This Bash gist is a nifty command to find WordPress domains from a bug bounty program list provided by Project Discovery. First, it uses curl to fetch the bug bounty program list from a GitHub repository. Then, it utilizes jq to select domains from programs that have a bounty, followed by sorting to ensure uniqueness. After that, it employs httpx to test if these domains are running WordPress. Finally, the output is filtered and saved into the host-wordpress file. The second version of this command also removes https, http, www, and other characters from the URLs, providing cleaner results. Pretty cool, right?
curl -s "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json" | jq -r '.programs[] | select(.bounty==true) | .domains[]' | sort -u | httpx -td -ms WordPress | sed -e 's/\s.*$//' | tee host-wordpress
curl -s "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json" | jq -r '.programs[] | select(.bounty==true) | .domains[]' | sort -u | httpx -td -ms WordPress | sed 's/https\?:\/\///g; s/www\.//g; s/http\?:\/\///g; s/http\?:\/\///g; s/\*\.//g' | tee host-wordpress