bounty-hunter

command module

v0.0.0-...-7228826 Latest Latest Go to latest Published: Nov 28, 2020 License: GPL-3.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dlegs/bounty-hunter

Links

Open Source Insights

README ¶

Bounty Monitor

An end-to-end bug bounty monitoring suite
Report Bug · Request Feature

About The Project

cmd Slack

Bounty Hunter glues together various different recon tools and uses Slack to send alerts of any found hosts. The basic workflow is as follows:

A list of wildcard domains that belong to companies with bug bounty programs is pulled hourly from arkadiyt/bounty-targets-data and compiled into golang regexes.
Certstream is used to stream certificate transparency logs, where we look for subdomains that match the pulled regexes.
Found subdomains are put under a suite of scans:

Port scanned with nmap
Subjack is used to check for a possible subdomain takeover
If a web server is running on a port, a screenshot is taken via Chrome headless driver libraries.

An sqlite database is used to keep track of found hosts.
Slack is used to fire off notifications.

Getting Started

To get a local copy up and running follow these steps.

Prerequisites

This is an example of how to list things you need to use the software and how to install them.

A Slack App
- Create one at https://api.slack.com
- Add scopes channels:read, chat:write, and files:write
- Copy your OAuth Token.
Nmap
- sudo apt-get install -y nmap or similar.
Chromium or Chrome
- sudo apt-get install -y chromium or similar.

Installation

Set your slack bot's access token as an environment variable export SLACK_TOKEN=FAKE-SLACK-TOKEN-HERE
go get
go build

Usage

./bounty-hunter

Optional Flags

--use_bounty_targets: (default true) boolean to use all wildcard domains belonging to bug bounty programs. --targets: manually specify target domains. --fingerprints: JSON file containing subjack fingerprints. --db_name: name of SQLite db file to use. --slack_env: name of environment variable containing slack token.

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

Fork the Project
Create your Feature Branch (git checkout -b feature/AmazingFeature)
Commit your Changes (git commit -m 'Add some AmazingFeature')
Push to the Branch (git push origin feature/AmazingFeature)
Open a Pull Request

License

Distributed under the GPLv3 License. See LICENSE for more information.

Contact

Dylan Leggio - @dylspickle - dylan@legg.io

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

bountyhunter.go

Directories ¶

Path	Synopsis
notify Package notify uses Slack to notify when a new artifact is found.	Package notify uses Slack to notify when a new artifact is found.
portscan Package portscan uses nmap to port scan targets.	Package portscan uses nmap to port scan targets.
screenshot package screenshot takes a screenshot of web servers running on a host.	package screenshot takes a screenshot of web servers running on a host.
storage Package storage provides intofaces into an sqlite database for storing found subdomains.	Package storage provides intofaces into an sqlite database for storing found subdomains.
takeover Package takeover uses subjack to check for subdomain takeovers.	Package takeover uses subjack to check for subdomain takeovers.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL