Current Project | Recon Script

Gather subdomains, use httpx to filter all these into their respective status codes etc, gather
indexed URLs from multiple API's and then finally use aquatone for a domain flyover

This is my current project, along with this website. I started bug hunting Jan 1st 2024, as I slowly built my skills with real world pentesting I realised that the methodology I followed for TryHackMe CTF's doesnt not apply for real world engagements, I needed to change the way I thought about web-apps. I did research online, took inspiration from other bug hunters and their methodology and taught myself bash (I was going to make this in python originally) so I can easily write out all the commands I needed to be executed without importing libraries.

I tried adding as much as I can to the script, any bug bounty one liners I find online I chuck in. This script has helped me find XSS and open redirect, HTMLI, authentication bypass and has sped up my recon 100 times over. I don't perform any automated testing with this script, except for light open redirect checks using other tools from github. Use this tool with your own risk as sometimes bug hunting programs only allow 5 reqs per second etc, anway enjoy!