OneLinerBounty
OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skills and efficiency. Contribute your own tips or use these to streamline your workflow and uncover more vulnerabilities. #BugBounty #Cybersecurity #HackTips #SecurityResearch #OneLinerBugBounty #OneLinerBounty
Install / Use
/learn @yogsec/OneLinerBountyREADME
Why OneLiners?
In the world of bug bounty hunting, time is precious. Short, impactful tips can make all the difference. Here, you'll find quick insights that can easily be referenced when you're diving into a new target, testing a feature, or looking to refine your methodology.
<div align="center" style="margin: 30px 0;"> <a href="https://www.whatsapp.com/channel/0029Vb68FeRFnSzGNOZC3h3x"> <img src="https://img.shields.io/static/v1?style=for-the-badge&message=WhatsApp+Channel&color=25D366&logo=whatsapp&logoColor=FFFFFF&label=" alt="WhatsApp Channel"> </a> <a href="https://t.me/HackerSecure"> <img src="https://img.shields.io/static/v1?style=for-the-badge&message=Telegram+Channel&color=24A1DE&logo=telegram&logoColor=FFFFFF&label=" alt="Telegram Channel"> </a> <a href="https://www.linkedin.com/in/cybersecurity-pentester/"> <img src="https://img.shields.io/static/v1?style=for-the-badge&message=LinkedIn&color=0A66C2&logo=LinkedIn&logoColor=FFFFFF&label=" alt="LinkedIn"> </a> <a href="https://linktr.ee/yogsec"> <img src="https://img.shields.io/static/v1?style=for-the-badge&message=LinkTree&color=25D366&logo=linktree&logoColor=FFFFFF&label=" alt="LinkTree"> </a> <a href="https://x.com/home"> <img src="https://img.shields.io/static/v1?style=for-the-badge&message=X&color=000000&logo=x&logoColor=FFFFFF&label=" alt="X"> </a> <a href="mailto:abhinavsingwal@gmail.com?subject=Hi%20YogSec%20,%20nice%20to%20meet%20you!"> <img src="https://img.shields.io/static/v1?style=for-the-badge&message=Gmail&color=EA4335&logo=Gmail&logoColor=FFFFFF&label=" alt="Email"> </a> <a href="https://yogsec.github.io/yogsec/"> <img src="https://img.shields.io/static/v1?style=for-the-badge&message=Website&color=FFFFC5&logo=Firefox&logoColor=000000&label=" alt="Website"> </a> </div>Misconfigurations, Tech Detection, and Common Bugs
If you want wider coverage, like misconfigurations, tech detection, and common bugs, change the template path to -t vulnerabilities/:
cat urls.txt | httpx -silent -mc 200 | nuclei -silent -t vulnerabilities/ -o results.txt
Subdomain Takeovers - Quick Check
Want to check for subdomain takeovers in one line?
subfinder -d example.com | httpx -silent | nuclei -silent -t takeovers/ -o takeover.txt
Subdomain Discovery + Live Check
For subdomain discovery with live check:
subfinder -d target.com | httpx -silent -mc 200
Subdomain Takeover Detection
Detect subdomain takeovers:
subfinder -d target.com | httpx -silent | nuclei -silent -t takeovers/
Directory Bruteforce (Content Discovery)
For directory bruteforce:
ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -mc 200
Find Open Redirects (Quick Scan)
To quickly find open redirects:
cat urls.txt | gf redirect | httpx -silent
XSS Detection (Using Dalfox)
For XSS detection using Dalfox:
cat urls.txt | dalfox pipe --skip-bav --only-poc
SQL Injection Discovery
For SQL Injection discovery:
cat urls.txt | gf sqli | sqlmap --batch --random-agent -m -
Subdomain Takeovers - Quick Check
Want to check for subdomain takeovers in one line?
subfinder -d example.com | httpx -silent | nuclei -silent -t takeovers/ -o takeover.txt
Subdomain Discovery + Live Check
For subdomain discovery with live check:
subfinder -d target.com | httpx -silent -mc 200
Subdomain Takeover Detection
Detect subdomain takeovers:
subfinder -d target.com | httpx -silent | nuclei -silent -t takeovers/
Directory Bruteforce (Content Discovery)
For directory bruteforce:
ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -mc 200
Find Open Redirects (Quick Scan)
To quickly find open redirects:
cat urls.txt | gf redirect | httpx -silent
XSS Detection (Using Dalfox)
For XSS detection using Dalfox:
cat urls.txt | dalfox pipe --skip-bav --only-poc
SQL Injection Discovery
For SQL Injection discovery:
cat urls.txt | gf sqli | sqlmap --batch --random-agent -m -
Find Sensitive Files (Backup, Config, etc.)
To find sensitive files like backups and configuration files:
cat urls.txt | waybackurls | grep -Ei '\.(bak|old|backup|log|env|sql|config)$'
CORS Misconfiguration Detection
To detect CORS misconfigurations:
cat urls.txt | corscanner
Detect Technologies + Possible CVEs
To detect technologies and possible CVEs:
cat urls.txt | httpx -silent -title -tech-detect | nuclei -silent -t cves/
Parameter Discovery (for further testing)
To discover parameters for further testing:
cat urls.txt | waybackurls | uro | grep '?'
