Bug Bounty - Recon Automation

Developed for educational purposes only (use it ethically)

This repository contains automated shell scripts for recon in bug bounty hunting. The process is structured and takes input from a targets.txt file. These scripts are optimized for wildcard domains and designed to be run sequentially, where each step builds on the output of the previous one.

Step-by-Step Usage

1. Prepare your target list

Create a targets.txt file containing your target domains, one per line:

nano targets.txt

Automation Process

Run the recon scripts in the following order. Each script uses output files generated by the previous step.

Basic Recon (Level 1)

This script performs subdomain enumeration, live host checking, nuclei scanning, and wayback URL gathering.

bash basic.sh

Output files:

• subdomains.txt — Discovered subdomains
• live.txt — Live domains verified via HTTP
• nuclei.txt — Nuclei scan results (panels, takeovers, CVEs, exposures)
• wayback.txt — URLs fetched from Wayback Machine
• params.txt — URLs with parameters extracted from wayback URLs

Advanced Recon (Level 2)

This script performs deep endpoint discovery, JavaScript secret hunting, parameter analysis with gf patterns, Dalfox XSS scanning, and header misconfiguration analysis.

bash advanced.sh

Output files:

• deep-endpoints.txt — Endpoints discovered via katana, hakrawler, and gau
• jsfiles.txt — JavaScript files extracted from wayback URLs
• secret-js.txt — Potential secrets found in JavaScript files
• gf-xss.txt, gf-ssrf.txt, gf-redirect.txt — Parameter filters using gf patterns
• dalfox-xss.txt — Dalfox XSS scan report
• headers.txt — HTTP header analysis for CORS, CSP, and other misconfigurations

Happy hunting! 🚀