🐛Bug Bounty Tips: Using "Waymore" to discover more security Issues🌐
In the bug bounty world, having the right tools is essential. While there are many useful ones like waybackurls and gau, let's focus on "waymore" from
@xnl_h4ck3r today. It's a handy tool for finding archived URLs, and it can give you an advantage when hunting for bugs.
🕵️♂️ Why "waymore"? It's my favorite tool for deep investigations. Whether I'm exploring a specific target or a new area, "waymore" helps me collect ALL the archived URLs I need.
Here's where "waymore" gets its data:
📜 Wayback Machine (
web.archive.org): It stores old versions of websites, which can be a goldmine.
🌐 Common Crawl (
index.commoncrawl.org): This resource has a massive amount of web data.
🛸 Alien Vault OTX (
otx.alienvault.com): It offers threat intelligence, including valuable URL data.
🔎 URLScan (
urlscan.io): This service scans and analyzes websites, giving you crucial insights.
Now, let's dive into using "waymore":
Installation is straightforward:
git clone https://github[.]com/xnl-h4ck3r/waymore.git
cd waymore
sudo python
setup.py install
sudo pip3 install -r requirements.txt
Once it's set up, you can run "waymore" on your target like this:
python3
waymore.py -i target[.]com -mode U
If you want to go deeper, use -mode R to download all archived responses. This sets the stage for local analysis, where you might uncover hidden treasures like passwords or forgotten APIs. 💎
But what's next in your bug bounty journey? 🤔
1️⃣ One-Liner Magic: Check out this list of one-liners at
github.com/dwisiswant0/aweso…. You can apply these to your "waymore" dataset. With a bit of automation, you'll be surprised by the results! 🚀
2️⃣ Testing Tools: Use tools like dalfox, try out nuclei templates, and other XSS detection methods to find vulnerabilities like XSS, SQLI, SSTI, and more.
3️⃣ Custom Searches: Create your checklist for specific keywords like "user," "admin," "orderId=," "id=," "login," "signup," and others. Tailor your searches to what matters most.
4️⃣ Dive into JS: Look at .JS (JavaScript) files, find API endpoints, and test them for issues like IDORs, information leaks, or hardcoded credentials. The details matter.
And if you haven't found any bugs yet? 🤷♂️ Don't worry; there are many creative paths to explore within this dataset. Stay tuned for more insights!
Key Takeaways: Gathering URLs is your secret weapon in bug bounty hunting. Always include testing archived URLs in your research and testing methods – you'll be amazed at what you discover. 🚀
#BugBounty #InfoSec #Cybersecurity #HackerOne #BugCrowd #BugBountyTips