3 min readNov 23, 2022


Hello all, My name is Mahmoud Attia aka 0xelkot

This is a short story about how to automate your recon stuff and get more vulnerabilities.

Everyone doing the same circle story with any changing,

  • Find Subdomains.
  • Get alive subs.
  • Nuclei all alive subs.
  • Get Dublicates!!

So what we will do then ??!!

Think Out of The Box

There are a lot of tools testing Generic vulnerabilities and get a wonderful results.

One of this tools is xray, This is a fantastic tool to test Generic vulnerabilities with a crawler built-in with it.

This is some results from it.

So this is an Interesting adventure, Let’s make a script to automate all of it to test some bug bounty programs.

Firstly making a nice recon results to find subdomainds







subfinder -d $1 -silent | anew /root/$1/subs.txt

assetfinder -subs-only $1 | anew /root/$1/subs.txt

amass enum -passive -d $1 | anew /root/$1/subs.txt

python sublist3r.py -d $1| anew /root/$1/subs.txt

github-subdomains -t <github token> -d $1 | anew /root/$1/subs.txt

Then checking open ports and get live hosts



cat /root/$1/subs.txt | naabu -p — -silent | anew open-ports.txt

cat open-ports.txt | httpx -silent | anew alive.txt

Finally checking vulnerabilities

here we have two types of vulnerabilities:

1- CVEs and Misconfigurations .

2- Generic Vulnerabilities.

Everyone can find CVEs via Nuclei , but you can make your Own templates or use the others templates NOT only project discovery templates.

Cent is a tool collect all templates of nuclei from others Repos on GitHub and make it in one repo to test all nuclei templates on GitHub and validate all results later, So you will get an amazing results.

cat alive.txt | nuclei -t /path/to/cent/ -es info | anew nuclei-results.txt

Xray crawl every host and test generic vulnerabilities for all params on URL and Body request.

for i in $(cat /root/$1/alive.txt); do xray_linux_amd64 ws — basic-crawler $i — plugins xss,sqldet,xxe,ssrf,cmd-injection,path-traversal — ho $(date +”%T”).html ; done

Now, You can automate bug hunting process and be focus in something else.

This is the script from Github

For any question you can DM me at twitter 0xElkot

See y’all next time till then.

Happy Hacking ❤




InfoSec Engineer | Security Researcher

Recommended from Medium


See more recommendations