bounty-hunter

command module
v0.0.0-...-7228826 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2020 License: GPL-3.0 Imports: 16 Imported by: 0

README


Bounty Monitor

An end-to-end bug bounty monitoring suite
Report Bug · Request Feature

Table of Contents

About The Project

cmd Slack

Bounty Hunter glues together various different recon tools and uses Slack to send alerts of any found hosts. The basic workflow is as follows:

  1. A list of wildcard domains that belong to companies with bug bounty programs is pulled hourly from arkadiyt/bounty-targets-data and compiled into golang regexes.
  2. Certstream is used to stream certificate transparency logs, where we look for subdomains that match the pulled regexes.
  3. Found subdomains are put under a suite of scans:
  • Port scanned with nmap
  • Subjack is used to check for a possible subdomain takeover
  • If a web server is running on a port, a screenshot is taken via Chrome headless driver libraries.
  1. An sqlite database is used to keep track of found hosts.
  2. Slack is used to fire off notifications.

Getting Started

To get a local copy up and running follow these steps.

Prerequisites

This is an example of how to list things you need to use the software and how to install them.

  • A Slack App
    • Create one at https://api.slack.com
    • Add scopes channels:read, chat:write, and files:write
    • Copy your OAuth Token.
  • Nmap
    • sudo apt-get install -y nmap or similar.
  • Chromium or Chrome
    • sudo apt-get install -y chromium or similar.

Installation

  1. Set your slack bot's access token as an environment variable export SLACK_TOKEN=FAKE-SLACK-TOKEN-HERE

  2. go get

  3. go build

Usage

./bounty-hunter

Optional Flags

--use_bounty_targets: (default true) boolean to use all wildcard domains belonging to bug bounty programs. --targets: manually specify target domains. --fingerprints: JSON file containing subjack fingerprints. --db_name: name of SQLite db file to use. --slack_env: name of environment variable containing slack token.

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

Distributed under the GPLv3 License. See LICENSE for more information.

Contact

Dylan Leggio - @dylspickle - dylan@legg.io

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
Package notify uses Slack to notify when a new artifact is found.
 Package notify uses Slack to notify when a new artifact is found.
Package portscan uses nmap to port scan targets.
 Package portscan uses nmap to port scan targets.
package screenshot takes a screenshot of web servers running on a host.
 package screenshot takes a screenshot of web servers running on a host.
Package storage provides intofaces into an sqlite database for storing found subdomains.
 Package storage provides intofaces into an sqlite database for storing found subdomains.
Package takeover uses subjack to check for subdomain takeovers.
 Package takeover uses subjack to check for subdomain takeovers.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.