berikut ini tips tools melakukan research bug bounty
curl -s https://crt.sh\?q\=\%.$1\&output\=json | jq -r '.[].name_value' | gsed 's/^/https:\/\//' | sort -u | xargs -n 1 -I{} ffuf -w ~/common.txt -u {}/FUZZ -t 70 > fuzzing_domain.txt
./github-subdomains.py -t APIKEY -d http://att.com | httpx -silent | xargs -I@ -P20 sh -c 'gospider -a -s "@" -d 2' | grep -Eo "(http|https)://[^/\"].*.js+" | sed "s#\] \- #\n#g" | anew | grep "http://att.com"
https://github.com/gwen001/github-search
https://github.com/MrCl0wnLab/SimpleReconSubdomain
httpx -ports 80,443,8009,8080,8081,8090,8180,8443 -l domain -timeout 5 -threads 200 --follow-redirects -silent | gargs -p 3 'gospider -m 5 --blacklist pdf -t 2 -c 300 -d 5 -a -s {}' | anew stepOne
apktool d com.uber -o uberApk;grep -Phro "(https?://)[\w\.-/]+[\"'\`]" uberApk/ | sed 's#"##g' | anew | grep -v "w3\|android\|github\|http://schemas.android\|google\|http://goo.gl"
gospider -S domain.txt -t 3 -c 100 | tr " " "\n" | grep -v ".js" | grep "https://" | grep "=" | qsreplace '%22>' 
chaos -d http://att.com | httpx -silent | xargs -I@ -P20 sh -c 'gospider -a -s "@" -d 2' | grep -Eo "(http|https)://[^/\"].*.js+" | sed "s#\] \- #\n#g" | anew | grep "http://att.com"
subfinder -d http://tesla.com -silent | httpx -timeout 3 -threads 300 --follow-redirects -silent | xargs -I% -P10 sh -c 'hakrawler -plain -linkfinder -depth 5 -url %' | grep "tesla"
assetfinder -subs-only http://tesla.com -silent | httpx -timeout 3 -threads 300 --follow-redirects -silent | xargs -I% -P10 sh -c 'hakrawler -plain -linkfinder -depth 5 -url %' | grep "tesla"
psql -A -F , -f querycrt -h http://crt.sh -p 5432 -U guest certwatch 2>/dev/null | tr ', ' '\n' | grep twitch | anew
chaos -d http://paypal.com -bbq -filter-wildcard -http-url | xargs -I@ -P5 sh -c ‘gospider -a -s “@” -d 3’
xargs -P 500 -a pay.txt -I@ sh -c 'nc -w1 -z -v @ 443 2>/dev/null && echo @' | xargs -I@ -P10 sh -c 'gospider -a -s "https://@" -d 2 | grep -Eo "(http|https)://[^/\"].*.js+" | sed "s#\] \- #\n#g" | anew'curl “https://recon.dev/api/search?key=apiKEY&domain=paypal.com…” |jq -r ‘.[].rawDomains[]’ | sed ‘s/ //g’ | anew |httpx -silent | xargs -I@ gospider -d 0 -s @ -c 5 -t 100 -d 5 –blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt | grep -Eo ‘(http|https)://[^/”]+’ | anew
nmap -sV -p 22 -Pn -T5 --script=ssh* -v 192.168.1.110
get metadata facebook
read the source code + extract metadata RESULTS:
-CMS in use(in most cases)
-IT technologies
-e-mail addresses
-subdomains
-social media accounts
-Digital files
wget -r -m -nv https://facebook.com
OSCP Notes
https://github.com/tbowman01/OSCP-PWK-Notes-Public
OSCP Notes
https://github.com/Technowlogy-Pushpender/oscp-notes
list of useful commands, shells and notes related to OSCP
https://github.com/s0wr0b1ndef/OSCP-note
Notes for taking the OSCP in 2097
https://github.com/dostoevskylabs/dostoevsky-pentest-notes
My OSCP notes
https://github.com/tagnullde/OSCP
credit: @cry__pto-CTF Cheatsheet:
https://github.com/uppusaikiran/awesome-ctf-cheatsheet
-Pentesting Cheatsheet:
https://gist.github.com/jeremypruitt/c435aefa2c2abaec02985d77fb370ec5
-Hacking Cheatsheet:
https://github.com/kobs0N/Hacking-Cheatsheet
