti-burl" 69 | echo "4 - Search .json subdomain" 70 | echo "5 - Axiom Recon" 71 | echo "6 - Search .js using" 72 | echo "7 - Download all domains to bounty chaos" 73 | echo "8 - Search subdomains in cert.sh" 74 | echo "9 - Chaos to search subdomains check cloudflareip scan port" 75 | echo "10 - Search to files using assetfinder and ffuf" 76 | read -p "Select Recon option: " recon 77 | echo "" 78 | if [ $recon -eq 1 ]; 79 | then 80 | echo "Oneliner Haklistgen" 81 | echo "----------------------------------------------------------------" 82 | echo "subfinder -silent -d domain | anew subdomains.txt | httpx -silent | anew urls.txt | hakrawler | anew endpoints.txt | while read url; do curl $url --insecure | haklistgen | anew wordlist.txt; done cat subdomains.txt urls.txt endpoints.txt | haklistgen | anew wordlist.txt;" 83 | echo "----------------------------------------------------------------" 84 | echo "" 85 | elif [ $recon -eq 2 ]; 86 | then 87 | echo "Using x8 to Hidden parameters discovery" 88 | echo "----------------------------------------------------------------" 89 | echo "assetfinder domain | httpx -silent | sed -s 's/$/\//' | xargs -I@ sh -c 'x8 -u @ -w params.txt -o enumerate'" 90 | echo "----------------------------------------------------------------" 91 | echo "" 92 | elif [ $recon -eq 3 ]; 93 | then 94 | echo "----------------------------------------------------------------" 95 | echo "Search .json gospider filter anti-burl" 96 | echo "gospider -s https://twitch.tv --js | grep -E '\.js(?:onp?)?$' | awk '{print $4}' | tr -d '[]' | anew | anti-burl" 97 | echo "----------------------------------------------------------------" 98 | echo "" 99 | elif [ $recon -eq 4 ]; 100 | then 101 | echo "----------------------------------------------------------------" 102 | echo "Search .json subdomain" 103 | echo "assetfinder http://tesla.com | waybackurls | grep -E '\.json(?:onp?)?$' | anew" 104 | echo "----------------------------------------------------------------" 105 | echo "" 106 | elif [ $recon -eq 5 ]; 107 | then 108 | echo "Axiom recon" 109 | echo "----------------------------------------------------------------" 110 | echo "findomain -t domain -q -u url ; axiom-scan url -m subfinder -o subs --threads 3 ; axiom-scan subs -m httpx -o http ; axiom-scan http -m ffuf --threads 15 -o ffuf-output ; cat ffuf-output | tr "," " " | awk '{print $2}' | fff | grep 200 | sort -u" 111 | echo "----------------------------------------------------------------" 112 | echo "" 113 | elif [ $recon -eq 6 ]; 114 | then 115 | echo "----------------------------------------------------------------" 116 | echo "Search .js using" 117 | echo "assetfinder -subs-only DOMAIN -silent | httpx -timeout 3 -threads 300 --follow-redirects -silent | xargs -I% -P10 sh -c 'hakrawler -plain -linkfinder -depth 5 -url %' | awk '{print $3}' | grep -E '\.js(?:onp?)?$' | anew" 118 | echo "----------------------------------------------------------------" 119 | echo "" 120 | elif [ $recon -eq 7 ]; 121 | then 122 | echo "Download all domains to bounty chaos" 123 | echo "----------------------------------------------------------------" 124 | echo "curl https://chaos-data.projectdiscovery.io/index.json | jq -M '.[] | .URL | @sh' | xargs -I@ sh -c 'wget @ -q'; mkdir bounty ; unzip '*.zip' -d bounty/ ; rm -rf *zip ; cat bounty/*.txt >> allbounty ; sort -u allbounty >> domainsBOUNTY ; rm -rf allbounty bounty/ ; echo '@OFJAAAH'" 125 | echo "----------------------------------------------------------------" 126 | echo "" 127 | elif [ $recon -eq 8 ]; 128 | then 129 | echo "Search subdomains in cert.sh" 130 | echo "----------------------------------------------------------------" 131 | echo "'curl -s "https://crt.sh/?q=%25.att.com&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | httpx -title -silent | anew'" 132 | echo "----------------------------------------------------------------" 133 | echo "" 134 | elif [ $recon -eq 9 ]; 135 | then 136 | echo "Chaos to search subdomains check cloudflareip scan port" 137 | echo "----------------------------------------------------------------" 138 | echo "chaos -silent -d paypal.com | filter-resolved | cf-check | anew | naabu -rate 60000 -silent -verify | httpx -title -silent" 139 | echo "----------------------------------------------------------------" 140 | echo "" 141 | elif [ $recon -eq 10 ]; 142 | then 143 | echo "Search to files using assetfinder and ffuf" 144 | echo "----------------------------------------------------------------" 145 | echo "'assetfinder att.com | sed 's#*.# #g' | httpx -silent -threads 10 | xargs -I@ sh -c 'ffuf -w path.txt -u @/FUZZ -mc 200 -H 'Content-Type: application/json' -t 150 -H 'X-Forwarded-For:127.0.0.1'" 146 | echo "----------------------------------------------------------------" 147 | echo "" 148 | else 149 | echo "Finish" 150 | fi 151 | elif [ $option -eq 4 ]; 152 | then 153 | echo "" 154 | echo "Credits: https://github.com/KingOfBugbounty/KingOfBugBountyTips" 155 | echo "" 156 | fi 157 | done 158 | --------------------------------------------------------------------------------