BountyStrike / Bountystrike Sh
Licence: gpl-3.0
Poor (rich?) man's bug bounty pipeline
Stars: ✭ 168
Programming Languages
shell
77523 projects
Labels
Projects that are alternatives of or similar to Bountystrike Sh
Asnip
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-25%)
Mutual labels: bugbounty
Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-11.9%)
Mutual labels: bugbounty
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-7.14%)
Mutual labels: bugbounty
Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-22.02%)
Mutual labels: bugbounty
Bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-15.48%)
Mutual labels: bugbounty
Ssti Payloads
🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (-10.71%)
Mutual labels: bugbounty
0l4bs
Cross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (-29.17%)
Mutual labels: bugbounty
Di.we.h
Repositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-7.14%)
Mutual labels: bugbounty
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1047.62%)
Mutual labels: bugbounty
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-16.67%)
Mutual labels: bugbounty
Apkleaks
Scanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+1511.31%)
Mutual labels: bugbounty
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+993.45%)
Mutual labels: bugbounty
Swiftness
A note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-26.19%)
Mutual labels: bugbounty
Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+1457.74%)
Mutual labels: bugbounty
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-2.98%)
Mutual labels: bugbounty
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-3.57%)
Mutual labels: bugbounty
Awesome Bugbounty Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Stars: ✭ 2,429 (+1345.83%)
Mutual labels: bugbounty
Bountystrike-sh
Still in alpha stage
Bountystrike-sh is a collection of bash and python scripts that installs common bug bounty tools, performs recon scans and continous asset discovery.
Bountystrike-sh is opensource but belongs to the BountyStrike project, self-hosted bug bounty management system.
____ ____ _ _ _ _ _________ _______ _______ _____ _____ _ ________
| _ \ / __ \| | | | \ | |__ __\ \ / / ____|__ __| __ \|_ _| |/ / ____|
| |_) | | | | | | | \| | | | \ \_/ / (___ | | | |__) | | | | ' /| |__
| _ <| | | | | | | . ` | | | \ / \___ \ | | | _ / | | | < | __|
| |_) | |__| | |__| | |\ | | | | | ____) | | | | | \ \ _| |_| . \| |____
|____/ \____/ \____/|_| \_| |_| |_| |_____/ |_| |_| \_\_____|_|\_\______|
________________________________ WHAT THE SHELL?__________________________________
== Info
Bountystrike-sh is a simple bash pipeline script
containing a bunch tools piping data between each other.
No need for any fancy setup ^_^
Stiched together by @dubs3c.
== Usage:
bstrike.sh <action> [project] [domain]
bstrike.sh install (Install tooling)
bstrike.sh run fra fra.se (Run pipeline)
bstrike.sh [assetdiscovery|ad] fra.se (Run only asset discovery)
bstrike.sh [contentdiscovery|cd] fra.se (Run only content discovery)
bstrike.sh [networkdiscovery|nd] fra.se (Run only network discovery)
bstrike.sh [visualdiscovery|vd] fra.se (Run only visual discovery)
bstrike.sh [vulndiscovery|vvd] fra.se (Run only vulnerability discovery)
Tools
The following tools and worldlists will be installed:
- Amass
- Subfinder
- Gobuster
- Waybackurls
- WaybackUnifier
- httprobe
- meg
- unfurl
- filter-resolved
- gowitness
- GetJS
- Subzy
- SubOver
- Aquatone
- gitrob
- dnsgen
- truffleHog
- massdns
- masscan
- nmap
- SecLists
- sshgit
- api_wordlist
- wafw00f
- fuzzdb
- Probable-Wordlists
- Bo0oM/fuzz.txt
- Corsy
- ffuf
- flumberboozle
- bass
- dirsearch
- unisub
- MullvadVPN
Other stuff that will be installed as well:
- Python 3.7.6
- NodeJS
- npm
- Docker CE
- Ruby
Install
Just run bash install.sh to get the bug hunting environment. So far only tested for Ubuntu 16.04.6 and 18.04.3 LTS.
Vagrant
You also the have the option to use vagrant with virtualbox, just runt vagrant up && vagrant ssh. Create a folder called data in the root directory, vagrant will map it to /vagrant_data inside the VM.
Running
Simply run ./bstrike.sh <project> <domain>.
Contributing
Any feedback or ideas are welcome! Want to improve something? Create a pull request!
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].