You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1.Grab all the subdomains i.e, subfinder -d domain.com | tee -a domains.txt
2.Grap all alive domains i.e, cat domains.txt | httpx -status-code | grep 200 | cut -d " " -f1 | tee -a alive.txt
3.Run nuclei basic-detection,panels,workflows,cves templates differently and store results in different file. i.e, cat alive.txt | nuclei -t nuclei-templates/workflows | tee -a workflows.
4.Read each output carefully with patience.
5.Find interest tech used by target. i.e, jira
6.put that link into browser check the version used by target.
7.Go on google search with jira version exploit.
8.grep the cves
9.Go to twitter in explore tab search CVE(that you found from google) poc or CVE exploit
10.Go to google and put cve or some details grab from twitter for a better poc read writeups related to that.
11.Try all cves if success report it.:)
Resources:Google,Youtube,Twitter,Medium and My yesterday Bug Experience.
