MCPcopy
hub / github.com/KingOfBugbounty/KingOfBugBountyTips

github.com/KingOfBugbounty/KingOfBugBountyTips @main sqlite

repository ↗ · DeepWiki ↗
18 symbols 49 edges 4 files 1 documented · 6%
README

KingOfBugBountyTips

Tactical Recon

The Ultimate Bug Bounty Reconnaissance Arsenal

"In the shadows we hunt, in the code we trust"


Stars Forks Last Commit License


Telegram | Twitter | YouTube | LinkedIn


DoD VDP Scope

DoD Vulnerability Disclosure Program | KingRecon DOD

Full DoD Scope - 19 Domains

# BBRF Scope - All DoD Domains
bbrf inscope add '*.af.mil' '*.army.mil' '*.marines.mil' '*.navy.mil' '*.spaceforce.mil' '*.ussf.mil' '*.pentagon.mil' '*.osd.mil' '*.disa.mil' '*.dtra.mil' '*.dla.mil' '*.dcma.mil' '*.dtic.mil' '*.dau.mil' '*.health.mil' '*.ng.mil' '*.uscg.mil' '*.socom.mil' '*.dds.mil' '*.yellowribbon.mil'
Military Branches DoD Agencies Support Commands
*.af.mil - Air Force *.pentagon.mil - Pentagon HQ *.dtic.mil - Tech Info Center
*.army.mil - Army *.osd.mil - Office of SecDef *.dau.mil - Acquisition Univ
*.marines.mil - Marines *.disa.mil - Defense Info Systems *.health.mil - Military Health
*.navy.mil - Navy *.dtra.mil - Threat Reduction *.ng.mil - National Guard
*.spaceforce.mil - Space Force *.dla.mil - Logistics Agency *.uscg.mil - Coast Guard
*.ussf.mil - Space Force *.dcma.mil - Contract Management *.socom.mil - Special Operations

Security Notice

This repository is for EDUCATIONAL and AUTHORIZED testing ONLY. Always obtain proper authorization before testing.

📜 Click to read our Security Policy & Guidelines

✅ Permitted Use Cases

  • Authorized Bug Bounty Programs - HackerOne, Bugcrowd, Intigriti, etc.
  • Authorized Penetration Testing - With written permission
  • Personal Lab Environments - Your own infrastructure
  • Educational Purposes - Learning and research
  • DoD VDP Program - Following program rules

❌ Prohibited Activities

  • Unauthorized Testing - Testing without explicit permission
  • Malicious Intent - Using techniques for harm or theft
  • Out-of-Scope Testing - Testing targets outside program scope
  • Social Engineering - Unless explicitly allowed in program
  • DoS/DDoS Attacks - Resource exhaustion attacks

📋 Responsible Disclosure Guidelines

  1. Read the Program Policy - Always review scope and rules
  2. Test Safely - Don't cause harm to production systems
  3. Document Everything - Keep detailed notes of your findings
  4. Report Privately - Use official channels for disclosure
  5. Give Time to Fix - Allow vendors reasonable time to patch
  6. Be Professional - Maintain ethical standards

🔒 Report Security Issues

Found a security issue in this repository? Please report it responsibly:

Report Issue


📚 Table of Contents

Click to expand navigation

Section Description
About Project overview and goals
Quick Start Get started in 5 minutes
Required Tools Essential toolset
BBRF Scope DoD DoD scope configuration
Subdomain Enumeration Finding subdomains
JavaScript Recon JS file analysis
XSS Detection Cross-site scripting
SQL Injection SQLi techniques
SSRF & SSTI Server-side attacks
Web Crawling Deep crawling methods
Parameter Discovery Hidden params
Content Discovery Sensitive files
Nuclei Scanning Automated scanning
API Security Testing API vulnerabilities
Cloud Security AWS, GCP, Azure
Automation Scripts Ready-to-use scripts
Bash Functions Shell productivity
New Oneliners 2026 CVE-2026 exploits & techniques
Oneliners 2024-2025 Previous techniques
February 2026 CVE Discovery Latest CVE recon oneliners
Search Engines Hacker search engines
Wordlists Best wordlists
Resources Books, courses, blogs

🎯 About

╔═══════════════════════════════════════════════════════════════╗
║                 🎯 MISSION STATEMENT 🎯                       ║
╠═══════════════════════════════════════════════════════════════╣
║  Share elite bug bounty techniques from world-class hunters   ║
║  Build the most comprehensive one-liner collection           ║
║  Empower the security research community                     ║
╚═══════════════════════════════════════════════════════════════╝

Our main goal is to share tips from well-known bug hunters. Using advanced recon methodology, we discover subdomains, APIs, tokens, and vulnerabilities that are exploitable. We aim to influence and educate the community with powerful one-liner techniques for better understanding and faster results.

