RUNTIME OPTIONS
The -c or --concurrency flag specifies the number of target URLs that gbounty should scan concurrently. The default value is 10, but you can specify a different value if you want. For example, to specify that gbounty should scan 20 URLs concurrently, you could use the -c flag like this: gbounty -c 20.
Here is an example of how the -c flag can be used in a gbounty command:
In this example, the -c flag is used to specify that gbounty should scan 20 URLs concurrently. This means that gbounty will open 20 parallel connections to the target URLs and scan them simultaneously. This can be useful for speeding up the scanning process, but it can also increase the load on the target server and potentially cause issues, so it is important to use this flag with caution.
The -r or --rps flag specifies the maximum number of requests per second (per URL) that gbounty should make when conducting its scans. The default value is 10, but you can specify a different value if you want. For example, to specify that gbounty should make a maximum of 20 requests per second per URL, you could use the -r flag like this: gbounty -r 20.
Here is an example of how the -r flag can be used in a gbounty command:
In this example, the -r flag is used to specify that gbounty should make a maximum of 20 requests per second per URL. This means that gbounty will not make more than 20 requests to any given URL in any given second. This can be useful for limiting the load on the target server, but it can also slow down the scanning process, so it is important to use this flag with caution.
The -s or --silent flag specifies that gbounty should not print any results to the standard output (stdout) while it is conducting its scans. By default, gbounty will print results to stdout as it scans the target URLs, but if you want to suppress this output, you can use the -s flag.
Here is an example of how the -s flag can be used in a gbounty command:
In this example, the -s flag is used to specify that gbounty should not print any results to stdout while it is conducting its scans. This means that you will not see any output in your terminal window as gbounty scans the target URLs. This can be useful if you want to run gbounty in the background without any output, but it can also make it difficult to monitor the progress of the scans, so it is important to use this flag with caution.
The -sos or --save-on-stop flag specifies that gbounty should save the status of its scans when they are stopped. By default, when a gbounty scan is stopped, any progress made up to that point is lost and the scan must be started from the beginning if it is resumed. However, if you use the -sos flag, gbounty will save the status of the scan when it is stopped, so that it can be resumed from the same point later.
Here is an example of how the -sos flag can be used in a gbounty command:
In this example, the -sos flag is used to specify that gbounty should save the status of its scans when they are stopped. This means that if the scan is stopped for any reason, gbounty will save the progress made up to that point, so that the scan can be resumed from the same point later. This can be useful if you want to stop a scan temporarily and resume it later, without losing any progress.
The -f or --from flag specifies that gbounty should resume a previously-stopped scan using a specific identifier. This flag can only be used in conjunction with the -sos flag, and it allows you to specify the identifier of the scan that you want to resume. By default, gbounty will not resume any scans when it is restarted, but if you use the -f flag, gbounty will resume the scan with the specified identifier.
Here is an example of how the -f flag can be used in a gbounty command:
The -f flag is used to specify that gbounty should resume the scan with the identifier “01GKE4Q3NMS0BQN1Z111YX3VFE” when it is restarted. This means that if the scan is stopped and then restarted, gbounty will resume the scan from the same point where it left off, using the “01GKE4Q3NMS0BQN1Z111YX3VFE” identifier.
The -m or --in-memory flag specifies that gbounty should use memory (RAM) as the storage for its scans. By default, gbounty stores its scan data on disk, which allows it to save the status of a scan when it is stopped and then resumed later. However, if you use the -m flag, gbounty will store its scan data in memory instead of on disk. This can be useful if you want to speed up gbounty’s performance, but it means that gbounty will not be able to save the status of a scan when it is stopped, so the scan must be restarted from the beginning if it is resumed.
Here is an example of how the -m flag can be used in a gbounty command:
In this example, the -m flag is used to specify that gbounty should use memory as the storage for its scans. This means that gbounty will store its scan data in memory, rather than on disk. This can improve gbounty’s performance, but it means that gbounty will not be able to save the status of a scan when it is stopped, so the scan must be restarted from the beginning if it is resumed.
The -ih or --interaction-host flag specifies that gbounty should inject a specific hostname into the {IH} and {BC} labels in its request profiles. This is useful when you want to use gbounty to test for vulnerabilities that require the use of an interaction host, such as blind cross-site scripting (XSS) vulnerabilities. The -ih flag allows you to specify the hostname that gbounty should use when injecting the {IH} and {BC} labels into its request profiles.
Here is an example of how the -ih flag can be used in a gbounty command:
In this example, the -ih flag is used to specify that gbounty should inject the hostname xxxxxx.burpcollaborator.net into the {IH} and {BC} labels in its request profiles. This means that gbounty will replace any instances of the {IH} and {BC} labels in its request profiles with the hostname xxxxxx.burpcollaborator.net.
The -email or --email-address flag specifies that gbounty should inject a specific email address into the {EMAIL} label in its request profiles. This is useful when you want to use gbounty to test for vulnerabilities that require the use of an email address, such as email header injection vulnerabilities. The -email flag allows you to specify the email address that gbounty should use when injecting the {EMAIL} label into its request profiles.
Here is an example of how the -email flag can be used in a gbounty command:
In this example, the -email flag is used to specify that gbounty should inject the email address user@example.com into the {EMAIL} label in its request profiles. This means that gbounty will replace any instances of the {EMAIL} label in its request profiles with the email address user@example.com.
The --proxy-address flag is used to specify the hostname and port of the proxy server that gbounty should use when making requests. The --proxy-address flag takes a string argument, which should be in the format host:port, where host is the hostname of the proxy server, and port is the port number that the proxy server is listening on.
Here is an example of how the --proxy-address flag can be used in a gbounty command:
In this example, the --proxy-address flag is used to specify that gbounty should use the proxy server at proxy.example.com:8080 when making requests.
The --proxy-auth flag is used to specify the authentication details for the proxy server that gbounty should use when making requests. The --proxy-auth flag takes a string argument, which should be in the format username:password, where username is the username for authenticating with the proxy server, and password is the password for authenticating with the proxy server.
Here is an example of how the --proxy-auth flag can be used in a gbounty command:
In this example, the --proxy-auth flag is used to specify that gbounty should authenticate with the proxy server using the username user and the password password.
Last updated