To customize the behavior of gbounty, you can use a combination of flags to specify different settings. For example, to specify the profiles to use when scanning the target URL, use the -p or --profiles flag followed by the path to the directory containing the profiles, or the path to a specific profile file, like this:

gbounty -u https://example.com -p /path/to/profiles

This will scan the target URL using the profiles in the /path/to/profiles directory. Alternatively, to use the XSS.bb and SQLi.bb profile files specifically, you would use the -p flag like this:

gbounty -u https://example.com -p ./profiles/XSS.bb -p ./profiles/SQLi.bb

The -p flag can be used more than once, allowing you to specify multiple profile files or directories to use. By default, gbounty uses the profile files in the ./profiles/ directory.

Next, you can use the -t or --tag flag to specify one or more tags that should be used to filter the profiles that gbounty uses when conducting its scans. Only profiles that are tagged with the specified tags will be used. The -t flag can be used multiple times to specify multiple tags. For example, you could use the -t flag like this:

gbounty -u https://example.com -t tag1 -t tag2

This would tell gbounty to only use profiles that are tagged with tag1 and tag2.

The -tags or --print-tags flag can be used to print a list of available profile tags to the terminal.

gbounty -tags

This command would tell gbounty to scan the default profile path (./profiles/) and print a list of all the tags that are used by the profile files that it finds.

The -active, -passive, -psreq, and -psres flags can all be used to control which types of profiles gbounty uses when conducting its scans.

• -active or --only-active: This flag specifies that only active profiles should be used when conducting the scan. Active profiles are profiles that actively send requests to the target URLs in order to test for vulnerabilities. This flag can be used like this: gbounty -active.

• -passive or --only-passive: This flag specifies that only passive profiles should be used when conducting the scan. Passive profiles are profiles that do not actively send requests to the target URLs, but instead analyze the responses that the target URLs send in order to identify potential vulnerabilities. This flag can be used like this: gbounty -passive.

• -psreq or --only-passive-req: This flag specifies that only passive request profiles should be used when conducting the scan. Passive request profiles are passive profiles that analyze the requests that are sent to the target URLs in order to identify potential vulnerabilities. This flag can be used like this: gbounty -psreq.

• -psres or --only-passive-res: This flag specifies that only passive response profiles should be used when conducting the scan. Passive response profiles are passive profiles that analyze the responses that are sent by the target URLs in order to identify potential vulnerabilities. This flag can be used like this: gbounty -psres.

These flags can be used in combination with each other and with other flags to control the profiles that gbounty uses when conducting its scans. For example, you could use the -active and -passive flags together like this:

gbounty -u https://example.com -active -passive

This would tell gbounty to use both active and passive profiles when conducting the scan. Similarly, you could use the -psreq and -psres flags together like this:

gbounty -u https://example.com -psreq -psres

This would tell gbounty to use passive request and response profiles when conducting the scan. You could also combine these flags with other flags, such as the -p or --profiles flag, to specify which profile files gbounty should use when conducting the scan. For example:

gbounty -u https://example.com -p /profiles/XSS.bb -psreq -psres

This would tell gbounty to use the XSS.bb profile file, and to only use passive request and response profiles when conducting the scan.

By default, the four types of tests are executed: -active -passive -psreq -psres