🏆 What Makes This Repository Special?

Oneliners 💎 Curated Commands Battle-tested from real hunters Methodology 🎯 Full Methodology Recon to exploitation Updated 🔄 Constantly Updated New techniques weekly Community 🌍 Community Driven Top hunters worldwide

📦 Special Resources

BugBuntu KingRecon Contribute

📊 Repository Highlights

📈 Click to see detailed statistics

Category Count Status
One-Liners 400+ ✅ Active
Techniques 50+ ✅ Active
Tools Covered 100+ ✅ Active
CVE Examples 20+ ✅ Active
DoD Domains 19 ✅ Active
Contributors Growing 🚀 Growing
Last Update 2026 ✅ Current

🚀 Quick Start

⚡ Get your first recon running in under 5 minutes

1️⃣ Install Tools

Time

2️⃣ Run Recon

Time

3️⃣ Find Bugs

Time
# 📥 Step 1: Install essential tools (ProjectDiscovery Suite)
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

# 🔍 Step 2: Run your first reconnaissance chain
subfinder -d target.com -silent | httpx -silent | nuclei -severity critical,high

# 🎉 Step 3: Analyze results and profit!
# Check the output for vulnerabilities and start reporting!

🎬 Want a complete automated workflow? Click here!

# 🚀 Advanced Quick Start - Complete Recon Pipeline
TARGET="target.com"

# Subdomain enumeration with multiple sources
subfinder -d $TARGET -all -silent | \
httpx -silent -title -status-code -tech-detect -follow-redirects | \
tee subdomains_live.txt

# Deep crawling and parameter discovery
cat subdomains_live.txt | katana -silent -d 3 -jc | \
grep -E '\\.js$' | \
httpx -silent -mc 200 | \
tee js_files.txt

# Vulnerability scanning with Nuclei
nuclei -l subdomains_live.txt -severity critical,high,medium -silent -o nuclei_results.txt

# 💎 Results saved in:
# - subdomains_live.txt (Live domains)
# - js_files.txt (JavaScript files)
# - nuclei_results.txt (Vulnerabilities found)

🎯 Pro Tips for Beginners

Tip Description
🔑 Always get proper authorization before testing
📝 Keep detailed notes of your findings
🛠️ Start with automated tools, then manual testing
💰 Focus on high-impact vulnerabilities first
🤝 Join the community and learn from others

🛠️ Required Tools

Click to expand complete tool list

Core Tools

Category Tools Installation
Subdomain Subfinder, Amass, Assetfinder, Findomain, Chaos go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
HTTP Probing Httpx, Httprobe go install github.com/projectdiscovery/httpx/cmd/httpx@latest
Crawling Katana, Gospider, Hakrawler, Cariddi go install github.com/projectdiscovery/katana/cmd/katana@latest
URLs Gau, Waybackurls, Waymore go install github.com/lc/gau/v2/cmd/gau@latest
Scanning Nuclei, Jaeles, Naabu go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
XSS Dalfox, XSStrike, Kxss, Airixss go install github.com/hahwul/dalfox/v2@latest
SQLi SQLMap, Ghauri pip install sqlmap ghauri
Utilities Anew, Qsreplace, Unfurl, Gf, Uro go install github.com/tomnomnom/anew@latest
Fuzzing Ffuf, Feroxbuster go install github.com/ffuf/ffuf/v2@latest
JS Analysis Subjs, LinkFinder, SecretFinder, Jsubfinder go install github.com/lc/subjs@latest
Cert Monitoring Certstream, Certstream-go pip install certstream
DNS Dnsx, Shuffledns, PureDNS, MassDNS, [Dnsgen](https://github.com/ProjectAnte/dn

Core symbols most depended-on inside this repo

convertJSONToHTML
called by 1
resolvhtml.go
download_content
called by 1
bot.py
statusClass
called by 0
resolvhtml.go
main
called by 0
resolvhtml.go

Shape

Function 17
Struct 1

Languages

Python78%
Go22%

Modules by API surface

bottest.py13 symbols
resolvhtml.go4 symbols
bot.py1 symbols

For agents

$ claude mcp add KingOfBugBountyTips \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact