Why Bash Tricks Matter

In bug bounty hunting, speed and efficiency are everything. While there are plenty of tools out there, sometimes a simple Bash one-liner is all you need to automate a task, chain tools together, or quickly parse results. Here's a collection of tiny Bash tricks and helpers you can memorize and use for faster recon and exploitation.

Reconnaissance One-Liners

  • Find subdomains with crt.sh:
    curl -s "https://crt.sh/?q=%25.example.com&output=json" | jq -r '.[].name_value' | sort -u
  • Check for live hosts from a list:
    cat hosts.txt | xargs -I{} -P10 bash -c 'curl -s -m 3 -o /dev/null -w "%{{}}: %{http_code}\n" http://{}'
  • Extract URLs from wayback:
    curl -s "http://web.archive.org/cdx/search/cdx?url=example.com/*&output=text&fl=original&collapse=urlkey"

Parsing and Filtering

  • Extract domains from a file:
    grep -oP '(?<=://)[^/]*' urls.txt | sort -u
  • Find all unique parameters in a list of URLs:
    grep -oP '\?\K[^=]+' urls.txt | sort -u
  • Get all endpoints from JavaScript files:
    grep -oP '\/[a-zA-Z0-9_\-\/]+\.php' *.js | sort -u

Exploitation Helpers

  • Quickly encode/decode base64:
    echo 'payload' | base64   /   echo 'cGF5bG9hZA==' | base64 -d
  • URL encode/decode:
    python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1]))" 'payload'
  • Send a POST request with custom data:
    curl -X POST -d "username=admin&password=admin" http://target/login

Workflow Shortcuts

  • Run a command on all files in a directory:
    for f in *.js; do grep 'apiKey' "$f"; done
  • Chain tools together:
    cat domains.txt | while read d; do ffuf -u https://$d/FUZZ -w wordlist.txt; done
  • Find open ports with nc:
    nc -zv target.com 1-1000 2>&1 | grep succeeded

Tips for Memorization

  • Practice typing your favorite one-liners until they're muscle memory.
  • Keep a cheatsheet (or this post!) handy for quick reference.
  • Understand what each part of the command does - don't just copy-paste.

Have your own favorite Bash trick?

Share it with me or reach out if you want to collaborate on bug bounty automation!

Get in Touch

Final Thoughts

Bash is a bug bounty hunter's secret weapon. With just a few lines, you can automate repetitive tasks, speed up recon, and even chain together powerful attacks. The more tricks you know, the faster you'll be-and the more bugs you'll find.