Skip to content
Poor (rich?) man's bug bounty pipeline
Shell
Branch: master
Clone or download
Latest commit 6b23471 Jan 22, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md Dec 22, 2019
LICENSE Update LICENSE Dec 22, 2019
README.md Added mullvadvpn, updated readme. Closes #10 Jan 21, 2020
Vagrantfile Fixed bugs in install.sh, added art, updated tool location to C:\User… Jan 20, 2020
bstrike.sh copy resolvers.txt from massdns to tools dir and reference that from … Jan 20, 2020
install.sh better ruby install Jan 22, 2020
nodejs.sh Fixed bugs in install.sh, added art, updated tool location to C:\User… Jan 20, 2020

README.md

Bountystrike-sh

Still in alpha stage

Bountystrike-sh is a collection of bash and python scripts that installs common bug bounty tools, performs recon scans and continous asset discovery.

Bountystrike-sh is opensource but belongs to the BountyStrike project, self-hosted bug bounty management system.

  ____   ____  _    _ _   _ _________     _______ _______ _____  _____ _  ________
 |  _ \ / __ \| |  | | \ | |__   __\ \   / / ____|__   __|  __ \|_   _| |/ /  ____|
 | |_) | |  | | |  | |  \| |  | |   \ \_/ / (___    | |  | |__) | | | | ' /| |__
 |  _ <| |  | | |  | | . ` |  | |    \   / \___ \   | |  |  _  /  | | |  < |  __|
 | |_) | |__| | |__| | |\  |  | |     | |  ____) |  | |  | | \ \ _| |_| . \| |____
 |____/ \____/ \____/|_| \_|  |_|     |_| |_____/   |_|  |_|  \_\_____|_|\_\______|

________________________________ WHAT THE SHELL?__________________________________

== Info
 Bountystrike-sh is a simple bash pipeline script
 containing a bunch tools piping data between each other.
 No need for any fancy setup ^_^

 Stiched together by @dubs3c.

== Usage:
        bstrike.sh <action> [project] [domain]
            bstrike.sh install                       (Install tooling)
            bstrike.sh run fra fra.se                (Run pipeline)
            bstrike.sh [assetdiscovery|ad]   fra.se  (Run only asset discovery)
            bstrike.sh [contentdiscovery|cd] fra.se  (Run only content discovery)
            bstrike.sh [networkdiscovery|nd] fra.se  (Run only network discovery)
            bstrike.sh [visualdiscovery|vd]  fra.se  (Run only visual discovery)
            bstrike.sh [vulndiscovery|vvd]   fra.se  (Run only vulnerability discovery)

Tools

The following tools and worldlists will be installed:

Other stuff that will be installed as well:

  • Python 3.7.6
  • NodeJS
  • npm
  • Docker CE
  • Ruby

Install

Just run bash install.sh to get the bug hunting environment. So far only tested for Ubuntu 16.04.6 and 18.04.3 LTS.

Vagrant

You also the have the option to use vagrant with virtualbox, just runt vagrant up && vagrant ssh. Create a folder called data in the root directory, vagrant will map it to /vagrant_data inside the VM.

Running

Simply run ./bstrike.sh <project> <domain>.

Contributing

Any feedback or ideas are welcome! Want to improve something? Create a pull request!

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D
You can’t perform that action at this time.