This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
Krzysztof Balas zerodaykb
zerodaykb
/ parameters.txt
Created
October 9, 2025 14:08
— forked from cnmiller/parameters.txt
parameters.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 1 | |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | |
| 16 | |
| 17 | |
| 2 |
zerodaykb
/ JavascriptRecon.md
Created
January 28, 2021 08:02
My Javascript Recon Process - BugBounty
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| % just copy from https://gist.github.com/hhc0null/82bf2e57ac93c1a48115a1b4afcde706 | |
| /exploit { | |
| /println { (\\n) exch print print } bind executeonly def | |
| /info { ([*] ) print println } bind executeonly def | |
| /success { ([+] ) print println } bind executeonly def | |
| /fail { ([-] ) print println stop } bind executeonly def | |
| /MaxFileSize 16#10000 def | |
| /readfile { |