You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Nano Editor — Bug Bounty Hunter's Field Guide (Mac)
Everything you need to edit recon data, payloads, configs, and notes from the terminal.
On Mac: M- (Meta) = press Esc then the key. Fix permanently: Terminal → Settings → Profiles → Keyboard → "Use Option as Meta key"
1. Navigation
Keys
Action
Ctrl + A
Jump to start of line
Ctrl + E
Jump to end of line
Ctrl + /
Go to specific line number
Ctrl + Y
Page up
Ctrl + V
Page down
Bug Bounty Use Cases
# You ran a big nmap scan and want to jump to a specific port finding
nano nmap_results.txt
# Ctrl+/ → type 847 → jumps to line 847 where port 8443 was found# Reviewing a massive JS file from a target for hardcoded secrets
nano app.bundle.js
# Ctrl+/ → jump to the line number grep told you about
grep -n "apiKey" app.bundle.js # shows line 2341# Then in nano: Ctrl+/ → 2341
2. Cut, Copy & Paste
Keys
Action
Ctrl + K
Cut entire line
Ctrl + U
Paste
Esc, A
Set mark (start selection)
Esc, 6
Copy selection (without cutting)
Bug Bounty Use Cases
# Building a custom wordlist — cut junk lines from a scraped list
nano wordlist.txt
# Move to a useless line → Ctrl+K → gone# Repeat for all junk lines# Duplicating a working payload to tweak a variant# Go to your XSS payload line# Esc, A → Ctrl+E → Esc, 6 (copy it)# Move down → Ctrl+U (paste duplicate)# Now edit the copy: <img src=x onerror=alert(1)> → <svg/onload=alert(1)>
3. Block Selection
Keys
Action
Esc, A
Start selection
Arrow keys
Extend selection
Ctrl + K
Cut selected block
Esc, 6
Copy selected block
Ctrl + U
Paste block
Bug Bounty Use Cases
# Extracting only the live subdomains from a mixed recon file
nano recon_all.txt
# Mark the block of live hosts → Esc, A → select → Esc, 6# Open new buffer → Esc, F → Ctrl+U → paste → Ctrl+O → save as live_hosts.txt# Grabbing relevant headers from a burp response dump
nano burp_response.txt
# Select just the Set-Cookie / Authorization headers block# Esc, A → arrow down to cover headers → Ctrl+K# Paste into your notes file
4. Search
Keys
Action
Ctrl + W
Search
Ctrl + W → Enter
Find next occurrence
Ctrl + B
Find previous
Bug Bounty Use Cases
# Searching for sensitive endpoints in a JS file
nano app.js
# Ctrl+W → /admin → Enter → finds first admin route# Ctrl+W → Enter → next match# Ctrl+W → Enter → keep going until "Search Wrapped"# Hunting for API keys in config files
nano config.json
# Ctrl+W → api_key# Ctrl+W → secret# Ctrl+W → token# Ctrl+W → password
5. Regex Search
Keys
Action
Ctrl + W → Esc, R
Toggle regex mode ON
Type pattern → Enter
Search
Bug Bounty Use Cases
# Find all IP addresses in a log file
nano access.log
# Ctrl+W → Esc, R → [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ → Enter# Cycles through every IP in the log# Find hardcoded JWT tokens
nano source.js
# Ctrl+W → Esc, R → eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+ → Enter# Find AWS access keys
nano .env
# Ctrl+W → Esc, R → AKIA[0-9A-Z]{16} → Enter# Find potential IDOR parameters
nano endpoints.txt
# Ctrl+W → Esc, R → (id|user_id|account_id|uid)=[0-9]+ → Enter# Find all URLs in a scraped page
nano page.html
# Ctrl+W → Esc, R → https?://[a-zA-Z0-9./?=_-]+ → Enter# Find base64 encoded strings (potential secrets)
nano response.txt
# Ctrl+W → Esc, R → [A-Za-z0-9+/]{20,}={0,2} → Enter# Find email addresses in breach data / scraped content
nano dump.txt
# Ctrl+W → Esc, R → [a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,} → Enter
6. Find & Replace
Keys
Action
Ctrl + \
Open replace
Type search → Enter
Set search term
Type replace → Enter
Set replacement
Y / N / A
Yes / No / All
Bug Bounty Use Cases
# Swapping target domains across a payload list
nano payloads.txt
# Ctrl+\ → old-target.com → Enter → new-target.com → Enter → A# Instantly retargets all your payloads# Cleaning up gobuster output — remove status codes to get clean URLs
nano gobuster.txt
# Ctrl+\ → " (Status: 200)" → Enter → (leave empty) → Enter → A# Updating authorization tokens across multiple curl commands in notes
nano api_tests.txt
