HOSTING YOUR OWN VPS WITHOUT A VPS

Every Bug Bounty Hunter wants to maximize his recon, hunt more and report more bugs. Owning a VPS is a great choice, but what if you can't buy one ? Still want to automate your Hunting Process ? Well, you have come to the perfect spot. Hello Hackers, I am Harsh Parekh , known as notmarshmllow, here to assist you with your automation and Report more bugs. Let's dive into the process.

Let me begin with a little story. As of late, my laptop was in a bad way and so I wasn’t able to Hack, till I purchase a new beast for me. Here, the real deal was how could I be productive instead of wasting my time until my new laptop shows up ? Goofing around isn’t my thing and so, sitting around helplessly was really demotivating. At that point one day, I had a talk with another Hacker friend of mine who suggested me to continue Hacking using a phone.

Back in the time when I was fledgling, I came across Termux - an Android Terminal Emulator and Linux Environment App. In the wake of conversing to my companion, the idea of automating my entire process with my phone using Termux just flew in my mind and yes, I had the option to do it !

I immediately installed all my tools that I used for my Reconnaissance Process and wrote a Bash Script to automate the entire bug hunting process.

This additionally helped me in automating my bug chasing process for huge scope targets for longer time. The script will ceaselessly run in background.

1. Enumerating all Subdomains.
2. Discovering live Subdomains.
3. Brute-forcing for directories and files in recursive mode.
4. Use one liners from KingOfBugBounty and other Repositories for finding more Vulnerabilities.
5. takeover by m4ll0k to find Subdomain Takeover.
6. Finding Endpoints and Secrets in JavaScript files.

Tip : Create distinctive Scripts for different Vulnerabilities, so that you can keep the scan running in different sessions in Termux, once all the Live Subdomains are identified.

This is the most basic part, you can automate more according to your requirements.

I found it difficult to set-up GOLANG Path Variables. Hence, I have used all tools built using Python , developed a custom wordlist and wrote some Bash and Python Scripts of my own. Also, my phone is NOT Rooted.

That's all with the process. Wasn't it really simple ? Let the script accomplish it's work and continue checking the discoveries each one or then again two hour.

Hope you find this helpful. Follow me on Twitter @notmarshmllow

HACK CONSTANTLY !