Oneliner Collections


Content Discovery:

mkdir -p subs assets
subfinder -d -all -nW -o subs/subfinder.txt
assetfinder -subs-only -d | tee subs/assetfinder.txt
amass enum -d -o subs/amass.txt
#run other subdomain tools if you want.
cat subs/*txt | sort -u > subs/all.txt
#Look for alive subdomains.
cat subs/all.txt | httpx -o assets/subs.txt
#Now let's find more assets.
cat assets/subs.txt | feroxbuster --stdin -e -w {put some good wordlist here} | tee assets/feroxbuster.txt
#For the wordlist i recomend OneListForAll:

Simple script to look for juice endpoints with gau and gf

DNS Recon and Fuzzing with FFUF in one line Fisted hand
curl -s\?q\=\%.$1\&output\=json | jq -r '.[].name_value' | gsed 's/^/https:\/\//' | sort -u | xargs -n 1 -I{} ffuf -w ~/common.txt -u {}/FUZZ -t 70 > fuzzing_domain.txt