In this section will detail some examples of the use of gbounty.

gbounty -u https://example.org -X POST -d "param1=value1&param2=value2" -t XSS -r 20 -a -o /tmp/results.json --json

The gbounty command above will scan the URL https://example.org using a POST request with the data “param1=value1&param2=value2” as the request body. It will only use profiles tagged with “XSS” and will allow up to 20 requests per second. The results will include all requests and responses, and will be written to the file /tmp/results.json in JSON format.

gbounty --urls-file domains.txt -c 200 -r 10 -p /tmp/gbounty-profiles --silent --markdown -o /tmp/results.md

This command will run a gbounty scan using the target URLs specified in the domains.txt file. The scan will use 200 concurrent workers and will limit the requests per second (RPS) to 10. It will use the profile files located in the /tmp/gbounty-profiles directory, and will not print any results to standard output. The results of the scan will be written to a Markdown-formatted file at /tmp/results.md.

gbounty --requests-file requests.zip -r 150 --proxy-address=127.0.0.1:8080 -o /tmp/results.txt --all

In the above example, gbounty will be run with the following options:

• The requests file at requests.zip will be used as the target URL and request profile.

• The maximum number of requests per second (per URL) will be 150.

• Requests will be proxied through 127.0.0.1:8080.

• The output will be stored in /tmp/results.txt in plain text format.

• All requests and responses will be included in the output.

gbounty --raw-request 1.txt --raw-request 2.txt --interaction-host xxxxxx.burpcollaborator.net

The above command line will use the raw requests of the files 1.txt and 2.txt as a target URLs. It will also inject the provided interaction host into {IH} and {BC} labels. The scan will be performed with the default concurrency and requests per second settings. The results will be printed to the stdout in the default format (plain text).