# Ctrl+\ → Bearer eyJold... → Enter → Bearer eyJnew... → Enter → A# Switching HTTP to HTTPS across all endpoints
nano urls.txt
# Ctrl+\ → http:// → Enter → https:// → Enter → A
7. Regex Replace
Keys
Action
Ctrl + \ → Esc, R
Replace with regex ON
Capture groups: \1, \2
Back-references in replacement
Bug Bounty Use Cases
# Convert subfinder output to full URLs# BEFORE: api.target.com# AFTER: https://api.target.com
nano subdomains.txt
# Ctrl+\ → Esc, R# Search: ^(.+)$# Replace: https://\1# Press A → all lines become full URLs# Extract just domains from URLs# BEFORE: https://api.target.com/v1/users# AFTER: api.target.com
nano urls.txt
# Ctrl+\ → Esc, R# Search: https?://([^/]+).*# Replace: \1# Press A# Add port 8080 to all subdomains for scanning# BEFORE: api.target.com# AFTER: api.target.com:8080
nano live_hosts.txt
# Ctrl+\ → Esc, R# Search: ^(.+)$# Replace: \1:8080# Press A# Convert Nmap output to clean IP:PORT format# BEFORE: Discovered open port 443/tcp on 10.0.0.5# AFTER: 10.0.0.5:443
nano nmap_scan.txt
# Ctrl+\ → Esc, R# Search: Discovered open port ([0-9]+)/tcp on ([0-9.]+)# Replace: \2:\1# Press A# Mask sensitive data in screenshots/notes before sharing# Replace API keys with [REDACTED]
nano report_notes.txt
# Ctrl+\ → Esc, R# Search: (api_key|token|secret)=([^ ]+)# Replace: \1=[REDACTED]# Press A# Wrap each line as a curl command# BEFORE: https://api.target.com/users# AFTER: curl -sk https://api.target.com/users
nano endpoints.txt
# Ctrl+\ → Esc, R# Search: ^(.+)$# Replace: curl -sk \1# Press A# Convert param=value to JSON body format# BEFORE: username=admin&password=test123# Need to do it step by step:
nano params.txt
# Step 1: Ctrl+\ → & → Enter → ", " → Enter → A# Step 2: Ctrl+\ → Esc, R → ([^=]+)=([^ ,]+) → Enter → "\1": "\2" → Enter → A# Step 3: Manually add { } around it
8. Indent / Unindent
Keys
Action
Esc, }
Indent selected block
Esc, {
Unindent selected block
Bug Bounty Use Cases
# Formatting a messy Python exploit script
nano exploit.py
# Select the block: Esc, A → arrow down# Esc, } to indent inside a function# Esc, { to unindent if over-indented# Cleaning up a JSON response for readability
nano api_response.json
# Select nested objects → Esc, } to indent deeper
9. Run External Commands Inside Nano
Keys
Action
Select text + Ctrl + T
Pipe selection through command (replaces it)
No selection + Ctrl + T
Insert command output at cursor
Bug Bounty Use Cases
# Sort and deduplicate a subdomain list in-place
nano subdomains.txt
# Select all: Esc, A → Ctrl+V (page to end)# Ctrl+T → sort -u → Enter# Duplicates gone, list sorted# Decode base64 strings found during recon
nano encoded_data.txt
# Select the base64 string# Ctrl+T → base64 -d → Enter# String replaced with decoded plaintext# URL-decode encoded parameters
nano params.txt
# Select: %3Cscript%3Ealert(1)%3C%2Fscript%3E# Ctrl+T → python3 -c "import sys,urllib.parse; print(urllib.parse.unquote(sys.stdin.read().strip()))" → Enter# Becomes: <script>alert(1)</script># Reverse shell — quickly look up your IP without leaving nano# Ctrl+T (no selection) → curl -s ifconfig.me → Enter# Your IP is inserted at cursor — paste it into your reverse shell payload# Count how many unique subdomains you have# Ctrl+T (no selection) → wc -l < subdomains.txt → Enter# Number inserted at cursor# Quick DNS resolve a list of subdomains
nano subdomains.txt
# Select all# Ctrl+T → while read d; do echo "$d $(dig +short $d)"; done → Enter# Each line now has: subdomain IP# Extract all URLs from an HTML page you pasted
nano page.html
# Select all# Ctrl+T → grep -oE 'https?://[^"'"'"' >]+' → Enter# Replaced with clean URL list# Remove duplicate lines while preserving order
nano endpoints.txt
# Select all# Ctrl+T → awk '!seen[$0]++' → Enter# Convert a list of IPs to CIDR notation check
nano ips.txt
# Select all# Ctrl+T → while read ip; do whois "$ip" | grep -i cidr; done → Enter
10. Multiple Buffers
nano -F yourfile.txt # start with multi-buffer support
Keys
Action
Esc, F
Open new empty buffer
Esc, .