Full Recon Chain (Subdomains + Live Check + Technologies + Titles)
For full recon chain:
subfinder -d target.com | httpx -silent -title -tech-detect
Subdomain Enum + Ports Scan (Fast)
For a fast subdomain enumeration and port scan:
subfinder -d target.com | naabu -silent -top-ports 1000
All URLs from Wayback, CommonCrawl, and AlienVault
To get all URLs from Wayback, CommonCrawl, and AlienVault:
gau target.com | tee urls.txt
Find Secrets in JS Files
To find secrets in JS files:
cat urls.txt | grep '\.js$' | httpx -silent | xargs -I{} bash -c 'curl -s {} | tr "[:space:]" "\n" | grep -Ei "(api|key|token|secret|password|passwd|authorization)="'
Find Open AWS Buckets
To find open AWS buckets:
subfinder -d target.com | httpx -silent | nuclei -silent -t s3-detect.yaml
Find Misconfigured Login Panels
To find misconfigured login panels:
cat urls.txt | nuclei -silent -t exposed-panels/
Check All Parameters for Reflected XSS
To check all parameters for reflected XSS:
cat urls.txt | gf xss | dalfox pipe --skip-bav --only-poc
Check for Exposed Git Repositories
To check for exposed Git repositories:
cat urls.txt | httpx -silent -path "/.git/config" -mc 200
Extract All Parameters from URLs (for manual testing)
To extract all parameters from URLs for manual testing:
cat urls.txt | uro | grep '?'
Takeover Domains from Subdomain List
To perform takeover checks on domains from a subdomain list:
cat subdomains.txt | nuclei -silent -t takeovers/
Find CVEs Based on Technology
To find CVEs based on technology:
cat urls.txt | httpx -silent -title -tech-detect | nuclei -silent -t cves/
Find Top Ports + Services for All Subdomains (Recon + Port Scan)
To find the top ports and services for all subdomains:
subfinder -d target.com | naabu -top-ports 1000 -silent
Extract All Endpoints from JS Files (JS Analysis)
To extract all endpoints from JS files for analysis:
cat urls.txt | grep '\.js$' | httpx -silent | xargs -I{} bash -c 'curl -s {} | grep -oE "(/api/v[0-9]+/[^\"'\'']+|/[a-zA-Z0-9_/.-]+\.(php|aspx|jsp|html|json|xml|txt))"'
Subdomain Discovery + Live Check
For subdomain discovery with live check:
subfinder -d target.com | httpx -silent -mc 200
Subdomain Takeover Detection
Detect subdomain takeovers:
subfinder -d target.com | httpx -silent | nuclei -silent -t takeovers/
Directory Bruteforce (Content Discovery)
For directory bruteforce:
ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -mc 200
Find Open Redirects (Quick Scan)
To quickly find open redirects:
cat urls.txt | gf redirect | httpx -silent
XSS Detection (Using Dalfox)
For XSS detection using Dalfox:
cat urls.txt | dalfox pipe --skip-bav --only-poc
SQL Injection Discovery
For SQL Injection discovery:
cat urls.txt | gf sqli | sqlmap --batch --random-agent -m -
Find Sensitive Files (Backup, Config, etc.)
To find sensitive files like backups and configuration files:
cat urls.txt | waybackurls | grep -Ei '\.(bak|old|backup|log|env|sql|config)$'
CORS Misconfiguration Detection
To detect CORS misconfigurations:
cat urls.txt | corscanner
Detect Technologies + Possible CVEs
To detect technologies and possible CVEs:
cat urls.txt | httpx -silent -title -tech-detect | nuclei -silent -t cves/
Parameter Discovery (for further testing)
To discover parameters for further testing:
cat urls.txt | waybackurls | uro | grep '?'
Full Recon Chain (Subdomains + Live Check + Technologies + Titles)
For full recon chain:
subfinder -d target.com | httpx -silent -title -tech-detect
Subdomain Enum + Ports Scan (Fast)
For a fast subdomain enumeration and port scan:
subfinder -d target.com | naabu -silent -top-ports 1000
All URLs from Wayback, CommonCrawl, and AlienVault
To get all URLs from Wayback, CommonCrawl, and AlienVault:
gau target.com | tee urls.txt
Find Secrets in JS Files
To find secrets in JS files:
cat urls.txt | grep '\.js$' | httpx -silent | xargs -I{} bash -c 'curl -s {} | tr "[:space:]" "\n" | grep -Ei "(api|key|token|secret|password|passwd|authorization)="'
Find Open AWS Buckets
To find open AWS buckets:
subfinder -d target.com | httpx -silent | nuclei -silent -t s3-detect.yaml
Find Misconfigured Login Panels
To find misconfigured login panels:
cat urls.txt | nuclei -silent -t exposed-panels/
Check All Parameters for Reflected XSS
To check al
Security Score
Audited on Mar 19, 2026