-Hashcat-Cheatsheet:
https://github.com/frizb/Hashcat-Cheatsheet
-Wireshark Cheat Sheet:
https://github.com/security-cheatsheet/wireshark-cheatsheet
credit: @cry__ptoJustTryHarder:
https://github.com/sinfulz/JustTryHarder
PWK-CheatSheet:
https://github.com/ibr2/pwk-cheatsheet
kali linux cheatsheet:
https://github.com/NoorQureshi/kali-linux-cheatsheet
Hydra-Cheatsheet:
https://github.com/frizb/Hydra-Cheatsheet
Security Tools Cheatsheets:
https://github.com/jayeshjodhawat/security-tools-cheatsheets
credit: @cry__pto-1-A Red-Teamer diaries:
https://github.com/ihebski/A-Red-Teamer-diaries
-2-Awesome Windows Red Team:
https://github.com/marcosValle/awesome-windows-red-team
-3-Redteam/Pentesting/Hacking/Cybersecurity/OSINT Resources:
https://gist.github.com/teixeira0xfffff/feb7daa8b834bb89bc08671f7d168177
-4-Pentest-Tools:
https://github.com/S3cur3Th1sSh1t/Pentest-Tools
credit: @cry__ptoOSINT-RECON:
https://github.com/T43cr0wl3r/OSINT-RECON
Cheat Sheet For Password Crackers:
https://gist.github.com/crunchprank/61a0ca3f6087b49fabb2
Pentesting Pratic Notes (Cheatsheet):
https://github.com/mucahittopal/Pentesting-Pratic-Notes
Bug Bounty Cheat Sheet:
https://github.com/dsopas/bugbounty-cheatsheet
OSINT Collection:
https://github.com/Ph055a/OSINT_Collection
credit: @cry__ptoOSINT-RECON:
https://github.com/T43cr0wl3r/OSINT-RECON
Cheat Sheet For Password Crackers:
https://gist.github.com/crunchprank/61a0ca3f6087b49fabb2
Pentesting Pratic Notes (Cheatsheet):
https://github.com/mucahittopal/Pentesting-Pratic-Notes
Bug Bounty Cheat Sheet:
https://github.com/dsopas/bugbounty-cheatsheet
OSINT Collection:
https://github.com/Ph055a/OSINT_Collection
credit: @cry__pto-1-Pentest-Cheat-Sheets:
https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets
-2-Web Application Cheatsheet (Vulnhub):
https://github.com/Ignitetechnologies/Web-Application-Cheatsheet
-3- A cheatsheet with commands that can be used to perform kerberos attacks :
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
credit: @cry__pto-1-pentest cheat sheet :
https://gist.github.com/githubfoam/4d3c99383b5372ee019c8fbc7581637d
-2-Tcpdump cheat sheet :
https://gist.github.com/jforge/27962c52223ea9b8003b22b8189d93fb
-3-tcpdump - reading tcp flags :
https://gist.github.com/tuxfight3r/9ac030cb0d707bb446c7
-4-CTF-Notes - Hackers Resources Galore:
https://github.com/TheSecEng/CTF-notes
credit: @cry__ptoFor every domain in file domains.txt, print CIDR and Organization (one-liner):
https://gist.github.com/stevemcilwain/c9b6c3023e1f06d5ac42b05e8f7a0bb4
- linux notes and cheatsheet :
https://gist.github.com/joshschmelzle/b758d9e42c048b2a196c6100de1562a8
- Find all the IP ranges on an ASN:
https://gist.github.com/haomingz/36ad9ab13b302e73e58c
credit: @cry__pto#chrome addons for #Hacking:
-archive.is Button
Wayback Machine
OpenSource Intelligence
EXIF Viewer
Wappalyzer
Shodan
FoxyProxy
emailhunter
Email Extractor
Emailfinder
HackBar
Cookies Manager
iMacros
FirePHP
User-Agent Switcher
BuiltWith
fullcontact
Censys
credit: @cry__pto-1-linux notes.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/Linux%20Notes.pdf
-2-windows notes.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/Windows%20Notes.pdf 