Switch to next buffer
Esc, ,
Switch to previous buffer
Bug Bounty Use Cases
# Working on an exploit while referencing the original source
nano -F exploit.py
# Esc, F → opens new buffer# Ctrl+R → Ctrl+T → cat original_source.js → Enter# Now toggle between buffers with Esc, . and Esc, ,# Building a report while referencing raw scan output
nano -F report.md
# Esc, F → new buffer → Ctrl+R → Ctrl+T → cat nmap_results.txt# Esc, F → new buffer → Ctrl+R → Ctrl+T → cat nuclei_output.txt# Switch between all three: Esc, . / Esc, ,# Running a command in scratch buffer to preview before applying
nano -F subdomains.txt
# Esc, F → new buffer# Ctrl+T → sort -u subdomains.txt → Enter# Check the output looks good# Then go back and apply to original
11. Suspend & Resume (Quick Terminal Access)
Keys
Action
Ctrl + Z
Suspend nano → back to terminal
fg
Resume nano exactly where you left off
Bug Bounty Use Cases
# You're editing a payload list and need to run a quick test
nano payloads.txt
# Ctrl+Z → suspended
curl -s "https://target.com/api?q=<script>alert(1)</script>"# Check the responsefg# back to nano# Running a quick nmap check while editing notes
nano recon_notes.md
# Ctrl+Z
nmap -sV -p 443 target.com
fg# back to notes, paste the results# Checking if a subdomain resolves while editing your list
nano subdomains.txt
# Ctrl+Z
dig +short api.target.com
fg# back to editing
12. Useful Nano Flags for Bug Bounty Work
# Open with line numbers (great for code review)
nano -l app.js
# Open as read-only (safe viewing of configs)
nano -v /etc/nginx/nginx.conf
# Open with multi-buffer support
nano -F exploit.py
# Open multiple files at once
nano -F urls.txt subdomains.txt endpoints.txt
# Switch between: Esc, . and Esc, ,# Open with soft line wrapping (long URLs don't break)
nano -S response.txt
# Open at a specific line (jump straight to finding)
nano +2341 app.bundle.js
# Combine flags for ideal recon editing
nano -lS -F subdomains.txt
# Backup original before editing
nano -B target_config.txt
# Saves target_config.txt~ as backup automatically
13. Nano Config for Bug Bounty (~/.nanorc)
Create this file once and nano becomes much more usable:
nano ~/.nanorc
Paste this:
# Show line numbers always
set linenumbers
# Enable mouse support
set mouse
# Soft wrap long lines (URLs, base64 strings)
set softwrap
# Tab = 4 spaces (Python friendly)
set tabsize 4
set tabstospaces
# Smooth scrolling
set smooth
# Show cursor position in status bar
set constantshow
# Auto-indent (great for Python/scripts)
set autoindent
# Enable multiple buffers by default
set multibuffer
# Remember search history
set historylog
# Backup files before editing
set backup
set backupdir "~/.nano_backups"
Then create the backup directory:
mkdir -p ~/.nano_backups
Quick Reference Card
NAVIGATION EDITING
Ctrl+A Start of line Ctrl+K Cut line
Ctrl+E End of line Ctrl+U Paste
Ctrl+/ Go to line Esc, A Set mark
Ctrl+Y Page up Esc, 6 Copy selection
Ctrl+V Page down Esc, } Indent
Esc, { Unindent
SEARCH & REPLACE BUFFERS & COMMANDS
Ctrl+W Search Ctrl+T Execute command
Ctrl+B Search backward Ctrl+Z Suspend → fg to return
Ctrl+\ Replace Esc, F New buffer
Esc, R Toggle regex Esc, . Next buffer
Esc, , Prev buffer
SAVE & EXIT
Ctrl+O Save Esc, U Undo
Ctrl+X Exit Esc, E Redo
